Diagnosing a drifting time clock problem

Feb 21, '03 08:08:00AM

Contributed by: noworryz

If you've had a problem keeping your clock accurate using network time, this tip may help out. Network time is controlled from the System Preferences, Date & Time pane, Network Time tab. Symptoms of the problem include:

OS X has a confusing "feature" that makes diagnosing the problem difficult: After a restart or after disabling and enabling the "Use a network time server" checkbox, OS X attempts to synchronize the time using a different method than when you press the "Set Time Now" button. After a restart or enabling "Use a network time server," OS X sends Network Time Protocol (NTP) messages using the User Datagram Protocol (UDP) from port 123 of your machine to port 123 of the specified NTP Server. The server replies from port 123 to port 123 of your machine.

After pressing the "Set Time Now" button, OS X sends NTP messages from a very high port number (about 49150) of your machine to port 123 of the NTP Server. The server replies from port 123 to the same high port number of your machine.

Read the rest of the article for information on diagnosing and repairing this problem...

Diagnosing NTP
To see if you have a problem, enable the "Use a network time server" checkbox and press the "Set Time Now" button. Open the terminal and type ntpq -p. If ntpq outputs ntpq: read: Connection refused, then the "Use a network time server" checkbox is probably not enabled. If ntpq outputs No association ID's returned, then no NTP messages at all are getting through. If the ntpq output has a 16 in the st (stratum) column, then the (123/123) NTP messages are not getting through but the high port numbered "Set Time Now" messages are being received:

remote      refid    st t when poll reach   delay   offset  jitter
=====================================================================
[server]  0.0.0.0    16 u    -  68m    0    0.000    0.000 4000.00

Where [server] is the specified NTP server.

If the ntpq output has a number lower than 16 in the "st" column, then NTP is working correctly:

remote      refid    st t when poll reach   delay   offset  jitter
=====================================================================
[server] [something]  2 u   48  68m    1  141.594   14.361   0.004
Fixing NTP
NTP problems are often caused by a firewall between you and the NTP server, either a software firewall on your machine or a hardware firewall at your Internet connection. Check to see if you have a software firewall installed, such as Brickhouse or have the Jaguar built-in firewall enabled in the System Preferences, Sharing pane, Firewall tab.

If you have no control over the firewall, the problem will be unsolvable, at least until Apple makes changes to OS X. Otherwise, you will want to reduce the firewall security by the smallest amount necessary to solve the problem. Note that traffic from the NTP server always:

At minimum, the firewall should be modified to only allow additional messages with the first three characteristics above. In Brickhouse and most other software firewalls, the appropriate filter lines are usually:
add [number1] allow udp from any 123 to any 123 via en0
add [number2] allow udp from any 123 to any 10000-65535 via en0
Where [number1] and [number2] are integers that specify the order in which to execute the filter rules. You can list the existing firewall rules within Brickhouse or with the terminal command sudo ipfw list. Other firewalls may have a different syntax; reading your firewall manual is required.

Comments (4)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20030217004435671