Today I discovered a bug in the way that the SBS2003 wizard creates the NTP packet filter for ISA2000. The bug has been submitted to Microsoft for review.
Here it is:
The wizard creates a packet filter for NTP correctly except for one very important setting. It sets up the packet filter to use TCP instead of UDP. TCP and UDP are protocols used to transmit data. If you use the wrong protocol no one will talk to you.
I first noticed the problem when attempting to setup an SBS2003 server to sync with an external time source. This was done for a client that needed the domain time to be as accurate as possible because employees were going to be relying on it to provide accurate in/out time. Upon changing TCP to UDP and then following KB article 816042 the server is now in sync with an external time source.