Re: NTP on OpenVMS using TCPIP services
- From: "Richard B. Gilbert" <rgilbert88@xxxxxxxxxxx>
- Date: Fri, 04 Jul 2008 13:35:13 -0400
baldrick wrote:
Spooky! As AEF's query comes in, I seek clarification on what I'm seeing...
Versions FWIW VMS 7.3-1, TCPIP 5.3 eco 2, also OpenVMS 8.3 (Alpha) and TCPIP 5.6, time server Windows Server 2003, and Windows XP professional. NTP version on VMS is 4.1
NTP on this Alpha was working quite well with a UNIX NTP server, until it was retired.
Scenario is, using the documentation for HP's TCPIP services I set up NTP naming two Windows servers as "peers". Debugging this using TCPIP$NTPQ shows a REJECT status in the "associations" display. Increasing the log level using the logical TCPIP$NTP_LOG_LEVEL (to 3) just seemed to indicate nothing was happening to correct the time.
So I replicated the scenario at home, and used my XP Pro system as a server, and set up the same way got exactly the same symptoms. I enabled detailed logging on the Windows side (microsoft technet articles) and saw the requests coming in, and even the correct value / difference in time was reported and the stratum was 0. What I had proved was that it wasn't a firewall or authentication issue. I was now in a position to start looking at the NTP CONF file.
When i changed the peer to server and the IP address, all of a sudden NPTQ started looking different and the RUN logs again had more detail about offsets.
The line in the TCPIP$NTP.CONF file was:
peer 192.168.0.150
changed to
server 192.168.0.150
where that address is the IP of the time server of course.
It took a while but eventually the Windows time service log showed a stratum of 3 (then later 5) and within 2 hours the time was synchronized.
Then I did the same on the systems that I was seeing the original behaviour, and low, behold, its working now.
SO the question is, is this an error in the documentation (or not very clear) or something introduced by using Windows that "peer" worked for the UNIX NTP server, but Windows (the replacement NTP server) requires "server" instead?
What is the authentication about? I see the program to create the keys but in what circumstances is it used? This was one thought why I was seeing the REJECT message in the debugging.
Anything else relevant here? I'll also accept that I may have not fully understood the documentation, or even the NTP process.
(Also documented so googlers may seek details)
"peer" in NTP speak refers to systems at the same NTP stratum that can serve time to each other. Ideally the peered systems would each use at least one unique time source.
Windows does not offer NTP. It has an SNTP client and should be used only as a leaf node. It WILL serve time and, if you allow it to do so, you deserve whatever happens!!
There IS an NTP implementation for Windows. If you need it, go to http://www.ntp.org/ and explore a little. The NTP implementation can be used to serve time if you need to, although I would use Windows as an NTP server only as a last resort.
NTP authentication is used to verify the identity of the servers you are getting time from. Authenticated packets are cryptographically signed by the server. If you need to be able to prove that your time is traceable to some particular server, you would use authentication to do so.
.
- Follow-Ups:
- Re: NTP on OpenVMS using TCPIP services
- From: Rich Jordan
- Re: NTP on OpenVMS using TCPIP services
- References:
- NTP on OpenVMS using TCPIP services
- From: baldrick
- NTP on OpenVMS using TCPIP services
- Prev by Date: Re: VMS SAN Primer
- Next by Date: Re: Happy Independence Day
- Previous by thread: Re: NTP on OpenVMS using TCPIP services
- Next by thread: Re: NTP on OpenVMS using TCPIP services
- Index(es):
Relevant Pages
|
