NTP issues

[LostInIgnorance]

I have had issues as of lately trying to get my freenas to sync up with my DC time server. With no avail, I can't even get it to sync with any time server. I have tried my local dc, my firewall (running NTP), the ntp.pool.org addresses. All I keep getting when I try to save the settings the system>NTP Servers is "Server could not be reached. Check "Force" to continue regardless."
If I check force, it still doesn't help to try to get it synced up so I can add it to AD. The time shows up correctly using shell and 'date', but I can't get it to sync.

 

[cyberjock]

I'm having the same exact issue. I can't get NTP servers to work at all. Tried deleting the default servers and created new ones that I KNOW work, but I still have to force it and it doesn't sync.

I've accepted it as a bug with 8.2 or an incompatibility with running it in a virtual machine(that's what mine is for experimental purposes).

 

[LostInIgnorance]

It seems to me that it is not limited to VMware though. I have FreeNAS 8.2 running on a physical machine (HP Microserver W/ mass storage 9TB system). When I updated to 8.2 on this machine, it wouldn't sync up with AD anymore. I had it synced up until the update. The update seemed to break it.

 

[cyberjock]

So I'm convinced something is wrong with FreeNAS 8.2 with networking. I've experimented a little more and I can even ping the NTP server. Regardless I have to "force" the settings to save an NTP server because the "Server could not be reached". I even tried entering the IP address for the NTP server and that didn't work either. Strangely, every so often I get a message in the console that says things like "FreeNAS ntpd[1556]: time reset -1.491191 s". I'm not 100% sure, but I believe that message is telling me that the NTP service is operating and it did contact an NTP server. So go figure.

Since I get alot of weird errors when trying to use jails and plugins telling me that "manual configuration required" for network related stuff I have to assume that something is wrong internally for FreeNAS.

I hadn't setup emails, but I figured I'd set that up since I was bored earlier but I continually get errors saying "Your test email could not be sent: [Errno 65] No route to host". I normally leave the IPV4 Default Gateway and Nameserver 1 and 2 blank since that stuff should be auto-complete by DHCP. I've entered the correct information just in case it would matter. It doesn't. Edit: I can ping smtp.gmail.com, yet the webui still tells me no route to host. Hmmm...

Overall, I think 8.2 sometimes can and sometimes can't access my network and the internet. Not sure how to fix it though. I'm guessing from some of the other people's forum posts this isn't rare, but will take some work to find the actual bug.

 

[jgreco]

Well, what's your network setup like? It is easy to say it doesn't work but when you've given no information that might lead someone else to be able to assist you, you're pretty much unlikely to get much useful assistance.

 

[LostInIgnorance]

I have a network comprised of a VMware server running my DC, two FreeNAS computers (one virtualised for ISO storage and one HP Microserver used as a mass storage device), and a few clients. The DC does dhcp, dns, AD, ntp and print. I have no issues on any of the clients with time being off or any AD issues.
If you would like to know anything else, just let me know.

 

[jgreco]

So what are you meaning "DC" to stand for? Data center?

Do you have a single LAN hosting this all? A single interface from the Microserver connected to it? Is this behind NAT? Public IP? If NAT, does the NAT firewall certain services or restrict port ranges? There are so many possibilities, it's hard to grasp at it. Both a virtualized FreeNAS and a N40L-based FreeNAS exhibit the problem? What version of FreeNAS are you running, while we're at it? When you're at a FreeNAS command prompt, and type "ntpdc", what's the results of dmpeers?

ntpdc> dmpeers
remote local st poll reach delay offset disp
=======================================================================
*ntp1.sol.net <redacted> 2 64 177 0.03787 -0.001970 0.04875
ntp2.sol.net <redacted> 2 64 377 0.03705 -0.003520 0.06306
.ntp3.sol.net <redacted> 2 64 177 0.00041 0.001016 0.05449


Basically, it'd help quite a bit if you could confirm that you had a locally accessible NTP server, that its time was properly synchronized, and that your FreeNAS wasn't syncing to it. Then we'd probably be talking either a networking bug or a FreeNAS bug, and step through things one bit at a time.

 

[LostInIgnorance]

DC = Domain Controller (Server 2008 r2)

Interfaces from both microserver and VMware are dual intel nics LACP'd.
Firewall rules from both the microserver and the VM FreeNAS machine have no restrictions at this time.
Both machines exhibit the same issues with NTP and not being able to join the domain.
I have an NTP server dedicated and none of the other objects (from Access Points, Clients, FreeBSD running nginx) are having issues with the time server.

 

[cyberjock]

My setup is a FreeNAS machine running as a guest OS using VMWare Workstation 8.0.4 on Windows Server 2008 R2. It has a single NIC assigned to it as a bridged network. I recently made a registry change to make the virtual machines operate outside of the host OS firewall. I had thought that the host OS firewall was causing part of the problem. However, that does not seem to be the issue.

I will say that FreeNAS seems to work okay sometimes(for a few minutes). I can't seem to figure what changes to make it suddenly start working or what makes it stop working.

 

[jgreco]

Ahh, I don't do the Windows stuff so all the Windows abbreviations are often so much gibberish. I would get it if I sat and stewed over it for a few minutes...

The snapshot you included appears to show a happy ntpd running; it indicates the host is Stratum 4. Since you are using one of the pool.ntp.org servers, most of those are S2, which would make your intermediate a S3, and thus FreeNAS at S4. The delay is reasonable for a local network, and the offset is reasonable for a S4 clock. Your clock appears to be synchronized. This doesn't appear to be a timekeeping problem, and you say that your time appears to be correct at the prompt, so consider this a confirmation that your system time is very likely 100% correct.

So now when you're experiencing a problem, this is probably a good thing to doublecheck very quickly, just to make sure the system time hasn't suddenly gone all to hell.

It's interesting that FreeNAS thinks it cannot reach the NTP server. I'm kind of wondering what causes that behaviour, and more, if the system's time is correct, what the cause of your AD issues are. I'll ponder that for a bit.

 

[cyberjock]

So I chose to try Virtualbox since upgrading to 8.2. The plugins just weren't quite right and the jail wasn't quite right. As soon as I loaded up FreeNAS on virtualbox with the exact same config as I was using in VMWare Workstation, it worked perfectly. So something is wrong with VMWare and FreeNAS 8.2's jail implementation.

 

[jgreco]

Or possibly you've made a bit of a configuration blunder. Some of us operate extensive VMware environments without issue, but you do need to be aware of certain limitations. The VMware networking, in particular, can be fraught with peril if you're trying to do some of the more complex things such as CARP at the VM level with LACP at the host level (probably the best example of a particularly finicky setup). We run tons of stuff in jails on VMware VM's, because jails with minimized environments are one of the better security precautions you can take... no /bin/sh, many exploits just can't work.

 

[cyberjock]

I don't know. I imported my config file, built the jail and plugins using the exact same files I had used the previous 3-5 times and used the exact same steps. I know alot of people use ESXi and they haven't had the same complaints I had. It could be something with my host OS configuration or something. But whatever the problem was, I circumvented it with virtualbox.