When the time on the VIP Access Manager gateway server is out of sync, users will lose the ability the access applications in the SSO portal. Errors such as "Internal Server Error" may be seen. One of the first things an administrator should check is the NTP sync status in the Admin Console under the Platform tab below the configuration section. Instead of the IP of the NTP server, an error will be displayed.
NTP Server may be unsynchronized or unconfigured
There are a few scenarios that can cause the time on the gateway server to get out of sync or to not sync at all.
The NTP server is unreachable.
The time on the NTP server itself is incorrect.
No NTP server was configured during installation of the gateway, or the entry in /etc/ntp.conf is invalid.
Since the gateway server is a virtual appliance the time may get out of sync by the VM being suspended and unsuspended.
If the time drift is off by an excessive amount the default behavior of ntpd is to stop attempting to sync. The time must then be resynchronized manually. Verify first that the system is set to use the correct NTP server in /etc/ntp.conf and that it is reachable (i.e. traceroute or ping).
To see what the current sync status is of ntpd, run the following command as root from ssh or console:
The response back will indicate that the server is "unsynchronized" or "synchronized" with the IP of the server it's connecting to.
To resync the server run the next set of commands.
service ntpd stop
ntpdate -s <IP address or FQDN of NTP server>
service ntpd start
If the above steps fail it is possible to force the VM to update its time by adding the following line to ntp.conf.
tinker panic 0
Repeat the previous steps once the changes have been saved.
Subscribing will provide email updates when this Article is updated. Login is required.