Hi Gurus of Time!

I am very happy to announce that we just released a new stable version of our 
NTP Installer for Windows, including ntp-4.2.4p3 and openssl-0.9.8e.

The new version includes - besides the current ntp-stable version - a number of 
nice new features:

- silent/unattended install (see 
http://www.meinberg.de/english/sw/readme-ntpinstaller.htm for instructions how 
to use that feature)
- checks for Windows Firewall settings (on XP SP2, 2003 and Vista) and offers to 
add an exception for NTP (opening UDP Port 123)
- now is digitally signed by Meinberg (the installer executable and the included 
ntp binaries)

A few minor glitches have been fixed (and others have been probably added ;-)) 
and I would definitely recommend everybody to upgrade. Everybody? Well, if you 
still run Windows/NT, you should stick with the fluxcap-v2 version. Simply 
because 4.2.4p3 contains a bug which prevents it from working on NT machines.

You can get it here: (Meinberg NTP Download Page)
http://www.meinberg.de/english/sw/ntp.htm

[Shameless Promotion]
While you are on our download page: Please try our nice NTP Time Server Monitor 
application. It is free and has been greatly improved over the last weeks. 
Things like sending SNMP traps or very convenient debugging features (you have 
never seen peervars being presented like this) should tempt even the most 
addicted ntpq users :-)

Oh, yes, of course it is free :-)

[/Shameless Promotion]

Best Regards,
  Heiko



P.S.: This release is named Foehr, after the German island of Foehr. I went 
there on vacation after I put this release together. If you are interested, just 
drop me a mail and I provide you with more information about this nice little 
place :-)

Heiko Gerstung wrote:
> Hi Gurus of Time!
>
> I am very happy to announce that we just released a new stable
> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
> openssl-0.9.8e.
> The new version includes - besides the current ntp-stable version - a
> number of nice new features:
>
> - silent/unattended install (see
> http://www.meinberg.de/english/sw/readme-ntpinstaller.htm for
> instructions how to use that feature)
> - checks for Windows Firewall settings (on XP SP2, 2003 and Vista)
> and offers to add an exception for NTP (opening UDP Port 123)
> - now is digitally signed by Meinberg (the installer executable and
> the included ntp binaries)
>
> A few minor glitches have been fixed (and others have been probably
> added ;-)) and I would definitely recommend everybody to upgrade.
> Everybody? Well, if you still run Windows/NT, you should stick with
> the fluxcap-v2 version. Simply because 4.2.4p3 contains a bug which
> prevents it from working on NT machines.
[]
> Best Regards,
>  Heiko

Heiko,

On Windows 2000 Workstation the upgrade files-only installation fails 
with:

  The ordinal 3837 could not be located in the dynamic link library 
LIBEAY32.dll

Setup: ntp-4.2.4p3-RC1@foehr-o-win32-setup.exe works fine.

The upgrade worked OK on some Windows XP Pro systems and one XP Home 
system.  Intentionally, not tested on NT4.

Cheers,
David 

David J Taylor schrieb:
> Heiko Gerstung wrote:
>> Hi Gurus of Time!
>>
> []
>> Best Regards,
>>  Heiko
> 
> Heiko,
> 
> On Windows 2000 Workstation the upgrade files-only installation fails 
> with:
> 
>   The ordinal 3837 could not be located in the dynamic link library 
> LIBEAY32.dll
> 
> Setup: ntp-4.2.4p3-RC1@foehr-o-win32-setup.exe works fine.

Did you try to to a complete re-install as an alternative to the "Upgrade Files 
only" approach and was that unsuccessful, too?

> The upgrade worked OK on some Windows XP Pro systems and one XP Home 
> system.  Intentionally, not tested on NT4.

Thank you for your feedback. Sounds like there is a problem with the SSL 
libaries on some systems.

