NTP Server IP Address ?

Hi,
I have configured a Cisco 6509 core switch as a NTP master and allowed all my access switches to get their time synchronised with the core switch. Now, I want to configure the core switch to get itself synchronised with other public NTP server which would be reliable and genuine as our organisation is serving for healthcare. One of my friend has told me to use these IPs 128.249.1.1 or 128.2.136.71 as a NTP Server in the core switch. Should I use them?
Is Cisco recommends any Public IP for  NTP Server synchronisation? Please suggest.
Thanks & Regards,
Anil K. 

Disclaimer: I have no affiliation with Cisco in any way except where I work, we use some Cisco products (sw/hw). So take it however you will.
Personally, I would rather adopt the following approach suggested at http://www.pool.ntp.org/en/use.html, than hardcoding a couple of public NTP servers in a remote region:
"As pool.ntp.org will assign you timeservers from all over the world, time quality will not be ideal. You get a bit better result if you use the continental zones (For example europe, north-america, oceania or asia.pool.ntp.org), and even better time if you use the country zone (like ch.pool.ntp.org in Switzerland) - for all these zones, you can again use the 0, 1 or 2 prefixes, like 0.ch.pool.ntp.org. Note, however, that the country zone might not exist for your country, or might contain only one or two timeservers. If you know timeservers that are really close to you (measured by network distance, with traceroute or ping), time probably will be even better. "
Of course, if time sync is REALLY that important, one might consider buying/installing commercial GPS-based NTP appliances. That's not what you're looking for, obviously.

Similar Messages

  • Which IP address to give NTP Server IP in CUCM8 Installation?

    Hello Friends,
    I am installing CUCM8.0(3) in the lab in one of the VMs in the VMware ESXi Server, I got struck in giving NTP Server IP address in the Installation.
    Could you please let me know which IP address I should give during installation?
    I have CUCM71 in the lab , I tried giving this box IP address as NTP but its not supporting.
    If anyone has done this before and know or suggest me, it is very appreciated. Thanks.

    Hi Suryanarayana Chintu,
    You have to install an NTP server on a saperate box, or use the existining NTP servers in your lab if any and provide this ip address to proceed further as part of this installation.
    Hope it helps.
    Anand
    Please rate helpful posts !!

  • ASA5500 using Windows 7 computer as NTP server

    I have an ASA5510 connected to a computer running Windows 7 (the NTP Server) on its "inside" interface.
    Using the ASDM, I have configured the ASA5510 to use the Windows 7 as its NTP server (my architecture forces me to use a local machine as an NTP server):
         -IP address: 192.0.99.1 (the ASA5510 has an IP address of 192.0.99.40)
         -Interface: inside
         -Key number: None
         -Enable NTP authentication: no.
    I have other Windows computers on the "inside" interface using the NTP Server, so NTP traffic is relayed without any problem. But somehow, the ASA5510 is not able to synchronize with the NTP Server.
    I see the following log entry:
         -Source IP: 192.0.99.1
         -Source Port: 123
         -Destination IP: 192.0.99.40
         -Destination port: 65535
         -Description: Teardown UDP connection 3905 for inside: 192.0.99.1/123 to identity: 192.0.99.40/65535 duration 0:02:01 bytes 96
    so it seems like the ASA5510 sends a request to the NTP Server, but I am not sure whether the reply doesn't get processed correctly, or the connection stays open too long (my UDP connection timeout is the default, 2 minutes).
    I had trouble getting SonicWALL NSA2400s to use Windows 7 devices as NTP servers. I had to get a firmware version where there was no MD5 authentication (which I think is OK in this case), and change a setting in the Windows registry (HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/W32Time/Config/AnnounceFlags: from 0xa to 0x5)
    any insight is welcome.
    Pedro

