cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

4672
Views
0
Helpful
4
Replies
Highlighted
Beginner

ISE NTP Time Source

I have implement Cisco ISE as TACACS server, I configured NTP point to my AD server for time synchronization. Unfortunately ISE always select LOCAL(*127.127.1.0) as a time source. Does we have any configuration to force the ISE to sync time with AD? Thank for your kindly support.

ISE-NTP.png

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

It seems to me the main issue is that your AD servers are both of Stratum 16. Clock_strata explains that

... The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. ...


Please check on support documents on Microsoft servers for troubleshooting. For example,

[2018-Mar-29] Looking at it again, I think your AD servers are not responding to NTP requests from ISE, because the column "reach" showing 0. Please troubleshoot that issue first.

View solution in original post

4 REPLIES 4
Highlighted

Highlighted

Hi bbharathan,

How can I get into Cisco ISE root level?

Thanks.

Highlighted

We don’t let you into root level.

I would recommend making sure your NTP source is a good one per the document

Tac can assist in troubleshooting

Highlighted
Cisco Employee

It seems to me the main issue is that your AD servers are both of Stratum 16. Clock_strata explains that

... The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. ...


Please check on support documents on Microsoft servers for troubleshooting. For example,

[2018-Mar-29] Looking at it again, I think your AD servers are not responding to NTP requests from ISE, because the column "reach" showing 0. Please troubleshoot that issue first.

View solution in original post

Content for Community-Ad