Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

NTP Server will not sync with Time Server outside the network

Status
Not open for further replies.

drummelhart

IS-IT--Management
Feb 25, 2009
173
US
Last night, our IT Department started working on a major W32time issue in respect that none of our DCs or Exchange would sync.

We went through MS's Diagnostic Technet Pages and finally all Servers synced.

Now the problem is that the Main DPC is unable to sync with a Time Server outside the Network.

I have opened port 123 in and out for UDP as well as TCP.

What else would I be missing?

Do I need to call or email the contact first and have him give me some kind of access?

What have you done to make this work?


Thanks!!!!!
 
If you have Routers in the path don't forget to allow NTP through your ACL's.
 
we have no routers to carry any changes

The PIX is the default gateway.


There is no logs in the firewall. That is the part that slays me at this point in time!
 
Switch on monitoring on the PIX and force a time update. See what the PIX displays

-------------------------------

If it doesn't leak oil it must be empty!!
 
at the enable prompt type:-

term mon

This will enable monitoring

-------------------------------

If it doesn't leak oil it must be empty!!
 
You should see some deny messages relating to NTP from your domain controller. You would then have to add an access rule to the firewall to allow this.

Are you the firewall administrator?

-------------------------------

If it doesn't leak oil it must be empty!!
 
yes I am. At this time we changed all NTP to use our main DC as the time source. I am waiting for a time where I can setup another server to sync with an outside time source.

I have never used term mon. I take it this is a terminal, so I need to hook up a server or another computer to it with a terminal cable?
 
No, I assume you have a console connection to the PIX if so you can run it there from the en prompt.

-------------------------------

If it doesn't leak oil it must be empty!!
 
your PIX config is fine. did you edit the registry directly or did you run the w32tm command with the options?? if you edited the registry please post exactly what registry entries you added/deleted/modified along with the values. if you used the w32tm command please post the exact command sequence that you used. all of this should be coming from the server holding the PDC Emulator FSMO role.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
yes I am. At this time we changed all NTP to use our main DC as the time source.
That's the way it should be anyways. Then just configure the holder of the PDCe role to use an outside source.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
My Network Engineer and I tested this Friday afternoon.

We saw that the PIX was allowing UDP 123, but what we do not understand is once we configured the PDC to sync with an outside source, we received the error the box could not find the time source.


We then took a regular XP laptop, ran the same configurations, and successfully synced with a Timer Server. I do not know what this means, and I do not think it is a good sign either
 
no it is turned off including SCH or some acronym like that
 
the windows firewall is not turned on. What else other than some policy I do not know of since the creation of this domain would hamper any computer within this network to not sync with an outside Time Source?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top