Domain Replication NTP (Firewall)

I need a solution

Good Morrning,

I’ve deployed NTP on our Domain Controller, whereby only the Microsoft defined Active Directory ports are allowed. This works great for our workstations, but I noticed our secondary Domain Controller is now failing replication. So as a result, I created a new rule to allow All traffic from all ports, inbound and outbound, to the Secondary Domain Controller IP Address. Through the SEPM I can see this rule is allowing some types of traffic between Primary and Secondary DC- yet replication still fails. 

I know this is NTP related, because if I disable the firewall on the primary DC, then the secondary DC (which has no firewall) replication is a success.

So my question is, what other NTP feature would cause replication to fail despite explicitly having a rule to allow All between these two servers? I’ve attached a screenshot of the rule which applies to the Primary Domain Controller, whereby the IP of the secondary DC is added under “Hosts”.

The rules below that one just go on to allow specific AD ports for all hosts, as well as some prohibitive rules which should not apply to the Secondary DC since this is the first rule in the sequence, above all else. 

Any guidance would be appreciated, I’ve been struggling with this for days now.



  • No Related Posts

Leave a Reply