Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP server advice

Hello, i'm having issues getting various model switches to sync with a newly built NTP (Win2008) server with Atomic clock attached to it. The software for the clock is set to stratum 1. I know the clock is syncronising and the server is showing the correct time also. THe server currently has the firewall turned off so no traffic is being blocked to it.

I have the below on all switches;

clock timezone GMT 0

Clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 2:00

and

ntp server 10.0.101.15 (ip of the above server)

Currently is have a core switch (4507R) that will not sync at all;

sh clock

*23:59:53.989 GMT Wed Mar 16 2011

sh ntp as

      address         ref clock     st  when  poll reach  delay  offset    dis

~10.0.101.15      .LOCL.            1   141  1024  377     0.0  300258     8.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18

reference time is 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

I also have multiple access switches (3550's, 3750's,3548's) that must have synced at some point as they were originally showing a 1993 date but are now up to date but not sync'd properly;

sh clock

.12:28:06.346 GMT Mon Feb 27 2012

sh ntp as

      address         ref clock     st  when  poll reach  delay  offset    disp

~10.0.101.15      .LOCL.            1   326  1024  377     9.7  121575   352.5

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 381.4697 Hz, actual freq is 381.4697 Hz, precision is 2**17

reference time is D2ECEEC7.7AB25EFE (16:09:43.479 GMT Mon Feb 20 2012)

clock offset is -782401.5959 msec, root delay is 1.37 msec

root dispersion is 782590.12 msec, peer dispersion is 188.52 msec

Is there a way to force synchronisation or is a reboot of the device needed for them to sync?

Thanks in advance, any advice appreicated.

18 REPLIES
Hall of Fame Super Silver

NTP server advice

Alan

You might try a reboot of one of the switches to see if that helps. But I am not optimistic that this will solve your issue. It looks to me like there is something that is interferring with the operation of ntp and that we need to figure out what that is to solve your issue.

The part of the config that you posted is quite simple and looks like it should work. The clock timezone and clock summer-time do not have anything to do with the operation of ntp and only affect how time is shown on the local device. So my first question is to verify that there are no other commands in the config that have to do with ntp?

Assuming that there is only the single command of ntp server then we need to figure out why your switch is not learning time from the server. I will accept your statement that the server is running correctly and is generating the correct time. I would ask if there is anything configured in the server that would impact its communication with the switches? This could be things like configuring authentication on the server, or any restrictive list of clients, or perhaps issues of ntp version between the server and the switches?

My next question is whether there is any device between your switch and the  server (perhaps a firewall or something doing address translation, or doing some kind of packet filtering) that could impact the communication from switch to server?

My next question is whether there is any access list on the switch filtering traffic that could impact the ntp communication?

Perhaps it would be useful if you would post the output of show ntp association detail from the first switch.

HTH

Rick

New Member

NTP server advice

@Richard - thanks for your reply.

There are the only commands i can see to do with ntp.

It is a fresh build of 2008 server, firewall off with only timesync software installed and service is running so can't see anything stopping it on the server. Domain controllers seem to be syncing ok as well.

No firewalls (software or hardware), the server actually plugs straight into the core switch.

      address         ref clock     st  when  poll reach  delay  offset    disp

~10.0.101.15      .LOCL.            1   287  1024  377     0.0  300258  1522.1

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Super Bronze

NTP server advice

Disclaimer

The     Author of this posting offers the information contained within this     posting without consideration and with the reader's understanding  that    there's no implied or expressed suitability or fitness for any   purpose.   Information provided is for informational purposes only and   should not   be construed as rendering professional advice of any kind.   Usage of  this  posting's information is solely at reader's own risk.

Liability Disclaimer

In     no event shall Author be liable for any damages whatsoever   (including,   without limitation, damages for loss of use, data or   profit) arising  out  of the use or inability to use the posting's   information even if  Author  has been advised of the possibility of  such  damage.

Posting

I'm not current on Windows 2008 servers, but I recall with NT servers you had to add an add-on service to support full NTP, although they would support sync time for Windows workstations without it.  You might want to verify your Windows server is truly operating as a full NTP server.

Silver

NTP server advice

have you tried

term mon

debug ntp packets

---

Posted by WebUser Stuart Gall

New Member

NTP server advice

Stuart - Have turned that on, keeping an eye on it - thanks

New Member

NTP server advice

Got the following from term mon;

*Mar 17 03:47:27.956: NTP: xmit packet to 10.0.101.15:

*Mar 17 03:47:27.956:  leap 3, mode 3, version 3, stratum 0, ppoll 1024

*Mar 17 03:47:27.956:  rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 0000000

0 (0.0.0.0)

*Mar 17 03:47:27.956:  ref 00000000.00000000 (00:00:00.000 GMT Mon Jan 1 1900)

*Mar 17 03:47:27.956:  org D2F62731.E348684E (16:00:49.887 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956:  rec D12BFECF.F4F26670 (03:30:23.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956:  xmt D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: NTP: rcv packet from 10.0.101.15 to 10.0.101.2 on Vlan101:

*Mar 17 03:47:27.956:  leap 0, mode 4, version 3, stratum 1, ppoll 1024

*Mar 17 03:47:27.956:  rtdel 0000 (0.000), rtdsp A043C (10016.541), refid 4C4F43

4C (76.79.67.76)

*Mar 17 03:47:27.956:  ref D2F62AE0.21B81D12 (16:16:32.131 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956:  org D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956:  rec D2F62B32.383F4814 (16:17:54.219 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956:  xmt D2F62B32.383F4814 (16:17:54.219 GMT Mon Feb 27 2012)

*Mar 17 03:47:27.956:  inp D12C02CF.F4EDC670 (03:47:27.956 GMT Thu Mar 17 2011)

*Mar 17 03:47:27.956: NTP: 10.0.101.15: offset 30025826.262962439, delay 0.00000

, error 0.00002clock_filter(10.0.101.15, 30025826.262962, 0.00000, 0.00002)

*Mar 17 03:47:27.956: NTP: nlist 0, allow 0, found 0, low 0.000000, high 0.00000

0

*Mar 17 03:47:27.956: NTP: no select intersection

*Mar 17 03:47:27.956: NTP: no select intersection

Does it help at all?

Hall of Fame Super Silver

NTP server advice

Alan

Yes I believe that this does help. It does show clearly that your switch is receiving an ntp packet from the server. So this eliminates issues of IP connectivity or of packet filtering as sources of the problem.

It is pretty clear that your switch is receiving ntp packet from the server but for some reason your switch does not accept the ntp from the server - the message NTP: no select intersection seems to be an indication that the switch is not accepting the ntp from the server. But it does not give us a clear indication of what the problem is. The messages seem to indicate that both are running ntp version 3, that the switch is operating in client mode, and the server is operating in server mode, which is expected.

I wonder if one of the other ntp debugs (perhaps debut ntp event or as a last resort debug ntp all) might show the problem.

HTH

Rick

Hall of Fame Super Bronze

NTP server advice

As indicated by Joseph, Windows does not provide NTP server features without making some registry changes.

A quick google search turn up this thread in another forum:

http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/7dc5e8f4-824a-432c-a2da-ac0e3fdf76fd/

There is also a 3rd party NTP server for Windows which is proven to work with Cisco IOS

http://www.eecis.udel.edu/~mills/ntp/html/hints/winnt.html

Regards,

Edison

Hall of Fame Super Silver

NTP server advice

Edison

Thanks for these links.

I had assumed that the server was running something that used the atomic clock and would go beyond the normal Windows Time Service. But as I re-read the original post I see:

Hello, i'm having issues getting various model switches to sync with a  newly built NTP (Win2008) server with Atomic clock attached to it.

And that suggests that perhaps the server is learning time from the atomic clock but is still running just the normal Windows Time Service. And that would explain why the switches do not accept time from the server. So perhaps Alan can provide clarification about what is running on the server?

