NTP server advice

Walsby1983 · ‎02-27-2012

Hello, i'm having issues getting various model switches to sync with a newly built NTP (Win2008) server with Atomic clock attached to it. The software for the clock is set to stratum 1. I know the clock is syncronising and the server is showing the correct time also. THe server currently has the firewall turned off so no traffic is being blocked to it.

I have the below on all switches;

clock timezone GMT 0

Clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00

and

ntp server 10.0.101.15 (ip of the above server)

Currently is have a core switch (4507R) that will not sync at all;

sh clock

*23:59:53.989 GMT Wed Mar 16 2011

sh ntp as

address ref clock st when poll reach delay offset dis

~10.0.101.15 .LOCL. 1 141 1024 377 0.0 300258 8.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18

reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

I also have multiple access switches (3550's, 3750's,3548's) that must have synced at some point as they were originally showing a 1993 date but are now up to date but not sync'd properly;

sh clock

.12:28:06.346 GMT Mon Feb 27 2012

sh ntp as

address ref clock st when poll reach delay offset disp

~10.0.101.15 .LOCL. 1 326 1024 377 9.7 121575 352.5

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 381.4697 Hz, actual freq is 381.4697 Hz, precision is 2**17

reference time is D2ECEEC7.7AB25EFE (16:09:43.479 GMT Mon Feb 20 2012)

clock offset is -782401.5959 msec, root delay is 1.37 msec

root dispersion is 782590.12 msec, peer dispersion is 188.52 msec

Is there a way to force synchronisation or is a reboot of the device needed for them to sync?

Thanks in advance, any advice appreicated.

Richard Burts · ‎02-27-2012

Alan

You might try a reboot of one of the switches to see if that helps. But I am not optimistic that this will solve your issue. It looks to me like there is something that is interferring with the operation of ntp and that we need to figure out what that is to solve your issue.

The part of the config that you posted is quite simple and looks like it should work. The clock timezone and clock summer-time do not have anything to do with the operation of ntp and only affect how time is shown on the local device. So my first question is to verify that there are no other commands in the config that have to do with ntp?

Assuming that there is only the single command of ntp server then we need to figure out why your switch is not learning time from the server. I will accept your statement that the server is running correctly and is generating the correct time. I would ask if there is anything configured in the server that would impact its communication with the switches? This could be things like configuring authentication on the server, or any restrictive list of clients, or perhaps issues of ntp version between the server and the switches?

My next question is whether there is any device between your switch and the server (perhaps a firewall or something doing address translation, or doing some kind of packet filtering) that could impact the communication from switch to server?

My next question is whether there is any access list on the switch filtering traffic that could impact the ntp communication?

Perhaps it would be useful if you would post the output of show ntp association detail from the first switch.

HTH

Rick

HTH

Rick

Walsby1983 · ‎02-27-2012

@Richard - thanks for your reply.

There are the only commands i can see to do with ntp.

It is a fresh build of 2008 server, firewall off with only timesync software installed and service is running so can't see anything stopping it on the server. Domain controllers seem to be syncing ok as well.

No firewalls (software or hardware), the server actually plugs straight into the core switch.

address ref clock st when poll reach delay offset disp

~10.0.101.15 .LOCL. 1 287 1024 377 0.0 300258 1522.1

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Joseph W. Doherty · ‎02-27-2012

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

I'm not current on Windows 2008 servers, but I recall with NT servers you had to add an add-on service to support full NTP, although they would support sync time for Windows workstations without it. You might want to verify your Windows server is truly operating as a full NTP server.

fb_webuser · ‎02-27-2012

have you tried

term mon

debug ntp packets

---

Posted by WebUser Stuart Gall

Walsby1983 · ‎02-27-2012

Stuart - Have turned that on, keeping an eye on it - thanks

Walsby1983 · ‎02-27-2012

Got the following from term mon;

*Mar 17 03:47:27.956: NTP: xmit packet to 10.0.101.15:

*Mar 17 03:47:27.956: leap 3, mode 3, version 3, stratum 0, ppoll 1024

*Mar 17 03:47:27.956: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 0000000

0 (0.0.0.0)

*Mar 17 03:47:27.956: ref 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)

*Mar 17 03:47:27.956: org D2F62731.E348684E (16:00:49.887 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956: rec D12BFECF.F4F26670 (03:30:23.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: xmt D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: NTP: rcv packet from 10.0.101.15 to 10.0.101.2 on Vlan101:

