NTP failed validity test 10

Unanswered Question
May 30th, 2008

I am trying to sync and NTP master to a more relaible time source.

I have tried internal servers and internet based time servers and they are all coming back with validty test failures.

Config is as follows:

ntp source Loopback99

ntp access-group serve 40

ntp master 10

ntp update-calendar

ntp peer vrf X:X 192.43.244.18

ntp server vrf X:X 128.105.37.11 version 2 prefer

ntp peer vrf X:X 130.149.17.8

The errors are as follows:

089610: May 30 15:35:32 CEST: NTP: xmit packet to 192.43.244.18:

089611: May 30 15:35:32 CEST: leap 0, mode 1, version 3, stratum 10, ppoll 1024

089612: May 30 15:35:32 CEST: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 7F7F0701 (127.127.7.1)

089613: May 30 15:35:32 CEST: ref CBEA80F9.7DB22E68 (15:34:49.491 CEST Fri May 30 2008)

089614: May 30 15:35:32 CEST: org CBEA7F3F.CC3584CB (15:27:27.797 CEST Fri May 30 2008)

089615: May 30 15:35:32 CEST: rec CBEA7F24.A39582C8 (15:27:00.639 CEST Fri May 30 2008)

089616: May 30 15:35:32 CEST: xmt CBEA8124.7DB22E68 (15:35:32.491 CEST Fri May 30 2008)

089617: May 30 15:35:32 CEST: NTP: rcv packet from 192.43.244.18 to x.x.x.x on Loopback99:

089618: May 30 15:35:32 CEST: leap 0, mode 2, version 3, stratum 1, ppoll 1024

089619: May 30 15:35:32 CEST: rtdel 0000 (0.000), rtdsp 0000 (0.000), refid 41435453 (65.67.84.83)

089620: May 30 15:35:32 CEST: ref CBEA8102.EC04A21D (15:34:58.921 CEST Fri May 30 2008)

089621: May 30 15:35:32 CEST: org CBEA8124.7DB22E68 (15:35:32.491 CEST Fri May 30 2008)

089622: May 30 15:35:32 CEST: rec CBEA813F.CE58C36E (15:35:59.806 CEST Fri May 30 2008)

089623: May 30 15:35:32 CEST: xmt CBEA813F.CE599FB7 (15:35:59.806 CEST Fri May 30 2008)

089624: May 30 15:35:32 CEST: inp CBEA8124.A7AE1648 (15:35:32.655 CEST Fri May 30 2008)

089625: May 30 15:35:32 CEST: NTP: packet from 192.43.244.18 failed validity tests 10

089626: May 30 15:35:32 CEST: Authentication failed

As you can see I am not using authentication, and we are syncing to the same internet time sources on different devices, using no authentication.

The access-list 40 is permitting the traffic. I just cant understand why it is failing on authentication when it is not in use.

Other devices are syncing successfully to the master with no issues.

Any assistance would be much appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 05/31/2008 - 12:40

Stuart

There are a couple of things that I believe may be issues in your config.

- you have configured this router as ntp master at stratum 10. In my experience configuring a router as ntp master means that the router does not sync to other devices since it believe that its own clock is authoritative. I suggest that you remove ntp master from the config.

- you have configured an ntp access-group serve. But you have not configured an ntp access-group peer. Since 192.43.244.18 is configured as a peer I suggest that you also configure an ntp access-group peer with an access list that permits the peer addresses.

HTH

Rick

Stuart Hare Sun, 06/01/2008 - 23:59

Hi Rick,

I clocked the access-group serve cmd, late on friday, and replaced this as the peer instead of serve and this sorted it.

Thanks for the reply. Spot on.

Stuart

Richard Burts Mon, 06/02/2008 - 09:59

Stuart

I am glad that my suggestion was able to help you resolve your problem. Sometimes the use of the ntp access-group is not obvious. I am glad that you now have it sorted out.

HTH

Rick

Actions

This Discussion