Windows Time Rule Not Working

Discussion in 'LnS English Forum' started by hjbyram, Aug 24, 2006.

Thread Status:
Not open for further replies.
  1. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    I have added the rule for the Windows Time Update, however, I am still receiving the error messages.

    When I select the Update on the Internet Time tab, there is an error stating the peer is unreachable.

    Any suggestions? THANKS
     
  2. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    1- Check your rule again:
    in UDP , local and remote port 123
    From your @IP in and out
    Frag offset = 0
    Frag. flags = !DF+ !MF
    application: svchost (Generic host process)
    This rule must be correctly placed in the list.
    Check if no previous rule block this one...

    NTP server
    Don't use the Windows default ones but choose it from this list:
    http://ntp.isc.org/bin/view/Servers/WebHome

    You may choose a server from any place in the World...
    Ex. : I'm living in Eastern Canada and I have a German NTP server:
    (ptbtime1.ptb.de=192.53.103.103)

    2- Check if the Windows service "Windows time" is started in automatic mode
    Start | Run | services.msc

    3- Check in the Control Panel | Date and time
    and add the same NTP server than the one in your rule

    Save and restart the computer...

    Last remark: this service is funny but useless. If your Time/Date are wrong the best is to change the clock battery of your computer... The Time / Date are kept without this synchronisation...

    :)
     
  3. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Thanks for the reply Climenole. But I am still a little confused at this.

    Life would be easier if I knew how to copy & paste a screen shot of the rule directly in my post. Could you please tell me how to do that, so you can see what I have so far?

    I think have made most of the changes you provided, except:
    1) When I select the application tab on the UPD rule, there is no entry for SVCHOST
    2) Currently this rule is placed 1st in the list - what is the proper placement?
    3) I have been all over the NTP website you provided but haven't found anything looking like the German NTP Server you are using. Sorry, I am a new, stupid user.

    Hope you have a little more time for some much needed assistance!
     
  4. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    Oh well , there is many different way to do this.
    Here's my favourite: I'm using MWSnap (a freeware!).
    http://www.mirekw.com/winfreeware/mwsnap.html

    Make your screen or part or screen shot with this, save the picture in "jpg" format and upload it here.

    Check in this forum "Additional options" just after the text editor and click on "manage attachement": you can upload your files there...

    1- the entry for svchost is "Generic Host Process for Windows"

    2- 1 st in the list? Well : you may place this rule with the other UDP rules
    like just after the rule allowing DNS (udp request to translate "URL" such as www. My_Favourite_Site.com into IP such as 123.456.789 )

    3- About this : "I am a new, stupid user." you say...

    Write this on a piece of paper and "scotch it" on top of your monitor

    [MOVE]YOU ARE NOT STUPID hjbyram ![/MOVE]

    4- Here I joint my rule (translated in english ;-) ).
    download it, change the name by removing the ".txt", import it in your rule set...

    Don't forget to save it,. You must have the same server in the Control Panel, Time and Date, 3 rd tab... (save it there too) and finally check if the service Windows Time is running like this:
    Start | Run | services.msc
    right click on the service name | properties...
    It must be in automatic mode.

    Reboot and check.

    Hope this help!

    :)
     

    Attached Files:

  5. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    AHAHAHAHAH - I'm ready to turn this feature off completely.

    Okay, Climenole, my rule was exactly like your sample, but I hadn't selected the server yet.

    Okay, so, I have tried multiple servers in the US and none of them will work.
    So, to prove I am not going totally bonkers, I even tried your ptbtime one. Got the same An Error Has Occured While Synchronizing to the ----- Server.

    But before I forget - I love that MWSnap sofrware, which I used to get my snapshot here - fantastic. ( Edited - I removed the snapshot after posting. The rules was set up correctly though.) I have some other questions I will put in a different post as they don't relate to my current Time problem.

    Hopefully the attachment will come through. THANKS!
     
    Last edited: Aug 26, 2006
  6. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    When I just restarted my PC, I have a new error in the Log -

    U-0 UPD: Any other UPD packet ptbtime1.ptb.de Ports Dest:NTP Src:NTP

    Currently this Time UPD rule is the very 1st one listed in the log.

    Perhaps I need to be tweaking the other UPD rule, too?

    THANKS - Any help is appreciated!
     
  7. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)


    Are you sure that :
    the service Windows Time is started?
    the server name is saved in Control Panel | Date and Time?

    o_O Strange ...

    Export your rules set and send it here:
    in Internet filtering | export
    in C:\Program Files\Soft4Ever\looknstop make a copy of the ".rls" file
    and rename it by adding ".txt" at the end.

    Upload it here and I'll checked it...

    :)
     
  8. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Hopefully I did what you asked - I exported all my rules as CopyRuleSet & renamed to .txt. When I selected Export, I was presented with a list of my rules & I checked all of them, so have exported my full rule set (I think!)

    I appreciate the help, Thanks! I'm beginning to think I have missed importing some things & perhaps didn't set up some correctly.

    Be assured, yes I did add the server to the Time/Date thing, & I do get an error on it in the Log! And Yes, it is set to Automatic. I have checked that multiple times, just to be sure.
     

    Attached Files:

  9. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    Okay :)

    I checked your rule set and make some modifications in the list...
    (The rules are read from the first until the firewall find one rule matching the verified packet so the place in the list is important. I put all TCP and UDP rules at the good place.)

    I also load your rule set in my system to checked the Time and Date update.
    As usual ( :rolleyes: ) the update won't work the 2 first time I checked it.

    So I checked it again with different server and now it's working well :D including:

    ptbtime1.ptb.de 192.53.103.103
    and
    time.windows.com 207.46.130.100

    I also removed the Ip address of the time server in the rule.
    You may add the one you want ... (or 2 or no one...)

    Should be working on your PC also.

    Let me know.

    :)

    Rule set to load "hjbyram_new.rls"
    included here as "hjbyram_new.rls.txt"
    (just remove .txt and load the rule set as a whole)
     

    Attached Files:

  10. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Hey that's fantastic! I did know the rules had to be in a specific order, and that was one of my next questions - where to find that specific order.

    Next question - do I put your tweaked rules under the Soft4Ever/looknstop folder?

    And, when I import them, do I leave the name the same as you named them, or do I need to rename to the looknstop rules name?

    Thanks so much!
     
  11. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    1- Rules order

    To understand the rules order you need:

    a) a basic knowledge of formal logic
    b) a basic knowledge of the TCP-Ip protocols (Icmp, Udp, Tcp)
    including a basic knowledge of the "client-server" connections...

    One good source of information about TCP-IP protocols is Wikipedia.
    I hope the following lines will be helpfull.

    a)

    A rule set firewall is a superset of a primitive model based on 2 rules:
    The first one allow somethings, say "Allow A" and a second and last rule
    blocking evethings else, say "Block Not-A"...

    In an other word the primitive model is a logical XOR (eXclusive OR):

    "A XOR Not A" ...

    A rule set is the developpment of this primitive model.

    The only permanent rule in every rule set firewall is the last and mandatory one:
    "Block everythings else" [non-included in previous rules or not matching any previous rule...]
    This rule guaranted the concistency of the rule set.

    Each rule is an equivalent of a "Universal proposition" in formal logic:
    If ALL criterias in the rule matched the examined internet packet
    therefore the rule is true and applied to that packet.

    If not, the the next rules is checked and so on until a rule matched the examined packet.

    So we have a list of rules (Universals propositions)
    linked in a list in which only and only one rule (the "XOR") may be applied:
    the first one matching all criterias...

    b) There is different model of rules set but most of them are organized that way:

    1- Blocking rules for illegal or abnormal: Ip addresses, Icmp signals, Udp datagrams and TCP packets
    such as reserved Ip addresses for local network(not internet), or Icmps signals used for local
    network, or Fragmented Udp datagrams, or TCP packets with illegal conmbination of flags such SYN-FIN
    (Syn is used by a client to start a connection with a server, Fin is used to indicate to a server
    the the connection is finished: the combination SYN-FIN is absurd and must dropped
    (blocked with no feed back to the sender...).

    2- Rules allowing a "server" such as an FTP server on your PC or the part of P2P programs which
    allow the other members of the P2P network to access the data in the shared folder of your PC

    3- The "Central Rule" of every rule set: this make the difference between a "client" and a "server".
    A "client" is any machine in a network allowed to initiate (start or begin) a connection to a server.
    A "server" is any machine in a network set to listen on specific port(s) to allow incoming connection
    from a "client".

    The best example of this is a connection to a web server. In this case your PC is the "client".
    YOU initiate the connection to a web server: not the opposite.

    To start a connection your PC send a TCP packet with no data and the Flag SYN to the server,
    the server allow the connection by sending you a TCP packet with the flag ACK-SYN
    (acknowledge to synchronise)... All the other packets in the following connection included
    an ACK flag (ack-syn, ack-psh and so on...)

    Shortly said: only a "client" is allowed to send a TCP packet with the flag SYN to initiate a
    connection. Since tour PC is not a server, the firewall must blocked (in fact dropped: block with
    no feed-back) any incoming packet with the flag SYN.

