NTP Problem

robertgile1 · ‎08-04-2008

I am having a problem with NTP. My network setup looks like this:

2821 Router <-> ASA 5510 <-> W2k3 DC

I have the router pulling time from a NIST NTP server. I want the W2k3 DC to pull from the router.

I have opened a hole in the firewall to allow the router to pass UDP 123 to the outside interface on the ASA. I have setup a NAT translation to translate to the W2k3 DC's private IP.

This is what I am getting from the debug on the router:

Aug 4 20:10:06.369: NTP: packet from x.x.x.x failed validity tests 0E

Aug 4 20:10:06.369: Bogus Packet received

Aug 4 20:10:06.369: Protocol unsynchronized

Aug 4 20:10:06.369: Peer/Server delay/dispersion boundary check failed

This is the router config:

ntp clock-period 17180270

ntp master

ntp server 69.25.96.13

For the W2K3 DC, I have the router IP in the following reg key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters]

"NtpServer"="x.x.x.x"

"Type"="NTP"

I can not find that "failed validity tests 0E" specifically anywhere.

Any suggestions? Thank you in advance.

Joe Clarke · ‎08-04-2008

This error indicates bogus originating information in a packet received by the router. What is the output of show ntp assoc and show ntp stat on this router?

I was successfully able to sync a Windows 2003 server with a 7206 running 12.4(15)T5 with the following config:

ntp clock-period 17179698

ntp master 3

ntp server 10.1.1.1

My router is synced to a stratum 2 clock on 10.1.1.1.

My Windows registry looks like:

NtpServer=20.1.1.1,0x1

Type=NTP

robertgile1 · ‎08-04-2008

I have the following:

router#show ntp assoc

address ref clock st when poll reach delay offset disp

~127.127.7.1 127.127.7.1 7 60 64 377 0.0 0.00 0.0

*~69.25.96.13 .ACTS. 1 704 1024 377 17.4 1.09 1.9

I have no idea where the 127.127.7.1 address came from.

router#sho ntp stat

Clock is synchronized, stratum 2, reference is 69.25.96.13

nominal freq is 250.0000 Hz, actual freq is 249.9944 Hz, precision is 2**18

reference time is CC420C1D.54D4EC22 (16:15:41.331 PST Mon Aug 4 2008)

clock offset is 1.0932 msec, root delay is 17.43 msec

root dispersion is 3.02 msec, peer dispersion is 1.94 msec

Joe Clarke · ‎08-04-2008

127.127.7.1 is the router itself. Try setting its stratum to 2:

ntp master 2

Then, enable debug ntp packet, and try to sync from the Windows 2003 machine again. what output do you get?

robertgile1 · ‎08-05-2008

Here is my output:

Aug 5 14:33:42.583: NTP: rcv packet from [non-NATed DC IP] to [router's internal IP] on GigabitEthernet0/0:

Aug 5 14:33:42.583: leap 0, mode 3, version 3, stratum 1, ppoll 32768

Aug 5 14:33:42.583: rtdel 0000 (0.000), rtdsp A0400 (10015.625), refid 4C4F434C (76.79.67.76)

Aug 5 14:33:42.583: ref CC42E296.E0000000 (07:30:46.874 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: org 00000000.00000000 (17:00:00.000 PST Wed Dec 31 1899)

Aug 5 14:33:42.583: rec 00000000.00000000 (17:00:00.000 PST Wed Dec 31 1899)

Aug 5 14:33:42.583: xmt CC42E296.E0000000 (07:30:46.874 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: inp CC42E346.956EFFCD (07:33:42.583 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: NTP: stateless xmit packet to [non-NATed DC IP]:

Aug 5 14:33:42.583: leap 0, mode 4, version 3, stratum 2, ppoll 32768

Aug 5 14:33:42.583: rtdel 0574 (21.301), rtdsp 020E (8.026), refid 4519600D (69.25.96.13)

Aug 5 14:33:42.583: ref CC42E2CA.9500482E (07:31:38.582 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: org CC42E296.E0000000 (07:30:46.874 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: rec CC42E346.956EFFCD (07:33:42.583 PST Tue Aug 5 2008)

Aug 5 14:33:42.583: xmt CC42E346.9594C0D7 (07:33:42.584 PST Tue Aug 5 2008)

Aug 5 14:33:42.679: NTP: rcv packet from [NATed DC IP] to [router's internal IP] on GigabitEthernet0/0:

Aug 5 14:33:42.679: leap 0, mode 1, version 3, stratum 1, ppoll 32768

Aug 5 14:33:42.679: rtdel 0000 (0.000), rtdsp A0400 (10015.625), refid 4C4F434C (76.79.67.76)

Aug 5 14:33:42.679: ref CC42E296.DFD70A3D (07:30:46.874 PST Tue Aug 5 2008)

Aug 5 14:33:42.679: org 00000000.00000000 (17:00:00.000 PST Wed Dec 31 1899)

Aug 5 14:33:42.679: rec 00000000.00000000 (17:00:00.000 PST Wed Dec 31 1899)

Aug 5 14:33:42.679: xmt CC42E296.FC000000 (07:30:46.984 PST Tue Aug 5 2008)

Aug 5 14:33:42.679: inp CC42E346.AE168159 (07:33:42.680 PST Tue Aug 5 2008)

Aug 5 14:33:49.563: NTP: xmit packet to [NATed DC IP]:

Aug 5 14:33:49.563: leap 0, mode 2, version 3, stratum 2, ppoll 64

Aug 5 14:33:49.563: rtdel 0574 (21.301), rtdsp 020E (8.026), refid 4519600D (69.25.96.13)

Aug 5 14:33:49.563: ref CC42E2CA.9500482E (07:31:38.582 PST Tue Aug 5 2008)

Aug 5 14:33:49.563: org CC42E296.FC000000 (07:30:46.984 PST Tue Aug 5 2008)

Aug 5 14:33:49.563: rec CC42E346.AE168159 (07:33:42.680 PST Tue Aug 5 2008)

Aug 5 14:33:49.563: xmt CC42E34D.9053227F (07:33:49.563 PST Tue Aug 5 2008)

I'm thinking the problem is the ASA in between the DC and the router. I have an access rule allowing UDP from the router to the ASA external IP as well as a NAT translation for NTP to the inside DC IP.

Joe Clarke · ‎08-05-2008

Are you doing static NAT on the ASA for the DC?

robertgile1 · ‎08-05-2008

Yes.

Joe Clarke · ‎08-05-2008

The router is replying to both sync requests. Can you sniff the traffic to make sure the Windows server is seeing the reply?