Discussion:
[ntp:questions] w32tm UDP Port
stonecoldfan1
2005-06-23 14:55:29 UTC
Permalink
Not a regular poster, don't blast me too hard.

I am running a small group of servers (Win2K, sp4) in a protected zone.
One server is set up as the 'time server', the rest as clients.
The time server is not 'official' by any means, but we needed to
sync all the times on the servers to each other.

Despite being in this protected zone, I am required (on each server) to
restrict the TCP/IP settings. I originally thought that allowing UDP
on port 123 would be enough, but as soon as I placed the restriction on
the client, I was not able to sync up anymore.

I ran a sniffer and found that the request from the client goes to UDP
port 123 on the server...but is generated from a seemingly random port
on the client. The time server sends the datagram back to the client
from 123 to the previously mentioned random port (and is blocked, of
course).

Using w32Time, is there a way to control the port(s) that the time sync
request is made on in order to allow the reply to get through?
Danny Mayer
2005-06-23 16:57:44 UTC
Permalink
Post by stonecoldfan1
Not a regular poster, don't blast me too hard.
I am running a small group of servers (Win2K, sp4) in a protected zone.
One server is set up as the 'time server', the rest as clients.
The time server is not 'official' by any means, but we needed to
sync all the times on the servers to each other.
Despite being in this protected zone, I am required (on each server) to
restrict the TCP/IP settings. I originally thought that allowing UDP
on port 123 would be enough, but as soon as I placed the restriction on
the client, I was not able to sync up anymore.
If you were running the NTP reference implementation on your windows
boxes then this would have been true. Since you're not we have no idea
what Microsoft has done and you would need to ask in a microsoft news
group. Or even better and install NTP on your systems and then it would
be true.
Post by stonecoldfan1
I ran a sniffer and found that the request from the client goes to UDP
port 123 on the server...but is generated from a seemingly random port
on the client. The time server sends the datagram back to the client
from 123 to the previously mentioned random port (and is blocked, of
course).
Using w32Time, is there a way to control the port(s) that the time sync
request is made on in order to allow the reply to get through?
As I said we don't support w32Time here, that's a Microsoft app.
Install NTP and you should be okay.

Danny
Post by stonecoldfan1
_______________________________________________
questions mailing list
questions at lists.ntp.isc.org
https://lists.ntp.isc.org/mailman/listinfo/questions
Richard B. Gilbert
2005-06-23 19:26:45 UTC
Permalink
Post by stonecoldfan1
Not a regular poster, don't blast me too hard.
I am running a small group of servers (Win2K, sp4) in a protected zone.
One server is set up as the 'time server', the rest as clients.
The time server is not 'official' by any means, but we needed to
sync all the times on the servers to each other.
Despite being in this protected zone, I am required (on each server) to
restrict the TCP/IP settings. I originally thought that allowing UDP
on port 123 would be enough, but as soon as I placed the restriction on
the client, I was not able to sync up anymore.
I ran a sniffer and found that the request from the client goes to UDP
port 123 on the server...but is generated from a seemingly random port
on the client. The time server sends the datagram back to the client
from 123 to the previously mentioned random port (and is blocked, of
course).
Using w32Time, is there a way to control the port(s) that the time sync
request is made on in order to allow the reply to get through?
W32Time is a brain damaged Microsoft implementation of SNTP. You need
to ask Microsoft how to fix it. (Lots of luck!!)

If you download and install the Windows version of ntpd, someone here
might be able to help you control what port(s) it uses. It might even
do the right thing all by itself! Sorry, I can't supply a link to a
site from which you can download the Windows version; attempts to reach
ntp.isc.org from here are timing out at the moment.
Steve Kostecke
2005-06-23 20:45:48 UTC
Permalink
Post by Richard B. Gilbert
Post by stonecoldfan1
Using w32Time, is there a way to control the port(s) that the time sync
request is made on in order to allow the reply to get through?
W32Time is a brain damaged Microsoft implementation of SNTP. You need
to ask Microsoft how to fix it. (Lots of luck!!)
If you download and install the Windows version of ntpd, someone here
might be able to help you control what port(s) it uses. It might even
do the right thing all by itself! Sorry, I can't supply a link to a
site from which you can download the Windows version;
Try

http://norloff.org/ntp/

or

http://www.meinberg.de/english/sw/ntp.htm
--
Steve Kostecke <kostecke at ntp.isc.org>
NTP Public Services Project - http://ntp.isc.org/
stonecoldfan1
2005-06-24 12:25:08 UTC
Permalink
Thanks all, looks like I got it up and running...Now I just have to
tweak it so it syncs to the right time - not three hours ago!

Looks like a Friday of doco reading for me.
Richard B. Gilbert
2005-06-25 16:15:38 UTC
Permalink
Post by stonecoldfan1
Thanks all, looks like I got it up and running...Now I just have to
tweak it so it syncs to the right time - not three hours ago!
Looks like a Friday of doco reading for me.
Make sure your timezone is set correctly!!!!!!!

Loading...