Re: NTP on OpenVMS using TCPIP services

On Jul 4, 12:35 pm, "Richard B. Gilbert" <rgilber...@xxxxxxxxxxx>
wrote:
baldrick wrote:
Spooky! As AEF's query comes in, I seek clarification on what I'm seeing...

Versions FWIW VMS 7.3-1, TCPIP 5.3 eco 2, also OpenVMS 8.3 (Alpha) and
TCPIP 5.6, time server Windows Server 2003, and Windows XP professional..
NTP version on VMS is 4.1

NTP on this Alpha was working quite well with a UNIX NTP server, until
it was retired.

Scenario is, using the documentation for HP's TCPIP services I set up
NTP naming two Windows servers as "peers". Debugging this using
TCPIP$NTPQ shows a REJECT status in the "associations" display.
Increasing the log level using the logical TCPIP$NTP_LOG_LEVEL  (to 3)
just seemed to indicate nothing was happening to correct the time.

So I replicated the scenario at home, and used my XP Pro system as a
server, and set up the same way got exactly the same symptoms. I enabled
detailed logging on the Windows side (microsoft technet articles) and
saw the requests coming in, and even the correct value / difference in
time was reported and the stratum was 0. What I had proved was that it
wasn't a firewall or authentication issue. I was now in a position to
start looking at the NTP CONF file.

When i changed the peer to server and the IP address, all of a sudden
NPTQ started looking different and the RUN logs again had more detail
about offsets.

The line in the TCPIP$NTP.CONF file was:

peer 192.168.0.150

changed to

server 192.168.0.150

where that address is the IP of the time server of course.

It took a while but eventually the Windows time service log showed a
stratum of 3 (then later 5) and within 2 hours the time was synchronized.

Then I did the same on the systems that I was seeing the original
behaviour, and low, behold, its working now.

SO the question is, is this an error in the documentation (or not very
clear) or something introduced by using Windows that "peer" worked for
the UNIX NTP server, but Windows (the replacement NTP server) requires
"server" instead?

What is the authentication about? I see the program to create the keys
but in what circumstances is it used? This was one thought why I was
seeing the REJECT message in the debugging.

Anything else relevant here? I'll also accept that I may have not fully
understood the documentation, or even the NTP process.

(Also documented so googlers may seek details)

"peer" in NTP speak refers to systems at the same NTP stratum that can
serve time to each other.  Ideally the peered systems would each use at
least one unique time source.

Windows does not offer NTP.  It has an SNTP client and should be used
only as a leaf node.  It WILL serve time and, if you allow it to do so,
you deserve whatever happens!!

There IS an NTP implementation for Windows.  If you need it, go tohttp://www.ntp.org/and explore a little.  The NTP implementation can be
used to serve time if you need to, although I would use Windows as an
NTP server only as a last resort.

NTP authentication is used to verify the identity of the servers you are
getting time from.  Authenticated packets are cryptographically signed
by the server.  If you need to be able to prove that your time is
traceable to some particular server, you would use authentication to do so.

We had to install the windows pseudo-ntp service to support some voip
phone software that only ran under windows. All the client peecees
had to use the windows time service also to avoid other complications
(ms is really good at the camels nose in the tent thing).

Our VMS systems are so far all set up using external NTP servers as
SERVER and setting each-other as 'PEER' entries in the config files.
I can see them nattering at eachother about time a few times a day;
mainly I think because the VAX is running TCPware while the Alphas and
the itanic are running TCPIP services. No issues; the VMS systems
ignore the windows network and vice versa.

Rich
.

Relevant Pages

  • Re: Timr service
    ... "To establish a computer running Windows Server 2003 as authoritative, ... open the 123 UDP port in my firewall and to execute on the forest PDCe: ... >> connecting to a NTP Internet server a secure solution? ...
    (microsoft.public.windows.server.active_directory)
  • Re: Setting Up NTP for Time Sync
    ... how do you know that yuour windows machine will act as an NTP ... That is different than acting as an ntp client. ... >> I think you have to install ntp server software onto the windows machine. ... For systems with sporadic connection to the net, ...
    (comp.os.linux.networking)
  • Re: NTP on OpenVMS using TCPIP services
    ... TCPIP 5.6, time server Windows Server 2003, and Windows XP professional. ... NTP on this Alpha was working quite well with a UNIX NTP server, ... What I had proved was that it wasn't a firewall or authentication issue. ...
    (comp.os.vms)
  • Re: Help wanted with Pathworks 5.0a
    ... One unix server in TCP/IP domain; ... This may have been the case, although the (windows) network admin assured me that *all* servers have been moved and reinstalled ... it were PDC of another domain. ... Again, if PCs were in a domain controlled by a VMS PDC, this should still be the case after the move. ...
    (comp.os.vms)
  • Re: Hey Kerry - server consolidation question
    ... > I am curious about Advanced Server and Messaging solutions, ... > realistically backend Windows desktops with these in place of Windows ... did Solaris applications ever turn up en-mase on VMS? ... people cost and downtime costs they currently experience with Windows-based ...
    (comp.os.vms)