Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21023
Views
10
Helpful
6
Replies

Synchronizing Cisco ISE and NTP Server

Go to solution
gandhi.rifal
Level 1
Level 1

‎09-30-2012 08:25 PM - edited ‎03-10-2019 07:36 PM

I am currently implementing Cisco ISE in our client.

But having a little problem that Cisco ISE can not synchronize with the NTP Server.

Keep in mind, NTP servers are in AD.

Currently Cisco ISE just synchronize to local.

Cisco ISE implemented on distributed mode, where there are two Cisco ISE installed on VMware (Administration & Monitoring Node Primary & Secondary), and another one is the appliance (Policy Service Node).

As a result of it could not sync NTP Server and the Cisco ISE, Cisco ISE often OUT-OF-SYN.

Is there a solution for this problem?

3 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to gandhi.rifal

‎10-01-2012 07:00 PM

Gandhi,

This is a known issue, I was crossed up and didnt read that you are using AD as your NTP server, there have been issues with integrating ISE and ACS with AD as their ntp source, please use another device as the ntp sources, for example a router.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

6 Replies 6

Go to solution
Pongsatorn Maneesud
Level 1
Level 1

‎09-30-2012 08:36 PM

Do you check the connectivity between ISE and NTP ? Is there any security perimeters like Firewall between both system ?

Thanks,

Pongsatorn M.

0 Helpful

Go to solution
gandhi.rifal
Level 1
Level 1
In response to Pongsatorn Maneesud

‎09-30-2012 08:46 PM

Yes, there is no firewall between both system.

I have testing other device (switch) to use that NTP server and work correctly

So the problem not on NTP Server. 

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to gandhi.rifal

‎10-01-2012 11:38 AM

I spent some time troubleshooting this issue before, ISE will try to ping the ntp server before it moves on and tries to synchornize with it. Please allow ICMP if you can so that ISE will connect and sync with the NTP server.

Thanks,

Tarik Admani
*Please rate helpful posts*

Go to solution
gandhi.rifal
Level 1
Level 1
In response to Tarik Admani

‎10-01-2012 06:56 PM

No problems with ICMP packet. ISE can ping the NTP server.

Any idea?

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to gandhi.rifal

‎10-01-2012 07:00 PM

Gandhi,

This is a known issue, I was crossed up and didnt read that you are using AD as your NTP server, there have been issues with integrating ISE and ACS with AD as their ntp source, please use another device as the ntp sources, for example a router.

Thanks,

Tarik Admani
*Please rate helpful posts*

Go to solution
gandhi.rifal
Level 1
Level 1
In response to Tarik Admani

‎10-02-2012 06:32 PM

Dear Tarik,

I've tried your solution, and the problem is gone.

Thanks for your help. 

Regards,

Gandhi

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents