Re: Windows Time Service woes!!

Hmm... well... here are some log snippets from my firewall connection log
(edited for a sample of NTP traffic - not all consecutive NTP entries are
included here). Don't know if this could help.

Where...
time.nist.gov is: 192.43.244.18
My internal DC FSMO is: 172.22.1.6
My Internet gateway router (Win2K3 member server running a network firewall)
is PITTBOSS


[01/Sep/2005 02:51:35] [ID] 305254 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
time.nist.gov:123 [Duration] 11 sec [Bytes] 76/76/152 [Packets] 1/1/2

[01/Sep/2005 03:08:59] [ID] 305296 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
192.43.244.18:123 [Duration] 31 sec [Bytes] 76/0/76 [Packets] 1/0/1

(4 or 5 more entries almost identical to the above entry were here...)

[01/Sep/2005 04:37:32] [ID] 305669 [Rule] Mapped Port 25 SMTP [Service] SMTP
[Connection] TCP 61.74.254.69:3273 -> PITTBOSS:25 [Duration] 125 sec [Bytes]
1932/868/2800 [Packets] 13/10/23

(this was the reply entry...)

[01/Sep/2005 04:44:33] [ID] 305722 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
time.nist.gov:123 [Duration] 11 sec [Bytes] 76/76/152 [Packets] 1/1/2

(it starts again with the above...)

What I am seeing here is my DC send the request to time.nist.gov (it uses
PITTBOSS, my Internet router as a gateway) to time.nist.gov. Then, I am
seeing my gateway (PITTBOSS) reply to my DC. I believe this is the actual
reply from time.nist.gov after being NAT'd and passed through my gateway
back to the DC.

I notice that there are many many more connections going OUT than coming
back in. I don't know exactly how NTP works, but I suspect that my system is
sending the system time out in the packet, and if there is no correction
necessary there is no reply. If there is, there is. What do you think?

Note, all UDP, no TCP. You have UDP 123 open, right?

-Frank


"Elvyn Gutierrez" <elvyng@xxxxxxxxxxxxxx> wrote in message
news:eSLXF$XsFHA.3720@xxxxxxxxxxxxxxxxxxxxxxx
>>>net time /setsntp:time.nist.gov [ENTER]<<
>
> Yeap. That's another way to do it. it is very simple. It was working for
> some time on my side and just suddenly stopped working (my guess is that
> the NTP server changed from a open source to a restricted one). I just
> don't know why I don't get any replies from the external NTP servers,
> including the one that you mentioned. I've even tried with my laptop
> directly connected to the internet (no FW in between).
>
> Any other ideas?
>
> "Frankster" <Frank@xxxxxxxxxxxxxx> wrote in message
> news:f-ydnWyFZtVDu4beRVn-1Q@xxxxxxxxxxxxxxx
>> Wow, I am sure confused now. I can't believe all the steps in that MS kb
>> article.
>>
>> All I did was...
>>
>> On the FSMO, open a command line session and enter:
>>
>> net time /setsntp:time.nist.gov [ENTER]
>>
>> THAT'S IT! (this will hold through reboots, no prob)
>>
>> Now, my FSMO syncs with time.nist.gov and all my other domain members
>> (including the other DC), by default, sync with my FSMO. Simple. Have
>> you tried this?
>>
>> OTOH, those instructions were so complicated, working with the registry,
>> that you may have now, inadvertently, introduced an error in the
>> registry. I dunno...
>>
>> -Frank
>>
>> "Elvyn Gutierrez" <elvyng@xxxxxxxxxxxxxx> wrote in message
>> news:e04Xm5SsFHA.4044@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi. I'm trying to sync my windows 2003 pdc emulator with an external
>>> time source. I've basically followed intructions on
>>> http://support.microsoft.com/kb/816042/.
>>>
>>> The problem is I'm not able to find an external time source that respond
>>> to our DC queries. I've tried with the open access servers provided on
>>> the following list to no avail
>>>
>>> http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers
>>>
>>> port 123 (used by ntp) is definitely open at my FW.
>>>
>>> Any ideas?
>>>
>>
>>
>
>


.

Relevant Pages

  • RE: ISA 2004 Firewall Client and ActiveSync 4.2
    ... at home in my WLAN all internet ... that killing my default gateway is not the way ... gateway and the appropriate DNS server entries. ... server internal IP then your client works as a secureNAT client and you're ...
    (microsoft.public.isa.clients)
  • Re: Help needed with intermittent internet
    ... cable internet service. ... The second NIC in the server is for the LAN, ... Occasionally I can get a response from the gateway, ... This fact led Comcast to conclude pretty early on that the ...
    (comp.dcom.modems.cable)
  • Re: Linux Gateway/Firewall
    ... > gateway to the internal ip of the Linux server and this hasnt done the ... > to determine what port requests comming to a port that is closed are ... which have no business on the internet. ...
    (comp.os.linux.networking)
  • Re: newbie lost in trying to setup NAT
    ... Also make sure you have not configured a default gateway on the private ... that sounds correct for the DNS forwarding. ... > be able to resolve both local and Internet names from this server. ...
    (microsoft.public.windows.server.networking)
  • Re: "Routing and Remote Access" in Windows Server 2003
    ... Set the default gateway of NIC B to NIC A. ... > say that I have to make sure no filtering blocks internet address, ... > Server computer. ... > In "Routing and Remote Access" I have added both NICS. ...
    (microsoft.public.win2000.ras_routing)
Loading