Accurate time synchronization is an extremely important requirement of successful AppGate operation. Inaccurate time can cause issues with Clients connecting to AppGate servers or AppGate servers connecting to other servers in the collective. AppGate appliances rely on an NTP Server for accurate time synchronization. If there is an issue with the NTP services setting accurate time across appliances, appliances can go into a warning or unhealthy state and errors can be seen including:
"Warning: ntpd is not running"
"System clock synchronized: no"
Observed Behaviors and Errors
If you find these errors on the AppGate dashboard it is likely due to an inability to reach NTP servers and the NTP Client daemon has stopped.
Resolution / Suggested Actions
Navigate to System -> Appliances. Select the Appliance with the warning, review the NTP Server settings...
SSH into the appliance and query the NTP server shown to see if there is a response. The -q flag for the ntpdate command only queries the server, and does not make any changes.
ntpdate -q <ntp server>
If the command results with "no server suitable for synchronization found".
Determine what could be causing the connection issue. This could be caused by...
NTP port blockage by the firewall or security group
Inability to resolve the hostname
Routing issues
Invalid NTP server
Once you have determined the connection issue, execute the same command again and you should get results from the server(s) showing the offset and delay of the system date compared to the NTP server.
If the NTP server hostnames should be changed this should be done in the AppGate Admin UI under the System->Appliance settings. This may take a while for the NTP client to retry the new server; To force the NTP client to refresh, run these commands:
sudo systemctl stop ntp
sudo ntpdate <ntp server>
sudo systemctl start ntp