Microsoft Windows Server 2003 as NTP server for IOS clients

Unanswered Question
May 14th, 2008
User Badges:

I am trying to synchronize the clock in my switches using a Windows 2003 ntp server. Debugging shows that the switch receives an answer from the server, but will not accept it. Debugging shows "Failed validity tests 20" which I think means "bogus packet received".


On the server side I have changed the registry key HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion from the default value 10 to 0, found that tip on the web. I also adjusted the switch clock manually so that the difference was less than a minute. Did not help.

I am currently testing with a 2960G with IOS 12.2(25)SEE3


Here is the debug output: (ntp events, ntp packets, ntp validity)

May 14 16:07:25: NTP: xmit packet to <server ip address> :

May 14 16:07:25: leap 3, mode 3, version 3, stratum 0, ppoll 64

May 14 16:07:25: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0.0.0.0)

May 14 16:07:25: ref 00000000.00000000 (01:00:00.000 CET Mon Jan 1 1900)

May 14 16:07:25: org CBD57216.A8000000 (16:13:42.656 CEST Wed May 14 2008)

May 14 16:07:25: rec CBD5705D.5075BD5A (16:06:21.314 CEST Wed May 14 2008)

May 14 16:07:25: xmt CBD5709D.515717A2 (16:07:25.317 CEST Wed May 14 2008)

May 14 16:07:25: NTP: rcv packet from <server ip address> to <switch ip address> on Vlan5:

May 14 16:07:25: leap 3, mode 4, version 3, stratum 0, ppoll 64

May 14 16:07:25: rtdel 0000 (0.000), rtdsp 10400 (1015.625), refid 00000000 (0.0.0.0)

May 14 16:07:25: ref CBBA0238.40395810 (20:45:12.250 CEST Wed Apr 23 2008)

May 14 16:07:25: org CBD5709D.515717A2 (16:07:25.317 CEST Wed May 14 2008)

May 14 16:07:25: rec CBD57256.AC000000 (16:14:46.671 CEST Wed May 14 2008)

May 14 16:07:25: xmt CBD57256.AC000000 (16:14:46.671 CEST Wed May 14 2008)

May 14 16:07:25: inp CBD5709D.56C08EFA (16:07:25.338 CEST Wed May 14 2008)

May 14 16:07:25: NTP: packet from <server ip address> failed validity tests 20

May 14 16:07:25: Peer/Server Clock unsynchronized



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Richard Burts Thu, 05/15/2008 - 03:42
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

VIGLEIK


I believe that the error code of 20 indicates that the peer clock is unsynchronized. Cisco will not sync to a time source that is not synchronized. I believe that the fundamental issue is that Windows runs a simplified implementation of the time protocol and not a full NTP implementation.


I believe that the suggestion from Dandy is good. If you have something like Meinberg on the Windows server that is running a full NTP implementation then Cisco would be able to sync to it.


HTH


Rick

vigleik Thu, 05/15/2008 - 06:06
User Badges:

Thank you. I didn't need to install the 3rdparty solution.

Turned out that my Windows server was not really synchronized after all. Fixed that, and now it's working.


Vigleik.

lomonaco Thu, 05/15/2008 - 06:17
User Badges:

Hi vigleik,


Congratulations...


If possible, please share the steps you

did to to synchronize the clock in yours

switches using a Windows 2003 ntp server


Thanks in Advanced


Andre Lomonaco

sindan1680 Thu, 05/15/2008 - 10:58
User Badges:

Can you please show how did you syncronize the switches with the Windows server?

vigleik Thu, 05/15/2008 - 23:27
User Badges:

Nothing much in the switch, just

clock timezone CET 1

clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

ntp server x.x.x.x


At the Windows 2003 server I changed two registry keys, but I think the first one was not needed.

HKLM\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion changed from 10 to 0

w32tm /config /update


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters\Type="NT5DS"

Restarted Windows time service


Note that NT5DS means that this server will get its time from another domain controller in my domain.


The point is to make sure that time really is synchronized at the server. If you want the server to sync from an external source, consider changing the source to something other than time.windows.com

net time /querysntp and net time /setsntp


Vigleik


Gavin Barber Thu, 03/04/2010 - 04:19
User Badges:

This article just solved a problem where our NTP configured on W2K3 to our Cisco environment suddenly stoppped working, the final post about changing the registy key from 10 to 0 has resolved all our NTP issues so thanks

Actions

This Discussion