ntpd System Log Messages
from Alice's Adventures in Wonderland, Lewis Carroll
The mushroom knows all the error codes, which is more than most of us do.
Last update: 01:09 UTC Saturday, November 24, 2007
Related Links
You have come here because you found a cryptic message in the system log. This page by no means lists all messages that might be found, since new ones come and old ones go. Generally, however, the most common ones will be found here. They are listed by program module and log severity code in bold: LOG_ERR, LOG_NOTICE and LOG_INFO.
Most of the time LOG_ERR messages are fatal, but often ntpd limps onward in the hopes of discovering more errors. The LOG_NOTICE messages usually mean the time has changed or some other condition that probably should be noticed. The LOG_INFO messages usually say something about the system operations, but do not affect the time.
In the following a '?' character stands for text in the message. The meaning should be clear from context.
Protocol Module
LOG_ERR
- buffer overflow ?
- Fatal error. An input packet is too long for processing.
LOG_NOTICE
- no reply; clock not set
- In ntpdate mode no servers have been found. The server(s) and/or network may be down. Standard debugging procedures apply.
LOG_INFO
- proto_config: illegal item ?, value ?
- Program error. Bugs can be reported here.
- pps sync enabled
- The PPS signal has been detected and enabled.
- transmit: encryption key ? not found
- The encryption key is not defined or not trusted.
- precision = ? usec
- This reports the precision measured for this machine.
- using 10ms tick adjustments
- Gotcha for some machines with dirty rotten clock hardware.
- no servers reachable
- The system clock is running on internal batteries. The server(s) and/or network may be down.
Clock Discipline Module
LOG_ERR
- time correction of ? seconds exceeds sanity limit (?); set clock manually to the correct UTC time.
- Fatal error. Better do what it says, then restart the daemon. Be advised NTP and Unix know nothing about local time zones. The clock must be set to Coordinated Universal Time (UTC). Believe it; by international agreement abbreviations are in French and descriptions are in English.
- sigaction() fails to save SIGSYS trap: ?
sigaction() fails to restore SIGSYS trap: ?
- Program error. Bugs can be reported here.
LOG_NOTICE
- frequency error ? exceeds tolerance 500 PPM
- The hardware clock frequency error exceeds the rate the kernel can correct. This could be a hardware or a kernel problem.
- time slew ? s
- The time error exceeds the step threshold and is being slewed to the correct time. You may have to wait a very long time.
- time reset ? s
- The time error exceeds the step threshold and has been reset to the correct time. Computer scientists don't like this, but they can set the ntpd -x option and wait forever.
- kernel time sync disabled ?
- The kernel reports an error. See the codes in the timex.h file.
- pps sync disabled
- The PPS signal has died, probably due to a dead radio, broken wire or loose connector.
LOG_INFO
- kernel time sync status ?
- For information only. See the codes in the timex.h file.
Cryptographic Module
LOG_ERR
- cert_parse ?
cert_sign ?
crypto_cert ?
crypto_encrypt ?
crypto_gq ?
crypto_iff ?
crypto_key ?
crypto_mv ?
crypto_setup ?
make_keys ?
- Usually fatal errors. These messages display error codes returned from the OpenSSL library. See the OpenSSL documentation for explanation.
- crypto_setup: certificate ? is trusted, but not self signed.
crypto_setup: certificate ? not for this host
crypto_setup: certificate file ? not found or corrupt
crypto_setup: host key file ? not found or corrupt
crypto_setup: host key is not RSA key type
crypto_setup: random seed file ? not found
rypto_setup: random seed file not specified
- Fatal errors. These messages show problems during the initialization procedure.
LOG_INFO
- cert_parse: expired ?
cert_parse: invalid issuer ?
cert_parse: invalid signature ?
cert_parse: invalid subject ?
- There is a problem with a certificate. Operation cannot proceed untill the problem is fixed. If the certificate is local, it can be regenerated using the ntp-keygen program. If it is held somewhere else, it must be fixed by the holder.
- crypto_?: defective key
crypto_?: invalid filestamp
crypto_?: missing challenge
crypto_?: scheme unavailable
- There is a problem with the identity scheme. Operation cannot proceed untill the problem is fixed. Usually errors are due to misconfiguration or an orphan association. If the latter, ntpd will usually time out and recover by itself.
- crypto_cert: wrong PEM type ?
- The certificate does not have MIME type CERTIFICATE. You are probably using the wrong type from OpenSSL or an external certificate authority.
- crypto_ident: no compatible identity scheme found
- Configuration error. The server and client identity schemes are incompatible.
- crypto_tai: kernel TAI update failed
- The kernel does not support this function. You may need a new kernel or patch.
- crypto_tai: leapseconds file ? error ?
- The leapseconds file is corrupt. Obtain the latest file from time.nist.gov.