    I have turned on all ntp debugging, and run "show ntp status" and "show ntp assoc":
    CCG-SHIP-FWL(config)# show debug
    debug ntp adjust enabled at level 1
    debug ntp authentication enabled at level 1
    debug ntp events enabled at level 1
    debug ntp packets enabled at level 1
    debug ntp params enabled at level 1
    debug ntp select enabled at level 1
    debug ntp sync enabled at level 1
    debug ntp validity enabled at level 1
    CCG-SHIP-FWL(config)# show ntp status
    Clock is unsynchronized, stratum 16, no reference clock
    nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6
    reference time is 00000000.00000000 (06:28:16.000 GMT Thu Feb 7 2036)
    clock offset is 0.0000 msec, root delay is 0.00 msec
    root dispersion is 0.00 msec, peer dispersion is 0.00 msec
    CCG-SHIP-FWL(config)# show ntp assoc
          address         ref clock     st  when  poll reach  delay  offset    disp
    ~192.16.99.1      .LOCL.            1   380  1024  337    73.0  255671    71.0
    * master (synced), # master (unsynced), + selected, - candidate, ~ configured
    CCG-SHIP-FWL(config)# NTP: xmit packet to 192.16.99.1:
    leap 3, mode 3, version 3, stratum 0, ppoll 1024
    rtdel 0000 (0.000), rtdsp 10400 (1015.625), refid 00000000 (0.0.0.0)
    ref 00000000.00000000 (06:28:16.000 GMT Thu Feb 7 2036)
    org d34ac42f.4609d99d (20:21:03.273 GMT Tue May 1 2012)
    rec d34a6050.3598360c (13:14:56.209 GMT Tue May 1 2012)
    xmt d34a6250.22e73ba2 (13:23:28.136 GMT Tue May 1 2012)
    NTP: rcv packet from 192.16.99.1 to OWN_FWL_LAN_PORT on inside:
    leap 0, mode 4, version 3, stratum 1, ppoll 1024
    rtdel 0000 (0.000), rtdsp a0bf4 (10046.692), refid 4c4f434c (76.79.67.76)
    ref d34abbb0.bb426e39 (19:44:48.731 GMT Tue May 1 2012)
    org d34a6250.22e73ba2 (13:23:28.136 GMT Tue May 1 2012)
    rec d34ac62f.3977adb6 (20:29:35.224 GMT Tue May 1 2012)
    xmt d34ac62f.3977adb6 (20:29:35.224 GMT Tue May 1 2012)
    inp d34a6250.233258a0 (13:23:28.137 GMT Tue May 1 2012)
    NTP: nlist 0, allow 0, found 0, low 0.000000, high 0.000000
    NTP: no select intersection
    NTP: synchronization lost

  • CER 7.1.1 install - no NTP server option

    Trying to install CER 7.1.1.  When I get to the Network Time Protocol Client Configuration window it prompts me to put in an NTP server IP address.  The install never prompts me to configure an NTP server or not.  The install doc says that I should get prompted to choose NTP or not, just like a CUCM install.  Did I do something wrong?  I tried it several times and get the same thing.  I have a Not For Resale disc and this is in a lab.  Is there something special about that disc? I don't want to use NTP but I configured a Win2K3 server to be the NTP server, it's reachable but the install can never connect to it.  Needless to say, I can't finish the install.  Below is what I get.
    Network Time Protocol Client Configuration
    NTP  Server 1  ---------
    NTP Server 2  ---------
    NTP  Server 3 ----------
    NTP  Server 4 ----------
    NTP  Server 5 ----------
    There is no option to choose No NTP.  You either  have to put in an NTP server or you can't move on with the  installation.

