[ntp:questions] Windows won't Sync to NTP server

mlind lind.fedora at gmail.com
Tue Apr 1 16:49:22 UTC 2008


On Apr 1, 9:57 am, mlind <lind.fed... at gmail.com> wrote:
> On Apr 1, 8:20 am, mlind <lind.fed... at gmail.com> wrote:
>
>
>
> > On Apr 1, 5:01 am, Martin Burnicki <martin.burni... at meinberg.de>
> > wrote:
>
> > > Danny,
>
> > > Danny Mayer wrote:
> > > > David Woolley wrote:
> > > > ntp 4.2.4p4 does not include that fix nor do any of the tarballs for
> > > > ntp-dev yet. That fix is coming.
>
> > > The fix *is* already there. It has been introduced in ntp v4.1.73, and is
> > > still in the current ntp-stable version, i.e. 4.2.4p4.
>
> > > If a "symmetric active" (mode 1) request is sent to ntpd v4.2.4p4 then the
> > > daemon also replies with a mode 1 response.
>
> > > Dave has (unintentionally ?) removed that workaround in ntp-dev, and he has
> > > re-added it recently. However, AFAIK, the re-added fix has not made its way
> > > into the ntp-dev repo, or any tarballs.
>
> > > Martin
> > > --
> > > Martin Burnicki
>
> > > Meinberg Funkuhren
> > > Bad Pyrmont
> > > Germany
>
> > Windows Clients are not domain machines.  Length is 48 bytes for both
> > Linux and Windows Clients.
>
> > According to the Event viewer the NTP server is "unreachable" even
> > though I run:
>
> > w32tm /monitor /computers:<my NTP IP>
>
> > And get:
>
> > ICMP:  error IP_REQ_TIMED_OUT - no response in 1000ms
> > NTP:  -229.9545908 offset from local clock
> >      RefID:  ntp.logicx.net [64.25.87.54]
>
> > I know that the ICMP should be blocked per the FW in between my
> > Windows Client and the NTP server.
>
> > Thanks again
>
> On Apr 1, 8:20 am, mlind <lind.fed... at gmail.com> wrote:
>
>
>
> > On Apr 1, 5:01 am, Martin Burnicki <martin.burni... at meinberg.de>
> > wrote:
>
> > > Danny,
>
> > > Danny Mayer wrote:
> > > > David Woolley wrote:
> > > > ntp 4.2.4p4 does not include that fix nor do any of the tarballs for
> > > > ntp-dev yet. That fix is coming.
>
> > > The fix *is* already there. It has been introduced in ntp v4.1.73, and is
> > > still in the current ntp-stable version, i.e. 4.2.4p4.
>
> > > If a "symmetric active" (mode 1) request is sent to ntpd v4.2.4p4 then the
> > > daemon also replies with a mode 1 response.
>
> > > Dave has (unintentionally ?) removed that workaround in ntp-dev, and he has
> > > re-added it recently. However, AFAIK, the re-added fix has not made its way
> > > into the ntp-dev repo, or any tarballs.
>
> > > Martin
> > > --
> > > Martin Burnicki
>
> > > Meinberg Funkuhren
> > > Bad Pyrmont
> > > Germany
>
> > Windows Clients are not domain machines.  Length is 48 bytes for both
> > Linux and Windows Clients.
>
> > According to the Event viewer the NTP server is "unreachable" even
> > though I run:
>
> > w32tm /monitor /computers:<my NTP IP>
>
> > And get:
>
> > ICMP:  error IP_REQ_TIMED_OUT - no response in 1000ms
> > NTP:  -229.9545908 offset from local clock
> >      RefID:  ntp.logicx.net [64.25.87.54]
>
> > I know that the ICMP should be blocked per the FW in between my
> > Windows Client and the NTP server.
>
> > Thanks again
>
> I have now tried this:
>
> NTP VERSION (From CENTOS):
>
> ntp-4.2.2p1-7.el5
>
> NTP CONFIG:
>
> restrict 127.0.0.1
> restrict -6 ::1
> server 0.fedora.pool.ntp.org iburst
> server 1.fedora.pool.ntp.org iburst
> server 2.fedora.pool.ntp.org iburst
> driftfile /var/lib/ntp/drift
>
> Again nothing has changed.  Both 0x1 modes and 0x8 modes do not work.
> Also the "w32tm..." command I tried above gets similar results.
>
> I am at a real loss here....
>
> Thanks again for all your help

Hey guys.  Turns out it's not my config or NTP at all.

Long story short the NTP server is in a DMZ.  The other IT department
opened up for NTP to and from their client network.  Linux clients got
the time through, and as you all well know Windows clients did not.

Today I finally could get access to their DMZ and I put a Windows
Client in it.  Boom, like magic it was all set.  Even coming in as
mode 1.  I asked to see the log of the firewall and turns out they
didn't have logging on for that port.  I asked them to turn logging
on.  I will report back in a few days.

Thanks again for all your help.




More information about the questions mailing list