NTP shows as not synchronized when running status_check
command through Command Line Interface (CLI) on Endpoint Detection and Response (EDR) .
Service NTPD status - FAILED. Some possible causes and recommendations:
1. NTP is misconfigured on the ATP appliance. Check your appliance settings.
2. Network connectivity problems. Re-evaluate your network and firewall rules.
3. NTP server issue. Verify the functionality of the NTP server.
NTP NOT synchronized!
Please fix NTP configuration, else
the appliance may not function properly.
An internal Windows NTP source is used as Time Server, such as the Domain Controller (DC).
Running the command w32tm /query /status
on the NTP source produces output similar to:
Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source IP: "10.x.x.x")
Last Successful Sync Time: 5/25/2018 2:15:25 AM
Source: Hostname.Domain.net
Poll Interval: 6 (64s)
The Root Dispersion of 10.0s is higher than the expected 1.5s
If the time servers is a DC, change the value of Root Dispersion as follows:
Note: It is highly recommended to take a backup of registry before making any direct changes.