NTP shows as not synchronized when running status_check command through Command Line Interface (CLI) on Endpoint Detection and Response (EDR) .

Service NTPD status - FAILED. Some possible causes and recommendations:
1. NTP is misconfigured on the ATP appliance.  Check  your appliance settings.
2. Network connectivity problems.   Re-evaluate your network and firewall rules.
3. NTP server issue.  Verify the functionality of the NTP server.

NTP                                             NOT synchronized!
                                                Please fix NTP configuration, else
                                                the appliance may not function properly.

An internal Windows NTP source is used as Time Server, such as the Domain Controller (DC).

Running the command w32tm /query /status on the NTP source produces output similar to:

Leap Indicator: 0(no warning)
Stratum: 1 (primary reference - syncd by radio clock)
Precision: -6 (15.625ms per tick)
Root Delay: 0.0000000s
Root Dispersion: 10.0000000s
ReferenceId: 0x4C4F434C (source IP: "10.x.x.x")
Last Successful Sync Time: 5/25/2018 2:15:25 AM
Source: Hostname.Domain.net
Poll Interval: 6 (64s)

The Root Dispersion of 10.0s is higher than the expected 1.5s

If the time servers is a DC, change the value of Root Dispersion as follows:

• Run> regedit
• Browse to registry path:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config
• Change the value of "LocalClockDispersion" from 10 to 0.

Note: It is highly recommended to take a backup of registry before making any direct changes.