Replacing sick NTP server source and re-synching (with internal time currently 2 minutes late)

Posted by l0c0b0x on Server Fault See other posts from Server Fault or by l0c0b0x
Published on 2012-09-07T15:49:22Z Indexed on 2012/09/08 9:40 UTC
Read the original article Hit count: 282

Filed under:
|
|

One of the external NTP servers (the primary one--currently) we're using as source seems to not be responding to NTP calls. Unfortunately, on our core router (Cisco 6509), the NTP functionality hasn't switched to the secondary NTP external server as it was expected. As a result, our core router which is pretty much our main internal NTP source is 2 minutes late.

I'm planning to fix the external router issue by making the external NTP source be the one currently working. I'm wondering, how much will a 2 minute change affect my users and services? Specially since these days, we're heavily relying on certificate-based authentication.

We're a Windows/Cisco shop.

Internal NTP setup:

[Core Router 1 / Cisco 6509]:
looking out to two external NTP servers (in which the primary one is not responding to NTP calls)

[Core Router 2]:
Synching with Core router 1 (primary), working external router (secondary)

[Other Cisco network devices]:
Synching with Core router 1 (primary), core router 2 (secondary)

[Domain controller(s)]:
Synching with Core router 1

[All windows clients/servers]:
Synching with domain controllers

© Server Fault or respective owner

Related posts about time

Related posts about ntp