NTP server not connecting with clients
-
Tried all the boxes in the NTP server page in various configurations, but my Windows 10 machine (and others) won't synchronize with the pfsensebox…
The Pfsense itself does synchronize with one of the 5 timeservers (0.nl.pool.ntp.org etc.) No problemo there.Do I need to make any rules or something?
(port 123 blocked by firewall or so?)Windows will synchronize with it's own server, thats no problem.
Any advise ?
-
There is also a place to configure NTP on the DHCP Server page. Other Options –> NTP. I don't know if that will help.
-
That would be the option to offer the DCHP-client a NTP server adres (in my case 192.168.0.3, the pfsense FW)
That's enabled, but doesnt have any affect on a windows10 client. (I don't know if windows will copy that option to his clock, depends on the client I think). -
What does ntpq show on your pfsense and clients?
The IPs below: .1 is my pfsense, .2 a local ntp/file server, .4 a local GPS system, .76 is my ISP's ntp server
[2.3.2-RELEASE][root@pfSense.home]/root: ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== +172.16.0.2 172.16.0.4 2 u 328 512 377 0.136 -0.896 0.192 *172.16.0.4 .GPS0. 1 u 170 512 377 0.437 -0.401 0.014 +68.0.14.76 .GPS. 1 u 252 512 377 51.581 1.352 1.075stan@p490:~> sudo ntpq -pn remote refid st t when poll reach delay offset jitter ============================================================================== +172.16.0.1 172.16.0.4 2 u 63 256 377 0.206 0.289 0.118 +172.16.0.2 172.16.0.4 2 u 103 256 377 0.142 -0.700 0.124 *172.16.0.4 .GPS0. 1 u 139 256 377 0.416 -0.181 0.073 -
These are my NTP settings at the moment :
I cant see my own IP adres in it, just the NTP servers itself.
Is there a Windows program wich can check of it's time-server connects correctly?
Going for a short holiday, so don't be angry if I do not answer in short time (I myself have the time so to speak ;-) )
Thanks in advance !
-
From your screen shots it looks like the pfSense ntp system is working and has selected 217.77.132.1 as a peer.
In your NTP-3 screenshot you show the (I think) Windows system trying to connect to 192.168.0.3, is that the address of your pfSense system? I'd expect it to be 192.168.0.1.
I don't use Windows often but a quick search gave me this that runs from an administrator level command prompt. Many other options on the w32tm command if you enter it with no options.
(from Windows 10)
C:\WINDOWS\system32>w32tm /query /status Leap Indicator: 0(no warning) Stratum: 3 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0316620s Root Dispersion: 7.7981779s ReferenceId: 0xFCEAF281 (MD5 hash fraction of the IPv6 address: ) Last Successful Sync Time: 7/30/2016 11:44:05 AM Source: pfsense.home,0x9 Poll Interval: 10 (1024s) -
I repeated your command Stan-Qaz, and this is what I get :
w32tm sees the local cmos Bios as a source…
w32tm sees the pfsense (Which is at 192.168.0.3) as a peer (So it could synchronize I think?)I am a bit lost here
I will aswer again in 2 weeks...... holiday ;-)
-
For windows systems I have noticed that you need sometimes to synchronize twice or more times before it get the right value. Anyway, windows and other devices successfully synchronized with pfSense box. Your configuration looks good also.
-
have a look also in win at: Group Policy Editor - Administrative Tremplates - System - Windows Time Service
Configure windows NTP Client : Enabled… NtpServer... Type...
Enable Windows NTP Client - Enabled -
Why not just install actual ntp client on your windows machines vs using their hodgepodge of what they call a time client..
You can grab windows port here.
https://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stableIf you don't want to compile yourself.. you can normally grab stable and the dev version here.
http://www.satsignal.eu/ntp/x86/index.htmlThat site is a well of information on ntp… David does a fantastic job!!!