> Cheers,
> David 


Best Regards,
Heiko

Heiko Gerstung wrote:
> David J Taylor schrieb:
>> Heiko Gerstung wrote:
>>> Hi Gurus of Time!
>>>
>> []
>>> Best Regards,
>>>  Heiko
>>
>> Heiko,
>>
>> On Windows 2000 Workstation the upgrade files-only installation fails
>> with:
>>
>>   The ordinal 3837 could not be located in the dynamic link library
>> LIBEAY32.dll
>>
>> Setup: ntp-4.2.4p3-RC1@foehr-o-win32-setup.exe works fine.
>
> Did you try to to a complete re-install as an alternative to the
> "Upgrade Files only" approach and was that unsuccessful, too?
>
>> The upgrade worked OK on some Windows XP Pro systems and one XP Home
>> system.  Intentionally, not tested on NT4.
>
> Thank you for your feedback. Sounds like there is a problem with the
> SSL libaries on some systems.
>
>> Cheers,
>> David
>
>
> Best Regards,
> Heiko

Heiko,

No, I didn't want to loose my configuration, and I don't have more time to 
test today.

Cheers,
David 

David J Taylor schrieb:
> Heiko Gerstung wrote:
>> David J Taylor schrieb:
>>> Heiko Gerstung wrote:
>>>> Hi Gurus of Time!
>>>>
>>> []
>>>> Best Regards,
>>>>  Heiko
>>> Heiko,
>>>
>>> On Windows 2000 Workstation the upgrade files-only installation fails
>>> with:
>>>
>>>   The ordinal 3837 could not be located in the dynamic link library
>>> LIBEAY32.dll
>>>
>>> Setup: ntp-4.2.4p3-RC1@foehr-o-win32-setup.exe works fine.
>> Did you try to to a complete re-install as an alternative to the
>> "Upgrade Files only" approach and was that unsuccessful, too?
>>
>>> The upgrade worked OK on some Windows XP Pro systems and one XP Home
>>> system.  Intentionally, not tested on NT4.
>> Thank you for your feedback. Sounds like there is a problem with the
>> SSL libaries on some systems.
>>
>>> Cheers,
>>> David
>>
>> Best Regards,
>> Heiko
> 
> Heiko,
> 
> No, I didn't want to loose my configuration, and I don't have more time to 
> test today.

OK. On a sidenote: The configuration file will not be deleted when you choose a 
full re-install, so no configuration is lost AFAICS. I appreciate your efforts 
and it seems that I already found the problem. I Will release a new version of 
the installer later today.

Best Regards,
Heiko

> 
> Cheers,
> David 
> 
> 

Hello Heiko,

I installed the new ntp version ntp-4.2.4p3@1.1502-foehr-o-win32-
setup.exe for Windows and it works great. Thanks!

I have been testing it on four Windows XP machines one of which is a
laptop.  The improvements over the earlier version 4.2.0a are
significant specifically because of the bug 622 fix.  I have
successfully tested this new version as follows:
- Service auto-start on boot up
- Disconnect/reconnect to network.
- Hibernate/awaken
- Standby/awaken

I do have three issues that I have discovered.

My first issue is the installation problem that you are already
discussing. I ended up just doing a complete uninstall/reinstall on
all of my machines which worked fine.

My second issue is that on the initial boot of my machines the ntpd
service successfully autostarts but it only includes one (1) ntp time
server even though I have seven (7)  time servers in my configuration
file. After which, if I restart the ntpd service then all seven of my
ntp time servers are included. I have rebooted several times and I
have been able to consistently reproduce this phenomena. Also, I had
previously been running version ntp-4.2.4p3-RC1@foehr-o-win32-
setup.exe for a few days since you announced it on this forum.  With
that version, on initial boot the ntpd service only included three (3)
out of the seven (7) time servers in my configuration file. Likewise,
a restart of the ntpd service would then include all seven ntp time
servers.  I find this very strange.....

My third issue is minor. That is, the "ntpd --version" command does
not appear to work. The command hesitates for about 10 seconds and
then says: "Use -d, -q, --help or -n to run from the command line."
This happens regardless if the ntpd service is already running or
stopped.

Thanks again for this significant upgrade!

