Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11709
Views
1
Helpful
4
Replies

NTP Sync Failure CISCO ISE

tmarques87
Level 1
Level 1

‎11-07-2012 06:03 AM - edited ‎02-21-2020 04:46 AM

hello guys,

I'm having problems with the cisco ise in my company.

every day is got the following error:

Cause:           No NTP Server reachable from SPCISE01

Details:           All of the NTP Servers configured on this node are unreachable. If NTP authentication is configured ensure that key ID and value match that of the server. Execute 'show ntp' from CLI for troubleshooting.

admin# show ntp

Configured NTP Servers:

  10.0.4.6

synchronised to NTP server (10.0.4.6) at stratum 7

   time correct to within 556 ms

   polling server every 256 s

     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

127.127.1.0     .LOCL.          10 l   49   64  377    0.000    0.000   0.001

*10.0.4.6        10.0.4.4         6 u    1  256  377    2.133    6.875   8.734

* Current time source, + Candidate

Warning: Output results may conflict during periods of changing synchronization.

how can I force the sync ntp in ise?

2 people had this problem
0 Helpful
4 Replies 4

venkata dandu
Level 1
Level 1

‎01-24-2013 07:08 AM

We are having the same problem, have you managed to find any solution for this issue?

0 Helpful

Michael.Bienkowski
Level 1
Level 1

‎07-29-2013 11:03 AM

I am also having this issue.  Every 15 minutes I get alarms.  Tried differnt NTp servers 0 AD, external, etc.. with no luck.  I am hoping someone has made progress in resolving this issue.

0 Helpful

Andreas Hoffmann
Level 1
Level 1

‎09-26-2013 05:17 AM

We are having the same issue. What's worst: The error is reported as CRITICAL and the description says that "No NTP Server reachable" (or that "All of the NTP Servers configured on this node are unreachable") and this is clearly wrong.

Running "sho ntp" about one hour after the error message clearly shows that only one out of three configured redundant ntp sources had a temporary problem:

Configured NTP Servers: 
  10.0.1.119
  pool.ntp.org
  de.pool.ntp.org

synchronised to NTP server (91.64.203.19) at stratum 2 
   time correct to within 54 ms
   polling server every 1024 s

     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 127.127.1.0     .LOCL.          10 l   27   64  377    0.000    0.000   0.001
+10.0.1.119      217.79.179.106   3 u  224 1024  367    0.234  -27.926   6.174
+89.163.176.81   178.63.97.57     3 u   95 1024  377   10.224   -4.777   0.533
*91.64.203.19    .PPS.            1 u  348 1024  377   29.527    0.121   3.608

* Current time source, + Candidate 

Warning: Output results may conflict during periods of changing synchronization.

Given that non-reachability of single hosts is something the ntp protocol is specifically designed for, issuing a "critical" message in a far-from-critical situation (it's not even an "error", it should be at most a "warning" I guess) is very annoying.

0 Helpful

Michael.Bienkowski
Level 1
Level 1
In response to Andreas Hoffmann

‎09-26-2013 05:54 AM

Hi,

I resolved this issue by setting up NTP on our core switch 6513 and pointing ISE towards that.  We got the same errors you are seeing when using an AD server for NTP.  Since moving I have not gotten any NTP errors.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card