Cisco Cisco ASA 5585-X Adaptive Security Appliance 문제 해결 가이드
Adaptive Security Appliance FAQ: Why does the
ASA fail to sync with Windows server configured
as an NTP server?
ASA fail to sync with Windows server configured
as an NTP server?
Document ID: 118053
Contributed by Raghunath Kulkarni and Magnus Mortenson, Cisco TAC
Engineers.
Engineers.
Aug 19, 2014
Contents
Introduction
Why does the ASA fail to sync with Windows server configured as an NTP server?
Why does the ASA fail to sync with Windows server configured as an NTP server?
Introduction
This document describes the reason why the ASA does not synchronize time with the Network Time Protocol
(NTP) server, what causes the default dispersion value to be more than one second, and what can be done to
resolve this problem.
(NTP) server, what causes the default dispersion value to be more than one second, and what can be done to
resolve this problem.
Why does the ASA fail to sync with Windows server
configured as an NTP server?
configured as an NTP server?
The Adaptive Security Appliance (ASA) does not sync time with Network Time Protocol (NTP) server when
the NTP server sends a dispersion value of more than one second. This is the default dispersion value of a
Microsoft Windows Server when used as an NTP server. How is this issue resolved?
the NTP server sends a dispersion value of more than one second. This is the default dispersion value of a
Microsoft Windows Server when used as an NTP server. How is this issue resolved?
NTP: rcv packet from 172.23.226.161 to 172.23.246.71 on management:
leap 0, mode 4, version 3, stratum 2, ppoll 64
rtdel 0800 (31.250), rtdsp ae343 (10887.741), refid C6976401 (198.151.100.1)
The ASA requires a dispersion value less than 1000 milliseconds (one second) in order to sync its clock via
NTP. The Windows Server reports a dispersion value that is too high for the ASA to sync, so you must adjust
the Windows Server in order to accomodate this requirement. You can do this when you perform a registry
change on the server. Consult theseMicrosoft documents for more information: LocalClockDispersion Entry.
NTP. The Windows Server reports a dispersion value that is too high for the ASA to sync, so you must adjust
the Windows Server in order to accomodate this requirement. You can do this when you perform a registry
change on the server. Consult theseMicrosoft documents for more information: LocalClockDispersion Entry.
If the Windows Server that operates as an NTP server is not also a domain controller (DC), the
AnnounceFlags registry setting might need to be changed to 0x5 (0x01 + 0x04). Consult the following
Microsoft document for more inforomation:
Config\AnnounceFlags Entry.
AnnounceFlags registry setting might need to be changed to 0x5 (0x01 + 0x04). Consult the following
Microsoft document for more inforomation:
Config\AnnounceFlags Entry.
Microsoft's implementation behaves differently than most NTP servers and might cause issues similar to the
one described previously. The Microsoft Windows Server NTP implementation sends packets with a root
dispersion value that is unusually large compared to some other NTP servers. This output is based off
of debug ntp packet on an ASA that attempts to sync to an unadjusted Windows Server:
one described previously. The Microsoft Windows Server NTP implementation sends packets with a root
dispersion value that is unusually large compared to some other NTP servers. This output is based off
of debug ntp packet on an ASA that attempts to sync to an unadjusted Windows Server: