We are on 2008 R2 DC's & win10 machines. We see some blocks on local machine firewall event logs , sample below :-
=========================================================
Application Information:
Application Name: \device\harddiskvolume3\windows\system32\svchost.exe
Network Information:
Direction: Inbound
Source Address: <PDC IP, One more DC IP>
Destination Address: <My local machine IP>
Destination Port: 123
Protocol: 17
========================================
I understand that clinet machine sync time with PDC but why I see one more IP in source address. DO I need to open communication for port 123 with all DCs in my windows firewall. When I query for source (w32tm / query /source) I see a 3rd DC name which is not PDC. How do I find the real time source for my domain as well
Please advise