*Update: skip ahead to this post for definitive workaround:
Post #10
And explanation of what happened when I told iX about it:
Post #11
On TrueNAS Core 12 but if memory serves me correctly, this used to happen to me in FreeNAS 11 as well. The default NTP servers are configured as 0.freebsd.pool.ntp.org and 1 and 2.
Over time, my clock would slowly drift which would eventually result my not being able to login due to Google authenticator's time based 2FA. Fortunately I had console access via SSH and sometimes performing a "service ntpd restart" caused things to sync back up.
However, this was a nuisance and a temporary fix. Today I really dove into it.
I tried adding about a dozen servers in such as time.nist.gov and time.windows.com and several others from*.pool.ntp.org.
Then I checked on the console with "ntpq -p" to see what the status was and found that a bunch were stuck on .INIT. I had about 7 of 12 synced up initially so gave it 24 hours to see if things would sync up and instead, I was stuck with only 3 servers synced. The rest had gone to .INIT.
Puzzled, I dove into the ntp.conf file by hand and the first line I commented out was "restrict default ignore"
I performed a "service ntpd restart" and then a "ntpq -p" and to my delight it seemed almost every server had synced. Now I was making progress and had it narrowed down to an access restriction issue and nothing to do with my ISP or router or ports.
After reading the ntp.conf docs here:
I discovered the following:
And
A peek at the ntp.conf generated by TrueNAS clearly was not conforming to that.
After deleting the default 3 servers via the web interface, I immediately started looking up the IP addresses of public NTP servers and added them in.
As of now, all servers I configured are synced.
If anyone else is running into NTP issues, this might be as good idea for you to try and see if it resolves your issue. I'm in NYC, BTW, so my server choices are based off that. If you are in another country or even different coast, you should probably use different servers.
Post #10
And explanation of what happened when I told iX about it:
Post #11
On TrueNAS Core 12 but if memory serves me correctly, this used to happen to me in FreeNAS 11 as well. The default NTP servers are configured as 0.freebsd.pool.ntp.org and 1 and 2.
Over time, my clock would slowly drift which would eventually result my not being able to login due to Google authenticator's time based 2FA. Fortunately I had console access via SSH and sometimes performing a "service ntpd restart" caused things to sync back up.
However, this was a nuisance and a temporary fix. Today I really dove into it.
I tried adding about a dozen servers in such as time.nist.gov and time.windows.com and several others from*.pool.ntp.org.
Then I checked on the console with "ntpq -p" to see what the status was and found that a bunch were stuck on .INIT. I had about 7 of 12 synced up initially so gave it 24 hours to see if things would sync up and instead, I was stuck with only 3 servers synced. The rest had gone to .INIT.
Puzzled, I dove into the ntp.conf file by hand and the first line I commented out was "restrict default ignore"
I performed a "service ntpd restart" and then a "ntpq -p" and to my delight it seemed almost every server had synced. Now I was making progress and had it narrowed down to an access restriction issue and nothing to do with my ISP or router or ports.
After reading the ntp.conf docs here:
I discovered the following:
ALERT! You must use IP addresses on restrict statements.
And
You may use either a hostname or IP address on the server line. You must use an IP address on the restrict line.
A peek at the ntp.conf generated by TrueNAS clearly was not conforming to that.
After deleting the default 3 servers via the web interface, I immediately started looking up the IP addresses of public NTP servers and added them in.
As of now, all servers I configured are synced.
remote refid st t when poll reach delay offset jitter
==============================================================================
time-c-b.nist.g .NIST. 1 u 6 64 21 43.632 -1.116 0.313
-104.171.113.34 204.9.54.119 2 u 38 64 377 32.063 +5.971 0.521
*usnyc3-ntp-003. .GPSs. 1 u 49 64 377 2.851 -0.974 0.598
-dev.smatwebdesi 204.9.54.119 2 u 38 64 377 43.156 -1.664 0.276
#91.206.16.3 (tm 195.28.27.26 2 u 171 64 144 153.327 +3.700 1.222
-ntp2.as200552.n 202.70.69.81 2 u 46 64 377 72.704 -0.541 0.439
-ntp0.edu-zg.io 85.158.27.30 2 u 36 64 377 98.168 -3.028 0.294
-82.193.104.168 62.149.0.30 2 u 39 64 377 113.148 -8.644 6.818
-23.92.64.226 31.222.135.144 3 u 37 64 375 42.031 +2.459 0.629
+159.203.82.102 17.253.2.123 2 u 37 64 377 4.472 -0.661 0.209
-li116-100.membe 192.58.120.8 2 u 78 64 206 42.461 -1.849 0.959
+162.221.74.15 ( 185.140.51.3 2 u 28 64 377 8.201 -1.147 0.371
If anyone else is running into NTP issues, this might be as good idea for you to try and see if it resolves your issue. I'm in NYC, BTW, so my server choices are based off that. If you are in another country or even different coast, you should probably use different servers.
Last edited: