Stephen Hill's picture

So I get the following error on my Tunkey server when attempting a backup:

 

##########################
## FIXCLOCK HOOK FAILED ##
##########################

Amazon S3 and Duplicity need a UTC synchronized clock so we invoked the
following command::

ntpdate -u pool.ntp.org

Unfortunately, something went wrong...

2 Aug 17:37:34 ntpdate[16440]: no server suitable for synchronization found

 

When I ask our network admins to open UDP 123 the error remains. In fact I can't  ntpdate -u from anywhere outside our network. If I open all ports to a specific time server it works!

Any ideas for a solution?

Forum: 
Jeremy Davis's picture

Sometimes proxies can cause problems. Although it seems strange that if you open all ports to a specific server it works. AFAIK TKL uses the default NTP port (UDP 123 - as you obviously already know).

Stephen Hill's picture

This is the answer I've recieved back from higher up. Does this make any sense to anybody?

"My guess is that your ACL only allows port 123, but you're using -u, which instructs ntp to use a non-privledged port."

Liraz Siri's picture

I recommend you try and sniff the network using a tool such as tcpdump or wireshark. That should tell you exactly what is going on and what ports your admin needs to open.
Stephen Hill's picture

Sorry for the delay in getting back. I'm not an expert at reading tcpdump files, but this line caught my attention
 

User Datagram Protocol, Src Port: 60896 (60896), Dst Port: ntp (123)

Is that indicating it's requesting the time on 123, but it's coming back on a high random port? A second run showed another random high numbered port as the Src Port.

Add new comment