*Mar 17 03:47:27.956: leap 0, mode 4, version 3, stratum 1, ppoll 1024

*Mar 17 03:47:27.956: rtdel 0000 (0.000), rtdsp A043C (10016.541), refid 4C4F43

4C (76.79.67.76)

*Mar 17 03:47:27.956: ref D2F62AE0.21B81D12 (16:16:32.131 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956: org D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: rec D2F62B32.383F4814 (16:17:54.219 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956: xmt D2F62B32.383F4814 (16:17:54.219 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956: inp D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: NTP: 10.0.101.15: offset 30025826.262962439, delay 0.00000

, error 0.00002clock_filter(10.0.101.15, 30025826.262962, 0.00000, 0.00002)

*Mar 17 03:47:27.956: NTP: nlist 0, allow 0, found 0, low 0.000000, high 0.00000

0

*Mar 17 03:47:27.956: NTP: no select intersection

Does it help at all?

Richard Burts · ‎02-27-2012

Alan

Yes I believe that this does help. It does show clearly that your switch is receiving an ntp packet from the server. So this eliminates issues of IP connectivity or of packet filtering as sources of the problem.

It is pretty clear that your switch is receiving ntp packet from the server but for some reason your switch does not accept the ntp from the server - the message NTP: no select intersection seems to be an indication that the switch is not accepting the ntp from the server. But it does not give us a clear indication of what the problem is. The messages seem to indicate that both are running ntp version 3, that the switch is operating in client mode, and the server is operating in server mode, which is expected.

I wonder if one of the other ntp debugs (perhaps debut ntp event or as a last resort debug ntp all) might show the problem.

HTH

Rick

HTH

Rick

Edison Ortiz · ‎02-27-2012

As indicated by Joseph, Windows does not provide NTP server features without making some registry changes.

A quick google search turn up this thread in another forum:

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/7dc5e8f4-824a-432c-a2da-ac0e3fdf76fd/

There is also a 3rd party NTP server for Windows which is proven to work with Cisco IOS

http://www.eecis.udel.edu/~mills/ntp/html/hints/winnt.html

Regards,

Edison

Richard Burts · ‎02-27-2012

Edison

Thanks for these links.

I had assumed that the server was running something that used the atomic clock and would go beyond the normal Windows Time Service. But as I re-read the original post I see:

Hello, i'm having issues getting various model switches to sync with a newly built NTP (Win2008) server with Atomic clock attached to it.

And that suggests that perhaps the server is learning time from the atomic clock but is still running just the normal Windows Time Service. And that would explain why the switches do not accept time from the server. So perhaps Alan can provide clarification about what is running on the server?

HTH

Rick

HTH

Rick

Walsby1983 · ‎02-28-2012

Morning, thanks for the replies.

It is a seperate service to the Windows Time Service, apologies if i did not make that clear. A peice of software called TimeSync that relies on the Windows service running but stops it from setting the time.

Leo Laohoo · ‎02-28-2012

Hmmmm ... If your Windows server goes out to the world to sync itself, why can't you nominate a Cisco appliance (router would be nice or a core switch) to sync too?

Janaka Wellege · ‎03-05-2014

Hi Alan,

I also got the same type of problem. and When I remove NTP config and reapply it again NTP status came up and stable about 15 min and again went down. When ever I reconfigure NTP up for about 15 min then down again.

I have raised Cisco TAC case 628890803 and currently Cisco development team is investigating the issue.

Richard Burts · ‎03-05-2014

It is interesting that you are having the same symptoms. Do you have the same environment - Windows server with attached atomic clock? Can you provide some detail about what your environment is?

HTH

Rick

HTH

Rick

tyagikunal · ‎02-27-2012

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 381.4697 Hz, actual freq is 381.4697 Hz, precision is 2**17

reference time is D2ECEEC7.7AB25EFE (16:09:43.479 GMT Mon Feb 20 2012)

clock offset is -782401.5959 msec, root delay is 1.37 msec

root dispersion is 782590.12 msec, peer dispersion is 188.52 msec

root dispersion is 782590.12 msec is to high for switchs

please change stratum 16 to 3 from core switch (4507R)

config t# ntp master 3

after changing stratum hope it will work