Time sync on ISA server


I am having a problem with time synchronization on a small business server 2003 premium.

SBS2003 as domain controller and ISA service installed (I know this is not the best setup!)

NTP sync (port 123) is blocked by ISA and I have tried many different rules also where I basically allow all protocols from external to internal and local host and vice versa but it always blocks the NTP protocol.
In the system policy I have added both external, internal and local host without any luck.

I am missing something, but I can't pin point it.
Any ideas?
Who is Participating?
pwindellConnect With a Mentor Commented:
The setup is fine,...that is the way SBS Premium was designed to be used.

The NTP needs to use a rule like this:

Name: Time Sync
From: Localhost
To: External
Protocol: NTP (UDP)
Users: "All Users"

If it is being block still,..then verify if it is using TCP or UDP.  IF it is TCP then you will heve to create a new protocol for NTP (TCP) and add it to the same Rule.
Keith AlabasterConnect With a Mentor Enterprise ArchitectCommented:
Agreed - nothing wrong with that config assuming it is the version of ISA that came with the Premium Services/SP1 rather than a separate implementation of ISA 2004 :)

An access rule is the only one required here as the NTP request is initiated from the local host (sbs/ISA box) to the external time source ip address. SBS, being quite clever, by default uses the SBS_Users group for authentication - you need the all users group instead so that authentication is not required for the SBS server to access the external time source.

Anker74Author Commented:
It is a bit embarrassing!
My problem was the the NTP server that somehow did not work.
I changed NTP server ad then it worked.
Thank you for your time.
Regards Anker74
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Keith AlabasterEnterprise ArchitectCommented:
Thanks - I will make a change to the points and split them with pwindell as he posted the first response to you. And don't sweat it - we have all done the same sort of thing.....
Anker74Author Commented:
Hmm... Strange, I did not see pwindell's answer until now.

But, yes of course!
Thanks Keith!
Keith AlabasterEnterprise ArchitectCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.