NTP & Cisco

Discussion in 'Cisco' started by Thomas Kuborn, Jun 14, 2004.

  1. Dear ng,

    Are there specific requirements to configure a Cisco box to use a MS domain
    controller as its NTP source ?
    I tried configuring my Cisco box as usual but it did not synchronize its
    time with the DC ... Any ideas ?
    Following is the output of a debug ntp packets (192.168.20.1 = DC) ... Don't
    see anything unusual there.

    ..Jun 14 21:03:11.302: NTP: xmit packet to 192.168.20.1:
    ..Jun 14 21:03:11.302: leap 3, mode 3, version 3, stratum 0, ppoll 64
    ..Jun 14 21:03:11.302: rtdel 2753 (153.610), rtdsp F9A5 (975.174), refid
    C30D0199 (195.13.1.153)
    ..Jun 14 21:03:11.302: ref C47874C8.52B5E27C (21:02:32.323 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.302: org 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    1900)
    ..Jun 14 21:03:11.302: rec 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    1900)
    ..Jun 14 21:03:11.306: xmt C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.310: NTP: rcv packet from 192.168.20.1:
    ..Jun 14 21:03:11.310: leap 0, mode 4, version 3, stratum 4, ppoll 1024
    ..Jun 14 21:03:11.310: rtdel 1438 (78.979), rtdsp 7147 (442.490), refid
    C0A81478 (192.168.20.120)
    ..Jun 14 21:03:11.310: ref C4786EF6.018BCFAC (20:37:42.006 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.310: org C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.310: rec C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.314: xmt C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun 14
    2004)
    ..Jun 14 21:03:11.314: inp C47874EF.4F90EA2B (21:03:11.310 CEST Mon Jun 14
    2004)

    Regards,

    - Thomas -
    Thomas Kuborn, Jun 14, 2004
    #1
    1. Advertising

  2. CSCed13703
    Externally found moderate defect: Junked (J)
    NTP will not sync, flags server as insane, invalid

    Release-note: Modified 040413 by qddts

    An IOS system may be unable to synchronize to an NTP server
    despite being able to transmit to and receive packets
    from the server. This may be seen with a Windows system
    running the w32time service.

    'show ntp associations detail" will show that the server is
    flagged as "insane, invalid".

    Workaround: instead of running the w32time service on the
    Windows system, use NTP 4.x - see
    http://www.eecis.udel.edu/~mills/ntp/html/hints/winnt.html

    --

    ~ Dear ng,
    ~
    ~ Are there specific requirements to configure a Cisco box to use a MS domain
    ~ controller as its NTP source ?
    ~ I tried configuring my Cisco box as usual but it did not synchronize its
    ~ time with the DC ... Any ideas ?
    ~ Following is the output of a debug ntp packets (192.168.20.1 = DC) ... Don't
    ~ see anything unusual there.
    ~
    ~ .Jun 14 21:03:11.302: NTP: xmit packet to 192.168.20.1:
    ~ .Jun 14 21:03:11.302: leap 3, mode 3, version 3, stratum 0, ppoll 64
    ~ .Jun 14 21:03:11.302: rtdel 2753 (153.610), rtdsp F9A5 (975.174), refid
    ~ C30D0199 (195.13.1.153)
    ~ .Jun 14 21:03:11.302: ref C47874C8.52B5E27C (21:02:32.323 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.302: org 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    ~ 1900)
    ~ .Jun 14 21:03:11.302: rec 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    ~ 1900)
    ~ .Jun 14 21:03:11.306: xmt C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.310: NTP: rcv packet from 192.168.20.1:
    ~ .Jun 14 21:03:11.310: leap 0, mode 4, version 3, stratum 4, ppoll 1024
    ~ .Jun 14 21:03:11.310: rtdel 1438 (78.979), rtdsp 7147 (442.490), refid
    ~ C0A81478 (192.168.20.120)
    ~ .Jun 14 21:03:11.310: ref C4786EF6.018BCFAC (20:37:42.006 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.310: org C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.310: rec C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.314: xmt C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun 14
    ~ 2004)
    ~ .Jun 14 21:03:11.314: inp C47874EF.4F90EA2B (21:03:11.310 CEST Mon Jun 14
    ~ 2004)
    ~
    ~ Regards,
    ~
    ~ - Thomas -
    ~
    Aaron Leonard, Jun 15, 2004
    #2
    1. Advertising

