Time Synchronisation

0bb955e8 time sync img

Time Synchronisation

Time Synchronisation

Accurate globally synced time is critical to the proper operation of many modern cryptographic tools. It affects certificte allocation/revocation, sign-in audit logs, etc.

The Agilicus system requires that your individual endpoints (browsers, Agent Connectors) have proper network time at all times. Typically this means enabling NTP.

During sign-in or installation you may see a warning indicating that your time is not accurate. Enable your time-sync service for your operating system to continue.

Linux

On systemd-derived Linux distributions, NTP is provided y the time-sync target. This in turn might use ntpd or chrony:

systemctl status time-sync.target
● time-sync.target - System Time Synchronized
     Loaded: loaded (/lib/systemd/system/time-sync.target; static)
     Active: active since Tue 2022-04-12 16:01:41 EDT; 1 month 19 days ago
       Docs: man:systemd.special(7)

You can check that your NTP is synced using one of these commands:

chronyc  tracking
Reference ID    : CF22301F (backoffice-1.incentre.net)
Stratum         : 4
Ref time (UTC)  : Wed Jun 01 14:11:18 2022
System time     : 0.000066093 seconds fast of NTP time
Last offset     : -0.000524711 seconds
RMS offset      : 0.000274038 seconds
Frequency       : 18.516 ppm slow
Residual freq   : -0.004 ppm
Skew            : 0.036 ppm
Root delay      : 0.066371940 seconds
Root dispersion : 0.002734751 seconds
Update interval : 1035.0 seconds
Leap status     : Normal
$ ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
+muug.ca         132.163.97.1     2 u  377 1024  377   40.083   -2.270   3.861
-nowhere.zeromea 10.0.11.202      2 u 1066 1024  377   20.776  -13.097  11.333
*zero.gotroot.ca 30.114.5.31      2 u  979 1024  377   68.439   -3.066   2.814
+time.cloudflare 10.106.8.139     3 u  555 1024  377   36.048   -2.940   2.268

Windows

Microsoft Windows uses the Windows Time Service, which in turn uses the Network Time Protocol (NTP) on UDP port 123.

You can force a one-time sync with:

w32tm /resync

See Microsoft “Windows Time service tools and settings” for more information.

You can check your current NTP peers (your upstream time servers) with the below command:

C:\WINDOWS\system32>w32tm /query /peers
#Peers: 1

Peer: time.windows.com,0x9
State: Active
Time Remaining: 32683.0895075s
Mode: 3 (Client)
Stratum: 3 (secondary reference - syncd by (S)NTP)
PeerPoll Interval: 10 (1024s)
HostPoll Interval: 10 (1024s)

C:\WINDOWS\system32>w32tm /query /status
Leap Indicator: 0(no warning)
Stratum: 4 (secondary reference - syncd by (S)NTP)
Precision: -23 (119.209ns per tick)
Root Delay: 0.0464631s
Root Dispersion: 7.7952278s
ReferenceId: 0xA83DD74A (source IP:  168.61.215.74)
Last Successful Sync Time: 2022-06-01 10:09:57
Source: time.windows.com,0x9
Poll Interval: 10 (1024s)

Embedded Devices

Embedded devices running e.g. Ubiquity EdgeMax, pfSense, OpenWRT, etc, all have their own NTP-enable. See their documentation or web/cli interface for more information.