NTP shows as not synchronized when running
status_check on the Advanced Threat Protection's (ATP) Command Line Interface (CLI).
Service NTPD status - FAILED. Some possible causes and recommendations:
1. NTP is misconfigured on the ATP appliance. Check your appliance settings.
2. Network connectivity problems. Re-evaluate your network and firewall rules.
3. NTP server issue. Verify the functionality of the NTP server.
NTP NOT synchronized!
Please fix NTP configuration, else
the appliance may not function properly.
You're using an internal Windows NTP source such as your Domain Controller (DC)
Running the command
w32tm /query /status on the NTP source produces output similar to the following:
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source name: "LOCL")
Last Successful Sync Time: 5/25/2018 2:15:25 AM
Source: Local CMOS Clock
Poll Interval: 6 (64s)
The Root Dispersion of 10.0s is higher than the expected 1.5s
if the time servers is a DC, change
*HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\* LocalClockDispersion from 10 to 0