Timezone in ntp status
Hi
Please find below the output of "show ntp status" command on a NTP Server & client Routers.
NTP Server
Clock is synchronized, stratum 2, reference is 208.184.49.9
nominal freq is 250.0000 Hz, actual freq is 250.0001 Hz, precision is 2**18
reference time is C6D04612.22EA36B7 (21:23:14.136 kuwait Mon Sep 12 2005)
clock offset is 0.4224 msec, root delay is 217.96 msec
root dispersion is 1.24 msec, peer dispersion is 0.82 msec
NTP Client
Clock is synchronized, stratum 3, reference is xxx.xxx.xxx.xxx (IP address of the NTP Server)
nominal freq is 250.0000 Hz, actual freq is 250.0055 Hz, precision is 2**24
reference time is C6D04AF3.9FC434D0 (18:44:03.624 UTC Mon Sep 12 2005)
clock offset is 0.1061 msec, root delay is 220.26 msec
root dispersion is 1.07 msec, peer dispersion is 0.03 msec
The NTP Server's clock timezone (Kuwait) is configured properly. Why the NTP Client router (Shows UTC timezone) doesn't have the same timezone as of the NTP Server?
Also the following messages keep appearing on the console of the NTP Server Router. Is it related to NTP?
Sep 12 10:28:43.768: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:15.379: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:29:25.483: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:31.023: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:29:32.159: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:29:55.471: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:30:56.686: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:31:56.185: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:32:04.152: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:32:10.900: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:33:26.163: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:33:56.135: %DSX1-6-CLOCK_CHANGE: Controller 0 clock is now selected as clock source
Sep 12 10:34:09.770: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Sep 12 10:34:16.942: %DSX1-6-CLOCK_CHANGE: Controller 1 clock is now selected as clock source
Sep 12 10:34:18.046: %DSX1-6-CLOCK_CHANGE: Freerun clock is now selected as clock source
Appreciate your reply.
Thanks in advance. // Anup
Anup
I believe the console message you ask about is not at all related to your NTP question. It looks to me like something is unstable about clocking for some serial interface or controller.
The explanation of your NTP question is that NTP transmits time in Universal Time (UTC) and the router translates that time into local timezone if it is configured to do so. Apparently the server has been configured to adjust for local time of Kuwait and the client has not. The command to adjust for local timezone is in global config:
clock timezone
If you configure this on the client you should find that the time is correctly translated.
HTH
Rick
Similar Messages
-
NTP Status: Clock is unsynchronized
I have been having issues with a 3750X Stack that is not synchronizing with our NTP server. I have tried adding and removing the NTP server but it does not help. We are running Version 15.2(1)E. Any suggestions would be great! Thanks!
Daniel,
Thanks for the quick reply. Here is the “sh status” and “sh ntp associations”
Sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**19
ntp uptime is 26320700 (1/100 of seconds), resolution is 8403
reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.16 msec, peer dispersion is 0.00 msec
loopfilter state is 'FSET' (Drift set from file), drift is 0.000000000 s/s
system poll interval is 64, never updated.
sh ntp associations
address ref clock st when poll reach delay offset disp
~x.x.x.x .LOCL. 1 40 64 377 2.409 2723270 16.508
~x.x.x.x x.x.x.x 2 5 64 377 2.298 2723270 16.528
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
We are using our internal Windows Domain Controller as an NTP source. I have multiple 3750 stacks looking at our DCs without an issue. Thanks! -
CiscoWorks: Compliance job to find NTP status in switches?
Hi,
We have about 4000 switches in our estate, and we want to find from CiscoWorks that which devices are not configured with correct NTP source. Is it possible to run a compliance job in CiscoWorks to findout that which switches "clock is unsynchronized". e.g. if we do "show ntp status" on switch, we get output as "clock is unsynchronized". How we can run this job in compliance jobs.
Or please advise a better way to find this issue.
We are using LMS 3.2 SP1
Thanks and Kind Regards,I would run a job that puts the username password on all of them. And runs a no username johndoe for all username you know of, that you want to remove
So it may overwrite the same username password..... I don't mind, it will be done when I get back in the morning.