    Thanks for the replies.  I was using an installation guide, below, that shows the option to choose NTP or not on step 18.  Is the document wrong then?  In any case, I tried the hacks for Windows, no go.  I tried Linux NTP {Ubuntu], no go.  Otherwise, I just have a voice gateway and a 3524 that doesn't do NTP server.   Any suggestions on getting Linux to work with CER NTP?  Thanks.
    Step 18 On the Network Time Protocol Client Configuration page, you are asked if you want to set up external Network Time Protocol (NTP) servers.
    Note Cisco strongly recommends that you use external NTP servers to ensure that the system time is kept accurate.
    If you click Yes, the system displays a second Network Time Protocol Client Configuration page. In the fields provided, enter the IP address or hostname of the external NTP servers, then click OK. The Database Access Security Configuration page displays. Skip to Step 19.
    If you click No, the Hardware Clock Configuration page appears. Enter the following information:
    • Year [yyyy]
    • Month [mm]
    • Day [dd]
    • Hour [hh]
    • Minute [mm]
    • Second [ss]
    When you have finished entering this information, click OK. The Database Access Security Configuration page appears.
    http://www.cisco.com/en/US/docs/voice_ip_comm/cer/7_0/english/administration/guide/e911inst.html

  • NTP server unreachable through ASA firewall

    Hi all,
    I've configured a DMZ switch to point to an NTP server on on the Inside, but I get a debug message on the switch that says:
    NTP: <NTP server IP address> unreachable
    I'm confident that the NTP server is configured properly, as there are more than a dozen other hosts using it, successfully. The difficulty here is that the NTP packets are having to flow from the DMZ to the Inside. I have a rule set on the firewall that permits the IP address of the switch to connect to the IP address of the NTP server as follows:
    access-list intdmz1_acl extended permit udp host <IP address of switch> host <IP address of NTP server> eq ntp
    I can see the hit counter on this rule incrementing.
    The firewall can ping the NTP server, and the NTP server can ping the switch, so I think routing is OK.
    Output from the DMZ switch:
    switch#show ntp associations
          address         ref clock     st  when  poll reach  delay  offset    disp
    ~192.168.65.254   0.0.0.0          16     -    64    0     0.0    0.00  16000.
    * master (synced), # master (unsynced), + selected, - candidate, ~ configured
    switch#show ntp status
    Clock is unsynchronized, stratum 16, no reference clock
    nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
    reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
    clock offset is 0.0000 msec, root delay is 0.00 msec
    root dispersion is 0.00 msec, peer dispersion is 0.00 msec
    PRNLN-DMZ-SW01#sh run | inc ntp
    ntp source Vlan138
    ntp server 192.168.65.254
    ukhvdc00vs01#sh run | inc ntp
    ntp source Vlan65
    ntp master 3
    ntp update-calendar
    ntp server 0.uk.pool.ntp.org
    ntp server 1.uk.pool.ntp.org
    PRNLN-DMZ-SW01#show ntp status
    Clock is unsynchronized, stratum 16, no reference clock
    nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
    reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
    clock offset is 0.0000 msec, root delay is 0.00 msec
    root dispersion is 0.00 msec, peer dispersion is 0.00 msec
    Does the firewall rule need to permit more than UDP/123 for this to work perhaps?
    NTPconfig on DMZ switch:
    switch#sh run | inc ntp
    ntp source Vlan138
    ntp server <IP address of NTP server>
    ===================
    NTP config on NTP server:
    NTP_Server#sh run | inc ntp
    ntp source Vlan65
    ntp master 3
    ntp update-calendar
    ntp server 0.uk.pool.ntp.org
    ntp server 1.uk.pool.ntp.org
    Any guidance welcomed.
    Thank you,
    Olly

    Hi Julio,
    Hi Julio,
    For the purposes of this information:
    DMZ switch IP = 5.6.7.8
    NTP server IP = 10.1.1.1
    Here's the output from the show commands:
    ciscoasa# show capture NTPCAPTUREDMZ
    11 packets captured
       1: 16:22:05.271500 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       2: 16:23:09.276185 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       3: 16:24:13.274033 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       4: 16:24:57.272813 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       5: 16:24:58.279480 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       6: 16:24:59.277817 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       7: 16:25:00.275971 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       8: 16:25:01.275559 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
       9: 16:25:02.272599 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
      10: 16:25:03.279129 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
      11: 16:25:04.277710 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    11 packets shown
    ciscoasa# show capture NTPCAPTUREINSIDE
    0 packet captured
    0 packet shown
    ciscoasa# show capture NTPASP | include 10.1.1.1
    419: 16:24:13.274171 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    1820: 16:24:57.272904 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    1841: 16:24:58.279587 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    1876: 16:24:59.277909 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    1934: 16:25:00.276062 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2027: 16:25:01.275651 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2068: 16:25:02.272690 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2095: 16:25:03.279221 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2129: 16:25:04.277802 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2200: 16:25:05.275849 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2233: 16:25:06.274094 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2275: 16:25:07.273606 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2327: 16:25:08.280182 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2347: 16:25:09.277222 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2373: 16:25:10.275467 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2399: 16:25:11.273759 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    2414: 16:25:12.273347 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123:  udp 48
    I'm guessing we should see some packets in the second capture, but we're not...
    Does this help?
    Thanks!
    Olly