    One of the most common incomming Tcp packet with the flag Syn is the ones sent to the port 135 by
    the Worm Blaster...Some others are sent to check if a "Troyan Horse" or a remote control program is
    listening on your PC and if so, take the control of your PC and so on...

    So this "Central rule" block incoming attemps to connect to your PC as a "server"...

    4- Applications rules for the programs allowed to conncect to internet such as web browser, email.
    instant messaging and so on...

    5- Rules blocking specific packets or protocols

    6- The last and mandatory rule:
    Block everythings else!

    Shortly said: if a rule block somethings this can not be allowed by a following rule.

    In the rule set you have (the Enhanced rules set of LNS) you have the same organisation of rules
    settled by protocol type:

    You have the 1,2,4,5 for Icmp.
    The 1,2,3, 4, 5 for TCP and
    the 1,2,4,5, for UDP
    and , the final blocking rule...


    2- Yes


    3- Use the name you want.

    4- You're wellcome !
     
  12. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Climenole -
    Okay, are you ready for a laugh - maybe not - it doesn't work for me!
    Downloaded updated rules to appropriate folder & removed .txt

    Did the Load for the new rule set under downloaded name, set the IP Address for the time server I planned to use, get the same error. Removed the IP address & set to ALL, still get the error.

    So, checked again & Yes the date/time is started & is automatic.

    I am XP SP2, DSL using Westell Versalink 327W (with it's own Firewall set to medium setting)

    I appreciate that info you gave me regarding order - have never worked with this before so am pretty clueless, but learning slowly! Also picked up a good looking book that explained some, too. Will work at becoming more proficient at this.

    One other problem - I had Norton installed. I did the unistall, which appeared to work fine & had no issues installing LnS. However, I now see that the Symantic Live Update is still there. When I try to uninstall that, I get a message that says some applications are still connected to it. I haven't seen any problems with any apps though.

    THANKS THANKS THANKS
     
  13. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    I'm sure you checked everythings and you do a good job.
    But look this new interesting information:


    Okay...
    May be this is the source of the problem.
    Try to put the setup of your router/firewall to the minimum
    or better with no filtering at all.

    Good. And check also in wikipedia. It's free...

    To completly removed the Norton Symantec stuff check this thread:
    https://www.wilderssecurity.com/showthread.php?t=143193&highlight=norton

    Hope this help.
    Let me know,
    :)
     
  14. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Climenole - Just a quick reply, been busy with work & haven't had a chance to do so.

    I have reset the firewall on the DSL router, to no avail. However, this has produced additional log messages. I believe you are saying, if I can get my LnS rules correct, I shouldn't need the firewall on the router.

    I am saving the logs, & activated the flood option as well. I am not seeing the one error today that I had yesterday, but it is to do with my ISP servers contacting me.

    If it's ok, I'll copy the log here & send it in my next post - I have only been successful in tracking/determining the one error. I do have some questions on resolving some of the log messages.

    Back to work! - THANKS for your help!
     
  15. Climenole

    Climenole Look 'n' Stop Expert

    Joined:
    Jun 3, 2005
    Posts:
    1,640
    Hi hjbyram :)

    1- About the router's firewall:
    Normally LNS and router works together with no problem
    -> You may choose to disable the router FW for debugging purpose
    or permanently. It's up to you...

    To know how to use router with LNS check this thread:
    https://www.wilderssecurity.com/showthread.php?t=9474

    2- About the log. The only usable log is the raw log because it can be
    processed with a spreadsheet such as OpenOffice Calc or Ms Excel.
    To activate the raw logging go to options tab , advanced options...


    The rule of thumb for debugging is to keep things simple.
    If you can use your router without the embedded firewall
    this keep things simple and easier to debug...

    The reason I ask you to disable the router firewalling is to check if the problems comes from Windows (wrong setup) or from LNS (parameters or rules)...

    Run Windows normally and check the Hours/Date sync ...
    The raw log will give us the tracks of what's happen and may be the solution...

    Upload this raw log here and I'll checked it .

    :)
     
  16. hjbyram

    hjbyram Registered Member

    Joined:
    Aug 6, 2006
    Posts:
    84
    Location:
    Mechanicsburg, PA
    Well, since last go round, I have downloaded & executed both the Fport & CurrPorts free software.

    Not knowing a lot about all of this, I notice that I have the same process id showing up twice for the ntp port (123) with 2 different local addresses under the svchost.exe. Both are UDP protocol. Caught me off-guard, just assumed it would be one. Actually, that one local address I didn't even recognize. This is when I run CurrPorts.

    So I ran the TCPView free software & now see that one is for the router & the other is for I guess my original system pre-router?
     
Thread Status:
Not open for further replies.