Gordon Dickens

gldickens3 schrieb:
> Hello Heiko,
> 
> I installed the new ntp version ntp-4.2.4p3@1.1502-foehr-o-win32-
> setup.exe for Windows and it works great. Thanks!
> 
> I have been testing it on four Windows XP machines one of which is a
> laptop.  The improvements over the earlier version 4.2.0a are
> significant specifically because of the bug 622 fix.  I have
> successfully tested this new version as follows:
> - Service auto-start on boot up
> - Disconnect/reconnect to network.
> - Hibernate/awaken
> - Standby/awaken

Sounds great! Thanks for testing!

> I do have three issues that I have discovered.
Oh, OK ... :-)

> My first issue is the installation problem that you are already
> discussing. I ended up just doing a complete uninstall/reinstall on
> all of my machines which worked fine.
Yes. The bug is that the upgrade mechanism tries to detect if you have installed 
OpenSSL with the installer and if it thinks that you did not, it will skip 
updating OpenSSL which in turn results in this unknown symbol (because the old 
OpenSSL library is still used....).  I fixed that and uploaded a new version of 
the foehr installer without bumping the version number. You can see that you 
have the fixed version by looking at the digital signature which should be dated 
July, 27th 2007 ... If you have a signature from yesterday, it is the first 
version which still includes this bug.

> My second issue is that on the initial boot of my machines the ntpd
> service successfully autostarts but it only includes one (1) ntp time
> server even though I have seven (7)  time servers in my configuration
> file. After which, if I restart the ntpd service then all seven of my
> ntp time servers are included. I have rebooted several times and I
> have been able to consistently reproduce this phenomena. Also, I had
> previously been running version ntp-4.2.4p3-RC1@foehr-o-win32-
> setup.exe for a few days since you announced it on this forum.  With
> that version, on initial boot the ntpd service only included three (3)
> out of the seven (7) time servers in my configuration file. Likewise,
> a restart of the ntpd service would then include all seven ntp time
> servers.  I find this very strange...
Did you specifiy your missing servers by hostname or IP address in your ntp.conf 
file? I could imagine that they are not used because the DNS service is not up 
and running when NTP is started.

...
> 
> My third issue is minor. That is, the "ntpd --version" command does
> not appear to work. The command hesitates for about 10 seconds and
> then says: "Use -d, -q, --help or -n to run from the command line."
> This happens regardless if the ntpd service is already running or
> stopped.
OK, I will have a look at this and probably file a bug.

Best Regards,
Heiko


> Thanks again for this significant upgrade!
> 
> Gordon Dickens
> 

On Jul 27, 8:46 am, Heiko Gerstung
<heiko_removeme_.gerst...@meinberg.de> wrote:
> gldickens3 schrieb:
>
> > My second issue is that on the initial boot of my machines the ntpd
> > service successfully autostarts but it only includes one (1) ntp time
> > server even though I have seven (7)  time servers in my configuration
> > file.
>
> Did you specifiy your missing servers by hostname or IP address in your ntp.conf
> file? I could imagine that they are not used because the DNS service is not up
> and running when NTP is started.

Hi Heiko,

Yep, I had specified the host name instead of the IP addresses for
five of the seven time servers. As soon as I changed time server host
name to IP addresses in my ntp.conf file then all time servers were
then used on the initial boot of my machine.  Problem solved!

Thanks,

Gordon

gldickens3 wrote:
[]
> Hi Heiko,
>
> Yep, I had specified the host name instead of the IP addresses for
> five of the seven time servers. As soon as I changed time server host
> name to IP addresses in my ntp.conf file then all time servers were
> then used on the initial boot of my machine.  Problem solved!
>
> Thanks,
>
> Gordon

Gordon,

This might explain what I've seen in my portable (which I don't use a 
lot).  I have created a desktop shortcut to stop and restart NTP once the 
PC is fully up and talking to its wireless network.

Should NTP have a dependency on DNS being working, before the NTP service 
starts?  IIRC, it does depend on TCP being running, but it looks as if 
that isn't enough.  It's as if it should depend on the DNS service being 
running, but of course many PCs don't run DNS as a service.....

Heiko,

I'll wait until a few more issues are resolved before testing on the 
Windows 2000 system again.

