Sync router and switch time to domain

Answered Question
Sep 19th, 2009

Hi,

Am trying to sync the time of my cisco devices to the time of my domain. I am running a windows server 2008 domain but I am not using an external time source. I have tried to point my cisco device to my domain controller as the NTP server but without success.

Is it possible to use a windows server as an NTP server for my cisco devices?

Regards,

Screech

I have this problem too.
0 votes
Correct Answer by Richard Burts about 7 years 3 months ago

Yang

Your post suggests that Screech may need to use commands for ntp source and ntp key. These commands are options which an installation may use if they choose, but should not be necessary just to get a router or switch to learn NTP from an NTP server.

Screech

The fundamental issue in your case is that the time protocol that runs for the Windows Domain is not NTP but is a simplified implementation of the time protocol. So you will not get the router or switch to learn time from the Domain using NTP. You might check and see if your routers and switches support SNTP and if they do you might try configuring SNTP pointing to the Domain.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
YANGCCIE4 Sat, 09/19/2009 - 09:56

Hi, Urvininocente,

As I met before,

NTP server needs several command option,

such as ,source, trusted-key, and source,

just want to mention you get them all right.

hope it help a little

Yang

urvininocente Sat, 09/19/2009 - 10:13

Yang,

I achecked those and everything seems to be configured OK. When I issue teh command "sh ntp associations detail" I get the following output

192.168.1.10 configured, insane, invalid, stratum 2

ref ID 192.168.1.23, time CE5F9B50.551C0BCF (14:02:56.332 (GMT-4) Sat Sep 19 200

9)

our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024

root delay 31.25 msec, root disp 10269.94, reach 377, sync dist 10290.939

delay 0.50 msec, offset 219300215019.7178 msec, dispersion 5.13

precision 2**6, version 3

org time CE5F9B79.51450191 (14:03:37.317 (GMT-4) Sat Sep 19 2009)

rcv time C14D5A02.4C4956FE (09:20:02.297 (GMT-4) Tue Oct 8 2002)

xmt time C14D5A02.4C2839E5 (09:20:02.297 (GMT-4) Tue Oct 8 2002)

filtdelay = 0.50 0.53 0.44 0.50 0.49 0.52 0.50 0.50

filtoffset = 2193002 2193002 2193002 2193002 2193002 2193002 2193002 2193002

filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12

Any ideas?

Correct Answer
Richard Burts Sat, 09/19/2009 - 14:51

Yang

Your post suggests that Screech may need to use commands for ntp source and ntp key. These commands are options which an installation may use if they choose, but should not be necessary just to get a router or switch to learn NTP from an NTP server.

Screech

The fundamental issue in your case is that the time protocol that runs for the Windows Domain is not NTP but is a simplified implementation of the time protocol. So you will not get the router or switch to learn time from the Domain using NTP. You might check and see if your routers and switches support SNTP and if they do you might try configuring SNTP pointing to the Domain.

HTH

Rick

mhdganji110 Fri, 03/02/2012 - 01:11

so what finally ?

there is not any way to sync a cisco device with domain controller ?

can we use some programs in the middle to do that ?

(to get time from active directory in sntp and give it to cisco switch using ntp)

cant we add sntp support (w32time) to routers or switches ?

hobbe Fri, 03/02/2012 - 01:33

Hi

First of all you do not use the windows servers for precision time, why ? well because windows servers have a flaw in the way they handle time, it is never accurate its is always almost accurate. that is good enough most of the time but not at all times or instances.  On the other hand you would most likely use PTP instead of NTP in those instances.

But back to your question yes there are ways to sync a router/switch using a domain controller you just have to set it up as a proper NTP server. either via registryhacks or via software installation.

The domaincontroller is, as have been pointed out before NOT a NTP and can not without modification sync a router/switch via NTP.

If you want a good advice, buy a NTP server that is hardware, if you can not fork the money then go with a linux box as a ntp server.

The third option however would be to setup the routers and switches to get the time from a public NTP server over the internet (there are many out there around you)

So to conclude.

Windows domaincontroller as a NTP server ? not a good idea but it is doable either via registryhacks or via software installation.but is to be avoided if possible. there are other ways of doing it.

Good luck

HTH

mhdganji110 Fri, 03/02/2012 - 01:40

Thanks so much

1- how to that with a software (what software you suggest ?)

2- how to do that with registry hacks (DC is w2k8 R2)

3- which cheap and easy to use hardware you recommend as a ntp server

i should mention that in some of our networks there is no access to outside world (so public ntp servers can not be reached) so we should handle this issue internally

hobbe Fri, 03/02/2012 - 02:23

Hi

1) I know that fx meinberg has software for setting up NTP server on windows

but as i said i would not recomend using a windows machine.

so this is not the recomended solution

2) if i am not mistaken this is the link to the kb article on the subject (i had it from an earlier encounter..)

http://support.microsoft.com/kb/816042

so look at this and you will get some idea about what you need to do.

3) use your routers/switches depending on model they can be quite helpful, but if your network does not have outside access then i would take a look at a GPS/Radiobased hardware NTP server.

i do not know why your network is forbidden to access the internet but if they are they most likely are sensitive in some way. what you look for in a time server is a predictable clock that keeps time accurately for a long period of time, this is not a server, router or switch in general but there are some hardware pc motherboards that you can buy with special crystals for the clock to be very accurate. where you can buy them ? I do not know.

if you do not mind having the wrong time aslong as it is the same time on those isolated networks i would go with the router or switch.

IF you want the right time then there is no substitute to forking up the money for a gps/radio based unit.

And one thing to remember when it comes to the clock, do not just use one source if possible, if that source goes bad then you can get some very interesting results.

Good luck

HTH

Actions

This Discussion