Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Allowing "Internet Time" to sync thru Firewall

Posted on 2010-11-18
10
Medium Priority
?
1,152 Views
Last Modified: 2012-05-10
I'm running Windows Server 2008 and have tightened up the firewall too much and now my "Date and Time" won't sync via the "Internet Time" time.windows.com.

I allowed the "RunDLL32.com" inbound and outbound via firewall on all ports but no luck.

What firewall settings are necessary to allow the "Internet Time" to automatically synch my clock again?
0
Comment
Question by:deming
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169016
Just open 123 UDP... (outside)
0
 

Author Comment

by:deming
ID: 34169145
When I click "Update now" I get "An error occurred while Windows was synchronizing with time.windows.com."

Was I supposed to also allow rundll32.exe access or not?
0
 

Author Comment

by:deming
ID: 34169163
Same error when I added rundll32.exe with full access in and out.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 6

Expert Comment

by:univision-computers
ID: 34169203
You can try setting a different time server and see if that helps.  That would rule out the firewall as the cause if it works.  I have had a few servers unable to update the time lately and this fixed it:
http://support.microsoft.com/kb/816042
I just set it to us.pool.ntp.org for the time server (or pool.ntp.org outside the US) and you can choose to leave time.windows.com as a secondary server if  or remove it altogether
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 34169208
To clarify, you just use the second "FIXIT" link and then you can add those servers in there.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169267
Open Dos Box and set your time server (eg. de.pool.ntp.org) with command NET TIME /setsntp:de.pool.ntp.org. See your NTP server at http://www.pool.ntp.org/en/
0
 

Author Comment

by:deming
ID: 34169355
To clarify, if I turn OFF the firewall, the the time updates fine.  So I feel certain it is a firewall setting restricting the access to the time server.  I need to allow the program access to the ports.  I did the DOS box "NET TIME /setsntp:de.pool.ntp.org" and it said Successful, however, the time still does not sync.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34192555
Do you have opened port 123 (udp) outside as stated above?
0
 

Author Comment

by:deming
ID: 34270076
Yes, if I open port 123 Out UDP to any program, then the time updates correctly. However, I do not want to have that port wide open to any program. Thus, please tell me which program need is using that port to update the time so I can restrict the firewall to only that program which updates the time.
0
 
LVL 3

Accepted Solution

by:
TeraByteMan earned 2000 total points
ID: 34273867
Here's how to do it:

Add a rule to your Firewall to allow outbound UDP on port 123 only for the program "w32tm.exe" which is found in our System32, or SysWow64 folder.

This will only allow the time to update on that port and no other program can use it.  I tested and confirmed this works.
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question