Cannot sync time ntp

[Xalex]

I talked to support and we tried everything everything we could think of. I'm still pretty sure the whitelisted time servers are being filtered somehow outside of my vds. I've redacted anything sensitive and replaced it with *

Port 123 is open both INPUT and OUTPUT src and dst on localhost.

I installed ntp through apt-get and configured it.

I've set the whitelist servers by name and ip in ntp.conf

Apparmor was "confining" ntpd, I disabled the profile.

I can ping the time servers with icmp and the route is fine. However anything over port 123 does not come back. It is always open|filtered. I see the counters in iptables shows the OUTPUT activity over ntp is a lot but on INPUT almost nothing ever comes back.

ntpdate -u * returns "7 May 16:29:10 ntpdate[2442]: no server suitable for synchronization found" every time.

ntpq -p returns

remote refid st t when poll reach delay offset jitter
========================================
* .INIT. 16 u - 1024 0 0.000 0.000 0.000
* .INIT. 16 u - 1024 0 0.000 0.000 0.000


nmap returns:

*@*:~$ sudo nmap -sU -v -p 123 *
[sudo] password for *:

Starting Nmap 6.40 ( http://nmap.org ) at 2016-05-07 16:31 MDT
Initiating Ping Scan at 16:31
Scanning * (*) [4 ports]
Completed Ping Scan at 16:31, 1.01s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:31
Completed Parallel DNS resolution of 1 host. at 16:31, 0.01s elapsed
Initiating UDP Scan at 16:31
Scanning * (*) [1 port]
Completed UDP Scan at 16:31, 0.22s elapsed (1 total ports)
Nmap scan report for * (*)
Host is up (0.00037s latency).
rDNS record for *: *
PORT STATE SERVICE
123/udp open|filtered ntp

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.34 seconds
Raw packets sent: 6 (304B) | Rcvd: 1 (28B)

The problem I'm having is that to use AWS Cli the time clock must be accurate. Every time I set hwclock manually and then set system time to it, it resets the clock upon restart. So I installed ntp but since that doesn't work there is no way to keep time. I really don't want to have to create some hack script to set the hw and system clock before I issue AWS commands each day but I may have to at this point.

[Xalex]

Found another diagnostic to show what is going on. Really seems like the "whitelisted" time servers are still being filtered.

*@*:~$ ntpdate -vd *
7 May 16:41:10 ntpdate[2461]: ntpdate 4.2.6p5@1.2349-o Thu Feb 11 18:30:41 UTC 2016 (1)
Looking for host * and service ntp
host found : *
transmit(*)
transmit(*)
transmit(*)
transmit(*)
transmit(*)
*: Server dropped: no data
server *, port 123
stratum 0, precision 0, leap 00, trust 000
refid [*], delay 0.00000, dispersion 64.00000
transmitted 4, in filter 4
reference time: 00000000.00000000 Sun, Dec 31 1899 17:00:00.000
originate timestamp: 00000000.00000000 Sun, Dec 31 1899 17:00:00.000
transmit timestamp: dad8ed8c.39e54637 Sat, May 7 2016 16:41:16.226
filter delay: 0.00000 0.00000 0.00000 0.00000
0.00000 0.00000 0.00000 0.00000
filter offset: 0.000000 0.000000 0.000000 0.000000
0.000000 0.000000 0.000000 0.000000
delay 0.00000, dispersion 64.00000
offset 0.000000

7 May 16:41:18 ntpdate[2461]: no server suitable for synchronization found

[Xalex]

This has been solved. If you are trying to use whitelisted time servers, ask them for more if the ones they gave you are not working.

[Edge100x]

time-a.nist.gov, time-b.nist.gov, and time-c.nist.gov should work regardless of the server location.

At most locations, other 3rd party servers will also work.