Cheers,
Michel -
Cisco IOS NTP: "show ntp associations" versus "show ntp status"
what is the difference of the commands "show ntp ass det" and "show ntp status" ?
these commands differs on the referenced time source.
switch#sh ntp ass detail
Load for five secs: 17%/4%; one minute: 20%; five minutes: 20%
Time source is NTP, 10:45:15.469 MET Tue Feb 4 2014
10.1.5.4 configured, ipv4, sane, valid, stratum 2
ref ID 154.71.99.39 , time D69B3383.9D414772 (10:38:11.614 MET Tue Feb 4 2014)
our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
root delay 0.38 msec, root disp 5.93, reach 377, sync dist 11.77
delay 0.84 msec, offset 0.3778 msec, dispersion 1.06, jitter 0.97 msec
precision 2**21, version 4
assoc id 26601, assoc name 10.1.5.4
assoc in packets 12339, assoc out packets 12361, assoc error packets 28
org time 00000000.00000000 (01:00:00.000 MET Mon Jan 1 1900)
rec time D69B347C.4ACDE42A (10:42:20.292 MET Tue Feb 4 2014)
xmt time D69B347C.4ACDE42A (10:42:20.292 MET Tue Feb 4 2014)
filtdelay = 0.88 0.87 0.85 0.90 0.84 0.90 0.89 0.87
filtoffset = 0.31 0.31 0.32 0.28 0.37 0.32 0.25 0.31
filterror = 0.97 1.00 1.03 1.06 1.09 1.12 1.15 1.18
minpoll = 6, maxpoll = 10
FD8C:2208:32F7:8EA::5 configured, ipv6, our_master, sane, valid, stratum 1
ref ID .PPS., time D69B318B.92FDD88A (10:29:47.574 MET Tue Feb 4 2014)
our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024
root delay 0.00 msec, root disp 0.42, reach 377, sync dist 17.18
c4507r01#show ntp status
Load for five secs: 19%/4%; one minute: 20%; five minutes: 20%
Time source is NTP, 10:42:03.441 MET Tue Feb 4 2014
Clock is synchronized, stratum 2, reference is 81.201.114.7
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**10
ntp uptime is 752342800 (1/100 of seconds), resolution is 4016
reference time is D69B2950.47571873 (09:54:40.278 MET Tue Feb 4 2014)
clock offset is 0.9771 msec, root delay is 0.94 msec
root dispersion is 47.43 msec, peer dispersion is 1.03 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000005068 s/s
system poll interval is 1024, last update was 2881 sec ago.
switch#sh ntp associations
Load for five secs: 18%/4%; one minute: 20%; five minutes: 20%
Time source is NTP, 10:53:12.750 MET Tue Feb 4 2014
address ref clock st when poll reach delay offset disp
+~10.1.5.4 154.71.99.39 2 690 1024 377 0.848 0.377 1.069
*~FD8C:2208:32F7:8EA::5
.PPS. 1 400 1024 377 0.931 0.892 1.007
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configuredIts hard to find expert on switches/IOS on the Network Management Forum, which is for NMS applications.
You should post this thread on Switching community of CSC forum.
Though, what i can suggest is to use SNTP. Certain low-end Cisco devices only support SNTP. SNTP is a simplified, client-only version of NTP. SNTP can only receive the time from NTP servers and cannot be used to provide time services to other systems. SNTP typically provides time within 100 milliseconds of the accurate time. In addition, SNTP does not authenticate traffic, although you can configure extended access lists to provide some protection. An SNTP client is more vulnerable to misbehaving servers than an NTP client and should only be used in situations where strong authentication is not required.
SNTP may not be much of an alternative because it is not widely supported in software.
You can use command # sntp server. SNTP generally is supported on those platforms that do not provide support for NTP.
Device (config)# sntp server {address | hostname} [version number]
For more clarification post this to Lan Switching and Routing section.
-Thanks
Vinod
**Rating Encourages contributors, and its really free. ** -
NTP on the Cisco 2600 series routers
Hi,
I am trying to setup ntp on my 2611 ansd 2621 Cisco routers and so far on one of the routers I have ointed it to the nTP server that I want i.e. ntp0.cornell.edu. it seems that it working but the show clock smd output show the clock for 1999 and a wrong time and time-zone.
can someone please show me the steps by which I need to configure ntp on these routers?
I couldn't find any papers on the Cisco sute to show how to do this.
Thx,
MasoodIf the clock is showing 1999 then certainly the router is not learning the correct time via NTP. Either the NTP machine it is talking to has the wrong time (certainly not likely if it is leaning from the cornell.edu NTP server) or the router is not talking to the configured server (seems much more likely here). Either the command show ntp status or the command show ntp association would show whether the router was synced to the NTP server.
But correcting the issue with access to the NTP server will not fix the issue if the router is displaying the wrong time zone (unless the time zone displayed is UTC or GMT). NTP transmits time in UTC/GMT and it is up to the router to specify the timezone. Use the configuration global command clock timezone (and possible clock summer-time) to set the time zone on the router.
