Score:1

NTP Server is setup for ntp keys. How can we configure windows server to communicate to our time server using the keys?

mx flag

We have an NTP server that was setup with NTP keys. https://docs.ntpsec.org/latest/ntp_keys.html

We are trying to configure our domain controllers to use this NTP server as the authoritative time source. We can talk to the NTP server without keys fine but as soon as we enable keys on the NTP side, communication fails. Where can we specify a keys file/strings to allow Windows to talk to our NTP server using NTP keys? Thank you!

Score:1
cn flag

w32time is not compatible with ntpd's symmetric key implementation. Meinberg cites Microsoft MS-SNTP spec in which packets are either using MS netlogon based auth extension, or unauthenticated. ntpd gained experimental mssntp support, but no guarantee it will be available on your NTP server.

The goal of NTP auth is to reduce the risk of an impostor NTP server serving the wrong time. When this is difficult to implement, use alternative controls at the network level.

Assuming you wish to continue running your NTP servers on not-Windows, remove the keys and use unauthenticated. Domain controllers use it as an "internet" source. Protect the NTP server by restricting access to it. Use a private network for transport. Limit queries to allowed subnets with firewalls and possibly ntpd's restrict keyword.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.