• This topic has 3 replies, 3 voices, and was last updated March 9, 2021 by Ralph H.

NTP scans after Upgrade to 8.5 up1

  • Ralph H
    January 8, 2021 06:42:48 PM

    hello after upgrading our zerto zvm 2 sites to 8.5 patch 1, we’re seeing NTP port 123 quries from VRA’s and seems to be scanning for various outside ntp sites.  like to  Ziply 50.39.170.40, 78.46.162.102 in germany, and ips in austrilia.  its currently blocked at firewall.  we traced it back to all/any of the VRA’s.  and we can see it started right after we upgraded to 8.5 patch1 which included an upgrade of the VRA’s after the site ZVM servers.  since its a debian based distro, I can turn off the ntp service on vra but I’m guessing it would impact replication and change tracking.  support ticket submitted.

     

    anyone else?

    Tobias B
    February 15, 2021 03:19:06 PM

    Same here after upgrade. Have you got any useful information from support?

     

    regards Tobias

    Lloyd H
    February 17, 2021 11:04:02 PM

    We had upgraded to 8.5 and are also noticing the same issue, we edited the ntp.conf file and commented out the pool 0.debian.pool.ntp.org  (zero through 3 or all pool settings)

    Then we added our ESXi NTP settings under the server ntp.your-provider.example and restarted the VRA in vCenter, used NSX Netflow to monitor traffic and confirmed NTP settings under server were being used.

    Hope that helps, BTW, you can use the ssh.ppk from the ZVM to putty into the VRA’s as root

     

    Ralph H
    March 9, 2021 09:48:28 PM

    yes its a problem with linux distro they user for the VRA on this upgrade.  they gave me a tweak tool and some instructions to edit out the ntp broadcasts.

    Please proceed with downloading the Tweaktool at:
    https://www.zerto.com/myzerto/tools/tweak-editor/?key=TFRWTFc4dGs1TDdlRzJ0WDZQMHJIdHNMZWQwd0NNOGlBbVhPZXlJUURyVHM1Uys5QmdUWTB0KzU5OFg2Z3IyR1NTZkhvK0dTQVhNZlN1VDEzaTc5UWc9PQ==&ver=8.5%20and%20up

    Extract it anywhere on the desktop and run as administrator.

    Set tweak t_IsDisabledNameServerFromZVM` to true ( name t_IsDisabledNameServerFromZVM, value true )

    Then open putty from inside of Zerto directory ( Programfiles/Zerto )

    Enter VRA IP address on the top right, do not connect yet.

    On the left menu open SSH -> Auth, click browse and select .ppk key in Secrets folder inside of Zerto Virtual Replication folder.

    When prompted, log onto the VRA as root.

    Remove all lines from /etc/resolv.conf file on all VRAs (or edit IP setting for all VRAs from ZVM)

    Reboot all VRAs

    Verify that /etc/resolv.conf file is empty.

    After performing this set of steps, the NTP should then become disabled.

You must be logged in to create new topics. Click here to login