HTH
Rick -
NTP synchronized without NTP service
Dear,
We have a setup where 2 DC's receive their clock from a GPS clock. Then our 2 core switches (C3650 running on 15.0.(2) ) receive their clock from these DC's. It all seems to work fine. However, when I turn of the ntp service on both DC's our two core routers still remain synchronized. That is, when a look at the ntp association both peers keep their original state (i.e. sys.peer and candidate). Furthermore the ntp status also indicates that the clock is synchronized with the same stratum as before (referencing to on of the DC's). When I turn on debugging i do receive a ntp_receive message indicating that:
NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3
I assume that this means that there's a problem with the peer seeing that normally the address is filled in and the next action is.
My question here. How come the two core switches still think they are synchronized? Does it take more time for the update (although i waited until they missed several poll intervals).
Thanks in advance,
MaartenHi ,
Please check the timezone on the acs server and make sure it is same as AD server. Use command "show timezones" to get the list of timezones.
Regards,
~JG
Do rate helpful posts -
I have a router BRI_2811_1 which is getting NTP from 10.66.41.201 and this is working.
When i then wish to make BRI_2811_1 the master for my local network, the internal clock on this router is coming up as "insane". Why is this is so? Eventually i would like all my switches to look to BRI_2811 as their NTP master.
BRI_2811_1#show run | i ntp|clock
clock timezone AEST 10 0
clock calendar-valid
ntp source Loopback0
ntp master 6
ntp server 10.66.41.201
BRI_2811_1#
BRI_2811_1#
BRI_2811_1#show ntp stat
BRI_2811_1#show ntp status
Clock is synchronized, stratum 5, reference is 10.66.41.201
nominal freq is 250.0000 Hz, actual freq is 249.9950 Hz, precision is 2**24
reference time is D8E4D87D.4E30DD39 (00:58:05.305 AEST Sat Apr 25 2015)
clock offset is -5.1655 msec, root delay is 57.61 msec
root dispersion is 326.92 msec, peer dispersion is 3.74 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000019698 s/s
system poll interval is 64, last update was 172 sec ago.
BRI_2811_1#
BRI_2811_1#show ntp ass
address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 5 13 16 377 0.000 0.000 0.243
*~10.66.41.201 10.66.9.16 4 48 64 377 22.535 -5.165 3.749
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
BRI_2811_1#
BRI_2811_1#show ntp ass det
127.127.1.1 configured, insane, invalid, stratum 5
ref ID .LOCL., time D8E4D932.4915B594 (01:01:06.285 AEST Sat Apr 25 2015)
our mode active, peer mode passive, our poll intvl 16, peer poll intvl 16
root delay 0.00 msec, root disp 0.00, reach 377, sync dist 2.74
delay 0.00 msec, offset 0.0000 msec, dispersion 0.24
precision 2**24, version 4
org time D8E4D932.4915B594 (01:01:06.285 AEST Sat Apr 25 2015)
rec time D8E4D932.491675DE (01:01:06.285 AEST Sat Apr 25 2015)
xmt time D8E4D932.49152E3B (01:01:06.285 AEST Sat Apr 25 2015)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.00 0.25 0.51 0.75 1.02 1.26 1.51 1.75
minpoll = 4, maxpoll = 4
10.66.41.201 configured, our_master, sane, valid, stratum 4
ref ID 43.66.9.16 , time D8E4D803.F3B64840 (00:56:03.952 AEST Sat Apr 25 2015)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 35.07 msec, root disp 317.04, reach 377, sync dist 386.52
delay 22.53 msec, offset -5.1655 msec, dispersion 3.74
precision 2**10, version 4
org time D8E4D8FE.4A7EFAA8 (01:00:14.291 AEST Sat Apr 25 2015)
rec time D8E4D8FE.4EB368F5 (01:00:14.307 AEST Sat Apr 25 2015)
xmt time D8E4D8FE.48E78643 (01:00:14.284 AEST Sat Apr 25 2015)
filtdelay = 22.64 22.77 22.53 22.65 22.82 22.97 22.57 22.82
filtoffset = -5.10 -5.22 -5.16 -6.06 -5.33 -6.43 -6.73 -6.89
filterror = 0.97 1.96 2.91 3.85 4.83 5.80 6.75 7.72
minpoll = 6, maxpoll = 10no access groups at all and router is next hop
HQ-3845#show clock det
10:40:01.020 AEST Sun Apr 26 2015
Time source is NTP
HQ-3845#sho ntp ass det
127.127.1.1 configured, insane, invalid, stratum 6