  • NTP Server Configuration

    Dear All,
    I have setup NTP Server with basic steps provided by SUN. In my setup i would be using it for Solaris, WIndows and few OS and devices like Switches and Routers..
    I am not sure what additional steps do i need to synch it with servers without using Multicast, i want to use NTP SERVER IP Addresses to synch with clietns.
    Here is my current configuration..
    ===========================================================================
    server 0.pool.ntp.org
    server 1.pool.ntp.org
    server 2.pool.ntp.org
    server 3.pool.ntp.org
    broadcast 224.0.1.1 ttl 4
    enable auth monitor
    driftfile /var/ntp/ntp.drift
    statsdir /var/ntp/ntpstats/
    filegen peerstats file peerstats type day enable
    filegen loopstats file loopstats type day enable
    filegen clockstats file clockstats type day enable
    keys /etc/inet/ntp.keys
    trustedkey 0
    requestkey 0
    controlkey 0
    ===========================================================================
    Please, let me know if you require anymore information..
    Regards,
    Sambhaji

    Hi,
    I don't believe that the 7204 has a calendar chip in it. If it doesn't, a reload will clear the clock, setting it to the 1993 date. You should sync the 7204 to an external ntp time source, preferably more than one.
    If the 7204 does have a calendar chip, then it will work, but you are still better off using external ntp sources.
    Greg

  • Linux ntp server with cisco 3850

    hi all
    i'm trying to make sync with linux ntp with cisco 3850  here is the what i did
    linux centos 6.5 (on the ucs virtual machin) . this is a ntp server
    ip 10.1.1.251
    ===================================================
    For more information about this file, see the man pages
    # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
    driftfile /var/lib/ntp/drift
    # Permit time synchronization with our time source, but do not
    # permit the source to query or modify the service on this system.
    restrict default kod nomodify notrap nopeer noquery
    restrict -6 default kod nomodify notrap nopeer noquery
    # Permit all access over the loopback interface.  This could
    # be tightened as well, but to do so would effect some of
    # the administrative functions.
    restrict 127.0.0.1
    restrict -6 ::1
    # Hosts on local network are less restricted.
    restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
    # Use public servers from the pool.ntp.org project.
    # Please consider joining the pool (http://www.pool.ntp.org/join.html)
    #server 1.centos.pool.ntp.org iburs
    #server 2.centos.pool.ntp.org iburst
    #server 3.centos.pool.ntp.org iburst
    server 127.127.1.0
    fudge 127.127.1.0 stratum 2
    #broadcast 192.168.1.255 autokey        # broadcast server
    #broadcastclient                        # broadcast client
    #broadcast 224.0.1.1 autokey            # multicast server
    #multicastclient 224.0.1.1              # multicast client
    #manycastserver 239.255.254.254         # manycast server
    #manycastclient 239.255.254.254 autokey # manycast client
    # Enable public key cryptography.
    #crypto
    includefile /etc/ntp/crypto/pw
    # Key file containing the keys and key identifiers used when operating
    # with symmetric key cryptography.
    keys /etc/ntp/keys
    # Specify the key identifiers which are trusted.
    #trustedkey 4 8 42
    # Specify the key identifier to use with the ntpdc utility.
    #requestkey 8
    # Specify the key identifier to use with the ntpq utility.
    #controlkey 8
    # Enable writing of statistics records.
    #statistics clockstats cryptostats loopstats peerstats
    and cisco 3850  configured this one
    ntp server 10.1.1.241
    and
    show ntp status
    clock is unsynchronized, stratum 16, reference is null
    why...didn't work.. somebody help me..

