Can we use AD as a NTP source on Cisco ACS 5.7.0.15.1

Tabish Mirza · ‎01-11-2016

Hi Folks,

We are facing a problem that Cisco ACS 5.7.0.15.1 is unable to get synchronize with the NTP Server (AD as a NTP Source). See output below. Any help will be appreciated.

TestACS1/admin# show logging | include ntp

Nov 16 10:42:32 TestACS1 monit[8405]: 'ntpd' stop: /etc/init.d/ntpd

Nov 22 10:39:35 TestACS1 monit[8405]: 'ntpd' stop: /etc/init.d/ntpd

---------------------------------------------------------------------------------------------------------------------

TestACS1/admin# show ntp

Configured NTP Servers:

1.1.1.1

synchronised to local net at stratum 11

time correct to within 11 ms

polling server every 1024 s

remote refid st t when poll reach delay offset jitter

==============================================================================

*127.127.1.0 .LOCL. 10 l 25 64 377 0.000 0.000 0.000

1.1.1.1 .LOCL. 1 u 688 1024 377 0.755 86719.0 5.234

* Current time source, + Candidate , x False ticker

Warning: Output results may conflict during periods of changing synchronization.

Thanks

Javier Henderson · ‎01-11-2016

You should be able to use an AD DC as a time source for ACS.

The reason ACS is preferring its local clock is because of the large offset shown for the server at 1.1.1.1.

Also, that server is showing as stratum 1, does it have a local highly accurate time source? Or was it configured to fake the stratum level?

Either way, for ACS to pick the AD DC as the time source you will need to bring the clock on the ACS closer to that of the DC.

Javier Henderson

Cisco Systems