Solved

Allowing "Internet Time" to sync thru Firewall

Posted on 2010-11-18
10
1,135 Views
Last Modified: 2012-05-10
I'm running Windows Server 2008 and have tightened up the firewall too much and now my "Date and Time" won't sync via the "Internet Time" time.windows.com.

I allowed the "RunDLL32.com" inbound and outbound via firewall on all ports but no luck.

What firewall settings are necessary to allow the "Internet Time" to automatically synch my clock again?
0
Comment
Question by:deming
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169016
Just open 123 UDP... (outside)
0
 

Author Comment

by:deming
ID: 34169145
When I click "Update now" I get "An error occurred while Windows was synchronizing with time.windows.com."

Was I supposed to also allow rundll32.exe access or not?
0
 

Author Comment

by:deming
ID: 34169163
Same error when I added rundll32.exe with full access in and out.
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 34169203
You can try setting a different time server and see if that helps.  That would rule out the firewall as the cause if it works.  I have had a few servers unable to update the time lately and this fixed it:
http://support.microsoft.com/kb/816042
I just set it to us.pool.ntp.org for the time server (or pool.ntp.org outside the US) and you can choose to leave time.windows.com as a secondary server if  or remove it altogether
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 34169208
To clarify, you just use the second "FIXIT" link and then you can add those servers in there.
0
Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

 
LVL 5

Expert Comment

by:mittermueller
ID: 34169267
Open Dos Box and set your time server (eg. de.pool.ntp.org) with command NET TIME /setsntp:de.pool.ntp.org. See your NTP server at http://www.pool.ntp.org/en/
0
 

Author Comment

by:deming
ID: 34169355
To clarify, if I turn OFF the firewall, the the time updates fine.  So I feel certain it is a firewall setting restricting the access to the time server.  I need to allow the program access to the ports.  I did the DOS box "NET TIME /setsntp:de.pool.ntp.org" and it said Successful, however, the time still does not sync.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34192555
Do you have opened port 123 (udp) outside as stated above?
0
 

Author Comment

by:deming
ID: 34270076
Yes, if I open port 123 Out UDP to any program, then the time updates correctly. However, I do not want to have that port wide open to any program. Thus, please tell me which program need is using that port to update the time so I can restrict the firewall to only that program which updates the time.
0
 
LVL 3

Accepted Solution

by:
TeraByteMan earned 500 total points
ID: 34273867
Here's how to do it:

Add a rule to your Firewall to allow outbound UDP on port 123 only for the program "w32tm.exe" which is found in our System32, or SysWow64 folder.

This will only allow the time to update on that port and no other program can use it.  I tested and confirmed this works.
0

Featured Post

Promote certifications in your email signature

Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

Join & Write a Comment

Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now