    Is there a typo in your post or configuration? You show the NTP server IP address as 10.1.1.251, but the router configured to use 10.1.1.241.
    Regards

  • Cisco 2821 Router as a NTP Server

    We are using a 2821 Router as our boundary router.  It has installed into it a 9 port HWIC for layer 2 switching as well as allowing the router to communicate on the Network Management VLAN.  All of the devices on the Network Management VLAN are segregated from the managed traffic, which unfortunately also doesn't allow them external NTP services.  Can the router be programmed as a NTP server so that all of the network appliances can utilize it for NTP from either it's NM Vlan IP address or from a loopback address?  Thanks in advance for the help.

    What are the commands needed in the router for it to provide time to other appliances?
    If your router has successfully synchronized with an authoritative NTP server?  NOT A THING.
    In my network, only the site's distribution switch is allowed to go out and get NTP.  All other access switch goes to the distribution switch by using the command "ntp server ".  You can have multiple NTP server IP address and if you prefer to have a "favorite" you can append your command with the "prefer" option:  ntp server prefer.
    If you have clients then point their NTP to your router.  For troubleshooting, I prefer the command "sh ntp associate".  If your NTP server IP address starts with a "*" this is good and means that your NTP is synchronized.
    Hope this answers your question.

  • 7.4.1 fails "No Address for NTP server"

    Did all the upgrades to Airport utility and firmware but couldn't get the AEBS to recognise a valid IP address even though it has leased one. In addition, I looked at the logs and saw the error message 'No Address for NTP server'. The issue was solved by reverting, but 7.4.1 has made my AEBS inoperable.

    Thanks for your replies, much appreciated.

  • Help with connecting to NIST NTP server on port 123

    I can get NIST time in Daytime format using the rt_nist_date_time.llb example posted on ni.com, but I cannot connect to NIST NTP format time data using port 123.  I freely admit to being over my head with this stuff, and have spent much of this Thanksgiving holiday reading about UDP and TCP.
    The attached vi summarizes what I've tried so far.  The UDP case is what I thought would work, but I can't come up with a network address that the UDP-open vi likes.  Can anyone out there help this n00b tell the time?
    The attached file is supposed to be in 8.0 format, although I'm working in 9.0
    Here is a link discussing the time formats: http://tf.nist.gov/service/its.htm 
    Jeff 
    Solved!
    Go to Solution.
    Attachments:
    UDP.vi ‏17 KB

    jstevens wrote:
    THANK YOU!!!  I don't think I ever would have come up with connecting the web address to a Read or Write UDP rather than the Open UDP block.  Not to mention starting by opening port zero.
    Unlike TCP, UDP is a connectionless protocol. Here's a quick explanation in different words.
    A udp packet travels from a [sourceIP, sourcePort] to a [DestinationIP, destinationPort].
    UDP open basically reserves a local port used for sending (soucePort) and receiving (incoming packet with that same destinationPort). Since some local ports are always in use, you would generate an error if you would accidentally pick a used port. Picking zero is useful for requests (as in this case!), because the OS will pick an unused ephemeral port. The actual source port number does not matter because the NTP server will just send the reply packet back to whatever port it came from. (If you would write your own NTP server in LabVIEW, you would of course need to set the local port to 123, and would get a conflict if another NTP server is already running on your rig). Writing an NTP server in LabVIEW would be a trivial modification to the current code, try it! . Simply listen for packets on port 123, form a response packet based on the timestamp, and send it to whatever IP/Port it came from (that info is available from udp read) and then go back to listen for new requests.).
    UDP write sends a packet to the server using the above opened local port as source port. You can use the same connectionID to write to several other servers and ports, because UDP is connectionless. (TCP is connection based, so a TCP connection involves a defined source/destination pair)
    UDP read listens for incoming packets from all over the world at that same local port. It is very unlikely, but theoretically possible that other UDP packets will arrive at that same port, so you could even filter to make sure to read incoming packets until they match the port and IP of the original request. The current code is somewhat vulnerable to a DOS (denial of service) attack for example as follows: Imagine the guy in the next cubicle had means of sniffing your network traffic. He could write a small program that looks for your NTP requests and then immediately starts flooding your IP with meaningless UDP packets to the sourcePort you just used. The current program only reads one packet and thus will never see the return packet from the NTP server.
    UDP close frees up the local port and the computer is now no longer listening for packets on that port. Of course you could keep the port open for the duration of the program, especially if you intend to send UDP request once in a while during execution.
    Makes sense?
    LabVIEW Champion . Do more with less code and in less time .

