NTP Sync Issues

book

Article ID: 102387

calendar_today

Updated On:

Products

CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager (PAM)

Issue/Introduction



Customer has followed CA PAM documentation and configured the NTP Servers, but is still unable to turn the cluster on - CA PAM returns errors related to NTP. Why is this happening?

Environment

CA PAM 3.x

Resolution

Customer has used Windows servers as NTP Servers. Although there are no official restrictions to this configuration, on most environments Windows Time Servers will fail to provide CA PAM a correct time response.

Windows Time Servers are not standard NTP implementations (details here) and, because of this, CA PAM fails to sync its clock. The screenshot below shows an example of Windows Time Servers being rejected by CA PAM. The configuration is correct, the servers are reachable, but they are unable to sync:


To get rid of this issue we recommend the use of standard NTP servers, Unix/Linux based.

Attachments

1558700993846000102387_sktwi1f5rjvs16kcc.jpeg get_app