Cheers,
David 

On Jul 27, 11:03 am, "David J Taylor" <david-tay...@blueyonder.not-
this-bit.nor-this-bit.co.uk> wrote:
> gldickens3 wrote:
>
>
> > As soon as I changed time server host
> > name to IP addresses in my ntp.conf file then all time servers were
> > then used on the initial boot of my machine.  Problem solved!
>
> Should NTP have a dependency on DNS being working, before the NTP service
> starts?

Ideally, yes.  However, I think that it is fine the way that it is as
if a special note is included in an FAQ somewhere that says that IP
addresses should be used instead of host names in order for the ntpd
service to work properly on initial Windows boot up.

Heiko said:
> I fixed that and uploaded a new version of
> the foehr installer without bumping the version number. You can see that you
> have the fixed version by looking at the digital signature which should be dated
> July, 27th 2007 ... If you have a signature from yesterday, it is the first
> version which still includes this bug.

I downloaded and ran the new installer and it works fine now. Thanks!

FYI,

Gordon

Heiko Gerstung wrote:
> Hi Gurus of Time!
>
> I am very happy to announce that we just released a new stable
> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
> openssl-0.9.8e.
[]
> Best Regards,
>  Heiko

Heiko,

There /may/ be another issue with Windows 2000, in that NTP is producing 
event-log messages about not being able to write ntp.drift.TEMP.  I 
checked the ntp.drift (actually in \WinNT\ in this installation) and it 
didn't have a permissions entry for the ntp account, so I have now changed 
the permissions to all-users, full control.  It's about 30 minutes before 
the next error message is due, so I'll try and check back then....

No, it seems to still want to write to ntp.drift.TEMP rather than 
ntp.drift, so I've started NTP after checking the permissions on 
ntp.drift.  Check back in just over an hour....

Well, now it /is/ writing to ntp.drift.TEMP, but seem to have deleted the 
file ntp.drift.  I don't understand this behaviour.

Version:
  ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)

Cheers,
David 

"David J Taylor" <david-taylor@blueyonder.not-this-bit.nor-this-bit.co.uk>
wrote in message news:5Pnqi.5327$By5.3785@text.news.blueyonder.co.uk...
[...]
> Should NTP have a dependency on DNS being working, before the NTP
> service starts?  IIRC, it does depend on TCP being running, but it
> looks as if that isn't enough.  It's as if it should depend on the
> DNS service being running, but of course many PCs don't run DNS as
> a service.....

If there are hostnames in ntp.conf, obviously the answer is yes.
But it's not the DNS server which is needed but the DNS resolver,
Dnscache/DNS Client on my Windows 2000.

Groetjes,
Maarten Wiltin

Maarten Wiltink wrote:
> "David J Taylor"
> <david-taylor@blueyonder.not-this-bit.nor-this-bit.co.uk> wrote in
> message news:5Pnqi.5327$By5.3785@text.news.blueyonder.co.uk... [...]
>> Should NTP have a dependency on DNS being working, before the NTP
>> service starts?  IIRC, it does depend on TCP being running, but it
>> looks as if that isn't enough.  It's as if it should depend on the
>> DNS service being running, but of course many PCs don't run DNS as
>> a service.....
>
> If there are hostnames in ntp.conf, obviously the answer is yes.
> But it's not the DNS server which is needed but the DNS resolver,
> Dnscache/DNS Client on my Windows 2000.
>
> Groetjes,
> Maarten Wiltin

My mistake.  DNS resolver/cache/client it should be.

David 

David J Taylor wrote:
> Heiko Gerstung wrote:
>> Hi Gurus of Time!
>>
>> I am very happy to announce that we just released a new stable
>> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
>> openssl-0.9.8e.
> []
>> Best Regards,
>>  Heiko
>
> Heiko,
>
> There /may/ be another issue with Windows 2000, in that NTP is
> producing event-log messages about not being able to write
> ntp.drift.TEMP.  I checked the ntp.drift (actually in \WinNT\ in this
> installation) and it didn't have a permissions entry for the ntp
> account, so I have now changed the permissions to all-users, full
> control.  It's about 30 minutes before the next error message is due,
> so I'll try and check back then....
> No, it seems to still want to write to ntp.drift.TEMP rather than
> ntp.drift, so I've started NTP after checking the permissions on
> ntp.drift.  Check back in just over an hour....
>
> Well, now it /is/ writing to ntp.drift.TEMP, but seem to have deleted
> the file ntp.drift.  I don't understand this behaviour.
>
> Version:
>  ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)
>
> Cheers,
> David

[Danny - you keep writing to me by e-mail, and not on the 
comp.protocols.time.ntp.  Is the gateway broken?]

>
> Please post the actual error message from the event log rather than
> just describing it. It's hard to track down without the text.
>
> Danny

Danny, here is the error message - I didn't post it as it didn't seem very 
informative:

"can't open E:\WINNT\ntp.drift.TEMP: Input/output error"

Cheers,
David 

David J Taylor wrote:
[]
> Should NTP have a dependency on DNS being working, before the NTP
> service starts?  IIRC, it does depend on TCP being running, but it
> looks as if that isn't enough.  It's as if it should depend on the
> DNS service being running, but of course many PCs don't run DNS as a
> service.....

Another Danny Meyer e-mail response:

> You can add a dependency on the DNS client service for NTP by adding
> this to the service on Windows. I assume that the installer doesn't do
> this. There is obviously a dependency on being able to resolve names
> if you use that in your configuration file. Note that the DNS server
> also needs to be running as the DNS client needs to contact the
> server to resolve names.
>
> Danny

Danny,

Thanks for that.


Heiko,

Could you check what service dependancies should be set, especially for 
those of use who want to use names rather than IP numbers for our servers?

Thanks,
David 

David J Taylor schrieb:
> David J Taylor wrote:
>> Heiko Gerstung wrote:
>>> Hi Gurus of Time!
>>>
>>> I am very happy to announce that we just released a new stable
>>> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
>>> openssl-0.9.8e.
>> []
>>> Best Regards,
>>>  Heiko
>> Heiko,
>>
>> There /may/ be another issue with Windows 2000, in that NTP is
>> producing event-log messages about not being able to write
>> ntp.drift.TEMP.  I checked the ntp.drift (actually in \WinNT\ in this
>> installation) and it didn't have a permissions entry for the ntp
>> account, so I have now changed the permissions to all-users, full
>> control.  It's about 30 minutes before the next error message is due,
>> so I'll try and check back then....
>> No, it seems to still want to write to ntp.drift.TEMP rather than
>> ntp.drift, so I've started NTP after checking the permissions on
>> ntp.drift.  Check back in just over an hour....
>>
>> Well, now it /is/ writing to ntp.drift.TEMP, but seem to have deleted
>> the file ntp.drift.  I don't understand this behaviour.
>>
>> Version:
>>  ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)
>>
>> Cheers,
>> David
> 
> [Danny - you keep writing to me by e-mail, and not on the 
> comp.protocols.time.ntp.  Is the gateway broken?]
> 
>> Please post the actual error message from the event log rather than
>> just describing it. It's hard to track down without the text.
>>
>> Danny
> 
> Danny, here is the error message - I didn't post it as it didn't seem very 
> informative:
> 
> "can't open E:\WINNT\ntp.drift.TEMP: Input/output error"

You have to assign your NTP account write permissions for the directory you want 
to store your driftfile in. When writing a new driftfile, the daemon (as far as 
I remember correctly) creates a temporary file (ntp.drift.temp) and afterwards 
renames it to ntp.drift ...

The installer uses the "Program Files\ntp\etc" directory as a location for the 
drift file and assigns the necessary permissions to the service account it 
eventually has created.

