we run an upgrade on our Panorama to 9.0.7.
Since a few days, I'm receiving this warning:
NTP sync to server SERVER failed, authentication type none
Same message for primary and secondary NTP server.
I switched from internal to external NTP server. Same error.
I already checked:
CLI NTP status command
user@PAN> show ntp NTP state: NTP not synched, using local clock NTP server: 0.pool.ntp.org status: rejected reachable: no authentication-type: none NTP server: 1.pool.ntp.org status: rejected reachable: no authentication-type: none
Panorama is allowed to access external NTP servers.
VMware tools options
Time synchronization with host is disabled.
I did a reboot, same error.
Checked the know issues https://docs.paloaltonetworks.com/pan-os/9-0/pan-os-release-notes/pan-os-9-0-release-information/kno...I haven't found anything that matches.
Is somebody able to help?
Hi @philipp.scherer ,
Sounds familiar. If possible, can you test with NTP server time.google.com and check if that works ?
thanks for your fast reply.
I tried, same result.
admin@PAN> debug software restart process ntp Process ntp was restarted by user admin admin@PAN> show ntp NTP state: NTP not synched, using local clock NTP server: time.google.com status: rejected reachable: no authentication-type: none NTP server: 1.pool.ntp.org status: rejected reachable: no authentication-type: none
I also verified in the firewall logs. Panorama was allowed to connect to time.google.com.
Hi @philipp.scherer ,
Sorry if I didn't mention that in my previous comment. But could you remove the backup NTP. Just try the one 'time.google.com' without the backup.
Eitherway I'd reach out to support.
If time.google.com works when you remove the backup NTP then you're likely hitting an existing bug.
If it still doesn't work then further debugging will be required.
thanks for your hint!
I forgot to mention I already tried this with internal and external NTP servers.
I think it is a bug since i have the exact issue, i was using software version 8.1.8 and it was working fine, but i have upgraded to version 9.0.7 then i start receiving the following error "SYSTEM ALERT : medium : NTP sync to server 192.168.103.22 failed, authenticati...", case already opened but still not been fixed
I have also recently upgraded my Panorama Server and a pair of HA clusters to 9.0.7 version. I have also faced same issue on each instance.
I was also using public ntp server "time.google.com".
I tried by configuring internal NTP as well but still no luck. Then i just configured NTP IP address instead of it's FQDN. Post commit, NTP status is showing as "synched". I am also suspecting this as a kind of bug. You can give a try by configuring NTP IP address and check if it works for you.
Meanwhile i am also raising support case for this issue.
I got reply from TAC on this issue. Engineer is saying this is known issue (PAN-133179) and it is addressed in PAN-OS 9.1.2.
He also confirmed that workaround for this issue is the same that i mentioned in my earlier post. Use IP address of NTP instead of FQDN.
Not sure why this was not mentioned in known issue list/release notes for 9.0.7.
Are you using Private internal NTP or public NTP server? I would suggest to try using internal NTP server IP address.
Today also i have upgraded one more HA cluster to 9.0.7 version and i replaced public NTP FQDN with IP address of internal NTP server, and it is showing synced status.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!