NTP server not connecting with clients



  • Tried all the boxes in the NTP server page in various configurations, but my Windows 10 machine (and others) won't synchronize with the pfsensebox…
    The Pfsense itself does synchronize with one of the 5 timeservers (0.nl.pool.ntp.org etc.) No problemo there.

    Do I need to make any rules or something?
    (port 123 blocked by firewall or so?)

    Windows will synchronize with it's own server, thats no problem.

    Any advise ?



  • There is also a place to configure NTP on the DHCP Server page.  Other Options –> NTP.  I don't know if that will help.



  • That would be the option to offer the DCHP-client a NTP server adres (in my case 192.168.0.3, the pfsense FW)
    That's enabled, but doesnt have any affect on a windows10 client. (I don't know if windows will copy that option to his clock, depends on the client I think).



  • What does ntpq show on your pfsense and clients?

    The IPs below: .1 is my pfsense, .2 a local ntp/file server, .4 a local GPS system, .76 is my ISP's ntp server

    [2.3.2-RELEASE][root@pfSense.home]/root: ntpq -pn
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    +172.16.0.2      172.16.0.4       2 u  328  512  377    0.136   -0.896   0.192
    *172.16.0.4      .GPS0.           1 u  170  512  377    0.437   -0.401   0.014
    +68.0.14.76      .GPS.            1 u  252  512  377   51.581    1.352   1.075
    
    stan@p490:~> sudo ntpq -pn
         remote           refid      st t when poll reach   delay   offset  jitter
    ==============================================================================
    +172.16.0.1      172.16.0.4       2 u   63  256  377    0.206    0.289   0.118
    +172.16.0.2      172.16.0.4       2 u  103  256  377    0.142   -0.700   0.124
    *172.16.0.4      .GPS0.           1 u  139  256  377    0.416   -0.181   0.073
    


  • These are my NTP settings at the moment :

    I cant see my own IP adres in it, just the NTP servers itself.

    Is there a Windows program wich can check of it's time-server connects correctly?

    Going for a short holiday, so don't be angry if I do not answer in short time (I myself have the time so to speak ;-) )

    Thanks in advance !

    ![NTP screen.JPG](/public/imported_attachments/1/NTP screen.JPG)
    ![NTP screen.JPG_thumb](/public/imported_attachments/1/NTP screen.JPG_thumb)











  • From your screen shots it looks like the pfSense ntp system is working and has selected 217.77.132.1 as a peer.

    In your NTP-3 screenshot you show the (I think) Windows system trying to connect to 192.168.0.3, is that the address of your pfSense system? I'd expect it to be 192.168.0.1.

    I don't use Windows often but a quick search gave me this that runs from an administrator level command prompt. Many other options on the w32tm command if you enter it with no options.

    (from Windows 10)

    C:\WINDOWS\system32>w32tm /query /status
    Leap Indicator: 0(no warning)
    Stratum: 3 (secondary reference - syncd by (S)NTP)
    Precision: -6 (15.625ms per tick)
    Root Delay: 0.0316620s
    Root Dispersion: 7.7981779s
    ReferenceId: 0xFCEAF281 (MD5 hash fraction of the IPv6 address: )
    Last Successful Sync Time: 7/30/2016 11:44:05 AM
    Source: pfsense.home,0x9
    Poll Interval: 10 (1024s)
    


  • I repeated your command Stan-Qaz, and this is what I get :

    w32tm sees the local cmos Bios as a source…
    w32tm sees the pfsense (Which is at 192.168.0.3) as a peer (So it could synchronize I think?)

    I am a bit lost here

    I will aswer again in 2 weeks...... holiday ;-)








  • For windows systems I have noticed that you need sometimes to synchronize twice or more times before it get the right value. Anyway, windows and other devices successfully synchronized  with pfSense box. Your configuration looks good also.



  • have a look also in win at: Group Policy Editor - Administrative Tremplates - System - Windows Time Service
    Configure windows NTP Client : Enabled… NtpServer... Type...
    Enable Windows NTP Client - Enabled


  • LAYER 8 Global Moderator

    Why not just install actual ntp client on your windows machines vs using their hodgepodge of what they call a time client..

    You can grab windows port here.
    https://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stable

    If you don't want to compile yourself..  you can normally grab stable and the dev version here.
    http://www.satsignal.eu/ntp/x86/index.html

    That site is a well of information on ntp… David does a fantastic job!!!


Log in to reply