Re: Cst 9300 NTP Error

Steev112 · ‎01-05-2019

Hi,

when migrated the NTP configuration from c3560 to c9300 i have this error:

NTP Core (ERROR): Invalid-NAK error at 659 192.168.10.140<-172.17.3.110

this ip address 192.168.10.140 is management switch and 172.17.3.110 is ntp server.

anyone can help.

Thanks

marce1000 · ‎01-06-2019

- Post the output of show ntp information , show ntp server , show ntp assoc and show run | inc ntp

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Steev112 · ‎01-06-2019

Hi Marcel:

show ntp information
Ntp Software Name : Cisco-ntpv4
Ntp Software Version : Cisco-ntpv4-1.0
Ntp Software Vendor : CISCO
Ntp System Type : Cisco IOS / X86

#sh ntp associations

address ref clock st when poll reach delay offset disp
~172.17.3.110 .INIT. 16 858 128 0 0.000 0.000 15937.

#sh ntp associations
#sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9982 Hz, precision is 2**10
ntp uptime is 171773200 (1/100 of seconds), resolution is 4016
reference time is DFDC5CC2.05604198 (13:53:54.021 UTC Sun Jan 6 2019)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 4.89 msec, peer dispersion is 0.00 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000007065 s/s
system poll interval is 64, last update was 868 sec ago.

#sh ntp config
ntp server 172.17.3.110 key 3

#sh run | int ntp
permit udp any host 172.17.3.110 eq ntp
ntp authentication-key 3 md5 0218155F352A14164D6B15251326220C5D 7
ntp authenticate
ntp trusted-key 3
ntp server 72.17.3.110 key 3

Thanks

marce1000 · ‎01-06-2019

- Turn off ntp authentication as a test ; check whether it works then, if so re-generate the authentication key 'in cooperation' with the NTP server. And check again , then with authentication.

M.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Steev112 · ‎01-08-2019

Hi Marce,

i have turned off the authentication and the error disappeared but ntp not sync, and configured the authentication again, the error came back again.

Thanks

marce1000 · ‎01-08-2019

- Did you also re-generate the key ? Also -> Cisco is sometimes prone to NTP bugs in their software , is the 9300 on a recent software release ? If not ; upgrade and try again.

-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !

Steev112 · ‎01-08-2019

yes i re-generate the key and the same issue, the current software is recommended image "16.06.04a"

Thanks

Krishan · ‎12-19-2023

Sometimes you have to wait some minutes to get NTP server synchronized. Might be up to 10 or 15 min.

Check with show ntp asso detail for more information.

Sometimes it is useful to enable: debug ntp all and read the logs. It is just a few lines per minute, not with high CPU usage.

Georg Pauwen · ‎01-06-2019

Hello,

in addition to the other post, also post the output of 'show ntp status'. Is access between both IP addresses restricted by an access list, or do you have NTP authentication configured ?

Tom Sciesinski · ‎05-23-2019

Did you ever find a fix for this? I'm having this same exact error on a 9410 running 16.08.01a

Thanks

sw43 · ‎08-31-2020

Same issue on our network which is a mixture of 9500's, 9300's and 3850's.

NTP invalid-nak errors occurred immediately when upgrading from Gibraltar to Amsterdam.

To "fix" NTP we changed:

ntp server 192.168.10.100 key 1

to...

ntp server 192.168.10.100

NTP works again but without authentication.

Krishan · ‎12-19-2023

I have observed a similar case with C9300 switch.

Here the remedy was to remove the ntp trusted-key <key> and configure again. After that the switch had exchanged the key with NTP server successfully.