I just fixed a Server 2012 NTP issue in a manner I don’t like, but circumstance made me do it.
Scenario
Server 2012 DC with Hyper-V. Because of the Hyper-V I did not want to reinstall or nuke, I needed this server to work as NTP. Netstat and Cports (http://www.nirsoft.net/utils/cports.html) showed that the NTP (w32time) service was not listening on UDP 123. I tried the following to fix the issue: http://technet.microsoft.com/en-us/library/bb727060.aspx, http://technet.microsoft.com/en-us/library/bb727062.aspx, http://support.microsoft.com/kb/816042/en-us.
I added Windows firewall rules, I deleted Windows firewall rules. I disabled and enabled built-in Windows firewall rules. I disabled the Windows firewall. All to no effect. I tried registry; I tried the spate of w32tm command line fixes. I stopped, I started, I rebooted. Nada. I went to UofB and UofG and read all manner of suggested fixes and forum discussions on the vagaries of Server 2012 NTP. I compared Server 2012 NTP to my lab, which is 2008R2 DC NTP (which works flawlessly and is why I started looking at my 2012 DC); and I add that the 2008 R2 NTP in registry does NOT look like the Server 2012 NTP in registry – well, at least MINE does not.
I consulted other MVP’s, my Technical Architect level folks; I even talked to the darkside (peers in other companies). Nothing helped.
Further Background
I noticed this issue because a Polycom VVX 600 phone connected to my outside DC (the aforementioned Server 2012) refused to set itself to the correct time. The same device plugged into my lab worked just fine. My efforts with DHCP setting the time zone worked well. But the VVX would not get proper time (an AudioCodes 420HD on the same switch showed the proper time). Setting the VVX manually (via web interface) to explicitly look at my server did not help. So I went looking and discovered that no matter what I did, my Server 2012 would not listen on UDP 123, which, of course, makes it non-functional as an NTP source for non-domain machines.
While this NTP issue existed, the PDC NTP domain functions appeared to be operating correctly. Using a domain workstation and running “w32tm /stripchart /computer:fqdn /samples:5 /dataonly” looked normal. Domain workstations were all within a minute of each other. Servers in the domain were all within a minute of the DC also. The server itself showed NOTHING in the event logs.
Finally, ratting through ProcMon (www.sysinternals.com) showed that the server thought that svchost was starting the time service, but nothing ever worked. The server never came up on UDP 123. DNS came up on 56123, but that was the ONLY *123* string in a port sweep on that server.
The Fix
I went here and downloaded, installed, and configured a separate NTP server – which disabled the w32time service native to windows. But now it works.
YMMV
No comments:
Post a Comment