Time sync on ISA server


I am having a problem with time synchronization on a small business server 2003 premium.

SBS2003 as domain controller and ISA service installed (I know this is not the best setup!)

NTP sync (port 123) is blocked by ISA and I have tried many different rules also where I basically allow all protocols from external to internal and local host and vice versa but it always blocks the NTP protocol.
In the system policy I have added both external, internal and local host without any luck.

I am missing something, but I can't pin point it.
Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The setup is fine,...that is the way SBS Premium was designed to be used.

The NTP needs to use a rule like this:

Name: Time Sync
From: Localhost
To: External
Protocol: NTP (UDP)
Users: "All Users"

If it is being block still,..then verify if it is using TCP or UDP.  IF it is TCP then you will heve to create a new protocol for NTP (TCP) and add it to the same Rule.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Keith AlabasterEnterprise ArchitectCommented:
Agreed - nothing wrong with that config assuming it is the version of ISA that came with the Premium Services/SP1 rather than a separate implementation of ISA 2004 :)

An access rule is the only one required here as the NTP request is initiated from the local host (sbs/ISA box) to the external time source ip address. SBS, being quite clever, by default uses the SBS_Users group for authentication - you need the all users group instead so that authentication is not required for the SBS server to access the external time source.

Anker74Author Commented:
It is a bit embarrassing!
My problem was the the NTP server that somehow did not work.
I changed NTP server ad then it worked.
Thank you for your time.
Regards Anker74
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Keith AlabasterEnterprise ArchitectCommented:
Thanks - I will make a change to the points and split them with pwindell as he posted the first response to you. And don't sweat it - we have all done the same sort of thing.....
Anker74Author Commented:
Hmm... Strange, I did not see pwindell's answer until now.

But, yes of course!
Thanks Keith!
Keith AlabasterEnterprise ArchitectCommented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.