Microsoft KB Archive/887355

= The server cannot synchronize with an external time source after you run the Configure E-mail and Internet Connection Wizard on Windows Small Business Server 2003 =

Article ID: 887355

Article Last Modified on 12/3/2007

-

APPLIES TO


 * Microsoft Windows Small Business Server 2003 Premium Edition

-





SYMPTOMS
Your server cannot synchronize with an external time source after you run the Configure E-mail and Internet Connection Wizard. This problem occurs when the following conditions are true:
 * Your server is running Microsoft Windows Small Business Server 2003, Premium Edition.
 * Your server has Microsoft Internet Security and Acceleration (ISA) Server 2000 installed.



CAUSE
This problem occurs if you select the direct broadband connection type when you run the Configure E-mail and Internet Connection Wizard. If you select the direct broadband connection type, a custom packet filter is created for Simple Network Time Protocol (SNTP). This custom packet filter is named SBS NTP 123 Out CustomFilter. It is defined as follows:

IP Protocol: TCP

Direction: Outbound

Local port: All ports

Remote port: Fixed port

Remote port number: 123

The custom packet filter incorrectly specifies Transmission Control Protocol (TCP) instead of User Datagram Protocol (UDP) as the IP protocol. For time synchronization to work correctly, the packet filter must permit UDP traffic in the &quot;send receive&quot; direction on port 123.



RESOLUTION
To resolve this problem, use one of the following methods.

Modify the SBS NTP 123 Out CustomFilter
To modify the IP protocol and the direction in the SBS NTP 123 Out CustomFilter, follow these steps:
 * 1) Start the ISA Management tool. To do this, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Management.
 * 2) Expand your Windows Small Business Server computer name, expand Access Policy, and then click IP Packet Filters.
 * 3) In the Name column, double-click SBS NTP 123 Out CustomFilter.
 * 4) Click the Filter Type tab.
 * 5) In the IP protocol list, click UDP.
 * 6) In the Direction list, click Send receive.
 * 7) In the Local port list, click All ports.
 * 8) In the Remote port list, click Fixed port.
 * 9) Make sure that port number 123 is specified in the Remote port number box.
 * 10) Click OK.

Add a new ISA Server custom packet filter
To add a new custom packet filter, follow these steps:
 * 1) Start the ISA Management tool. To do this, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Management.
 * 2) Expand your Windows Small Business Server computer name, expand Access Policy, and then click IP Packet Filters.
 * 3) Right-click IP Packet Filters, point to New, and then click Filter to start the New IP Packet Filter Wizard.
 * 4) Type a descriptive name for the filter, such as SNTP Allow Filter, and then click Next.
 * 5) Click Allow packet transmission as the filter mode, and then click Next.
 * 6) Click Custom as the filter type, and then click Next.
 * 7) Configure the following settings on the Filter Settings page:
 * 8) * In the IP protocol list, click UDP.
 * 9) * In the Direction list, click Send receive.
 * 10) * In the Local port list, click All ports.
 * 11) * In the Remote port list, click Fixed port.
 * 12) * In the Port number box for the remote port, type 123.
 * 13) Click Next.
 * 14) Click Next two times to accept the default settings, and then click Finish.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section.

