Re: w32Time - External Source Sinc - HELP!!
- From: "beto @ southworks" <beto@southworks>
- Date: Thu, 13 Jul 2006 17:53:33 -0300
Do you mean that there's something wrong with the firewall rules?
The fisrt rule you mention:
Allow "NTP(UDP) - Port 123" from "Internal" to "External"
Is covered by this rule I have:
Allow "All Outbound Traffic" from "Internal" to "External".
The Second rule you mention:
Allow "All Inbound Traffic" from "External" to "Internal"
Cannot be applied because ISA Server 2004 does not allow a rule containing
the "All Inbound Traffic" on the protocols tab, and on the other hand I'd be
opening my LAN to the world!!!
Is there something I've misunderstood?
Thanks a lot strongline!!
When I have the etheral report I'll post it's results here.
"strongline" <johnlan@xxxxxxxxx> wrote in message
news:1152814708.710546.73300@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Should it be:
Allow "NTP(UDP) - Port 123" from "Internal" to "External"
Allow "All Inbound Traffic" from "External" to "Internal" *** if this
is a thread that was initiated from internal party ****
Regarding netmon(better yet ethereal), I perfer capturing all traffic
and then set up display filter to show only port 123 traffic. For sure
there will be outbound request, but is there any inbound response? Do
they contain correct data?
beto @ southworks wrote:
Thanks to you Cary and to strongline to spend some of your time on this.
My DC is behind an ISA 2004 EE Array consisting on two nodes, I've
created
the rules:
Allow "All Outbound Traffic" from "Internal" to "External".
Allow "NTP(UDP) - Port 123" from "External" to "Internal"
The firewall does not log any acces denied event in any direction,
besides
that I continue receiving the same Events.
About monitoring network traffic (by strongline) I'm not sure how to
accomplish this task using "netmon". I can't realize how to create a
filter
to watch only significant network frames for my issue.
Any further ideas?
Thanks a lot!!!
Beto.
"Cary Shultz" <cwshultz@xxxxxxxx> wrote in message
news:uvPE9$mpGHA.4268@xxxxxxxxxxxxxxxxxxxxxxx
Try looking at your Firewall and making sure that port 123 for UDP is
open
in both directions....
--
Cary W. Shultz
Roanoke, VA 24012
"beto @ southworks" <beto@southworks> wrote in message
news:uwVqn$cpGHA.220@xxxxxxxxxxxxxxxxxxxxxxx
Hi! I've folowed (step by step) this MS Article to configure my forest
root domain controller to sync with an external source:
http://support.microsoft.com/?scid=kb%3Ben-us%3B816042&x=8&y=12
Mi DC is a VPC hosted on Virtual Server 2005 R2.
I've tried both configurations:
* Configure the W32time service to send symmetric active mode
packets
and (by editing the registry)
* to send client mode packets to my NTP server list (by using
"w32tm
/config /manualpeerlist:peers /syncfromflags:manual" )
Anyway I'm getting the following Events:
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 29
Date: 12/07/2006
Time: 05:51:02 a.m.
User: N/A
Computer: PDC
Description:
The time provider NtpClient is configured to acquire time from one or
more
time sources, however none of the sources are currently accessible. No
attempt to contact a source will be made for 240 minutes. NtpClient has
no
source of accurate time.
<<One for each external source configured>>
===============================
Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 47
Date: 12/07/2006
Time: 05:51:02 a.m.
User: N/A
Computer: PDC
Description:
Time Provider NtpClient: No valid response has been received from
manually configured peer tick.nap.com.ar,0x1 after 8 attempts to contact
it.
This peer will be discarded as a time source and NtpClient will attempt
to
discover a new peer with this DNS name.
<<One for each external source configured>>
==============================
Event Type: Information
Event Source: W32Time
Event Category: None
Event ID: 38
Date: 12/07/2006
Time: 04:36:01 a.m.
User: N/A
Computer: PDC
Description:
The time provider NtpClient cannot reach or is currently receiving
invalid
time data from tick.nap.com.ar
(ntp.m|0x1|10.1.0.12:123->200.10.140.2:123).
The Hotfix Q830092 does not apply to my server since its a Windows 2003
Server EE R2 (wich already includes a newer version of the w32time.dll
included shiiped with the Q830092).
I've tested all the selected NTP Servers and are fully functional, so
I've
turned on w32tm.dll debugging, getting this dump for each time it tries
to
get a timestamp from the listed NTP Servers.
Polling peer 216.244.192.3 (ntp.m|0x0|10.1.0.12:123->216.244.192.3:123)
Sending packet to 216.244.192.3
(ntp.m|0x0|10.1.0.12:123->216.244.192.3:123) in Win2K detect mode, stage
1.
No response from peer 216.244.192.3
(ntp.m|0x0|10.1.0.12:123->216.244.192.3:123).
5 Age:5 Ofs:+00.0000000s...
4 Age:4 Ofs:+00.0000000s...
3 Age:3 Ofs:+00.0000000s...
2 Age:2 Ofs:+00.0000000s...
1 Age:1 Ofs:+00.0000000s...
0 Age:0 Ofs:+00.0000000s...
Logging information: NtpClient cannot reach or is currently receiving
invalid time data from 216.244.192.3
(ntp.m|0x0|10.1.0.12:123->216.244.192.3:123).
Peer poll: Max:32.0000000s Cur:00.0000000s
PeerPollingThread: waiting 31.970s
I'ts driving me crazy since I've tried every article found on the web
and
still cannot find what my issue.
Any (I mean ANY) help will be appreciated!!
Thanks a lot!!
Beto.
.
- Follow-Ups:
- Re: w32Time - External Source Sinc - HELP!!
- From: strongline
- Re: w32Time - External Source Sinc - HELP!!
- References:
- w32Time - External Source Sinc - HELP!!
- From: beto @ southworks
- Re: w32Time - External Source Sinc - HELP!!
- From: beto @ southworks
- Re: w32Time - External Source Sinc - HELP!!
- From: strongline
- w32Time - External Source Sinc - HELP!!
- Prev by Date: User permissions?
- Next by Date: Re: ADAM question Addressbook and EMail
- Previous by thread: Re: w32Time - External Source Sinc - HELP!!
- Next by thread: Re: w32Time - External Source Sinc - HELP!!
- Index(es):
Relevant Pages
|
Loading
