Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1453
Views
0
Helpful
1
Replies

ACS 5.3 NTP offset increasing with NTP Server in same LAN

ronaldlau2012
Level 1
Level 1

‎11-01-2012 08:58 AM - edited ‎03-10-2019 07:44 PM

Im installing & configuring a new ACS 1121. Ive updated to version 5.3 with patch:

Cisco ACS VERSION INFORMATION

-----------------------------

Version : 5.3.0.40.6

Internal Build ID : B.839

Patches :

5-3-0-40-1

5-3-0-40-2

5-3-0-40-3

5-3-0-40-4

5-3-0-40-5

5-3-0-40-6

Two months ago i established a comunication with the Active directory with everything normal. Due to vacations i resumed the configuration today November 1st. And when i tested the Active Directory account, i got clock skew issue, so i checked the NTP settings:

TSJACS-SEDEPP1-01/acsadmin# sh ntp

Primary NTP   : 172.24.8.21

synchronised to local net at stratum 11

   time correct to within 12 ms

   polling server every 1024 s

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

*127.127.1.0     LOCAL(0)        10 l   53   64  377    0.000    0.000   0.001

172.24.8.21     .LOCL.           1 u  206 1024  377    0.646  417599.  82.777

Warning: Output results may conflict during periods of changing synchronization.

Since i saw that the clock was behind/ahead aprox 6 minutos. I reconfigured the NTP server by removing and reinserting the command.

And voila:

TSJACS-SEDEPP1-01/acsadmin# sh ntp

Primary NTP   : 172.24.8.21

synchronised to local net at stratum 11

   time correct to within 75 ms

   polling server every 64 s

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

*127.127.1.0     LOCAL(0)        10 l   47   64  177    0.000    0.000   0.001

172.24.8.21     .LOCL.           1 u   46   64  177    0.599   -6.075  23.869

Warning: Output results may conflict during periods of changing synchronization.

Since the offset was low i tested the Active Directory Connection and it worked just fine. But now i see the offset increasing:

...

172.24.8.21     .LOCL.           1 u  916 1024  377    0.630   41.429  44.229

172.24.8.21     .LOCL.           1 u   50 1024  377    0.592  202.882  82.799

172.24.8.21     .LOCL.           1 u  952 1024  377    1.077  275.164  72.283

...

In aprox. 1 hour. This makes me believe that in a month or so ill have Active Directory Issues again.

Is it a bug or maybe a ntp configuration needed. Another interesting point is that i tested NTP with a CISCO CORE switch that was an ntp client to the internet NTP servers, but is currently taking its own clock as reference.

And this is the output:

TSJACS-SEDEPP1-01/acsadmin# sh ntp

Primary NTP   : 172.24.24.254

synchronised to local net at stratum 11

   time correct to within 11 ms

   polling server every 256 s

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

*127.127.1.0     LOCAL(0)        10 l    7   64  377    0.000    0.000   0.001

172.24.24.254   .INIT.          16 u    -  256    0    0.000    0.000 4000.00

This temporarily solves my Active Directory problem but i still would like to have the NTP server pointing to the same reference as the Active Directory.

Regards,

Ronald.

El mensaje fue editado por: Ronald Lau

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎11-01-2012 04:40 PM

If you are using windows as your clock source, please use a different source..ie router.

Thanks


Sent from Cisco Technical Support Android App

0 Helpful
Customers Also Viewed These Support Documents