# Time Synchronisation

![](https://www.agilicus.com/www/0bb955e8-time-sync-img.png)# Time Synchronisation

## Time Synchronisation

Accurate globally synced time is critical to the proper operation of many modern cryptographic tools. It affects certificte allocation/revocation, sign-in audit logs, etc.

The Agilicus system requires that your individual endpoints (browsers, Agent Connectors) have proper network time at all times. Typically this means enabling NTP.

During sign-in or installation you may see a warning indicating that your time is not accurate. Enable your time-sync service for your operating system to continue.

If your site does not have clock-sync available, you may choose to use the Agilicus Connector to get the correct time, see [Clock Syncing Via Agilicus AnyX](https://www.agilicus.com/anyx-guide/clock-syncing-via-agilicus-anyx/).

### Linux

On systemd-derived Linux distributions, NTP is provided y the time-sync target. This in turn might use ntpd or chrony:

```
systemctl status time-sync.target
● time-sync.target - System Time Synchronized
     Loaded: loaded (/lib/systemd/system/time-sync.target; static)
     Active: active since Tue 2022-04-12 16:01:41 EDT; 1 month 19 days ago
       Docs: man:systemd.special(7)
```

You can check that your NTP is synced using one of these commands:

```
chronyc  tracking
Reference ID    : CF22301F (backoffice-1.incentre.net)
Stratum         : 4
Ref time (UTC)  : Wed Jun 01 14:11:18 2022
System time     : 0.000066093 seconds fast of NTP time
Last offset     : -0.000524711 seconds
RMS offset      : 0.000274038 seconds
Frequency       : 18.516 ppm slow
Residual freq   : -0.004 ppm
Skew            : 0.036 ppm
Root delay      : 0.066371940 seconds
Root dispersion : 0.002734751 seconds
Update interval : 1035.0 seconds
Leap status     : Normal
```

```
$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+muug.ca         132.163.97.1     2 u  377 1024  377   40.083   -2.270   3.861
-nowhere.zeromea 10.0.11.202      2 u 1066 1024  377   20.776  -13.097  11.333
*zero.gotroot.ca 30.114.5.31      2 u  979 1024  377   68.439   -3.066   2.814
+time.cloudflare 10.106.8.139     3 u  555 1024  377   36.048   -2.940   2.268
```

### Windows

Microsoft Windows uses the Windows Time Service, which in turn uses the Network Time Protocol (NTP) on UDP port 123.

You can force a one-time sync with:

```
w32tm /resync
```

See Microsoft "[Windows Time service tools and settings](https://docs.microsoft.com/en-us/windows-server/networking/windows-time-service/windows-time-service-tools-and-settings)" for more information.

You can check your current NTP peers (your upstream time servers) with the below command:

```
C:\WINDOWS\system32>w32tm /query /peers
#Peers: 1

Peer: time.windows.com,0x9
State: Active
Time Remaining: 32683.0895075s
Mode: 3 (Client)
Stratum: 3 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 10 (1024s)
HostPoll Interval: 10 (1024s)

C:\WINDOWS\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0464631s
Root Dispersion: 7.7952278s
ReferenceId: 0xA83DD74A (source IP:  168.61.215.74)
Last Successful Sync Time: 2022-06-01 10:09:57
Source: time.windows.com,0x9
Poll Interval: 10 (1024s)
```

If your Windows time is mis-configured, you can reset it with:

```
w32tm /config /manualpeerlist:“time.windows.com” /syncfromflags:manual /reliable:YES /update
```

### Embedded Devices

Embedded devices running e.g. Ubiquity EdgeMax, pfSense, OpenWRT, etc, all have their own NTP-enable. See their documentation or web/cli interface for more information.