Cisco ISE 3.2 (VM) Synchronization Failing with NTP

md-shahnawaz · ‎07-22-2024

Hello Team, Need some expertise level advise, I build ISE deployment with 2 nodes running on 3.2 version patch 6, both nodes are on VM RHEL 8 Operating system.

Now problem which i am facing, both nodes are not getting synch with NTP servers,

There is no firewall and NTP server is reachable from ISE, able to resolve the NTP hostname and IP from ISE CLI.

When i checked ISE packet capture i am seeing response from NTP server, for testing i added Core switch as NTP to check is there any problem wit ISE build but core switch got synch as NTP.

I opened a case with cisco and they responded saying....

I have analyzed the logs and found an exception related to the ntp server “Exception while performing getNTPConfig” .

I checked with the development team regarding the same and they mentioned that usually the error arises when there’s some invalid or unknown character is being received from the NTP server.

Current NTP which i am using and failing, but same NTP is working with other Cisco Products.

Operating system -- OS/400
Vendor -- IBM
Current Version – V7R4
Hardware/VM – IBM Power 9 Server

SRV0690/admin#show ntp
Configured NTP Servers:
         172.23.X.X
         172.23.X.X
Reference ID    : 00000000 ()
Stratum         : 0
Ref time (UTC) : Thu Jan 01 00:00:00 1970
System time     : 0.000000000 seconds fast of NTP time
Last offset     : +0.000000000 seconds
RMS offset      : 0.000000000 seconds
Frequency       : 0.000 ppm slow
Residual freq   : +0.000 ppm
Skew            : 0.000 ppm
Root delay      : 1.000000000 seconds
Root dispersion : 1.000000000 seconds
Update interval : 0.0 seconds
Leap status     : Not synchronised

Any one from Cisco Community have ever faced this type of error, appreciate all your support

marce1000 · ‎07-22-2024

>...Current NTP which i am using and failing, but same NTP is working with other Cisco Products.
- Try another NTP server/service anyway for testing.

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

md-shahnawaz · ‎07-22-2024

Hello, @marce1000 ,

currently we don't any spare NTP so I tested with core switch as NTP server and its worked,

SRV0690/admin#show ntp

Configured NTP Servers:

172.23.X.X

Reference ID : AC17001C (AMI3868DD058532.accell-group.net)

Stratum : 3

Ref time (UTC) : Fri Jul 19 14:14:18 2024

System time : 0.000000000 seconds slow of NTP time

Last offset : -0.001196139 seconds

RMS offset : 0.001196139 seconds

Frequency : 15.245 ppm slow

Residual freq : -0.000 ppm

Skew : 43.238 ppm

Root delay : 0.000976600 seconds

Root dispersion : 0.033914953 seconds

Update interval : 0.0 seconds

Leap status : Normal

210 Number of sources = 2

MS Name/IP address Stratum Poll Reach LastRx Last sample

===============================================================================

^* NL-LWD1-DC-CS01.accell-g> 2 6 37 13 +10us[-1186us] +/- 34ms

marce1000 · ‎07-22-2024

- Also have a look at the output from : show logging system messages
look for ntp related messages

Try to use a public ntp server https://www.ntppool.org/en/use.html (for testing)

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '