?
Solved

Allowing "Internet Time" to sync thru Firewall

Posted on 2010-11-18
10
Medium Priority
?
1,149 Views
Last Modified: 2012-05-10
I'm running Windows Server 2008 and have tightened up the firewall too much and now my "Date and Time" won't sync via the "Internet Time" time.windows.com.

I allowed the "RunDLL32.com" inbound and outbound via firewall on all ports but no luck.

What firewall settings are necessary to allow the "Internet Time" to automatically synch my clock again?
0
Comment
Question by:deming
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169016
Just open 123 UDP... (outside)
0
 

Author Comment

by:deming
ID: 34169145
When I click "Update now" I get "An error occurred while Windows was synchronizing with time.windows.com."

Was I supposed to also allow rundll32.exe access or not?
0
 

Author Comment

by:deming
ID: 34169163
Same error when I added rundll32.exe with full access in and out.
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 6

Expert Comment

by:univision-computers
ID: 34169203
You can try setting a different time server and see if that helps.  That would rule out the firewall as the cause if it works.  I have had a few servers unable to update the time lately and this fixed it:
http://support.microsoft.com/kb/816042
I just set it to us.pool.ntp.org for the time server (or pool.ntp.org outside the US) and you can choose to leave time.windows.com as a secondary server if  or remove it altogether
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 34169208
To clarify, you just use the second "FIXIT" link and then you can add those servers in there.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169267
Open Dos Box and set your time server (eg. de.pool.ntp.org) with command NET TIME /setsntp:de.pool.ntp.org. See your NTP server at http://www.pool.ntp.org/en/
0
 

Author Comment

by:deming
ID: 34169355
To clarify, if I turn OFF the firewall, the the time updates fine.  So I feel certain it is a firewall setting restricting the access to the time server.  I need to allow the program access to the ports.  I did the DOS box "NET TIME /setsntp:de.pool.ntp.org" and it said Successful, however, the time still does not sync.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34192555
Do you have opened port 123 (udp) outside as stated above?
0
 

Author Comment

by:deming
ID: 34270076
Yes, if I open port 123 Out UDP to any program, then the time updates correctly. However, I do not want to have that port wide open to any program. Thus, please tell me which program need is using that port to update the time so I can restrict the firewall to only that program which updates the time.
0
 
LVL 3

Accepted Solution

by:
TeraByteMan earned 2000 total points
ID: 34273867
Here's how to do it:

Add a rule to your Firewall to allow outbound UDP on port 123 only for the program "w32tm.exe" which is found in our System32, or SysWow64 folder.

This will only allow the time to update on that port and no other program can use it.  I tested and confirmed this works.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.
Suggested Courses
Course of the Month15 days, 15 hours left to enroll

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question