Solved

Allowing "Internet Time" to sync thru Firewall

Posted on 2010-11-18
10
1,141 Views
Last Modified: 2012-05-10
I'm running Windows Server 2008 and have tightened up the firewall too much and now my "Date and Time" won't sync via the "Internet Time" time.windows.com.

I allowed the "RunDLL32.com" inbound and outbound via firewall on all ports but no luck.

What firewall settings are necessary to allow the "Internet Time" to automatically synch my clock again?
0
Comment
Question by:deming
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169016
Just open 123 UDP... (outside)
0
 

Author Comment

by:deming
ID: 34169145
When I click "Update now" I get "An error occurred while Windows was synchronizing with time.windows.com."

Was I supposed to also allow rundll32.exe access or not?
0
 

Author Comment

by:deming
ID: 34169163
Same error when I added rundll32.exe with full access in and out.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 6

Expert Comment

by:univision-computers
ID: 34169203
You can try setting a different time server and see if that helps.  That would rule out the firewall as the cause if it works.  I have had a few servers unable to update the time lately and this fixed it:
http://support.microsoft.com/kb/816042
I just set it to us.pool.ntp.org for the time server (or pool.ntp.org outside the US) and you can choose to leave time.windows.com as a secondary server if  or remove it altogether
0
 
LVL 6

Expert Comment

by:univision-computers
ID: 34169208
To clarify, you just use the second "FIXIT" link and then you can add those servers in there.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34169267
Open Dos Box and set your time server (eg. de.pool.ntp.org) with command NET TIME /setsntp:de.pool.ntp.org. See your NTP server at http://www.pool.ntp.org/en/
0
 

Author Comment

by:deming
ID: 34169355
To clarify, if I turn OFF the firewall, the the time updates fine.  So I feel certain it is a firewall setting restricting the access to the time server.  I need to allow the program access to the ports.  I did the DOS box "NET TIME /setsntp:de.pool.ntp.org" and it said Successful, however, the time still does not sync.
0
 
LVL 5

Expert Comment

by:mittermueller
ID: 34192555
Do you have opened port 123 (udp) outside as stated above?
0
 

Author Comment

by:deming
ID: 34270076
Yes, if I open port 123 Out UDP to any program, then the time updates correctly. However, I do not want to have that port wide open to any program. Thus, please tell me which program need is using that port to update the time so I can restrict the firewall to only that program which updates the time.
0
 
LVL 3

Accepted Solution

by:
TeraByteMan earned 500 total points
ID: 34273867
Here's how to do it:

Add a rule to your Firewall to allow outbound UDP on port 123 only for the program "w32tm.exe" which is found in our System32, or SysWow64 folder.

This will only allow the time to update on that port and no other program can use it.  I tested and confirmed this works.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now