Alexandre Carrausse wrote: > Hello, > > I want to keep the time sync'd on about 90 machines spreaded on 11 different > sites (one central site with the main servers and 10 remote sites with > secondary domain controlers and workstations). > > All the servers are W2K server and all the workstation are W2K Pro SP4. > > It is important to note that all the links between the sites are running a > 64 kbps, through a dedicated WAN. > > We are currently using NTP 4.1.72 which is running as a service
Upgrade, that's positively ancient. Meinberg has a freely available binary kit with installer that makes it easy to install. and has the > minimal configuration, ie all clients getting their time from the "main > central server". The server is getting its time from itself, ie 127.127.1.0. > That means that all your clients will drift away from reality, it's not really getting time from itself, it's just saying that it will hand out it's time to all who ask even those it's synchronized to nothing. Why didn't you set up your central server to get it's time from a bunch of publicly available ntp servers? > But we are not sure that we are having a good "state of the art" > configuration and we are unsure about the time accuracy on our system. > You don't. You have no time accuracy at all if the central server is not synchronized to anything. > 1. 1st question : Is this basic configuration enough? > No. > 2. The command line option in the service properties is greyed? Is there a > way to specify any options? > I don't know what you mean by that. That option is always greyed when the service is running and can be only used the one time to manually start the service. What you need is the new version which can take command-line options and is in the registry as part of the ImagePath in Services. > 3. Any recommendations regarding the remote servers? Should we peer them > with the Central Site? > The first question that you need to answer is what is the need for synchronization? If it is in order to do active directory authentication then each site could just get its time from publicly available NTP servers. If you need to keep the time very close to each other you need to consider a different scheme. We don't know your real requirements so it's hard to say. > 4. Should we peer the server at the central site to keep them more on time > (9 minutes drift in one year, but the outside world time is not very > important for us) > Peer the server to what? > 5. What would happen if a silly user change the time by adding lets say one > hour to the main server... would this mistake be cascaded on all the system? > Is there any safety options? (our application would crash if the time > between 2 servers is more than 3 minutes) > NTP would panic and exit. Luckily for you you can set the service to run with the "Change the system time" privilege and not give it to anyone else and then they couldn't do that unless they had privileges on the system, in which case they could do what they want. > 6. I have found a lot of litteracy on > http://www.eecis.udel.edu/~mills/ntp/, and nice tools on ntp.org, but where > can I find any specific information about the NTP 4.1.72 for W2K software? > What are the defaults settings compiled in this version? > We no longer support that version. Heiko is preparing a stable version for Meinberg that you can install. What do you mean by default settings? You really need to specify what it needs in the configuration file (Meinberg's installer helps with that too). > 7. What is the purpose of the ntp.drift file? What is the meaning of the > value contained in this file? It keeps track of how far off your clock has gotten so that on restart it can use it as a baseline on what it should use. Danny _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