  3. Thx Aaron

    "Aaron Leonard" <> wrote in message
    news:...
    > CSCed13703
    > Externally found moderate defect: Junked (J)
    > NTP will not sync, flags server as insane, invalid
    >
    > Release-note: Modified 040413 by qddts
    >
    > An IOS system may be unable to synchronize to an NTP server
    > despite being able to transmit to and receive packets
    > from the server. This may be seen with a Windows system
    > running the w32time service.
    >
    > 'show ntp associations detail" will show that the server is
    > flagged as "insane, invalid".
    >
    > Workaround: instead of running the w32time service on the
    > Windows system, use NTP 4.x - see
    > http://www.eecis.udel.edu/~mills/ntp/html/hints/winnt.html
    >
    > --
    >
    > ~ Dear ng,
    > ~
    > ~ Are there specific requirements to configure a Cisco box to use a MS

    domain
    > ~ controller as its NTP source ?
    > ~ I tried configuring my Cisco box as usual but it did not synchronize its
    > ~ time with the DC ... Any ideas ?
    > ~ Following is the output of a debug ntp packets (192.168.20.1 = DC) ...

    Don't
    > ~ see anything unusual there.
    > ~
    > ~ .Jun 14 21:03:11.302: NTP: xmit packet to 192.168.20.1:
    > ~ .Jun 14 21:03:11.302: leap 3, mode 3, version 3, stratum 0, ppoll 64
    > ~ .Jun 14 21:03:11.302: rtdel 2753 (153.610), rtdsp F9A5 (975.174), refid
    > ~ C30D0199 (195.13.1.153)
    > ~ .Jun 14 21:03:11.302: ref C47874C8.52B5E27C (21:02:32.323 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.302: org 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    > ~ 1900)
    > ~ .Jun 14 21:03:11.302: rec 00000000.00000000 (01:00:00.000 CET Mon Jan 1
    > ~ 1900)
    > ~ .Jun 14 21:03:11.306: xmt C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.310: NTP: rcv packet from 192.168.20.1:
    > ~ .Jun 14 21:03:11.310: leap 0, mode 4, version 3, stratum 4, ppoll 1024
    > ~ .Jun 14 21:03:11.310: rtdel 1438 (78.979), rtdsp 7147 (442.490), refid
    > ~ C0A81478 (192.168.20.120)
    > ~ .Jun 14 21:03:11.310: ref C4786EF6.018BCFAC (20:37:42.006 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.310: org C47874EF.4D6201B4 (21:03:11.302 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.310: rec C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.314: xmt C47874EF.316B0B10 (21:03:11.193 CEST Mon Jun

    14
    > ~ 2004)
    > ~ .Jun 14 21:03:11.314: inp C47874EF.4F90EA2B (21:03:11.310 CEST Mon Jun

    14
    > ~ 2004)
    > ~
    > ~ Regards,
    > ~
    > ~ - Thomas -
    > ~
    >
    Thomas Kuborn, Jun 15, 2004
    #3
  4. Thomas Kuborn

    mh Guest

    Try "restarting" the Cisco NTP process:

    config t
    no ntp server 192.168.20.1
    exit

    sh ntp stat

    config t
    ntp server 192.168.20.1
    exit



    Are you config any ntp commands other the the server command?
    If so post your config
    mh, Jun 15, 2004
    #4
  5. In article <>, (mh) wrote:
    >Try "restarting" the Cisco NTP process:
    >
    >config t
    >no ntp server 192.168.20.1
    >exit
    >
    >sh ntp stat
    >
    >config t
    >ntp server 192.168.20.1
    >exit
    >


    I finally had to add a

    ntp source eth0/0

    to my config. I found that the packet had to actually _cross_ the router,
    in other words, if the NTP server was outside my network, I had to
    tell the router that the source was my inside interface. So in your
    case, you might try ntp source ser0/0 since I think you said your
    NTP server was inside.


    Gordon Montgomery
    Living Scriptures, Inc
    (anti spam - replace lsi with livingscriptures)
    (801) 627-2000
    Gordon Montgomery, Jun 15, 2004
    #5
  6. "Thomas Kuborn" <> wrote in message
    news:40cdff87$0$22180$...
    > Dear ng,
    >
    > Are there specific requirements to configure a Cisco box to use a MS

    domain
    > controller as its NTP source ?
    > I tried configuring my Cisco box as usual but it did not synchronize its
    > time with the DC ... Any ideas ?
    > Following is the output of a debug ntp packets (192.168.20.1 = DC) ...