  • SNTP server - IP Address (SG200-08)

    SG200-08: Why I cant set up SNTP server with IP address? When I use domain name of this server, it works.

    Hi Tom,
    unfortunately, there is a bug in two latest firmwares which I have tested (1.0.5.1, 1.0.6.2).
    To reaffirm, it works with this host name? - Yes, hostname ntp.nic.cz is resolved to an ip address.
    Can you make a screenshot showing that? - No, see below.
    Do you have an active internet connection the switch is connecting to? - Yes.
    Can you try any other NTP server? - Yes. Only private range certain IP addresses are accepted (I have tested class C 192.168.x.x successfully)
    I returned the device back to store. I have horrible experience with  RVXXX Small Business routers and their firmware - it does not make any  sense to wait several month for (maybe) corrected firmware

  • Anyone got NTP working with a Windows 2008 NTP server?

    Hello,
    I'm trying to sync the time on our routers and swithces with a Windows 2008R2 server, but it doesn't work.  Has anyone managed to do this:
    Config:
    ntp master
    ntp update-calendar
    ntp server 192.168.2.164
    sh ntp associations
      address         ref clock         st   when   poll   reach    delay    offset     disp
    *~127.127.1.1     .LOCL.         7     11     16      377      0.000   0.000      0.225
    ~192.168.2.164  .INIT.          16      -      1024     0       0.000    0.000    15937.
    Windows 2008R2 server
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]"
    "Enabled"=dword:00000001
    restart server
    w32tm /config /manualpeerlist:uk.pool.ntp.org,0x8 /syncfromflags:MANUAL
    net stop w32time
    net start w32time
    Doesnt work
    Woudl Linux like Ubuntu be better?
    Thanks

    I got this working from a cisco 2911 router to Windows 7 computer.
    As per many articles, you are missing:-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]"
    "AnnounceFlags"=dword:00000005
    But the one that allows Cisco kit to Sync is:-
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]"
    "LocalClockDispersion"=dword:00000000
    This article http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/108076-ntp-troubleshoot.html talks about having a root-dispersion higher than 1000ms (1 second) causing Cisco IOS-NTP to unsynchronizes itself.
    This article http://htluo.blogspot.co.uk/2009/02/ntp-network-time-protocol.html#comment-form was the only one I found that added to the normal enable ntp server registry keys information, stating to change ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion’  from 10 to 0
    There was also articles that said that the Windows NTP implementation was version 3, and therefore you had to append ‘version 3’ to the routers ‘ntp server x.x.x.x’ command. This may be perhaps true for earlier windows versions?, but was NOT required for Windows 7.

  • How to diagnose NTP server problem during boot-up?

