Yet another thread on Camera Time Server problems

[Sybertiger]

Sorry to have to bring this subject up again as it should be a no brainer to set up the Blue Iris server to provide time server services to the cameras. I thought I had this set up but apparently it's not working correctly. I followed THESE DIRECTIONS to create a standalone time server on the BI computer.

As you can see below, I have the Dahau camera settings showing two cameras that are off by 15 seconds even though the time server setting are the same. This tells me the cameras are not syncing with the BI time server.

192.168.0.254 is the ethernet adapter the POE switch is connect to while 192.168.1.145 is the ethernet adapter connected to the home router.

I believe I have the UDP port 123 open within the Windows Firewall.

W32Time time server settings look right...but oddly VMICTimeProvider is enabled but the report after running w32tm /query /configuration doesn't show VMICTimeProvider at all. Is that the issue?

VMICTimeProvider is enabled but the report after running w32tm /query /configuration doesn't show VMICTimeProvider in the configuration.

Time services are running...

There's something I've missed but I haven't been able to put my finger on it yet. And, I may have forgotten to post one of my settings....

 

[pozzello]

need to somehow bind the ntp service (ie, make it listen) to your 192.168.0.254 IP address, is my guess...

maybe put a PC on the PoE subnet and run nmap against .254 to see if port 123 is open?

 

[pozzello]

then again, I gave up trying to make my BI windows 10 machine into an NTP server and instead run it on my router (openWRT/Gargoyle)...

 

[SouthernYankee]

SEE posts in

Dual NICs, NTP Nettime Windows 10

 

[Whoaru99]

After looking into this sort of thing for my setup, I took the advice to disable Windows time service and use NetTime.

What was the final sticking point for me that allowed it to work was being sure the 123 port rule was applied to the correct profile type of the camera NIC.

See where your 123 rule says "Public" profile? Be sure that matches the profile type of the camera NIC, either Public or Private, whichever it is.

 

[Sybertiger]

I went back to the Windows Firewall and changed the inbound rule for port 123 so that it's private to match the NIC going to the camera POE switch. It didn't fix my problem. And for good measure I turned OFF the Firewall to make sure the problem wasn't the Firewall setting and that didn't make a difference so I turned it back ON.

 

[Sybertiger]

Okay...I'm abandoning using the standard Windows 10 built in time sync capability and moving onto NetTime. I undid what I originally did to try to get the Windows 10 time sync services going...

1. I stopped/disabled the Windows Time service (w32time)
2. In RegEdit I disabled the NtpServer at .\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w32time\TimeProviders\NtpServer
3. I went to Control Panel > Date and Time > Internet Time ... then unchecked Synchronize with an Internet time server (which had been on and pointing to time.windows.com).
4. NetTime installed and running with "Allow other computers to sync to this computer" enabled. Verified it's working by changing the time/date on the computer then watched it get corrected automatically within seconds.
5. Firewall UDP port 123 is open in the Windows Firewall both public/private and I made this rule for both incoming and outgoing traffic.
6. The Dahau camera's date & time settings are still set with NTP enabled, server port 192.168.0.254 (the POE switch's connection to the NIC on the BI server), port 123
7. Rebooted the BI computer and the cameras for good measure.

This setup is not working. What makes it so difficult to set this up or should we ask what makes me so stupid I can't figure it out?

If I manually click the SYNC PC button on the Dahau Date & Time settings it does in fact sync to the PC's time. Doesn't that tell me that the cameras can talk to the PC and get the correct time? But why aren't he NTP settings on the camera working to automatically set the time?

 

[SkyLake]

Create a firewall rule for the NetTimeService.exe

And in the options of NetTime, check "Allow other computers to sync to this computer"

 

[Whoaru99]

Do you have 192.168.0.254 set as the default gateway in the cameras?

Not sure if that's the ticket since you have it set in the camera NTP server address. But, in all my cams, I have the default gateway IP and the NTP server IP set to the static IP of the camera NIC, and NTP is working.

 

[crw030]

Create a firewall rule for the NetTimeService.exe

And in the options of NetTime, check "Allow other computers to sync to this computer"

^^ THIS, I just had this problem where I put a random time on a camera and realized it wasn't setting time via NTP. Making sure that the Time Service has a UDP firewall rule with the proper interface type (public/private/domain) fixed the problem for me but I had to also tick the box indicated by @SkyLake

 

[bp2008]

You can also verify that the time service is listening by looking in Resource Monitor. In this example I've highlighted the port and protocol used by Blue Iris. For an NTP server it would be port 123 with UDP protocol.

