Page 2 of 4
Re: Unable to login using the nagiosadmin credentials
Posted: Fri Aug 26, 2016 11:07 am
by sgiworks
[root@ip-10-1-252-201 ec2-user]# ntpdate -u 0.centos.pool.ntp.org
26 Aug 12:07:43 ntpdate[1322]: no server suitable for synchronization found
Re: Unable to login using the nagiosadmin credentials
Posted: Fri Aug 26, 2016 11:11 am
by sgiworks
No blocking of NTP packets
Re: Unable to login using the nagiosadmin credentials
Posted: Fri Aug 26, 2016 12:19 pm
by mcapra
Are there any internal NTP pools/servers your organization uses? You could try re-configuring your /etc/ntp.conf to use those pools instead of the default CentOS pools.
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 10:14 am
by sgiworks
There are no internal NTP pools/servers
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 11:39 am
by mcapra
Lets get some more verbose output from ntp. Can you run the following and share the output:
Code: Select all
ntpdate -uvd 0.centos.pool.ntp.org
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 12:17 pm
by sgiworks
Attached a output from ntpdate
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 12:18 pm
by sgiworks
Why does it show host found : mail.misbegotten.net
Because when I check on another server is shows correct host details, how can I update it on this server?
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 12:55 pm
by mcapra
sgiworks wrote:Why does it show host found : mail.misbegotten.net
Because when I check on another server is shows correct host details, how can I update it on this server?
I'm not sure what you mean by "correct host details". When NTP asks for the time from a given pool, something similar to RRDNS will pass the request to one of the servers in the pool.
mail.misbegotten.net is just one of those servers in the ntp pool. Getting the same server on 2 separate
ntpdate requests against pool.ntp.org is unlikely unless you're querying a specific server.
The real issue is that your machine is trying to get the time from a remote server by transmitting a request but is not receiving a response back.
Are these machines (the functional and non-functional) at the same site with the same ISP? If not, you might inquire with the ISP to see if they're blocking NTP traffic. Again, this is definitely not unheard of since it's a common DOS vector. The ISP at the site might have a specific NTP server it has customers use.
Can you run a traceroute against one of those IPs in the output?
traceroute 54.194.18.100 for example. You may need to
yum install traceroute since it's not usually included with NLS. Feel free to PM the results of this if they contain sensitive network architecture information.
Other IPs that failed to return the time:
Code: Select all
transmit(54.194.18.100)
transmit(54.229.78.96)
transmit(54.171.104.100)
transmit(54.194.18.100)
transmit(54.229.78.96)
transmit(54.171.104.100)
transmit(54.194.18.100)
transmit(54.229.78.96)
transmit(54.171.104.100)
transmit(54.194.18.100)
transmit(54.229.78.96)
transmit(54.171.104.100)
transmit(54.194.18.100)
transmit(54.229.78.96)
transmit(54.171.104.100)
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 2:53 pm
by sgiworks
traceroute to 54.194.18.100 failed, NO CONNECTION
Re: Unable to login using the nagiosadmin credentials
Posted: Mon Aug 29, 2016 2:59 pm
by mcapra
Could you also answer this question:
mcapra wrote:
Are these machines (the functional and non-functional) at the same site with the same ISP? If not, you might inquire with the ISP to see if they're blocking NTP traffic. Again, this is definitely not unheard of since it's a common DOS vector. The ISP at the site might have a specific NTP server it has customers use.
At this point, i'm fairly certain something on the network is filtering/blocking the requests NTP is making from this machine.