ref ID .LOCL., time D8E6B25A.72DE3D46 (10:39:54.448 AEST Sun Apr 26 2015)
our mode active, peer mode passive, our poll intvl 16, peer poll intvl 16
root delay 0.00 msec, root disp 0.00, reach 377, sync dist 2.96
delay 0.00 msec, offset 0.0000 msec, dispersion 0.24
precision 2**24, version 4
org time D8E6B25A.72DE3D46 (10:39:54.448 AEST Sun Apr 26 2015)
rec time D8E6B25A.72DE9CB0 (10:39:54.448 AEST Sun Apr 26 2015)
xmt time D8E6B25A.72DE0842 (10:39:54.448 AEST Sun Apr 26 2015)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.00 0.25 0.49 0.73 0.99 1.26 1.53 1.78
minpoll = 4, maxpoll = 4
10.66.202.252 configured, our_master, sane, valid, stratum 4
ref ID 10.66.9.16 , time D8E6B1CB.E328A743 (10:37:31.887 AEST Sun Apr 26 2015)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 74.53 msec, root disp 189.16, reach 377, sync dist 306.79
delay 0.61 msec, offset -1.8279 msec, dispersion 4.73
precision 2**22, version 4
org time D8E6B23E.726564BD (10:39:26.446 AEST Sun Apr 26 2015)
rec time D8E6B23E.72FFC6BD (10:39:26.449 AEST Sun Apr 26 2015)
xmt time D8E6B23E.72CFC2A8 (10:39:26.448 AEST Sun Apr 26 2015)
filtdelay = 0.71 0.68 0.71 0.68 0.72 0.73 0.70 0.61
filtoffset = -1.99 -1.97 -1.96 -1.97 -1.97 -1.97 -1.90 -1.82
filterror = 0.00 0.99 1.93 2.91 3.90 4.87 5.82 6.81
minpoll = 6, maxpoll = 10 -
NTP Issue on cisco 3560 switch
Hi all
Here is my ntp configuration
clock timezone GMT 4
clock summer-time UAE recurring
ntp server 192.168.10.254 version 2 prefer
end
sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
reference time is 00000000.00000000 (04:00:00.000 GMT Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
-SW1#sh ntp associations
address ref clock st when poll reach delay offset disp
~192.168.10.254 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
-SW1#
Please help me what i have did wrong
regards
rajaYou are still not answering the question.
Is the appliance, with IP Address 192.168.10.254, synchronized with a valid SNTP/NTP address or not.
Even if you enable NTP Master (which I personally don't recommend) and your appliance is NOT synchronized to a valid NTP source, then the appliance 192.168.10.254 can potentially broadcast the WRONG time to all the appliance. Since you've forced all downstream appliances to synchronize with a source that has the wrong NTP data (using the command "ntp master") all your network equipment will be sporting the wrong time. -
Issue on Cisco Unity Connection after performing 'utils ntp restart'
Hello everybody.
There's a client with Cisco Unity Connection 8.5.1.10000-206. After doing a 'utils ntp restart', the following message showed up:
Communication is not functioning correctly between the servers in the Cisco Unity Connection cluster. To review server status for the cluster, go to the Tools > Cluster Management page of Cisco Unity Connection Serviceability.
The client states that there was no service for 5 minutes and wants to know if performing this task shoud be disruptive or not and if there is any official document from Cisco stating this.
See SrvConnUnity_1.jpg sent by the client after performing the ntp restart.
Right now the service is normal (see SrvConnUnity_2.jpg attached). The client also sent a 'utils ntp
status':
admin:utils ntp status
ntpd (pid 10899) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
*127.127.1.0 LOCAL(0) 10 l 16 64 377 0.000 0.000 0.002
synchronised to local net at stratum 11
time correct to within 12 ms
polling server every 64 s
Current time in UTC is : Fri Apr 26 16:01:23 UTC 2013
Current time in America/Argentina/Buenos_Aires is : Fri Apr 26 13:01:23 ART 2013
admin:
Could anybody help me with this? What steps should I take? Many thanks in advance.
Best,
PatricioHello Patricio,
On the command line guide you won't see any downtime requirements for the Unity Connection server:
Command Line Interface Reference Guide for Cisco Unified Communications Solutions Release 8.5(1)
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/8_5_1/cli_ref_851.html
Utils ntp restart
This command restarts the NTP service.
