Hello - I wonder if anyone can help me with the "usual" problem of not being able to synchronise with an external time source on SBS2003R2Prem?
Until recently, I had an SBS2003R2Prem installation, which didn't have ISA2004 installed. Time synchronisation worked fine. I had no rule on the router for incoming 123/UDP, nor did I have a rule in RRAS for incoming 123/UDP (surely SPI means that I don't need one - which seems to be the case?). I installed ISA2004, and since this time have been unable to synchronise with an external time source. I have the outbound firewall rule for LocalHost -> External access for NTP, and there is no change to the router. I receive event ID 47, followed by 29 in eventvwr.
I have tried reconfiguring W32Time as per instructions by Microsoft, and also in this forum ("How to fix time synchronization errors"), but to no effect. If I run w32tm /monitor I receive the following output:-
C:\Scripts>w32tm /monitor /computers:time.windows.com
time.windows.com .46.197.32]:
ICMP: 184ms delay.
NTP: +132.0502314s offset from local clock
RefID: nostromo.textdrivenhosting.com ⏔.232.103.34]
However, if I try w32tm /resync, I get this:-
C:\Scripts>w32tm /resync
Sending resync command to local computer...
The computer did not resync because no time data was available.
I enabled w32Time logging, and looking through the debug log, noticed (lots of) the following:-
148619 02:58:22.6406250s - W32TimeHandler called: SERVICE_CONTROL_INTERROGATE
148619 02:58:52.9531250s - W32TmServiceMain: timeout
148619 02:58:52.9531250s - TimeProvCommand([NtpClient], TPC_GetSamples) called.
148619 02:58:52.9531250s - NtpClient returned 0 samples.
I also have another SBS2003R2Prem installation I look after, so I thought I'd take a look at the config of that one. There are no inbound rules for 123/UDP on the Internet router, no inbound rules in ISA for NTP. There is the same LocalHost Access rule (the one CEICW sets up). The time synchronisation works fine on this server. I tried exporting the w32Time service registry settings, and importing on the non-working server - still didn't work.
On both servers, if I monitor the ISA traffic for NTP, I get the following:-
Initiated Connection Servernn 28/11/2007 08:29:51
Log type: Firewall service
Status: The operation completed successfully.
Rule: SBS Localhost Access Rule
Source: Local Host ( 192.168.7.2:123)
Destination: External ( 129.6.15.28:123)
Protocol: NTP (UDP)
User:
followed by:-
Closed Connection Servernn 28/11/2007 08:30:52
Log type: Firewall service
Status: A connection was gracefully closed in an orderly shutdown process with a three-way FIN-initiated handshake.
Rule: SBS Localhost Access Rule
Source: Local Host ( 192.168.7.2:123)
Destination: External ( 129.6.15.28:123)
Protocol: NTP (UDP)
User:
I have tried a variety of NTP servers (the working server uses time.windows.com) to no avail. As I mentioned above, I have never had 123/UDP inbound rules on either my router or the RRAS "firewall", when time synchronisation worked. In the working server this is also true.
I am sure the solution hinges around the "W32TmServiceMain: timeout" error in the w32Time debug log, but I don't understand what is timing out - there is no Internet connectivity issue.
Has anyone got any ideas???
Thanks,
Neil.
|