[ntp:questions] Failure modes on Windows Server 2008 R2 64-bit

Olo Burrows bote.prodigy at gmail.com
Tue Aug 13 05:51:26 UTC 2013


On Monday, August 12, 2013 11:36:16 PM UTC-4, Danny Mayer wrote:
> On 8/12/2013 6:47 AM, Olo Burrows wrote:
> 
> > Has anyone experienced a failure of the Meinberg ntp binaries to run
> > on Windows Server 2008 R2?
> 
> 
> I don't know what the Meinberg installer does when installing the
> binaries though I did provide some advice to them at the time. What you
> do need need is to have the Change System Time privilege enabled for the
> user account running the service. I believe that local service has that
> or you set up an account that specifically includes that privilege. You
> have to do that in the Local Security Policy MSC. Either that or have
> administrator group. I advise not doing either of these but to establish
> a separate account with that privilege and logon as service privilege
> and remove it from the Users group.
> 
> Also make sure you disable Windows Time.
> ...
> 
> If it was built with VC90 then you need to have the freely available
> 
> VC90 runtime installed. You need OpenSSL as the Windows binary is always
> 
> built with it.
> 
> Danny

Yes, I did disable Windows Time because it is essentially useless in these applications.

The Meinberg installer is essentially brilliant. I checked deeper into the 'ntp' account created by it and the Local Police editor (gpedit.msc) reports that even though ntp does not belong to any user group the installer gives it the rights to change time and a few others that I noticed. It also disables the Windows Time service and a number of other niceties that make it almost dummy-proof. Perfect for most Windows users :-)

By the way, I did download and install the Visual C++ runtime for 2010 and 2012, not knowing which would apply. My tests led me to believe that neither one helped, despite my expectations. But perhaps the reboot for the other updates and packages that I later installed allowed it to complete its installation even though it did not prompt me to do so at the time.

It was really gratifying to see the other network devices suddenly display the correct server time once ntp fired up. Nothing better!

Thanks!



More information about the questions mailing list