2

So, I'm running into some issues trying to configure NTP sync on my DC. This is a Virtual Machine running on Hyper-V. I disabled time sync for this VM. I forwarded 123/udp both on the windows firewall and my sonicwall firewall.

As you can see in Pic 1, the time is currently pulled from the cmos battery.

Pic 1

The problem I cannot seem to figure out is that even when I try to manually set the NTP servers, syncing doesn't work. Like so

So, naturally I wanted to test if the port is even active. Here is a telnet connection that fails from my workstation to the DC, and the netstat on the DC to show it should be enabled. here

The config for w32tm is the following: config

Verifying that the server actually has any traffic on UDP/123 I noticed that there are other devices on the network that parse these NTP syncs without issue and the traffic traverses the firewall without a hitch. So I checked the firewall settings on the DC and I have an NTP rule

I've already tried to go this over a GPO, but that was even less successful. Unregistering, resetting the config or any other manipulations don't seem to change the end result at all. Unfortunatly the event viewer doens't show many details to troubleshoot this issue.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
Mrpopo666
  • 31
  • 1
  • 6
  • Need to specify if this is a physical or virtual. – Greg Askew Mar 28 '19 at 13:47
  • What was the destination of the Sonicwall NTP rule? That dns entry you put for ntp.org is georedundant, so depending on the query, you could get different results. Perhaps set the outbound rule to all and see if it works, then you can narrow it down. – Nixphoe Mar 28 '19 at 17:00
  • Might be interesting to see the output for `w32tm.exe /query /configuration`. Past that, I wonder if you can enable logging of udp/123 packets on your firewall temporarily, or use wireshark/tcpdump or something somewhere and perform a capture. – Zoredache Mar 28 '19 at 17:27
  • @Zoredache has a great point. With Sonicwall you can use System > Packet Monitor and setup a Monitor Filter for IP Types: UDP and Destination Port for 123. Run that and see if anything is hitting the firewall. – Nixphoe Mar 28 '19 at 18:40
  • Please don't add `solved` to you question. Accept your answer instead to mark the question as solved. – Gerald Schneider Mar 29 '19 at 11:10

1 Answers1

1

I've found the problem after many hours of googlefu I found this forum post detailing the exact same issue I was having.

The problem was the security features enabled on my HP switches that blocked UDP NTP requests. As soon as I disabled the 'UDP BLAT attack' feature and boom, no more issues.

THANKS to everyone pointing me in the right direction. I learned a LOT from this issue.

Mrpopo666
  • 31
  • 1
  • 6