[ntp:questions] NTP sync on a standalone network (Windows 2k)
mayer at ntp.isc.org
Thu Aug 17 02:19:54 UTC 2006
Alexandre Carrausse wrote:
> I want to keep the time sync'd on about 90 machines spreaded on 11 different
> sites (one central site with the main servers and 10 remote sites with
> secondary domain controlers and workstations).
> All the servers are W2K server and all the workstation are W2K Pro SP4.
> It is important to note that all the links between the sites are running a
> 64 kbps, through a dedicated WAN.
> We are currently using NTP 4.1.72 which is running as a service
Upgrade, that's positively ancient. Meinberg has a freely available
binary kit with installer that makes it easy to install.
and has the
> minimal configuration, ie all clients getting their time from the "main
> central server". The server is getting its time from itself, ie 127.127.1.0.
That means that all your clients will drift away from reality, it's not
really getting time from itself, it's just saying that it will hand out
it's time to all who ask even those it's synchronized to nothing. Why
didn't you set up your central server to get it's time from a bunch of
publicly available ntp servers?
> But we are not sure that we are having a good "state of the art"
> configuration and we are unsure about the time accuracy on our system.
You don't. You have no time accuracy at all if the central server is not
synchronized to anything.
> 1. 1st question : Is this basic configuration enough?
> 2. The command line option in the service properties is greyed? Is there a
> way to specify any options?
I don't know what you mean by that. That option is always greyed when
the service is running and can be only used the one time to manually
start the service. What you need is the new version which can take
command-line options and is in the registry as part of the ImagePath in
> 3. Any recommendations regarding the remote servers? Should we peer them
> with the Central Site?
The first question that you need to answer is what is the need for
synchronization? If it is in order to do active directory authentication
then each site could just get its time from publicly available NTP
servers. If you need to keep the time very close to each other you need
to consider a different scheme. We don't know your real requirements so
it's hard to say.
> 4. Should we peer the server at the central site to keep them more on time
> (9 minutes drift in one year, but the outside world time is not very
> important for us)
Peer the server to what?
> 5. What would happen if a silly user change the time by adding lets say one
> hour to the main server... would this mistake be cascaded on all the system?
> Is there any safety options? (our application would crash if the time
> between 2 servers is more than 3 minutes)
NTP would panic and exit. Luckily for you you can set the service to run
with the "Change the system time" privilege and not give it to anyone
else and then they couldn't do that unless they had privileges on the
system, in which case they could do what they want.
> 6. I have found a lot of litteracy on
> http://www.eecis.udel.edu/~mills/ntp/, and nice tools on ntp.org, but where
> can I find any specific information about the NTP 4.1.72 for W2K software?
> What are the defaults settings compiled in this version?
We no longer support that version. Heiko is preparing a stable version
for Meinberg that you can install. What do you mean by default settings?
You really need to specify what it needs in the configuration file
(Meinberg's installer helps with that too).
> 7. What is the purpose of the ntp.drift file? What is the meaning of the
> value contained in this file?
It keeps track of how far off your clock has gotten so that on restart
it can use it as a baseline on what it should use.
More information about the questions