• This topic has 2 replies, 3 voices, and was last updated February 17, 2021 by Lloyd H.

NTP scans after Upgrade to 8.5 up1

  • hello after upgrading our zerto zvm 2 sites to 8.5 patch 1, we’re seeing NTP port 123 quries from VRA’s and seems to be scanning for various outside ntp sites.  like to  Ziply 50.39.170.40, 78.46.162.102 in germany, and ips in austrilia.  its currently blocked at firewall.  we traced it back to all/any of the VRA’s.  and we can see it started right after we upgraded to 8.5 patch1 which included an upgrade of the VRA’s after the site ZVM servers.  since its a debian based distro, I can turn off the ntp service on vra but I’m guessing it would impact replication and change tracking.  support ticket submitted.

     

    anyone else?

    Same here after upgrade. Have you got any useful information from support?

     

    regards Tobias

    We had upgraded to 8.5 and are also noticing the same issue, we edited the ntp.conf file and commented out the pool 0.debian.pool.ntp.org  (zero through 3 or all pool settings)

    Then we added our ESXi NTP settings under the server ntp.your-provider.example and restarted the VRA in vCenter, used NSX Netflow to monitor traffic and confirmed NTP settings under server were being used.

    Hope that helps, BTW, you can use the ssh.ppk from the ZVM to putty into the VRA’s as root

     

You must be logged in to create new topics. Click here to login