IPS Module Sync NTP Server Error

So working on an IPS module. I finally got it up and running with a reload and install of an upgrade package. However the NTP server would not sync even though it was configured correctly!



When adding an IPS module to the IPS Manager Express you may come across the following error.  In order to fix this we need to re-associate the time clock and make sure that the local host and the IPS are actually in sync.

What to check:

1. Check NTP Configuration 

 IPS# sh clock - Check clock to make sure it is in sync or not with the actual NTP Server / ASA host

14:44:29 GMT-06:00 Tue May 28 2013

 IPS# sh statistics host - Check the configuration of the host to make sure that it is actually synchronized and associating to the correct NTP source
General Statistics
   Last Change To Host Config (UTC) = 28-May-2013 18:18:06
   Command Control Port Device = Management0/0
Network Statistics
    = ma0_0     Link encap:Ethernet  
    =           inet addr:1.1.1.107  Bcast: 1.1.1.255 Mask:255.255.255.0
    =           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    =           RX packets:26100 errors:0 dropped:0 overruns:0 frame:0
    =           TX packets:26088 errors:0 dropped:0 overruns:0 carrier:0
    =           collisions:0 txqueuelen:1000
    =           RX bytes:8393742 (8.0 MiB)  TX bytes:7143148 (6.8 MiB)
NTP Statistics
    =      remote           refid      st t when poll reach   delay   offset  ji                                      tter
    = *1.1.1.10    LOCAL(1)         4 u   87  128  377    1.184   -0.510   0                                      .069
    =  LOCAL(0)        LOCAL(0)        15 l   45   64  377    0.000    0.000   0                                      .008
    = ind assID status  conf reach auth condition  last_event cnt
    =   1 58492  b624   yes   yes  none  sys.peer   reachable  2
    =   2 58493  9024   yes   yes  none    reject   reachable  2
   status = Synchronized

Below this is multiple steps to take in order to deal with re-syncing the IPS Module. 
2. Re-configure the NTP Server in the IPS 
 CMD:
config t
service host
ntp-option disable
ntp-option enable-ntp-unauthenticated
ntp server X.X.X.X


3. Reload the IPS Module
   Reloading the IPS module will bring back the module by doing a soft restart and trying to re-confirm the NTP source.

CMD:  (from an ASA)  hw-module module 1 reload 
             (check state of IPS from ASA)  show module 1 details

4. If all else fails ( which it did in this scenario )  

Change the timezone of the IPS module. Change it to any other zone that you are NOT in. Then change it back to your current timezone. 

CMD:
config t
service host
time-zone-settings
standard-time-zone-name (TIMEZONE)
offset (Offset in Minutes)

*****Changing timezone will require the sensor to reboot.


Comments

Post a Comment

Popular posts from this blog

HULC LED PROCESS - 3750 High CPU

Image
If you're looking at a switch and you see the HULC LED Process running high. The HULC LED process does some of the following tasks: 1. Check link status on every port 2. If the switch supports POE, it checks to see if there is a power device 3. Transceiver checks 4. Fan status updates 5. Set LED ports 6. Check on temperature status Overall the HULC LED Process is a monitoring process running. During looking into this I turned off all non-used ports since it checks the link status. Then I made sure the environment was good. Two Cisco Bugs: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsi78581 http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtn42790
Read more

%PLATFORM_UCAST-4-PREFIX: --------- TCAM 3750 Switch

Image
 %PLATFORM_UCAST-4-PREFIX:  One or more, more specific prefixes could not be programmed into TCAM and are being covered by a less specific prefix, and the packets may be software forwarded So what is TCAM ? Ternary Content Addressable Memory is used in multi-layer switching also know as Layer 3 switching. The switches forward the packets and frames at the speed of the line by using ASIC hardware. Normally switches make there forwarding decisions based on Layer 2. TCAM is used for Layer 3 components and other features such as QOS and ACES ( Access List ).  Check TCAM and usage of templates being used in the device.  show sdm prefer ? ! This will show us the templates that can be used in the device to give more resources to one feature or the other. For example the default is the equal resource distribution while the routing gives more resources to Layer 3 routing. show sdm prefer ! The command without the "?" will show us what we are currently r
Read more