high root dispersion on Windows NTP sources

This document (000019832) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Manager Server 15
SUSE Manager Server for SAP 15
SUSE Manager Server 4.x

Situation

An NTP source is ignored by chrony because of a high root dispersion of that time source.

 

Resolution

If selecting a better time source is not feasible the user may change how picky chrony is about time sources in the configuration. To do so, the maxdistance value needs to be increased in /etc/chrony.conf to enable synchronization to a server with high root dispersion. For example an entry of:

maxdistance 16.0

rather than 3.0 would be high enough to tolerate the high root dispersion of a Windows server according to chrony documentation.

Cause

A common issue with Windows NTP servers is that they report a very large root dispersion (i.e. more than the default tolerance of three seconds). This causes chronyd to ignore the server for being too inaccurate in respect to upstream time sources. The sources command might show a valid measurement, but the server is not selected for synchronization. The root dispersion of a server can be viewed with the chronyc's ntpdata command:

# chronyc ntpdata

Additional Information

"Root dispersion" is a measure of the maximum recorded time difference between an NTP server and it's upstream time source. If an NTP server has a high root dispersion this is an indication of inaccuracy in that server's NTP service. This issue can often be observed on networked SUSE products using chrony for NTP synchronization and using a Windows Server as a time source. It is also observed on time sources with a high root dispersion in general.

The server might be reachable, but chrony ignores it for the purposes of time synchronization, since the high root dispersion indicates an inaccurate time source. This is usually desired behavior - chrony is rejecting inaccurate time sources based on a default heuristic. In an ideal situation chrony would skip this time server and go on to the next, hopefully better, source. However, in some deployments the only time source might be a Windows time server or AD controller on the local network, since the SLES server can't reach the outside network. This TID covers this case.

More information can be found on chrony's documentation site:

https://chrony.tuxfamily.org/faq.html#_using_a_windows_ntp_server

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000019832
  • Creation Date: 02-Mar-2021
  • Modified Date:02-Jul-2021
    • SUSE Linux Enterprise High Availability Extension
    • SUSE Linux Enterprise Server
    • SUSE Linux Enterprise Server for SAP Applications
    • SUSE Manager

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback@suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.


SUSE Customer Support Quick Reference Guide SUSE Technical Support Handbook Update Advisories
Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center