    We're having a problem on our campus network where Macs aren't able to use the time.apple.com NTP server to correct the time during boot-up. Once the user logs in, open the Date & Time pref pane causes the time to be corrected.
    I've noticed this problem for quite a while but it's really been just a minor inconvenience. Then some users started using Boot Camp and it became a bigger inconvenience because their Mac time is wrong by 4 hours when they return to OS X from Windows XP. It has now become something that we need to address because we have set up a lab with iMacs all configured with Boot Camp and set up to authenticate off of our Active Directory server, which requires that the time be correct on the iMacs when the user tries to log in.
    We'd like to monitor the network traffic on Mac during boot-up to see if we can figure out why this is happening. My person theory is that something that the network admins have the network configured to do when it first sees a new computer is causing enough of a delay in the DHCP process that the Mac doesn't have a network connection when the NTP server call would normally be made. The college has a DSL line that is not part of our network and NTP server time correction works correctly on it.
    We're looking for the best way to capture the activity on the Mac and the network traffic at boot-up. Here are the things that we're looking into.
    1) Verbose mode - Interesting looking but it goes by pretty quickly and I don't have time to read all of that info. Is this recorded in a log automatically somewhere or is there a way to capture this info?
    2) Single user mode - I haven't been able to determine whether the NTP server call should have occurred by the time I get a prompt in Single User Mode. If so, is there a command I could use here that would give me a dump of activity and network traffic up to this point?
    3) I have Interarchy which will let me record network traffic but as far as I can tell there's isn't a way to use this feature during boot-up. Am I wrong about that?
    4) Someone suggested using Ethereal which appears to require Fink when installed. I can't tell if this will work during boot for if it's an app that I can only run after logging in (like Interarchy). Does anyone know how this works?
    Any suggestions would be welcomed.
    -McD-

    Turns out it was a network timing issue. The DHCP server wasn't providing the IP address quick enough (never figured out why, though).

  • NTP Server behind CSS / Responses from outside don't get through

    I have a CSS and behind it an NTP-Server (simulated for this posting by the ntpdate-command:
    First, when I use ntpdate -q 128.130.2.7 (with the -q parameter a source-port >1024 is used) all wents fine, I get a response and the flow trace-ip shows:
    JAN 20 10:12:15 1/1 1187 FLOWMGR-4: UDP in 192.168.7.73:35700->128.130.2.7:123
    JAN 20 10:12:15 1/1 1188 FLOWMGR-4: UDP out 128.131.2.73:4724->128.130.2.7:123
    JAN 20 10:12:15 1/1 1189 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:4724
    JAN 20 10:12:15 1/1 1190 FLOWMGR-4: UDP out 128.130.2.7:123->192.168.7.73:35700
    But when I now use ntpdate 128.130.2.7 without the -q option, i.e. well known Source Port 123 is used, no response come through and the trace-ip shows:
    JAN 20 10:13:20 1/1 1194 FLOWMGR-4: UDP in 192.168.7.73:123->128.130.2.7:123
    JAN 20 10:13:20 1/1 1195 FLOWMGR-4: UDP out 128.131.2.73:123->128.130.2.7:123
    JAN 20 10:13:20 1/1 1196 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
    JAN 20 10:13:21 1/1 1197 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
    JAN 20 10:13:22 1/1 1198 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
    JAN 20 10:13:23 1/1 1199 FLOWMGR-4: UDP in 128.130.2.7:123->128.131.2.73:123
    i.e. 128.130.2.7 sends the response to the vip-address and the css receives it, but does not send it to the requesting server.
    The relevant configuration parts are (currently ACL is disabled!):
    !************************** CIRCUIT **************************
    circuit VLAN602
    ip address 128.131.2.101 255.255.255.0
    ip virtual-router 102 priority 254 preempt
    ip redundant-vip 102 128.131.2.72 shared
    ip redundant-vip 102 128.131.2.73 shared
    ip redundant-vip 102 128.131.2.3 shared
    ip critical-service 102 gw-128.131.2
    !*************************** GROUP ***************************
    group ogawa2
    add service ogawa2i
    vip address 128.131.2.73
    active
    !************************** SERVICE **************************
    service ogawa2i
    ip address 192.168.7.73
    active
    It looks like, that the response does not comes through, if the source-port of the requesting server uses a port <1024.
    Any ideas ??

    There are some ports for which we do not maitain flow information but 123 should not be one of them.
    What software version are you using ?
    A workaround could be to create the following content rules :
    owner TEST
    content NTP
    vip address 128.131.2.73
    protocol udp
    port 123
    add service ogawa2i
    active
    Let me know if this works.
    Gilles.