Command syntax
utils ntp restart
Parameters
None
Requirements
Command privilege level: 0
Allowed during upgrade: Yes
Also on the caveats i do not see any particular mention for this: (Caveats could be found applicable to CUC)
Release Notes for Cisco Unified Communications Manager Release 8.5(1)
http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/rel_notes/8_5_1/cucm-rel_notes-851.html
Breaking up the output of the "utils ntp status" there are are two considerations:
admin:utils ntp status
ntpd (pid 10899) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
*127.127.1.0 LOCAL(0) 10 l 16 64 377 0.000 0.000 0.002
First, you are using the ip address 127.127.1.0 which is the referenced used for the local system clock, the asterisc means is the preferred option as there is no other IP available. This is not a good practice and not recommended.
Secondly the stratum is unreliable, meaning too high to reach or too low to be accepted by Unity Connection.
If you would happen to run 'utils diagnose test' you would have probably seen an output as the following example below:
admin:utils diagnose test
Log file: platform/log/diag1.log
Starting diagnostic test(s)
===========================
test - disk_space : Passed (available: 25680 MB, used: 7849 MB)
skip - disk_files : This module must be run directly and off hours
test - service_manager : Passed
test - tomcat : Passed
test - tomcat_deadlocks : Passed
test - tomcat_keystore : Passed
test - tomcat_connectors : Passed
test - tomcat_threads : Passed
test - tomcat_memory : Passed
test - tomcat_sessions : Passed
test - validate_network : Reverse DNS lookup missmatch
test - raid : Passed
test - system_info : Passed (Collected system information in diagnostic log)
test - ntp_reachability : Passed
test - ntp_clock_drift : Passed
test - ntp_stratum : Failed
The reference NTP server is a stratum 11 clock.
NTP servers with stratum 5 or worse clocks are deemed unreliable.
Please consider using an NTP server with better stratum level.
Please use OS Admin GUI to add/delete NTP servers.
skip - sdl_fragmentation : This module must be run directly and off hours
skip - sdi_fragmentation : This module must be run directly and off hours
test - ipv6_networking : Passed
And on the RTMT (Real Time Monitoring Tool) you would have seen a Critical event:
Condition:
The best external NTP server, , is stratum , which is unacceptably high. External NTP servers must be <= strata 8 and should be <= strata 5. NTP server strata can be verified using the CLI 'utils ntp status' command ('st' column). Try using different NTP servers.
Problem cause:
All specified external NTP server(s) have unacceptably high stratum values. Network issues exist or the designated servers have unreliable stratum values.
Information is self explanatory and therefore reassures the need of having a NTP different from the server itself.
By the snippet you sent we can know that it is the publisher server, as the Subscriber polls this information from the Publisher.
Installing the Operating System and Cisco Unity Connection 8.x
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/installation/guide/8xcucig020.html
"Cisco recommends that you use an external NTP server to ensure accurate system time on the publisher server. Ensure the external NTP server is stratum 9 or higher (meaning stratums 1-9). The subscriber server will get its time from the publisher server"
Documentation also reaffirms the need for that NTP to be accessible otherwise your system can be degraded. Some addtional information which would be interesting to know is:
- Why did they had to restart the NTP in the first place?
System Requirements for Cisco Unity Connection Release 8.x
http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/requirements/8xcucsysreqs.html
"A network time protocol (NTP) server must be accessible to the Connection server"
On the Cisco Unity Connection Serviceability> Tools> CLuster Management screen shot you sent i see that the ports were "Not Available" and that the customer stated "there was no service for 5 minutes".
By no service did they mean that over the phone they heard a disconnected tone or a failsafe message?
Additionaly after the servers resolved from SBR the Subscriber never recovered entirely as it did not start the Conversation Manager service.
Bottom line if they are able to reproduce it then it would be worth a while checking with TAC
Best regards,
David Rojas Peck
Cisco TAC Support Engineer, Unity
Email: [email protected]
Mon, Wed, and Fri 12:00 pm to 9:00 pm ET, Tue and Thu 8:00 am to 5:00pm ET
Cisco Worldwide Contact link is below for further reference.
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html -
ASA5500 using Windows 7 computer as NTP server
I have an ASA5510 connected to a computer running Windows 7 (the NTP Server) on its "inside" interface.
Using the ASDM, I have configured the ASA5510 to use the Windows 7 as its NTP server (my architecture forces me to use a local machine as an NTP server):
-IP address: 192.0.99.1 (the ASA5510 has an IP address of 192.0.99.40)
-Interface: inside
-Key number: None
-Enable NTP authentication: no.
I have other Windows computers on the "inside" interface using the NTP Server, so NTP traffic is relayed without any problem. But somehow, the ASA5510 is not able to synchronize with the NTP Server.
