NTP server chaange fromUDP to TCP

amjadmapari
amjadmapari used Ask the Experts™
on
Dear Team,

I want to block UDP port 123 for time sync between my Domain controller and external time server time.windows.com

Also i want the internal time sync of member with domain controller on tcp port rather than UDP. Is it possible. Can you please help.

Regards,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Information Systems Technologist
Commented:
Good morning!

I think the short answer is no, you cannot run NTP via TCP since it is a UDP-based protocol. I also read somewhere that in doing so violates RFCs. Rather than blocking the UDP port just configure NTP to look to a local source (such as the domain controller) instead of an external source like time.windows.com.

I'm not an NTP expert, however, I'd caution against not using some sort of external time source. Time is something you do not want to get screwed up on a network -- it is especially sensitive to authentications. If time gets thrown off, especially on a domain controller, you'll likely begin seeing all sorts of authentication failures across the network.

Why are you considering blocking NTP and not using an external time source?

Nick
Nick FordInformation Systems Technologist

Commented:
No response from poster.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial