Hmm... well... here are some log snippets from my firewall connection log
(edited for a sample of NTP traffic - not all consecutive NTP entries are
included here). Don't know if this could help.
Where...
time.nist.gov is: 192.43.244.18
My internal DC FSMO is: 172.22.1.6
My Internet gateway router (Win2K3 member server running a network firewall)
is PITTBOSS
[01/Sep/2005 02:51:35] [ID] 305254 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
time.nist.gov:123 [Duration] 11 sec [Bytes] 76/76/152 [Packets] 1/1/2
[01/Sep/2005 03:08:59] [ID] 305296 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
192.43.244.18:123 [Duration] 31 sec [Bytes] 76/0/76 [Packets] 1/0/1
(4 or 5 more entries almost identical to the above entry were here...)
[01/Sep/2005 04:37:32] [ID] 305669 [Rule] Mapped Port 25 SMTP [Service] SMTP
[Connection] TCP 61.74.254.69:3273 -> PITTBOSS:25 [Duration] 125 sec [Bytes]
1932/868/2800 [Packets] 13/10/23
(this was the reply entry...)
[01/Sep/2005 04:44:33] [ID] 305722 [Rule] NAT on Outside NIC Interface
(logging NTP) [Service] NTP [Connection] UDP 172.22.1.6:123 ->
time.nist.gov:123 [Duration] 11 sec [Bytes] 76/76/152 [Packets] 1/1/2
(it starts again with the above...)
What I am seeing here is my DC send the request to time.nist.gov (it uses
PITTBOSS, my Internet router as a gateway) to time.nist.gov. Then, I am
seeing my gateway (PITTBOSS) reply to my DC. I believe this is the actual
reply from time.nist.gov after being NAT'd and passed through my gateway
back to the DC.
I notice that there are many many more connections going OUT than coming
back in. I don't know exactly how NTP works, but I suspect that my system is
sending the system time out in the packet, and if there is no correction
necessary there is no reply. If there is, there is. What do you think?
Note, all UDP, no TCP. You have UDP 123 open, right?
-Frank
"Elvyn Gutierrez" <(E-Mail Removed)> wrote in message
news:eSLXF$(E-Mail Removed)...
>>>net time /setsntp:time.nist.gov [ENTER]<<
>
> Yeap. That's another way to do it. it is very simple. It was working for
> some time on my side and just suddenly stopped working (my guess is that
> the NTP server changed from a open source to a restricted one). I just
> don't know why I don't get any replies from the external NTP servers,
> including the one that you mentioned. I've even tried with my laptop
> directly connected to the internet (no FW in between).
>
> Any other ideas?
>
> "Frankster" <(E-Mail Removed)> wrote in message
> news:f-ydnWyFZtVDu4beRVn-(E-Mail Removed)...
>> Wow, I am sure confused now. I can't believe all the steps in that MS kb
>> article.
>>
>> All I did was...
>>
>> On the FSMO, open a command line session and enter:
>>
>> net time /setsntp:time.nist.gov [ENTER]
>>
>> THAT'S IT! (this will hold through reboots, no prob)
>>
>> Now, my FSMO syncs with time.nist.gov and all my other domain members
>> (including the other DC), by default, sync with my FSMO. Simple. Have
>> you tried this?
>>
>> OTOH, those instructions were so complicated, working with the registry,
>> that you may have now, inadvertently, introduced an error in the
>> registry. I dunno...
>>
>> -Frank
>>
>> "Elvyn Gutierrez" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi. I'm trying to sync my windows 2003 pdc emulator with an external
>>> time source. I've basically followed intructions on
>>> http://support.microsoft.com/kb/816042/.
>>>
>>> The problem is I'm not able to find an external time source that respond
>>> to our DC queries. I've tried with the open access servers provided on
>>> the following list to no avail
>>>
>>> http://ntp.isc.org/bin/view/Servers/...OneTimeServers
>>>
>>> port 123 (used by ntp) is definitely open at my FW.
>>>
>>> Any ideas?
>>>
>>
>>
>
>
Similar Threads
Linear Mode
