Overview
In Kerio Control, you can choose to synchronize the appliance time to NTP servers. The NTP client in Kerio Control will query the NTP server every 12 hours, and comply with the below logic:
- Sync frequency: if time was successfully synchronized, a new sync will be started after 12 hours
- Failed sync: if the sync failed, it will be retried after 1 hour
- Sync timeout: if the call to the NTP server takes more than 1 minute, Kerio Control will treat that as a failed sync attempt, and retrigger after 1 hour
In some isolated situations, you may need to query the NTP servers more frequently than the 12-hour hardcoded frequency.
Solution
There is no option in the web admin GUI or winroute.cfg to control the frequency or timeout. Therefore, when you need to adjust these, you can create a cronjob that will force the NTP sync per your requirement. Follow the below steps to do so
- Log in to Kerio Control using SSH.
- Execute the following command to switch the disk to read-write mode:
-
mount -o rw,remount /
-
- Use
nano
command to create a cronjob file:
nano /etc/cron.d/ntpsync
- You can use 2 different commands for the same purpose, so please choose one depending on the restrictions that you may have (both of them work in the exact same way)
-
rdate command: uses the RFC 868 TCP protocol by default, and it is considered an older method of time syncing. If you want to use rdate, use the below to create a cronjob that runs every 4 hours against specific time servers (like time.nist.gov)
SHELL=/bin/sh PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin MAILTO="" 0 */4 * * * root rdate -s time.nist.gov
-
ntpclient command: uses the Network Time Protocol (NTP) which operates on UDP port 123, can check multiple remote peers and is considered more modern and recommended for this task. If you want to use ntpclient, use the below to create a cronjob that runs every 4 hours against specified NTP servers:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/etc
MAILTO=""
0 */4 * * * root ntpclient -s -h pool.ntp.org
-
rdate command: uses the RFC 868 TCP protocol by default, and it is considered an older method of time syncing. If you want to use rdate, use the below to create a cronjob that runs every 4 hours against specific time servers (like time.nist.gov)
- Save the file by pressing CTRL + W and reboot Control.
/etc/boxinit.d/60winroute restart
Summary
Time synchronization issues can be resolved by setting up a cronjob to automatically sync the time with a reliable server. This can be done by logging into Kerio Control using SSH, switching the disk to read-write mode, creating a cronjob file, and rebooting Control.
FAQ
-
What does the `/4` in the cronjob mean?
The `/4` in the cronjob means the command will run every 4 hours. -
What does the command `mount -o rw,remount /` do?
This command switches the disk to read-write mode, allowing you to make changes. -
What is the difference between rdate and ntpclient?
rdate: Simple one-time time retrieval, basic accuracy, not suitable for high-precision needs. (Think of it as checking your watch with a single clock occasionally.)
ntpclient: Continuous synchronization with multiple servers, highly accurate and reliable for critical systems. (Think of it as constantly adjusting your watch based on multiple, precise time sources.)