KB44457 - Frequent VIP flap is observed on Virtual Machines running on VMWare/ESXi in A/P cluster.
KB44558 - Network Time Protocol (NTP) issues after upgrading Pulse Connect Secure / Pulse Policy Secure to 9.1R8 Virtual Machines
KB25932 - Known false positive CVE list
KB43622 - Pulse One (PSA7000) Setup Guide
SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8
KB44559 - Host checker fails with Error "Host checker didn't get installed properly. Your computer doesn't meet requirements" upon upgrade to Pulse Desktop Client 9.1R8.
SA44328 - 2019-12: Out-of-Cycle Advisory: Vulnerability could allow attackers to sniff or hijack VPN Connections (CVE-2019-14899)
SA40241 - Pulse client privilege escalation issue (CVE-2016-2408)
KB17423 - Caveats when using LDAP based Password Management functionality through PCS.
KB23445 - What is the functionality of the HTTP Connection Timeout option
What would you like to know?
< Back to search results
KB44607 - NTP Functionality Changes in 9.1R8+
Last Modified Date
11/14/2020 6:19 PM
NTP Functionality Changes in 9.1R8+
Prior to 9.1R8
9.1R8 and up
standard [min poll(64sec) and max poll(1024sec)].
Number of Configurable NTP Servers
2 NTP servers configurable (Primary NTP server and a Secondary NTP server)
Up to 4 NTP servers are configurable
The PCS sync'd time with the primary NTP server based on the configured interval
The PCS uses ntpd daemon to sync and maintain the system date and time of day using its own logic by poling the NTP pool at the standard designated intervals.
Problem or Goal
Prior to the NTP functionality changes, the PCS used to sync time with the Primary NTP server. If the Primary NTP server was not reachable, then it would sync with the Secondary NTP server.
The PCS would sync an incorrect time if the Primary NTP server drifted.
NTP fails to sync due to Default VLAN is enabled on the Internal Port. (PRS-396134)
A minimum of three (3) NTP servers are configured after upgrading to 9.1R8 and above.
It is not recommended to use only one or two NTP servers.
Using three or more NTP servers will help protect against one incorrect time source.
For more information about NTP upstream quality, refer to
section 5.3.3 in the NTP documentation
Four (4) NTP are recommended for best results.
DNS resolution is done via internal port regardless of whether NTP is configured for the external port:
To change the DNS behavior, this will need to be done under
> Overview > Port for DNS Traffic
The impact of this change will send not just NTP traffic but all DNS traffic out the external port as well.
If running a Virtual Appliance, ensure that "sync host time" is disabled.
Was this article helpful?
Please tell us how we can make this article more useful.