Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Martin_Vilim
Participant
Jump to solution

Time sync problem on gaia Open Server in Hyper-V

Hello,

I started with Checkpoint before 12 months, with Security GW (Open Server VmWare) and Smart. The Smart and management are installed on the same server. Gaia runs on Hyper-V Windows 2012 R2. The virtual server version is 1. On the revision R80.10 Take 42

I experienced huge problem with time sync. Because of incompatibility between Gaia and Hyper-V described sk105862

I think it's not necessary to describe how bad is when the logs are time shifted.

Can you share your solution, how are you dealing with this issue? I found the NTP has a problems too. The solution from support is not clear, it was try and check. I'm wonder for your solutions of this issue, I think it may be different.

Thank you, Martin

1 Solution

Accepted Solutions
Benoit_Verove
Contributor

Hi,

We had a similar issue with a R80.10 management on Hyper-V a few month ago.

We raised a service request. First, the TAC proposed us a workaround with a similar script to add to cron table.

Then we add a remote session with the support engineer : After backing it up, we have updated the grub with a value to change how the clock is being handled by the OS.
From then, no more clock problems.

Here is the value :
"notsc divider=10 clocksource=acpi_pm"

Regards,

Benoit

View solution in original post

13 Replies
Danny
Champion Champion
Champion

In a Hyper-V environment, the Virtual Machine's clock moves faster than the hardware time because the Hyper-V clocksource does not work on 64-bit kernel (sk105862).

Therefore Hyper-V integration services should not offer time sync. Uncheck this setting in the "Advanced" section of hardware properties of the Hyper-V VM. Check Point Support will provide you a custom hotfix for your environment, for which you need to open a Service Request. In the mean time you can have a cronjob correcting the time every minute as Check Point suggests or configure Advanced NTP features on Gaia OS in order to do a NTP time sync with an in-house NTP server of yours every 16 seconds. If you need a shorter poll interval, use ntpdate.

NTP Troubleshooting

Martin_Vilim
Participant

I know about this sk, I put it in my question. I remember that I did with technical support a lot more things, some play with NTP, editing grub.conf... So I wonder what's work for other peoples. BTW time sync issue on the supported configuration, on logging system is horrible.

0 Kudos
Nikhil_Deshmukh
Contributor

Hotfix worked like a charm Smiley Happy

Go #CheckPoint Go #CheckMates Smiley Happy

Hatime_CHIKHI
Participant

Did you have to uncheck the sync option in the "Advanced" section of hardware properties of the Hyper-V VM ?

We have installed the hotfix, it worked for a while but then again it stopped synchronizing correctly.

0 Kudos
Hatime_CHIKHI
Participant

Update:

Checkpoint Support provided an other hotfix package, and the problem was solved after installing this new package.

0 Kudos
Nikhil_Deshmukh
Contributor

True Hatime CHIKHI‌,

Previously provided hotfix didn't work. Sorry for earlier.

I again contacted Check Point for the same, and they suggested by TAC is to go with On-going Jumbo Hotfix Take 131 or to create Cron Job on Management Server.

We went ahead with Cron Job as going with the On-going Take is a bit

0 Kudos
Steve_Payne1
Contributor

any chance of sharing your con job details so i can apply to my setup

thanks

0 Kudos
Nikhil_Deshmukh
Contributor

Hi Steve Payne‌,

  • uncheck the sync option in the "Advanced" section of hardware properties of the Hyper-V VM
  • Here you go, I have received the same from TAC.

# echo "*/1 * * * * root /sbin/hwclock --utc --hctosys" > /etc/cron.d/synctime
# chmod 644 /etc/cron.d/synctime
# service crond reload

  • Give it sometime and then it will start working

# clish -c "show time"

Steve_Payne1
Contributor

thank you,  as it was causing issues with out endpoint VPN's i exported from hyperv  and imported to VMware, been perfect since

Benoit_Verove
Contributor

Hi,

We had a similar issue with a R80.10 management on Hyper-V a few month ago.

We raised a service request. First, the TAC proposed us a workaround with a similar script to add to cron table.

Then we add a remote session with the support engineer : After backing it up, we have updated the grub with a value to change how the clock is being handled by the OS.
From then, no more clock problems.

Here is the value :
"notsc divider=10 clocksource=acpi_pm"

Regards,

Benoit

Martin_Vilim
Participant

Hi,

from my experience, the NTP sync in cron never works well. It caused bigger time mess in the logs.

The result that works well is the grub config update.

/etc/grub.conf

On the line with kernel parameters, I have divider=10 nophet notsc. Similar like Benoit wrote.

Regards,

Martin

0 Kudos
GG27
Contributor

The same issue affected a customer enviroment where HyperV is the HyperVisor used for their system.

The clock moved continuosly back and forward.

After a long TAC investigation, it provided me the workaround where I scheduled the sync between the host motherboard clock and the Gaia operating system.

0 Kudos
Yamil_Karim
Explorer

Do you think this would apply to Azure VMs? We are experiencing the same sort of issue on an Azure VM of this.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.