Set the Time with NTP
The Linux (UCM/Signalling Server) time of day clock may be more accurate than the Call Server's. We can enable the NTP daemon (optionally synced with an external server) on the Primary Security Server (UCM0), and reference it to synchronise the time and date on all elements - including the Call Server. Call Pilot can also synchronise with a network time server.
If SSH security certificates become invalid, elements can drop-out of the security domain.
1 Set the Primary Linux Base first: Base Manager ➤ Date & Time ➤ NTP Server type ➤ Primary Server: Internal
- The "Type of clock source" can be Internal (independent), or External (synchronised).
- In the case of External, enter the IP address of a "higher authority" NTP server (must be reachable).
2 Point the Backup base (UCM1) to the primary NTP server (UCM0) ELAN IP address (the CS is on the ELAN).
- NTP server type for UCM1 can be Secondary, or Not a Clock Server. For either case, enter the primary server address.
- NTP server type for other Linux elements (eg, MAS) is Not a Clock Server, and enter the primary server address.
The Linux Base configuration is complete.
The following images show the relevant (Rel. 7.5) UCM screens: - click image to zoom:
3 Next, configure the Call Server and enable NTP in LD 117 with the following commands:
=> chg ntp ipaddr <ip UCM0 or NTP server>
=> en ntp
=> sync ntp manual
sync ntp manual will query the NTP server network time, if found.
Check the correct time is returned. If the UTC offset is wrong, enter n and correct it with (hours and minutes):
=> chg utcoffset <hr> 0
When sync ntp manual returns the correct date and time, hit y to accept it.
Then issue:
=> sync ntp backgroundto have the Call Server date and time update automatically (stop ntp background to disable).
Note: NTP time servers are generally configured to serve only UTC time (Coordinated Universal Time).
Daylight savings time adjustment can be set to take place automatically on the Call Server in LD 2.
NTP must be disabled to make changes in LD 2. Refer to Setting Time and Date for more details.
NTP server check:
You can quickly check if an NTP server is responding in Mac OS X terminal with the SNTP <hostname-or-IP> command:
$ sntp 10.10.10.202 2014 Nov 11 05:22:08.527749 -0.125693 +/- 0.001083 secs
After the date and time, the response also shows that the NTP server is 0.125693 seconds behind the Mac's local clock (subtract 0.125693 seconds from the local clock to correct it), and that the server time is believed to be correct to within +/- 0.001083 seconds.
Set Date and Time Manually:
Enabling NTP blocks setting the date and time manually in LD2 - trying to do so gives a TFC0017 message.
Therefore, to manually change date and time (if the NTP server is unreachable) we must first disable NTP (ADMIN2).
In LD 117:
=> stop ntp background
=> dis ntp
Then goto LD 2, and enter:
.STAD <day> <month> <year> <hour> <minute> <second>Example: ⇐ Current time. Enter this command exactly as shown.
LD 117 NTP Command Summary:
| Command: | Description: |
|---|---|
| CHG NTP IPADDR <ip> <ip> | Configure the Primary, and optional Secondary, NTP Server IP address(es) |
| CHG NTP THRESH | Configure the 3 NTP threshold levels (Minimum, Warning, Maximum) |
| CHG NTP SECURE | Configure the parameters used by the server(s) in secure mode of operation |
| CHG NTP AUTHMODE | Configure the security mode for the Primary, Secondary, or both, NTP servers |
| CHG NTP TIMEINT x y | Configure the time interval for background NTP synchronization and offset from other background routines. Defaults: x=24 hour interval, and y=30 min offset |
| CHG UTCOFFSET | Configure the time offset (from UTC) for the local time zone |
| ENL NTP | Enable NTP |
| DIS NTP | Disable NTP |
| STAT NTP | Check Status of NTP |
| SYNC NTP MANUAL | Synchronize NTP servers manually |
| SYNC NTP BACKGROUND | Start background synchronization mode |
| STOP NTP BACKGROUND | Stop background synchronization from running |
| PRT NTP | Display the current NTP configuration parameters |
LD 117 Example Output:
=> chg ntp ipaddr 10.10.10.202 ⇐ configure primary NTP server IP NTP Server's IP address is configured Primary IP Address: 10.10.10.202 Secondary IP Address: 0.0.0.0 The secured parameters for the changed IP address has been reset => stat ntp ⇐ print NTP status information CURRENT NTP CONFIGURATION NTP Status: DISABLED Primary IP address: 10.10.10.202 ⇐ primary NTP server IP Secondary IP address: 0.0.0.0 UTC Offset: 00:00 Last Updated: 00:00:00 on 0-0-0 Delta: 00 Threshold: NORMAL Security Mode for Primary: INSECURE Security Mode for Secondary: INSECURE Synchronization Status: INACTIVE COUNTERS Packets Sent: 0 Packets Received: 0 LAST NTP CONFIGURATION NTP Status: DISABLED Primary IP address: 0.0.0.0 Secondary IP address: 0.0.0.0 UTC Offset: 00:00 Delta: 00 Threshold: NORMAL Security Mode for Primary: INSECURE Security Mode for Secondary: INSECURE Syncing Mode: INACTIVE LAST SYNCHRONIZATION ERROR Date and Time: 08:26:19 on 18-5-2012 Type of Error: SCH1689 => en ntp ⇐ enable NTP NTP is running in CS mode. Mode of security for Primary:INSECURE Mode of security for Secondary:INSECURE NTP feature is enabled. => sync ntp manual ⇐ check the server responds Trying 10.10.10.202......Please do not abort from overlay till sync operation is executed NTP is not running in secured mode " ERR0061": Delta between server clock and system clock exceeds the critical threshold level. NTP Server Time is 08:48:53 on 18-5-2012 Do you want to update the time (y/n)? [n]y ⇐ yes, I do! => Updated Call Server Time to 08:49:01 on 18-5-2012 => sync ntp background ⇐ enable background mode =>