Here's an update: I connected to Dell chat support and they found the source of the problem--Management ACL's block SNTP traffic. You have to have a explicit permit rule in the priority list. Also, the DOS attack suppression still has to be disabled; this was not addressed in 2.2.0.3. Hopefully they'll get to that because I'd like to use it. I may try to zero in on which part of DOS suppression is causing the problem.
Found the cause of the problem. SNTP will not sync up if you have DOS attack protection on. This is apparently a bug with the latest version of the firmware. Hopefully Dell will address it in the next patch.
Unfortunately, I am still stuck. I updated to FW 2.2.0.3 last night, and now SNTP is hopelessly broken. DOS attack protection is entirely disabled, so that is not a factor. I actually started from scratch with the firmware, manually resetting all of the various switch configuration parameters, so I know it's not a matter of bringing in wonky config information from the old firmware revision (1.0.0.27). Dell definitely broke something. I'm going to take it up with support and see what sort of walls I run into.
Huh. I just performed the 2.2.0.3 myself and now SNTP has stopped working again. I suppose I'll do another packet sniff and look at the NTP frame coming from our Internet gateway. If it shows success (like it did when it was working) I'll know that it's the switch. Keep me posted if you hear anything from Dell.
Excellent! Thanks for the update! I haven't had a chance to contact them myself... Exchange 2007 migration ate my week. I'll dig into that later today, though. Can't push syslog data with bad time on the switches... throws off my reporting mojo.
Worked great! Don't think I'd have thought to check that, frankly. I appreciate your posting the results. I was able to get things all smooth and shiny over the weekend. Now if I could only warm up the -25 wind chills outside...
And here's what I discovered this morning regarding Denial of Service: I've narrowed it down to "Denial of Service L4 port". When this is enabled the switch will not allow a successful time update to occur.
BrandonSchultz
13 Posts
1
December 13th, 2008 10:00
Here's an update: I connected to Dell chat support and they found the source of the problem--Management ACL's block SNTP traffic. You have to have a explicit permit rule in the priority list. Also, the DOS attack suppression still has to be disabled; this was not addressed in 2.2.0.3. Hopefully they'll get to that because I'd like to use it. I may try to zero in on which part of DOS suppression is causing the problem.
B. Schultz
BrandonSchultz
13 Posts
0
November 26th, 2008 13:00
Found the cause of the problem. SNTP will not sync up if you have DOS attack protection on. This is apparently a bug with the latest version of the firmware. Hopefully Dell will address it in the next patch.
B. Schultz
rnieland
3 Posts
0
December 11th, 2008 11:00
Unfortunately, I am still stuck. I updated to FW 2.2.0.3 last night, and now SNTP is hopelessly broken. DOS attack protection is entirely disabled, so that is not a factor. I actually started from scratch with the firmware, manually resetting all of the various switch configuration parameters, so I know it's not a matter of bringing in wonky config information from the old firmware revision (1.0.0.27). Dell definitely broke something. I'm going to take it up with support and see what sort of walls I run into.
Randy
BrandonSchultz
13 Posts
0
December 11th, 2008 11:00
Huh. I just performed the 2.2.0.3 myself and now SNTP has stopped working again. I suppose I'll do another packet sniff and look at the NTP frame coming from our Internet gateway. If it shows success (like it did when it was working) I'll know that it's the switch. Keep me posted if you hear anything from Dell.
B. Schultz
rnieland
3 Posts
0
December 13th, 2008 11:00
Brandon,
Excellent! Thanks for the update! I haven't had a chance to contact them myself... Exchange 2007 migration ate my week. I'll dig into that later today, though. Can't push syslog data with bad time on the switches... throws off my reporting mojo.
Thanks again!
Randy
rnieland
3 Posts
0
December 15th, 2008 05:00
Worked great! Don't think I'd have thought to check that, frankly. I appreciate your posting the results. I was able to get things all smooth and shiny over the weekend. Now if I could only warm up the -25 wind chills outside...
BrandonSchultz
13 Posts
0
December 15th, 2008 06:00
Good deal. Try apple cider--it's season for it!
BrandonSchultz
13 Posts
0
December 15th, 2008 07:00
And here's what I discovered this morning regarding Denial of Service: I've narrowed it down to "Denial of Service L4 port". When this is enabled the switch will not allow a successful time update to occur.
spgsit
2 Intern
•
185 Posts
0
May 7th, 2015 07:00
Years later & on my 5548 I still get:
%SNTP-D-NTPBADVER: NTP server version not compatible
with latest available firmware
Unit SW version Boot version HW version
------------------- ------------------- ------------------- -------------------
1 4.1.0.12 1.0.0.14 00.00.02
Any idea what needs to be actually changed (in GUI or CLI) to get it working?
Seb
spgsit
2 Intern
•
185 Posts
0
May 7th, 2015 14:00
clock summer-time GMT recurring eu
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 10.0.0.45 poll
It is Windows Server 2012 R2 that does NTP for all devices on my network
console# show clock
21:20:46 GMT(UTC+1) May 7 2015
Time source is sntp
Seb
spgsit
2 Intern
•
185 Posts
0
May 8th, 2015 07:00
Upgraded to latest code, still get errors:
ERRPARSETZSTRING - %SNTP-D-NTPBADVER: NTP server version not compatible
AlfistaSK
1 Rookie
•
12 Posts
0
September 17th, 2018 06:00
Hi,
I have the same problem but with version 3.0.0.98 and I have the state of the NTP server as unknown.
Please can you write here the rule, and where exactly to add it, that I can enable it too.
And I have an additional question: Is possible to add the NTP servers as FQDN or only as IP addresses?
Thanks for help.