NTP server chaange fromUDP to TCP

Dear Team,

I want to block UDP port 123 for time sync between my Domain controller and external time server time.windows.com

Also i want the internal time sync of member with domain controller on tcp port rather than UDP. Is it possible. Can you please help.

Who is Participating?
Nick FordInformation Systems TechnologistCommented:
Good morning!

I think the short answer is no, you cannot run NTP via TCP since it is a UDP-based protocol. I also read somewhere that in doing so violates RFCs. Rather than blocking the UDP port just configure NTP to look to a local source (such as the domain controller) instead of an external source like time.windows.com.

I'm not an NTP expert, however, I'd caution against not using some sort of external time source. Time is something you do not want to get screwed up on a network -- it is especially sensitive to authentications. If time gets thrown off, especially on a domain controller, you'll likely begin seeing all sorts of authentication failures across the network.

Why are you considering blocking NTP and not using an external time source?

Nick FordInformation Systems TechnologistCommented:
No response from poster.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.