]

 

[Sybertiger]

Thanks everyone for your suggestions. It turns out that SkyLake was dead-on correct.

For anyone who is starting off setting up their BI server as a time server for their cameras the following is what I suggest:

1. Do NOT follow the instructions at THIS LINK.
2. Install the NetTime application on your BI server. In NetTime settings check the box "Allow other computers to sync to this computer". Also check the box "Start NetTime service at bootup".
3. In the Windows Firewall under "Inbound Rules", create a new rule by clicking "New Rule...", then select "Program", then browse to the NetTimeService.exe which is probably located at %ProgramFiles% (x86)\NetTime\NetTimeService.exe on your computer and select it, then select "Allow the connection", then check the box (either "Private" or "Public") that matches your NIC network type that is dedicated to your POE switch, then give your new rule a name that is appropriate, then click "Finish".
4. On each of your cameras go to the settings for the "Date & Time" and under NTP enter the server IP address of your NIC that is dedicated to your POE Switch, set the port number to 123, set the interval or update period to 10 minutes or whatever you like, save your settings. NOTE, you are not going to use the IP address of the BI server but rather the NIC IP address for the switch that your cameras are connected to.
5. It should be working, you should test it by changing the time on your camera then wait the interval update period and check that the cameras are updating the time to the correct time. You do not need to create any other firewall rule expect the one mentioned above which is for an "incoming" request. You do NOT need to create a rule for outgoing traffic.

 

[Sybertiger]

Do you have 192.168.0.254 set as the default gateway in the cameras?

Not sure if that's the ticket since you have it set in the camera NTP server address. But, in all my cams, I have the default gateway IP and the NTP server IP set to the static IP of the camera NIC, and NTP is working.

Yes, you would naturally have your cameras already set up with the gateway IP address to match the NIC IP address that the POE switch is connected to on the BI server. The cameras were always working...the problem was specifically trying to get the BI server to listen to the NTP requests coming from the cameras.

 

[Sybertiger]

I'm not sure why NetTime opens TCP and UDP port 37 for the NetTimeService as UDP 123 is used but I went ahead and disabled port 37 for NetTimeService.

 

[Whoaru99]

Port 37 was for an earlier type of time service. That's pretty much been replaced by NTP on 123.

 

[Sybertiger]

Port 37 was for an earlier type of time service. That's pretty much been replaced by NTP on 123.

Yup, that's my understanding. Not sure why it was enabled since it's no longer used but I thought I'd tighten security up by disabling it.

 

[Whoaru99]

Probably just to avoid an issue where it might still be used in a legacy situation.

 

[Whoaru99]

Yes, you would naturally have your cameras already set up with the gateway IP address to match the NIC IP address that the POE switch is connected to on the BI server. The cameras were always working...the problem was specifically trying to get the BI server to listen to the NTP requests coming from the cameras.

Yes, I understood the problem. I thought perhaps the gateway IP might be contributing due to suggestions I've seen on this forum to put some irrelevant numbers in there.

In hindsight, the gateway IP setting in the camera appears to be immaterial to picking up the NTP correction (and immaterial to basic camera function) as long as you point the camera NTP settings to the right place, NTP service is running, and the necessary port open.

I have a new HDW5321 I did an experiment with -

• PC NIC is set to static IP 192.168.216.10, no gateway IP entered/gateway IP all blanks
• Camera IP is 192.168.216.55
• Camera gateway IP is 192.168.216.1 (there is nothing on the LAN with IP 192.168.216.1)
• Camera NTP set to 192.168.216.10
• NetTime service running, incoming UDP port 123 open to the Public network (the type of the camera LAN)

Camera works fine, NTP works fine.

 

[Sybertiger]

As long as octet3.octet2.octet1.X match the network it'll work....may as well point it to the NIC the switch is plugged into.

 

[Whoaru99]

Yes, that is the way I normally have it. It was just a test to see if it actually seemed to matter.

All I could see, and maybe it was just perception, seemed like the cam's web interface comes up a bit faster when the cam gateway IP points to the NIC IP rather than to the wild blue yonder.