cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1011
Views
0
Helpful
2
Replies

NTP issue Cisco ISE 2.1

Ruelb2214
Level 1
Level 1

Guys,

 

We run the URT tools for preparation upgrade of our production ISE 2.1 to v2.4.

Base on the logs, NTP failed.

 

nstalling URT bundle
- Successful

########################################
# Running Upgrade Readiness Tool (URT) #
########################################
This tool will perform following tasks:
1. Pre-requisite checks
2. Clone config database
3. Copy upgrade files
4. Data upgrade on cloned database
5. Time estimate for upgrade

Pre-requisite checks
====================
Disk Space sanity check
- Successful
NTP sanity
- Failed
Appliance/VM compatibility
- Successful
Trust Cert Validation
- Successful
System Cert Validation
- Successful
Invalid MDMServerNames in Authorization Policies check
- Successful
5 out of 6 pre-requisite checks passed
Some pre-requisite checks have failed. Hence exiting...

Final cleanup before exiting...

 

We have point the NTP to our Core Switch:

# sho ntp
Configured NTP Servers:
10.67.2.1
10.67.2.2

synchronised to local net at stratum 11
time correct to within 12 ms
poremoteserver everrefids st t when poll reach delay offset jitter
==============================================================================
*127.127.1.0 .LOCL. 10 l 58 64 377 0.000 0.000 0.000
10.67.2.1 10.67.2.17 6 u 91d 1024 0 1.001 9.296 0.000
10.67.2.2 10.67.2.17 6 u 91d 1024 0 0.931 -0.024 0.000

 

But Cisco ISE pointed to local? Could it be the issue? 

Does it necessary NTP must not be local? how should we force the NTP to point 10.67.2.1 or 2.2? Any downtime?

We check the Firewall between ISE and Switch no problem, can ping also.

 

 

 

1 Accepted Solution

Accepted Solutions

It did work after we change NTP server, instead point to core switch we change to AD

thanks

View solution in original post

2 Replies 2

RaffyLindogan
Spotlight
Spotlight

Hi mate,

 

It seems that your configured NTPs are not even showing as candidate (backup).

Can you confirm that you see udp 123 is shown on live logs of your firewall.

Are you using keys on ntp? Can you post the configuration.

Also what server are you running this NTP ?

 

 

Cheers,

 

Raffy

It did work after we change NTP server, instead point to core switch we change to AD

thanks