Anonymous_User Absent Member.
Absent Member.
268 views

Access Gateway and time difference...


Hi Guys,

Recently I see that one of the 2 Access Managers from our clusters is
showing that its 2+ minutes in time sync when compared with the second
access manager server. :confused:
What is the minimum and maximum access manager servers could have for
them to operate without any issues?
Could this cause access manager to report unreachable to sites its
managing?

Any pointers?
Second thoughts?

Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
10 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...

ddgaikwad wrote:

> Recently I see that one of the 2 Access Managers from our clusters is
> showing that its 2+ minutes in time sync when compared with the second
> access manager server. :confused:


In my experience a time difference of two minutes is enough to cause
problems with NAM. Time sync is critical for this kind of solution.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


I guess I have found out why I am seeing that drift of 2 minutes.
Here:
rcntp status gives:
localhost: timed out, nothing received
***Request timed out

Checking for network time protocol daemon (NTPD):

I am getting the above output on both our access manager cluster
members...

But, netstat -anp | grep 123 gives, that the ports are open...


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...

ddgaikwad wrote:

> rcntp status gives:
> localhost: timed out, nothing received
> ***Request timed out
>
> Checking for network time protocol daemon (NTPD):
>
> I am getting the above output on both our access manager cluster
> members...
>
> But, netstat -anp | grep 123 gives, that the ports are open...


What version of NAM are you running? I had issues with NTP on one of
the older 3.1.x LAGs.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


We are using: 3.1.4-27.

-Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...

ddgaikwad wrote:

>
> We are using: 3.1.4-27.


Are you still running the SLES9 based LAG?

What does the output of the command "ntpq -p" give you?

I had problems with NTP after a security tweak (bug 528414) in 3.1.2
which locked down ntp on the LAG a bit harder.

I solved this at the time by adding two lines manually to /etc/ntp.conf

However this is not an ideal (or supported or recommended) solution as
the Admin Console is the correct place to set this.

The longer term solution (if I recall correctly) was to replace the
SLES9 appliance with the SLES11 based LAG one. I don't think the
problem occurred there.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


Output of ntpq -p:
localhost: timed out, nothing received
***Request timed out

And for the LAG, its installed on a SLES 11 box:
Novell Access Manager - Access Gateway Appliance 3.1.2 (i586)
VERSION = 3.1
PATCHLEVEL = 2

ntpdrift shows somthing like this one here:
2.605

-Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...

ddgaikwad wrote:

>
> Output of ntpq -p:
> localhost: timed out, nothing received
> ***Request timed out


Ok,

try the solution I posted from this thread:
https://forums.netiq.com/showthread.php?1947-ntp-server-unreachable-from-LAG

Not entirely sure when/how this issue was resolved, but at a later
point when we built a new LAG for that customer - the issue disappeared
and we no longer needed to apply the fix mentioned in that thread.

--
If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


Thanks Alex!

I will go through it and implement it.
Another thing I noticed that I am getting the same behavior with our
Access Gateway servers in Dev and QA environments.

Will post the results soon.

-Dinesh


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


ddgaikwad;240590 Wrote:
> Thanks Alex!
>
> I will go through it and implement it.
> Another thing I noticed that I am getting the same behavior with our
> Access Gateway servers in Dev and QA environments.
>
> Will post the results soon.
>
> -Dinesh


Are you running in a VM? LIke XEN or VMware? If so, have you followed
the docs in setting up the cron job to run the timesync stuff?

--Kevin


--
kjhurni
------------------------------------------------------------------------
kjhurni's Profile: https://forums.netiq.com/member.php?userid=322
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Access Gateway and time difference...


Yes, we are running the servers on ESX server.
Well, due to another issue we had to perform a restart of the server,
after which the time drift seems to be fixed.

When the time was reset, did the steps provided in this thread:
http://tinyurl.com/q49ssxd

For now the servers are in time sync and do not see any drift.
I guess the issue seems to be resolved for the time being... 🙂

-ddgaikwad


--
ddgaikwad
------------------------------------------------------------------------
ddgaikwad's Profile: https://forums.netiq.com/member.php?userid=5917
View this thread: https://forums.netiq.com/showthread.php?t=49984

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.