I see the following log entry:
-Source IP: 192.0.99.1
-Source Port: 123
-Destination IP: 192.0.99.40
-Destination port: 65535
-Description: Teardown UDP connection 3905 for inside: 192.0.99.1/123 to identity: 192.0.99.40/65535 duration 0:02:01 bytes 96
so it seems like the ASA5510 sends a request to the NTP Server, but I am not sure whether the reply doesn't get processed correctly, or the connection stays open too long (my UDP connection timeout is the default, 2 minutes).
I had trouble getting SonicWALL NSA2400s to use Windows 7 devices as NTP servers. I had to get a firmware version where there was no MD5 authentication (which I think is OK in this case), and change a setting in the Windows registry (HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/services/W32Time/Config/AnnounceFlags: from 0xa to 0x5)
any insight is welcome.
PedroI have turned on all ntp debugging, and run "show ntp status" and "show ntp assoc":
CCG-SHIP-FWL(config)# show debug
debug ntp adjust enabled at level 1
debug ntp authentication enabled at level 1
debug ntp events enabled at level 1
debug ntp packets enabled at level 1
debug ntp params enabled at level 1
debug ntp select enabled at level 1
debug ntp sync enabled at level 1
debug ntp validity enabled at level 1
CCG-SHIP-FWL(config)# show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 99.9984 Hz, actual freq is 99.9984 Hz, precision is 2**6
reference time is 00000000.00000000 (06:28:16.000 GMT Thu Feb 7 2036)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
CCG-SHIP-FWL(config)# show ntp assoc
address ref clock st when poll reach delay offset disp
~192.16.99.1 .LOCL. 1 380 1024 337 73.0 255671 71.0
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
CCG-SHIP-FWL(config)# NTP: xmit packet to 192.16.99.1:
leap 3, mode 3, version 3, stratum 0, ppoll 1024
rtdel 0000 (0.000), rtdsp 10400 (1015.625), refid 00000000 (0.0.0.0)
ref 00000000.00000000 (06:28:16.000 GMT Thu Feb 7 2036)
org d34ac42f.4609d99d (20:21:03.273 GMT Tue May 1 2012)
rec d34a6050.3598360c (13:14:56.209 GMT Tue May 1 2012)
xmt d34a6250.22e73ba2 (13:23:28.136 GMT Tue May 1 2012)
NTP: rcv packet from 192.16.99.1 to OWN_FWL_LAN_PORT on inside:
leap 0, mode 4, version 3, stratum 1, ppoll 1024
rtdel 0000 (0.000), rtdsp a0bf4 (10046.692), refid 4c4f434c (76.79.67.76)
ref d34abbb0.bb426e39 (19:44:48.731 GMT Tue May 1 2012)
org d34a6250.22e73ba2 (13:23:28.136 GMT Tue May 1 2012)
rec d34ac62f.3977adb6 (20:29:35.224 GMT Tue May 1 2012)
xmt d34ac62f.3977adb6 (20:29:35.224 GMT Tue May 1 2012)
inp d34a6250.233258a0 (13:23:28.137 GMT Tue May 1 2012)
NTP: nlist 0, allow 0, found 0, low 0.000000, high 0.000000
NTP: no select intersection
NTP: synchronization lost -
RTMT is porting the following from my Publisher and both Subscribers.
At Wed May 28 15:10:11 BST 2014 on node 10.211.7.100; the following SyslogSeverityMatchFound events generated: SeverityMatch : Critical MatchedEvent : May 28 15:10:04 dbs-cm-donpub01 user 2 ntpRunningStatus.sh: The local NTP client is off by more than the acceptable threshold of 3 seconds from its remote NTP system peer. The normal remedy is for NTP Watch Dog to automatically restart NTP. However; an unusual number of automatic NTP restarts have already occurred on this node. No additional automatic NTP restarts will be done until NTP time synchronization stabilizes. This is likely due to an excessive number of VMware Virtual Machine migrations or Storage VMotions. Please consult your VMware Infrastructure Support Team. AppID : Cisco Syslog Agent ClusterID : NodeID : dbs-cm-donpub01 TimeStamp : Wed May 28 15:10:04 BST 2014
I have run utils ntp restart on each server and still get the same error.
Any help please?First thing is to post the status of the utils ntp status as Brian noted above. However, there are also a number of NTP-related bugs in CUCM 8.6 and higher. I have had several customers with similar issues and it is generally been purely cosmetic. See the following thread, review the bug IDs, and you may consider opening a TAC case as well:
https://supportforums.cisco.com/discussion/11275801/problem-ntp-after-upgrade-and-install-vmtools
Be sure to take a look at Aaron Harrison's recommendation as well in that thread. He always has solid advice in the forum.