HTH

Rick

New Member

NTP server advice

Morning, thanks for the replies.

It is a seperate service to the Windows Time Service, apologies if i did not make that clear. A peice of software called TimeSync that relies on the Windows service running but stops it from setting the time.

Hall of Fame Super Gold

NTP server advice

Hmmmm ... If your Windows server goes out to the world to sync itself, why can't you nominate a Cisco appliance (router would be nice or a core switch) to sync too?

New Member

NTP server advice

Hi Alan,

I also got the same type of problem. and When I remove NTP config and reapply it again NTP status came up and stable about 15 min and again went down.  When ever I reconfigure NTP up for about 15 min then down again.

I have raised Cisco TAC case 628890803 and currently Cisco development team is investigating the issue.

Hall of Fame Super Silver

NTP server advice

It is interesting that you are having the same symptoms. Do you have the same environment - Windows server with attached atomic clock? Can you provide some detail about what your environment is?

HTH

Rick

New Member

NTP server advice

sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 381.4697 Hz, actual freq is 381.4697 Hz, precision is 2**17

reference time is D2ECEEC7.7AB25EFE (16:09:43.479 GMT Mon Feb 20 2012)

clock offset is -782401.5959 msec, root delay is 1.37 msec

root dispersion is 782590.12 msec, peer dispersion is 188.52 msec

root dispersion is 782590.12 msec is to high for switchs

please change stratum 16 to 3 from core switch (4507R)

config t# ntp master 3

after changing stratum hope it will work

New Member

NTP server advice

Thanks Kunal, if i add that to the config I get

sh ntp status;

Clock is synchronized, stratum 3, reference is 127.127.7.1

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**7

reference time is D2F72BBF.EE855780 (10:32:31.931 GMT Tue Feb 28 2012)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 7.81 msec, peer dispersion is 7.81 msec

sh ntp as;

      address         ref clock     st  when  poll reach  delay  offset    disp

*~127.127.7.1      127.127.7.1       2    13    64  377     0.0    0.00     7.8

~10.0.101.15      .LOCL.            1    92  1024  377     0.0  691245   944.1

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Isnt this setting it as a master for other devices even though not synced with the actual NTP server?

New Member

NTP server advice

please configure below command in master cisco switch and please share ntp configuration for core switch (4507R)

ntp update-calendar

New Member

Re: NTP server advice

!

ntp update-calendar

ntp server 10.0.101.15

!

end

Below is the debug info from the Timesync software;

Timesync NTP Service 3.2

Windows Info

Version=6.1 Build 7601 0601

Winsock Info

Version=1.1

HighVersion=2.2

Description=WinSock 2.0

Status=Running

MaxSockets=32767

MaxUDP=65467

Timezone Info

Bias=0

Standard Name=GMT Standard Time

Standard Bias=0

Standard date=0/10/5  2:0:0:0

Daylight Name=GMT Daylight Time

Daylight Bias=-60

Daylight date=0/3/5  1:0:0:0

The server has UTC 0 timezone - would this affect it as I have GMT in the switch configs...

Hall of Fame Super Silver

NTP server advice

Alan

You are quite correct that if you configure any Cisco device with the ntp master command then you have instructed that device that it should consider itself authoritative for NTP and it will offer NTP time to anything that asks. But it still has only its own (somewhat undependable) clock as the source for time. I urge you to not do this and to find what is preventing the Cisco from sync with the server that has the atomic clock.

Is this the timesync from ravib? I have looked at what they say on their website and it looks like it is requesting time from the atomic clock at Boulder. That would be good for setting the time in the PC. But it does not look like it runs an implementation of NTP that would support the PC acting as an authoritative NTP server. If the server is learning good NTP time but is running the regular Windows time service for sharing time with other devices then this would explain why your Cisco switches are not getting sync with the server.

HTH

Rick

5809
Views
0
Helpful
18
Replies
CreatePlease login to create content