cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
0
Helpful
7
Replies

NTP configuration on Cisco IDS

msmitha
Level 1
Level 1

When I try to configure NTP on my 4215, I get this error (below). I have tried rebooting the sensor but the sensor came back up with no ntpServer configured. There is no connectivity issue between the ntp server and the sensor.

sensor(config-Host-tim)# ntpServers ipAddress A.B.C.D

sensor(config-Host-tim-ntp)# keyId 1

sensor(config-Host-tim-ntp)# keyValue secret

sensor(config-Host-tim-ntp)# exit

sensor(config-Host-tim)# show sett

timeParams

-----------------------------------------------

offset: 0 minutes <defaulted>

standardTimeZoneName: UTC <defaulted>

summerTimeParams

-----------------------------------------------

-----------------------------------------------

ntpServers (min: 0, max: 1, current: 1)

-----------------------------------------------

ipAddress: A.B.C.D

keyId: 1

keyValue: secret

-----------------------------------------------

-----------------------------------------------

-----------------------------------------------

sensor(config-Host-tim)# exit

sensor(config-Host)# exit

Apply Changes:?[yes]: yes

Error: Could not run ntpdate utility. Fatal Error has occurred. Node MUST be rebooted to enable alarming.

7 Replies 7

scoclayton
Level 7
Level 7

Hi,

I actually saw something similar with 4.0 first came out. Unfortunately, I never bothered to figure out what was happening as it always seemed to work after I upgraded the code on the sensor. Are you running a 4.0(1) release? If so, cann you go ahead and apply the 4.1(1) update and re-test. I think we may have fixed this but to be honest, I am really not sure. Let me know.

Scott

I'm not certain how msmitha got this working - perhaps it's the difference in IDS platform. I am in the process of deploying a couple of IDSM-2 modules and have never been able to get NTP to work. The same fatal error message comes up. Using "show settings" reveals that no NTP server configuration was accepted:

id-main2d-1(config-Host-tim)# show sett

timeParams

-----------------------------------------------

offset: 0 minutes default: 0

standardTimeZoneName: GMT default: UTC

summerTimeParams

-----------------------------------------------

-----------------------------------------------

ntpServers (min: 0, max: 1, current: 0)

-----------------------------------------------

In addition, the IDSM modules running 4.1(1)S47 were not even obtaining time from the switches that they are installed in. A recent upgrade to the 4.1(2)S58 release has apparently fixed that issue (time on the IDS now matches the time on the switch), however NTP configuration attempts continue to fail.

One reason for the fatal error message is that the ntp daemon (ntpd) is already running when the ntpdate utility is run - this causes ntpdate to fail. Another cause for ntpdate to fail could be a configuration problem or an unsupported ntp server.

Can you send me some info on the ntp server you are using?

Also, you could try running the ntpdate command (as root) from the sensor service account and see if you get any more information. Make sure that ntpd is not running. You can run "killall -INT ntpd" if it is.

Attempting to obtain time from a 7200 router configured as follows:

ntp authentication-key xxxxxxxxxx

ntp authenticate

ntp trusted-key 1

I verified that ntpd is not running and attempted to run ntpdate manually with the following output:

[root@id-main2d-1 root]# ntpdate -a 1 -k /tmp/ntpkey 205.136.119.225

13 Nov 20:57:27 ntpdate[2932]: cannot change keyid 0, key entry `T!ckT0ck' ignored

13 Nov 20:57:31 ntpdate[2932]: no server suitable for synchronization found

Is the keyid the problem? I'm unable to use keyid 0 on the router, but the IDS apparently won't accept keyid 1. I also tried a password that did not have a special character in it, with no success.

Try running the ntpdate command (this is what the IDS s/w runs):

> ntpdate -b 205.136.119.225

NOTE: the ntp server configuration should be defined in the /etc/ntp.conf file and the keys in /etc/ntp/keys on the sensor. The cli setup should allow you to enter a keyid of "1".

jamesand
Cisco Employee
Cisco Employee

There is a known NTP bug with this symptom. It occurs when you have NTP configured and then make an NTP configuration change (ntpdate will error if the ntp daemon is already running). You might try this workaround:

- remove all NTP servers

- apply changes

- add NTP server

- apply changes

If this does not work, then this problem is either a misconfiguration or a connectivity issue.

Thanks for the help. I got it working now - removed, saved changes, reset the sensor, configured ntp again and it's working fine.