Hailey
Please rate helpful posts! -
We have a critical NTP alert in the logs. UCCX is configured to pull NTP from CUCM1(primary) and CUCM2(sub). It is failing to pull time from CUCM2.
I haven't done a "utils NTP restart" yet because I wasn't sure if it would affect service.CUCM2 has a good NTP status.
Here is the output of the "Utils NTP Status" command from UCCX.
admin:utils ntp status
ntpd (pid 18134) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
*CUCM1 192.5.41.40 2 u 971 1024 377 0.341 0.418 0.496
CUCM2 .STEP. 16 u - 1024 0 0.000 0.000 4000.00
synchronised to NTP server (CUCM1) at stratum 3
time correct to within 91 ms
polling server every 1024 s
Current time in UTC is : Thu Jan 10 22:24:35 UTC 2013
Current time in America/Chicago is : Thu Jan 10 16:24:35 CST 2013
Any help would be appreciated. Also if someone know if I can do a "utils ntp restart" during the day, would be great.
thank you
KGFirst of all, subscriber call managers always point to primary cucm for time and that can't be changed. So, you are not really gaining much by having cucm2 as a ntp server.
Is ntp synced on the primary cucm to a external ntp server or not?
Yes, you can restart ntp without effecting anything during the day.
Remember if you are running 8.x on VMware, changing the ntp server address will change the license Mac hash.
Sent from Cisco Technical Support iPhone App -
NTP Syncronization to Microsoft DC
Hi, all,
I want to sync time for CUCM 6.0(1) by NTP from windows Domain Controller, which in turn runs NNTP service.
That's why I've configured DC's IP address (A.B.C.D) in CUCM OS
Administration interface, which says 'The NTP service is accessible' after that.
Then I've checked ntp status & config; it show the following:
admin:utils ntp config
This node is configured to synchronize with one of the following NTP server(s):
A.B.C.D
admin:utils ntp status
ntpd (pid 18410) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
127.127.1.0 127.127.1.0 10 l 17 64 1 0.000 0.000 0.008
A.B.C.D .LOCL. 1 u 12 64 1 0.355 -96181. 0.008
unsynchronised
time server re-starting
polling server every 16 s
Current time in UTC is : Tue Jun 3 11:58:07 UTC 2008
Current time in Europe/Moscow is : Tue Jun 3 15:58:07 MSD 2008
admin:
As a result IP Phones get theirs time from previously configured static time in CUCM.
I've entered it before going to NTP. But eventually due to NTP status is unsynchronised
IP Phones continue to use statically configured time in CUCM.
How can this be resolved ? Any ideas ?Hi,
All depends on how important your time sync is.
My personal preference is always hardware over software.
Your most important point is to get an authorative time source.. Probably the 2 easiest options...
1. NTP server on the internet, either from your ISP, or sometimes from a local university. Google for free NTP servers in your location.
2. Buy a hardware clock / time source.. you can most likely point routers, switches, ccm, servers all directly to these servers. Same thing goolge for some product options.
Start here for Cisco NTP info..
http://www.cisco.com/en/US/tech/tk648/tk362/tk461/tsd_technology_support_sub-protocol_home.html
Not sure what version of windows you are running.. but try this for W2k3 server
http://support.microsoft.com/kb/816042
Cheers,
Tim -
NTP server unreachable through ASA firewall
Hi all,
I've configured a DMZ switch to point to an NTP server on on the Inside, but I get a debug message on the switch that says:
NTP: <NTP server IP address> unreachable
I'm confident that the NTP server is configured properly, as there are more than a dozen other hosts using it, successfully. The difficulty here is that the NTP packets are having to flow from the DMZ to the Inside. I have a rule set on the firewall that permits the IP address of the switch to connect to the IP address of the NTP server as follows:
access-list intdmz1_acl extended permit udp host <IP address of switch> host <IP address of NTP server> eq ntp
I can see the hit counter on this rule incrementing.
The firewall can ping the NTP server, and the NTP server can ping the switch, so I think routing is OK.
Output from the DMZ switch:
switch#show ntp associations
address ref clock st when poll reach delay offset disp
~192.168.65.254 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
switch#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
PRNLN-DMZ-SW01#sh run | inc ntp
ntp source Vlan138
ntp server 192.168.65.254
ukhvdc00vs01#sh run | inc ntp
ntp source Vlan65
ntp master 3
ntp update-calendar
ntp server 0.uk.pool.ntp.org
ntp server 1.uk.pool.ntp.org
PRNLN-DMZ-SW01#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
Does the firewall rule need to permit more than UDP/123 for this to work perhaps?
NTPconfig on DMZ switch:
switch#sh run | inc ntp
ntp source Vlan138
ntp server <IP address of NTP server>
===================
NTP config on NTP server:
NTP_Server#sh run | inc ntp
ntp source Vlan65
ntp master 3
ntp update-calendar
ntp server 0.uk.pool.ntp.org
ntp server 1.uk.pool.ntp.org
Any guidance welcomed.
Thank you,
OllyHi Julio,
Hi Julio,
For the purposes of this information:
DMZ switch IP = 5.6.7.8
NTP server IP = 10.1.1.1
Here's the output from the show commands:
ciscoasa# show capture NTPCAPTUREDMZ
11 packets captured
1: 16:22:05.271500 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2: 16:23:09.276185 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
3: 16:24:13.274033 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
4: 16:24:57.272813 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
5: 16:24:58.279480 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
6: 16:24:59.277817 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
7: 16:25:00.275971 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
8: 16:25:01.275559 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
9: 16:25:02.272599 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
10: 16:25:03.279129 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
11: 16:25:04.277710 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
11 packets shown
ciscoasa# show capture NTPCAPTUREINSIDE
0 packet captured
0 packet shown
ciscoasa# show capture NTPASP | include 10.1.1.1
419: 16:24:13.274171 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
1820: 16:24:57.272904 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
1841: 16:24:58.279587 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
1876: 16:24:59.277909 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
1934: 16:25:00.276062 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2027: 16:25:01.275651 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2068: 16:25:02.272690 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2095: 16:25:03.279221 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2129: 16:25:04.277802 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2200: 16:25:05.275849 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2233: 16:25:06.274094 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2275: 16:25:07.273606 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2327: 16:25:08.280182 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2347: 16:25:09.277222 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2373: 16:25:10.275467 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2399: 16:25:11.273759 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
2414: 16:25:12.273347 802.1Q vlan#138 P6 5.6.7.8.123 > 10.1.1.1.123: udp 48
I'm guessing we should see some packets in the second capture, but we're not...
Does this help?
Thanks!
Olly -
Hi All
I have problem in NTP server I configured my Domain server as ntp server when add the ntp server in the cucm 7 Pub by ip of my domain server (192.168.1.7) the status showing "The NTP service not accessible".
I login the ssh to the call mamager server ssh
admin:utils ntp status
ntpd (pid 19919) is running...
remote refid st t when poll reach delay offset jitter
==============================================================================
127.127.1.0 LOCAL(0) 10 l 63 64 1 0.000 0.000 0.004
192.168.1.7 .INIT. 16 u - 64 0 0.000 0.000 4000.00
unsynchronised
time server re-starting
polling server every 64 s
Current time in UTC is : Sun Oct 27 12:25:19 UTC 2013
Current time in Asia/Riyadh is : Sun Oct 27 15:25:19 AST 2013
ThanksHello
Abdo , if you use Windows as NTP server , there is a problem to synchronize with Cisco CUCM linux OS.Please find the below link
http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCte17541
Thank you
Please rate all useful information
Maybe you are looking for
-
LSMW: Uploading Vendor Master : Muliple-Items
Hi , This is Prabhu , i created one LSMW for Uploading vendor Master .For Withholding tax Type i have to upload atleast 18 items.for that one I given Pagedown to Fill all The Item.But In the maintaining Source Structute I am getting Error.How can ove
-
New GL - Field that do the balance "profit center"
Hi people, We are doing the post by upload file. 40 - Bank account 31 - Vendor And the system shows us: Field that do the balance "profit center" is not fulled in the item 001 The account bank is correct to have profit center, but the estrange thing
-
Context Menus In ListView Windows Phone 8.1
Hi there, I'm in the process of porting my Win 8 app to WP 8.1, and one of the things I'm having trouble with is handling selection and context menus in ListViews In WP you use the context menu (hold and press to bring up a menuFlyout), but there doe
-
Robot/Copy-Paste Related questions
Hi guys and gals, I want to achieve the following tasks: (1) Copy some texts in a website starting from the cursor; (2) Analyze the texts. I am considering the following solution (which is complicated): Let Robot simulate the copy-paste process, and
-
This has been a problem for a while now, but it wasn't always like this. One day, it just happened! Everything else seems to work okay, and I can still read and write mail, but accessing account settings for any of them is broken. I already followed