  • 3750 stack won't sync with NTP server

    Any help greatly appreciated with this one - I can't for the life of me figure out what's going wrong here.
    I'm working on a 3750 stack in Singapore (UTC +8) and I'm trying to get it to sync its clock with 3.sg.pool.ntp.org.
    This is the weird part - "sh ntp associations" shows that it is syncing:
      address         ref clock       st   when   poll reach  delay  offset   disp
    *~199.195.193.200 203.117.180.36   2     52     64   377 80.936 -13895.  1.771
    * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
    And "sh ntp associations de" shows that it's happy:
    199.195.193.200 configured, our_master, sane, valid, stratum 2
    ref ID 203.117.180.36, time D691F63E.C4B691CD (17:26:22.768 UTC Tue Jan 28 2014)
    our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
    root delay 196.39 msec, root disp 592.71, reach 377, sync dist 944.69
    delay 80.93 msec, offset -13895.2686 msec, dispersion 2.65
    precision 2**20, version 4
    org time D691FA8F.5FF29003 (17:44:47.374 UTC Tue Jan 28 2014)
    rec time D691FA9D.5041E9C7 (17:45:01.313 UTC Tue Jan 28 2014)
    xmt time D691FA9D.3B3524C8 (17:45:01.231 UTC Tue Jan 28 2014)
    filtdelay =    82.20   80.93   82.17   81.49  155.78   81.08   84.67   82.09
    filtoffset = -13897. -13895. -13899. -13900. -13901. -13872. -13876. -13876.
    filterror =     0.00    0.99    1.98    2.94    3.94    4.92    5.87    6.81
    minpoll = 6, maxpoll = 10
    But the clock is stubbornly remaining unsynchronised ("sh ntp st"):
    Clock is unsynchronized, stratum 16, reference is 199.195.193.20
    nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
    reference time is 00000000.00000000 (08:00:00.000 UTC Mon Jan 1 1900)
    clock offset is -13895.2686 msec, root delay is 0.00 msec
    root dispersion is 14.62 msec, peer dispersion is 3.26 msec
    loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
    system poll interval is 64, never updated.
    NTP-relevant config is as follows (no ACLs, outbound UDP 123 allowed on perimeter firewall):
    clock timezone UTC 8 0
    ntp server 3.sg.pool.ntp.org
    I have configured a pair of stacks in Hong Kong for NTP (though that was a couple of months ago and I recall that those were a pain at the time as well) and those are working fine.

    Much to my annoyance, the switch stack is now synchronised.  No  configuration changes were made in the interim; it just looks like it  needed a long time (well over an hour in this case) to start syncing  properly.

Maybe you are looking for

  • Parking Vendor payment / customer payment

    Hi Gurus, Is it possible to park vendor / customer payments ? As FV60 & FV70 are available for parking vendor and customer invoices is there a similar functionality available to park payments. We have already configured workflow. But the problem is,

  • How to save a function module on to your harddrive

    Dear all, I need to backup a set of function module on  to my harddrive. please help me. VJ

  • Help Please: Playlist Problem

    I recently backed up all the musics and movies I had by using the back up disc feature. I used 4 blank dvd discs to back up all of my files. After I transfered my music to another pc I use, I found very disturbing fact. My ipod has all playsits I had

  • Iphoto 9.4.2. chashes

    I'm running iPhoto 9.4.2, using a Mac tower and 10.7.5. I've tried repeatedly to open  iPhoto. I keeps crashing...Please help..Thank you. Process:     iPhoto [1142] Path:        /Applications/iPhoto.app/Contents/MacOS/iPhoto Identifier:  com.apple.iP

  • Unknown Icon on 8830

    A new icon appeared on top of my screen about 1 month ago.  It looks like a smiley face, half-covered by a red star (with the number 1 to the left).  I have no idea what it means.  I must have asked 10 people and nobody could even risk a guess.  Does