Sync router and switch time to domain

Answered Question
Sep 19th, 2009
User Badges:

Hi,


Am trying to sync the time of my cisco devices to the time of my domain. I am running a windows server 2008 domain but I am not using an external time source. I have tried to point my cisco device to my domain controller as the NTP server but without success.

Is it possible to use a windows server as an NTP server for my cisco devices?


Regards,


Screech


Correct Answer by Richard Burts about 7 years 8 months ago

Yang


Your post suggests that Screech may need to use commands for ntp source and ntp key. These commands are options which an installation may use if they choose, but should not be necessary just to get a router or switch to learn NTP from an NTP server.


Screech


The fundamental issue in your case is that the time protocol that runs for the Windows Domain is not NTP but is a simplified implementation of the time protocol. So you will not get the router or switch to learn time from the Domain using NTP. You might check and see if your routers and switches support SNTP and if they do you might try configuring SNTP pointing to the Domain.


HTH


Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (2 ratings)
Loading.
YANGCCIE4 Sat, 09/19/2009 - 09:56
User Badges:

Hi, Urvininocente,


As I met before,

NTP server needs several command option,

such as ,source, trusted-key, and source,

just want to mention you get them all right.


hope it help a little

Yang

urvininocente Sat, 09/19/2009 - 10:13
User Badges:

Yang,


I achecked those and everything seems to be configured OK. When I issue teh command "sh ntp associations detail" I get the following output


192.168.1.10 configured, insane, invalid, stratum 2

ref ID 192.168.1.23, time CE5F9B50.551C0BCF (14:02:56.332 (GMT-4) Sat Sep 19 200

9)

our mode client, peer mode server, our poll intvl 1024, peer poll intvl 1024

root delay 31.25 msec, root disp 10269.94, reach 377, sync dist 10290.939

delay 0.50 msec, offset 219300215019.7178 msec, dispersion 5.13

precision 2**6, version 3

org time CE5F9B79.51450191 (14:03:37.317 (GMT-4) Sat Sep 19 2009)

rcv time C14D5A02.4C4956FE (09:20:02.297 (GMT-4) Tue Oct 8 2002)

xmt time C14D5A02.4C2839E5 (09:20:02.297 (GMT-4) Tue Oct 8 2002)

filtdelay = 0.50 0.53 0.44 0.50 0.49 0.52 0.50 0.50

filtoffset = 2193002 2193002 2193002 2193002 2193002 2193002 2193002 2193002

filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 0.12


Any ideas?

Correct Answer
Richard Burts Sat, 09/19/2009 - 14:51
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yang


Your post suggests that Screech may need to use commands for ntp source and ntp key. These commands are options which an installation may use if they choose, but should not be necessary just to get a router or switch to learn NTP from an NTP server.


Screech


The fundamental issue in your case is that the time protocol that runs for the Windows Domain is not NTP but is a simplified implementation of the time protocol. So you will not get the router or switch to learn time from the Domain using NTP. You might check and see if your routers and switches support SNTP and if they do you might try configuring SNTP pointing to the Domain.


HTH


Rick

mhdganji110 Fri, 03/02/2012 - 01:11
User Badges:

so what finally ?

there is not any way to sync a cisco device with domain controller ?

can we use some programs in the middle to do that ?

(to get time from active directory in sntp and give it to cisco switch using ntp)


cant we add sntp support (w32time) to routers or switches ?

hobbe Fri, 03/02/2012 - 01:33
User Badges:
  • Gold, 750 points or more

Hi

First of all you do not use the windows servers for precision time, why ? well because windows servers have a flaw in the way they handle time, it is never accurate its is always almost accurate. that is good enough most of the time but not at all times or instances.  On the other hand you would most likely use PTP instead of NTP in those instances.


But back to your question yes there are ways to sync a router/switch using a domain controller you just have to set it up as a proper NTP server. either via registryhacks or via software installation.

The domaincontroller is, as have been pointed out before NOT a NTP and can not without modification sync a router/switch via NTP.

If you want a good advice, buy a NTP server that is hardware, if you can not fork the money then go with a linux box as a ntp server.


The third option however would be to setup the routers and switches to get the time from a public NTP server over the internet (there are many out there around you)


So to conclude.

Windows domaincontroller as a NTP server ? not a good idea but it is doable either via registryhacks or via software installation.but is to be avoided if possible. there are other ways of doing it.



Good luck


HTH

mhdganji110 Fri, 03/02/2012 - 01:40
User Badges:

Thanks so much


1- how to that with a software (what software you suggest ?)

2- how to do that with registry hacks (DC is w2k8 R2)

3- which cheap and easy to use hardware you recommend as a ntp server


i should mention that in some of our networks there is no access to outside world (so public ntp servers can not be reached) so we should handle this issue internally

hobbe Fri, 03/02/2012 - 02:23
User Badges:
  • Gold, 750 points or more

Hi


1) I know that fx meinberg has software for setting up NTP server on windows

but as i said i would not recomend using a windows machine.

so this is not the recomended solution


2) if i am not mistaken this is the link to the kb article on the subject (i had it from an earlier encounter..)

http://support.microsoft.com/kb/816042

so look at this and you will get some idea about what you need to do.


3) use your routers/switches depending on model they can be quite helpful, but if your network does not have outside access then i would take a look at a GPS/Radiobased hardware NTP server.

i do not know why your network is forbidden to access the internet but if they are they most likely are sensitive in some way. what you look for in a time server is a predictable clock that keeps time accurately for a long period of time, this is not a server, router or switch in general but there are some hardware pc motherboards that you can buy with special crystals for the clock to be very accurate. where you can buy them ? I do not know.


if you do not mind having the wrong time aslong as it is the same time on those isolated networks i would go with the router or switch.

IF you want the right time then there is no substitute to forking up the money for a gps/radio based unit.


And one thing to remember when it comes to the clock, do not just use one source if possible, if that source goes bad then you can get some very interesting results.


Good luck


HTH


Nobody cant answer a simple question without make a pointless argument? This is a simple question: Can Yang sync a cisco devices with a ntp server on a domain? The correct answer is yes. Now, you supposed to tell "how". Why? Because is Yang is searching a solution to that issue. We dont care how or why Yang is doing that. If we know how, we have to tell Yang how. Thats the way to help someone with a problem.

Yang, yes. You can sync a cisco device with a ntp server on your domain. You need to:
1-. Check that your ntp server is up, running, and reachable (port open over a firewall and so on)
2-. Check the that the server ntp is setup correctly (clock and timezone)

If everything is OK, then configure your device: 

Login on router and go to configure terminal:

router>configure terminal

Set the ntp server address:
router(config)#ntp server <ip server>

Set the timezone (the same of the ntp server):
router(config)#clock timezone <timezone> <hours>

To check if the device have the correct date and time, do
router# show clock


To check the synchronization with the server:
router# show ntp associations


Advice: be part of the solution, not of the problem

Actions

This Discussion