    Don't
    > see anything unusual there.
    >


    I have also tried both having a Cisco router sync against a w32time service
    (Native MS Windows and Windows Server), and have w32time sync against a
    Cisco Router.
    Never was I able to do so.
    Even though Microsoft says they are fully RFC compliant. (NOT!)
    So putting any other 3rd party NTP server program on the MS, will work
    instantly.

    I guess Cisco and Microsoft are totally incompatible on this issue.

    HTH
    Martin Bilgrav
    Martin Bilgrav, Jun 16, 2004
    #6
  7. Thomas Kuborn

    mh Guest

    As a test, try the NTP server at http://www.dillobits.com

    I installed it under Windows XP and got a Cisco router to sync to it
    with no problem.
    mh, Jun 16, 2004
    #7
  8. Thomas Kuborn

    mh Guest

    As a test, try the NTP server at http://www.dillobits.com

    I installed in under Windows XP and got a Cisco router to sync to it
    with no problem.
    mh, Jun 16, 2004
    #8
  9. Thomas Kuborn

    Josh T Guest

    IIRC, MS Domain Controllers use Simple NTP (SNTP), which is a subset of
    NTP, and Cisco devices need the full NTP server to sync to.

    Josh
    Josh T, Jun 17, 2004
    #9
  10. On Wed, 16 Jun 2004 11:06:41 +0200, "Martin Bilgrav" <> wrote:

    ~
    ~ "Thomas Kuborn" <> wrote in message
    ~ news:40cdff87$0$22180$...
    ~ > Dear ng,
    ~ >
    ~ > Are there specific requirements to configure a Cisco box to use a MS
    ~ domain
    ~ > controller as its NTP source ?
    ~ > I tried configuring my Cisco box as usual but it did not synchronize its
    ~ > time with the DC ... Any ideas ?
    ~ > Following is the output of a debug ntp packets (192.168.20.1 = DC) ...
    ~ Don't
    ~ > see anything unusual there.
    ~ >
    ~
    ~ I have also tried both having a Cisco router sync against a w32time service
    ~ (Native MS Windows and Windows Server), and have w32time sync against a
    ~ Cisco Router.
    ~ Never was I able to do so.
    ~ Even though Microsoft says they are fully RFC compliant. (NOT!)
    ~ So putting any other 3rd party NTP server program on the MS, will work
    ~ instantly.
    ~
    ~ I guess Cisco and Microsoft are totally incompatible on this issue.

    It may be that both the IOS and Microsoft (w32time) NTP implementations
    are RFC compliant yet are not interoperable. It seems that w32time tends
    to report a root dispersion value of just over a second (despite the
    actual root dispersion), and IOS has a hardcoded limit of 1s in order
    to sync to an NTP server.

    Btw, if using the IOS SNTP client rather than NTP, you'll have no problem
    syncing to a w32time server. (Although this isn't a general solution,
    because IOS implementations afaik will always have either NTP or SNTP
    not both.)

    Aaron
    Aaron Leonard, Jun 24, 2004
    #10
  11. Thomas Kuborn

    netexp48

    Joined:
    Mar 5, 2009
    Messages:
    1
    NTP Source

    Why would you want to use a domain controller as an NTP source anyway? You should synch your core router to an atomic clock (NIST) and then synch your domain controller to your routers. You should then synch your other servers and workstations to your domain controllers. I have configured a lab to test this in my work environment. I have set up a Cisco4507 as a time server and synched two 3560s to the 4507 as a time source and peered each of the 3560s to each other. Now I am going to use ACLs to restrict service and peering within stratums.
    netexp48, Mar 5, 2009
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Jim Williams

    Cisco Router as a NTP Server

    Jim Williams, Dec 17, 2003, in forum: Cisco
    Replies:
    3
    Views:
    28,951
    Pete Mainwaring
    Dec 18, 2003
  2. Replies:
    7
    Views:
    26,991
    Dave Katz
    Feb 12, 2004
  3. Scott Crabb

    ntp from ntp.org

    Scott Crabb, Aug 5, 2004, in forum: Cisco
    Replies:
    5
    Views:
    3,615
  4. AM
    Replies:
    3
    Views:
    635
    Heiko Gerstung
    May 27, 2005
  5. AM

    NTP issue on Cisco.

    AM, Jun 27, 2005, in forum: Cisco
    Replies:
    0
    Views:
    475
Loading...

Share This Page