Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1804
Views
15
Helpful
2
Replies

ISE Time Source Issue

Go to solution
PutmanoAIT
Level 1
Level 1

‎03-28-2018 12:34 AM - edited ‎02-21-2020 10:52 AM

I have implement Cisco ISE as TACACS server, I configured NTP point to my AD server for time synchronization. Unfortunately ISE always select LOCAL(*127.127.1.0) as a time source. Does we have any configuration to force the ISE to sync time with AD? Thank for your kindly support.

ISE-NTP.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-28-2018 05:18 AM

The refid ".INIT." and st (stratum) 16 indicates that for whatever reason the ISE server is not getting any NTP synchronization from the AD servers. In such a situation, it will fall back to localhost as the time source.

 

I'd do a packet capture at each end and see if

 

a. the ntp requests arrive on the AD servers and

b. if any responses arrive at the ISE server.

View solution in original post

2 Replies 2

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎03-28-2018 05:18 AM

The refid ".INIT." and st (stratum) 16 indicates that for whatever reason the ISE server is not getting any NTP synchronization from the AD servers. In such a situation, it will fall back to localhost as the time source.

 

I'd do a packet capture at each end and see if

 

a. the ntp requests arrive on the AD servers and

b. if any responses arrive at the ISE server.

Go to solution
ajc
Level 7
Level 7

‎03-28-2018 12:55 PM

In case you are using Windows as NTP Server. Please check the following.

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/119371-technote-ise-00.html

Customers Also Viewed These Support Documents