FYI, Cisco ACS v5 is HIGHLY dependant on time synchronization (v4.2 not as much) between ACS, Windows AD, WLC, and Windows Clients in order for 802.1x authentication to function. If you're looking to implement ACS version 5 or 5.1 (just released last month) you had better have your NTP strategy worked out.
Jonathan L. Raper, A+, MCSA, MCSE Technology Coordinator Eagle Physicians & Associates, PA jra...@eaglemds.com<BLOCKED::mailto:%20jra...@eaglemds.com> www.eaglemds.com<BLOCKED::http://www.eaglemds.com/> ________________________________ From: Jon Harris [mailto:jk.har...@gmail.com] Sent: Friday, January 08, 2010 12:40 PM To: NT System Admin Issues Subject: Re: Time Be advised that pool.ntp.org<http://pool.ntp.org> goes to a bunch of different sources so you will have firewall issues unless you watch it carefully or have some kind of rule that only allows the PDCe to be the only one going to the ntp port. Jon On Fri, Jan 8, 2010 at 6:19 AM, John Hornbuckle <john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>> wrote: I'm convinced! :-) -----Original Message----- From: Ben Schorr [mailto:b...@rolandschorr.com<mailto:b...@rolandschorr.com>] Sent: Thursday, January 07, 2010 5:06 PM To: NT System Admin Issues Subject: RE: Time Exactly right. Takes mere seconds to do it and requires no maintenance. Ben M. Schorr Chief Executive Officer Roland Schorr & Tower www.rolandschorr.com<http://www.rolandschorr.com/> / www.officeforlawyers.com<http://www.officeforlawyers.com/> Member: American Bar Association - 01473703 Author: The Lawyer's Guide to Microsoft Outlook 2007: http://tinyurl.com/ol4law-amazon Author: The Lawyer's Guide to Microsoft Word 2007: http://tinyurl.com/abaword2007 > -----Original Message----- > From: Carl Houseman [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>] > Sent: Thursday, January 07, 2010 11:41 AM > To: NT System Admin Issues > Subject: RE: Time > > +1 > > Not to mention, setting this up is almost trivial - at the PDC you type one > command line and you're done. The hardest part might be creating a rule to > allow the NTP protocol out through your firewall. > > Carl > > -----Original Message----- > From: Ben Schorr [mailto:b...@rolandschorr.com<mailto:b...@rolandschorr.com>] > Sent: Thursday, January 07, 2010 3:20 PM > To: NT System Admin Issues > Subject: RE: Time > > You should point the DC to an external time source just as a matter of best > practice. I'll echo my colleagues here who use > pool.ntp.org<http://pool.ntp.org/>. We set all of our > clients (companies, I mean) up to sync to that and it works beautifully. > Everything stays nice and tight and in sync. > > Ben M. Schorr > Chief Executive Officer > Roland Schorr & Tower > www.rolandschorr.com<http://www.rolandschorr.com/> / > www.officeforlawyers.com<http://www.officeforlawyers.com/> > Member: American Bar Association - 01473703 > Author: The Lawyer's Guide to Microsoft Outlook 2007: > http://tinyurl.com/ol4law-amazon > Author: The Lawyer's Guide to Microsoft Word 2007: > http://tinyurl.com/abaword2007 > > > > > -----Original Message----- > > From: John Hornbuckle > > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>] > > Sent: Thursday, January 07, 2010 10:16 AM > > To: NT System Admin Issues > > Subject: RE: Time > > > > It may well have been, to be honest. I'm not sure I'd have noticed it > being 4 > > minutes off when I first set it up. > > > > I'll keep an eye on things, and if it keeps losing time I'll > definitely look at > > pointing it to an external source. > > > > > > > > -----Original Message----- > > From: Carl Houseman > > [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>] > > Sent: Thursday, January 07, 2010 2:56 PM > > To: NT System Admin Issues > > Subject: RE: Time > > > > Was your clock of by 4 minutes? Was it always that way? > > > > -----Original Message----- > > From: John Hornbuckle > > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>] > > Sent: Thursday, January 07, 2010 2:33 PM > > To: NT System Admin Issues > > Subject: RE: Time > > > > Are servers' internal clocks that flaky? > > > > -----Original Message----- > > From: Carl Houseman > > [mailto:c.house...@gmail.com<mailto:c.house...@gmail.com>] > > Sent: Thursday, January 07, 2010 12:51 PM > > To: NT System Admin Issues > > Subject: RE: Time > > > > You want to set up the PDC to sync time an external NTP source or > you'll be > > doing this manual adjustment on a regular basis... command lines have > been > > previously suggested to do just that. > > > > Carl > > > > -----Original Message----- > > From: John Hornbuckle > > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>] > > Sent: Thursday, January 07, 2010 12:29 PM > > To: NT System Admin Issues > > Subject: RE: Time > > > > Thanks to everyone for the info. I found that the PDC machine time was > four > > minutes off. It looks to have been using its own internal clock, and I > guess > > that was off. I adjusted it, then after a few minutes checked my > site's DC and > > found that it had updated to the correct time, then a bit later my > machine > > had done the same. So presumably all DCs and workstations on the > network > > will by correct soon. > > > > -----Original Message----- > > From: John Hornbuckle > > [mailto:john.hornbuc...@taylor.k12.fl.us<mailto:john.hornbuc...@taylor.k12.fl.us>] > > Sent: Thursday, January 07, 2010 9:37 AM > > To: NT System Admin Issues > > Subject: Time > > > > I received a complaint from one of my users that the time on her > computer is > > four minutes behind actual time. And she's right--I've noticed myself > that all > > of our computers are four minutes behind. > > > > I've never messed with the time features in Windows, so I'm not sure > how to > > correct this. From what I can tell, it client machines update their > time from > > their site's domain controller. Since this is happening at multiple > sites, the > > time on all sites' DCs appears to be four minutes behind. But where do > the > > domain controllers get THEIR time from? > > > > > > John Hornbuckle > > MIS Department > > Taylor County School District > > www.taylor.k12.fl.us<http://www.taylor.k12.fl.us/> > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > NOTICE: Florida has a broad public records law. Most written > communications > > to or from this entity are public records that will be disclosed to > the public > > and the media upon request. E-mail communications may be subject to > > public disclosure. > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ________________________________ Any medical information contained in this electronic message is CONFIDENTIAL and privileged. It is unlawful for unauthorized persons to view, copy, disclose, or disseminate CONFIDENTIAL information. This electronic message may contain information that is confidential and/or legally privileged. It is intended only for the use of the individual(s) and/or entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete this material from your computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information that it contains. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~