The server cannot synchronize with an external time source after you run the Configure E-mail and Internet Connection Wizard on Windows Small Business Server 2003 (887355)


The information in this article applies to:

  • Microsoft Windows Small Business Server 2003, Premium Edition

SYMPTOMS

Your server cannot synchronize with an external time source after you run the Configure E-mail and Internet Connection Wizard. This problem occurs when the following conditions are true:
  • Your server is running Microsoft Windows Small Business Server 2003, Premium Edition.
  • Your server has Microsoft Internet Security and Acceleration (ISA) Server 2000 installed.

CAUSE

This problem occurs if you select the direct broadband connection type when you run the Configure E-mail and Internet Connection Wizard. If you select the direct broadband connection type, a custom packet filter is created for Simple Network Time Protocol (SNTP). This custom packet filter is named SBS NTP 123 Out CustomFilter. It is defined as follows:

IP Protocol: TCP
Direction: Outbound
Local port: All ports
Remote port: Fixed port
Remote port number: 123

The custom packet filter incorrectly specifies Transmission Control Protocol (TCP) instead of User Datagram Protocol (UDP) as the IP protocol. For time synchronization to work correctly, the packet filter must permit UDP traffic in the "send receive" direction on port 123.

RESOLUTION

To resolve this problem, use one of the following methods.

Modify the SBS NTP 123 Out CustomFilter

To modify the IP protocol and the direction in the SBS NTP 123 Out CustomFilter, follow these steps:
  1. Start the ISA Management tool. To do this, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. Expand your Windows Small Business Server computer name, expand Access Policy, and then click IP Packet Filters.
  3. In the Name column, double-click SBS NTP 123 Out CustomFilter.
  4. Click the Filter Type tab.
  5. In the IP protocol list, click UDP.
  6. In the Direction list, click Send receive.
  7. In the Local port list, click All ports.
  8. In the Remote port list, click Fixed port.
  9. Make sure that port number 123 is specified in the Remote port number box.
  10. Click OK.

Add a new ISA Server custom packet filter

To add a new custom packet filter, follow these steps:
  1. Start the ISA Management tool. To do this, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Management.
  2. Expand your Windows Small Business Server computer name, expand Access Policy, and then click IP Packet Filters.
  3. Right-click IP Packet Filters, point to New, and then click Filter to start the New IP Packet Filter Wizard.
  4. Type a descriptive name for the filter, such as SNTP Allow Filter, and then click Next.
  5. Click Allow packet transmission as the filter mode, and then click Next.
  6. Click Custom as the filter type, and then click Next.
  7. Configure the following settings on the Filter Settings page:
    • In the IP protocol list, click UDP.
    • In the Direction list, click Send receive.
    • In the Local port list, click All ports.
    • In the Remote port list, click Fixed port.
    • In the Port number box for the remote port, type 123.
  8. Click Next.
  9. Click Next two times to accept the default settings, and then click Finish.

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

REFERENCES

For additional information about how to configure an SNTP packet filter, click the following article number to view the article in the Microsoft Knowledge Base:

323621 How to configure the Simple Network Time Protocol (SNTP) on ISA Server

Modification Type:MajorLast Reviewed:10/27/2004
Keywords:kbpending kbtshoot kbBug KB887355 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.