https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3862035#M472838 It did work after we change NTP server, instead point to core switch we change to AD<BR /><BR />thanks Fri, 24 May 2019 01:40:47 GMT Ruelb2214 2019-05-24T01:40:47Z https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3859833#M472836 <P>Guys,</P><P>&nbsp;</P><P>We run the URT tools for preparation upgrade of our production ISE 2.1 to v2.4.</P><P>Base on the logs, NTP failed.</P><P>&nbsp;</P><P>nstalling URT bundle<BR />- Successful</P><P>########################################<BR /># Running Upgrade Readiness Tool (URT) #<BR />########################################<BR />This tool will perform following tasks:<BR />1. Pre-requisite checks<BR />2. Clone config database<BR />3. Copy upgrade files<BR />4. Data upgrade on cloned database<BR />5. Time estimate for upgrade</P><P>Pre-requisite checks<BR />====================<BR />Disk Space sanity check<BR />- Successful<BR /><STRONG>NTP sanity</STRONG><BR /><STRONG>- Failed</STRONG><BR />Appliance/VM compatibility<BR />- Successful<BR />Trust Cert Validation<BR />- Successful<BR />System Cert Validation<BR />- Successful<BR />Invalid MDMServerNames in Authorization Policies check<BR />- Successful<BR />5 out of 6 pre-requisite checks passed<BR />Some pre-requisite checks have failed. Hence exiting...</P><P>Final cleanup before exiting...</P><P>&nbsp;</P><P>We have point the NTP to our Core Switch:</P><P><STRONG># sho ntp</STRONG><BR />Configured NTP Servers:<BR />10.67.2.1<BR />10.67.2.2</P><P>synchronised to local net at stratum 11<BR />time correct to within 12 ms<BR />poremoteserver everrefids st t when poll reach delay offset jitter<BR />==============================================================================<BR />*127.127.1.0 .LOCL. 10 l 58 64 377 0.000 0.000 0.000<BR />10.67.2.1 10.67.2.17 6 u 91d 1024 0 1.001 9.296 0.000<BR />10.67.2.2 10.67.2.17 6 u 91d 1024 0 0.931 -0.024 0.000</P><P>&nbsp;</P><P>But Cisco ISE pointed to local? Could it be the issue?&nbsp;</P><P>Does it necessary NTP must not be local? how should we force the NTP to point 10.67.2.1 or 2.2? Any downtime?</P><P>We check the Firewall between ISE and Switch no problem, can ping also.</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 21 May 2019 03:57:06 GMT https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3859833#M472836 Ruelb2214 2019-05-21T03:57:06Z https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3859846#M472837 <P>Hi mate,</P><P>&nbsp;</P><P>It seems that your configured NTPs are not even showing as candidate (backup).</P><P>Can you confirm that you see udp 123 is shown on live logs of your firewall.</P><P>Are you using keys on ntp? Can you post the configuration.</P><P>Also what server are you running this NTP ?</P><P>&nbsp;</P><P>&nbsp;</P><P>Cheers,</P><P>&nbsp;</P><P>Raffy</P> Tue, 21 May 2019 04:54:28 GMT https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3859846#M472837 RaffyLindogan 2019-05-21T04:54:28Z https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3862035#M472838 It did work after we change NTP server, instead point to core switch we change to AD<BR /><BR />thanks Fri, 24 May 2019 01:40:47 GMT https://community.cisco.com/t5/network-access-control/ntp-issue-cisco-ise-2-1/m-p/3862035#M472838 Ruelb2214 2019-05-24T01:40:47Z