Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5783
Views
5
Helpful
19
Replies

NTP is showing unsyncronized in cisco 3650

Noovi
Level 1
Level 1

‎03-18-2018 11:56 PM - edited ‎03-08-2019 02:18 PM

KABZ1016#sh run | i ntp

ntp source Vlan260

ntp server 10.162.251.72

ntp server 10.162.251.71

KABZ1016#

 

KABZ1016#sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10

ntp uptime is 16310500 (1/100 of seconds), resolution is 4000

reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.58 msec, peer dispersion is 0.00 msec

loopfilter state is 'NSET' (Never set), drift is 0.000000000 s/s

system poll interval is 64, never updated.

KABZ1016#sh ntp ass

 

  address         ref clock       st   when   poll reach  delay  offset   disp

 ~10.162.251.72   10.162.251.71    2     49     64   377  0.996 3567718  1.923

 ~10.162.251.71   .LOCL.           1     45     64     7  0.997 3567717  1.692

 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

KABZ1016#

 

KABZ1016#ping 10.162.251.71

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.162.251.71, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms

KABZ1016#ping 10.162.251.72

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.162.251.72, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

Please help me to resolve this, i have attached debugs logs too

2 people had this problem
Labels:
Preview file
17 KB
0 Helpful
19 Replies 19

johnd2310
Level 8
Level 8

‎03-19-2018 12:44 AM

Hi,

 

You have configured these switches  to serve time to each other when none of them has the correct time  or is authoritative.

Configure your switches to get time from an external ntp server. If you do not have Internet access and would like to manage time manually, then configure your switches or one of you switches to be NTP master.

The recommendation is  to configure your switches to sync to and external ntp server.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Noovi
Level 1
Level 1
In response to johnd2310

‎03-19-2018 12:52 AM

Hi John,

 

thanks for quick response.

 

10.162.251.71/72 are hardware servers. Are you saying these serves have issue?

 

To use external NTP server, these switch is after firewall. And customer is not allowing to do any port opening in Firewall. 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Noovi

‎03-19-2018 12:57 AM

Hi, 

After the IOS 12.<X> NTP version 4 is the NTP version default. Can you check that is your server is supporting to version 4?

 

Otherwise, you can go with V3 from the router itself.

NTP server 10.162.251.71 version 3

 

Regards,

Deepak Kumar

 

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Noovi
Level 1
Level 1
In response to Deepak Kumar

‎03-19-2018 01:01 AM

Hi Deepak,

 

yes , default version is 4. I have set to 3 too but still didn't works.

 

Actually 10.162.251.71/72 are VM severs. are there any known NTP sync issue between them

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Noovi

‎03-19-2018 01:07 AM

Hi, 

Please share the output of below commands:

  • debug ip packets <acl>
  • debug ntp packets
  • debug ntp validity
  • debug ntp sync
  • debug ntp events

 

ACL for debugging setup like this: 

permit udp any eq 123 any eq 123

 

And make sure, there is no ACL or firewall is blocking the UDP port 123.

 

Thanks, 

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Noovi
Level 1
Level 1
In response to Deepak Kumar

‎03-19-2018 01:32 AM

Hi Deepak,

 

i have attached output for given commands. But below commands are not taking.

Also 10.162.251.71/72 are directly connected and no ACL is configured.

 

  • debug ntp validity
  • debug ntp syn

 

 

Preview file
29 KB
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Noovi

‎03-19-2018 02:02 AM

Hi,

thanks for output and there is some bug reported for the same issue:

 NTP Core(INFO): 10.162.251.72 902D 8D popcorn popcorn

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCug48022

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

johnd2310
Level 8
Level 8
In response to Noovi

‎03-19-2018 01:07 AM - edited ‎03-19-2018 01:12 AM

Hi,

 

Where are these servers getting time from? i.e. What is the NTP configuration of these servers? What OS is  running on the VMs

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Noovi
Level 1
Level 1
In response to johnd2310

‎03-19-2018 02:51 AM

Hi John,

Will share you asked details soon.

 

Hi deepak,

 

If you are saying this is bug but how other devices with same c3650 model are working.

0 Helpful

paul driver
VIP
VIP

‎03-19-2018 03:35 AM

Hello

Note:

ntp server x.x.x.  this client need to be pointed to an authoritative time server
ntp peer x.x.x.   peers are non authoritative with each other , they should agree on a time

 

 

So if your NTP master isnt authoritative for the network then it wont work, Also check if you are not being prohibited by access-listing or authentication key

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Noovi
Level 1
Level 1
In response to paul driver

‎03-19-2018 07:57 AM

Dear Paul,

i have checked with NTP peer but no luck.

As of now i am suspecting issue from 10.162.251.71/72.

Will post progressive update.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Noovi

‎03-19-2018 09:33 AM

There was a question about what OS is running on the server and I do not see an answer to that. I would also ask what is the source of time on the server? If it is using Windows time service then that could explain this issue. Windows time service is sufficient to offer time to Windows devices but is not a full implementation of NTP and Cisco IOS devices will typically not sync to a device using Windows time service.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Richard Burts

‎03-19-2018 09:39 AM

Hi, 

@Richard Burts I disagree on your point "Cisco IOS devices will typically not sync to a device using Windows time service." 

I implemented the same in many places with windows server 2008/2012. It is working fine. Even same setup is working in my office. 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Noovi
Level 1
Level 1
In response to Deepak Kumar

‎03-22-2018 08:06 AM

Hi Guys,

I have received below response. Can you please guide me further.

 

  1. Are 10.162.251.71/72 NTP capable? - yes
  2. Which platform they are using? – Windows Server 2016
  3. Is there any authentication used? - No

4.Where are these servers getting time from? – Internal (Enterprise NTP service)

5.What is the NTP configuration(version) of these servers?  - ??

6.What OS is  running on the VMs? – Server 2016

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card