Best Regards,
Heiko


> Cheers,
> David 
> 
> 

Heiko Gerstung wrote:
> David J Taylor schrieb:
>> David J Taylor wrote:
>>> Heiko Gerstung wrote:
>>>> Hi Gurus of Time!
>>>>
>>>> I am very happy to announce that we just released a new stable
>>>> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
>>>> openssl-0.9.8e.
>>> []
>>>> Best Regards,
>>>>  Heiko
>>> Heiko,
>>>
>>> There /may/ be another issue with Windows 2000, in that NTP is
>>> producing event-log messages about not being able to write
>>> ntp.drift.TEMP.  I checked the ntp.drift (actually in \WinNT\ in
>>> this installation) and it didn't have a permissions entry for the
>>> ntp account, so I have now changed the permissions to all-users,
>>> full control.  It's about 30 minutes before the next error message
>>> is due, so I'll try and check back then....
>>> No, it seems to still want to write to ntp.drift.TEMP rather than
>>> ntp.drift, so I've started NTP after checking the permissions on
>>> ntp.drift.  Check back in just over an hour....
>>>
>>> Well, now it /is/ writing to ntp.drift.TEMP, but seem to have
>>> deleted the file ntp.drift.  I don't understand this behaviour.
>>>
>>> Version:
>>>  ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)
>>>
>>> Cheers,
>>> David
>>
>> [Danny - you keep writing to me by e-mail, and not on the
>> comp.protocols.time.ntp.  Is the gateway broken?]
>>
>>> Please post the actual error message from the event log rather than
>>> just describing it. It's hard to track down without the text.
>>>
>>> Danny
>>
>> Danny, here is the error message - I didn't post it as it didn't
>> seem very informative:
>>
>> "can't open E:\WINNT\ntp.drift.TEMP: Input/output error"
>
> You have to assign your NTP account write permissions for the
> directory you want to store your driftfile in. When writing a new
> driftfile, the daemon (as far as I remember correctly) creates a
> temporary file (ntp.drift.temp) and afterwards renames it to
> ntp.drift ...
> The installer uses the "Program Files\ntp\etc" directory as a
> location for the drift file and assigns the necessary permissions to
> the service account it eventually has created.
>
> Best Regards,
> Heiko

Heiko,

As you will probably have realised, this is an upgrade from an earlier 
version of NTP which used \WinNT\ rather than \Program Files\, so the 
config file was pointing to somewhere other than where the installer was 
expecting.  What I've tried now is copying the ntp.drift.temp file to 
ntp.drift, and assigning it all users, full control.

Perhaps in this case, a fresh install would have been a better idea, just 
adding the servers and logging to the ntp.conf.  The other systems have 
all been a fresh install with your installer, as they have been fresh 
installs of XP made since your installer was released.  I do now vaguely 
recall having to go through this before, whereas your installer handles it 
all for you.

Thanks for your help.

Cheers,
David 

gldickens3 <gldickens3@gmail.com> writes:

> On Jul 27, 11:03 am, "David J Taylor" <david-tay...@blueyonder.not-
> this-bit.nor-this-bit.co.uk> wrote:
> > gldickens3 wrote:
> >
> >
> > > As soon as I changed time server host
> > > name to IP addresses in my ntp.conf file then all time servers were
> > > then used on the initial boot of my machine.  Problem solved!
> >
> > Should NTP have a dependency on DNS being working, before the NTP service
> > starts?
> 
> Ideally, yes.  However, I think that it is fine the way that it is as
> if a special note is included in an FAQ somewhere that says that IP
> addresses should be used instead of host names in order for the ntpd
> service to work properly on initial Windows boot up.

But you can also define service-dependencies in recent Windows releases. The
only question is: What's the name of the service to wait for, and if it's
know, is it i18nd (Internationalizationed)?

> 
> Heiko said:
> > I fixed that and uploaded a new version of
> > the foehr installer without bumping the version number. You can see that you
> > have the fixed version by looking at the digital signature which should be dated
> > July, 27th 2007 ... If you have a signature from yesterday, it is the first
> > version which still includes this bug.
> 
> I downloaded and ran the new installer and it works fine now. Thanks!
> 
> FYI,
> 
> Gordon

"Ulrich Windl" <Ulrich.Windl@RZ.Uni-Regensburg.DE> wrote in message
news:87myxdxc8s.fsf@pc9454.klinik.uni-regensburg.de...
[...]
> But you can also define service-dependencies in recent Windows releases.
> The only question is: What's the name of the service to wait for, and
> if it's know, is it i18nd (Internationalizationed)?

Well, in both an English and a Dutch Windows 2000, the short name was
Dnscache, and the long name was 'DNS Client'. Which may not say much
for the long name, but I'd guess the short name isn't.

Groetjes,
Maarten Wiltink

"David J Taylor" <david-taylor@blueyonder.not-this-bit.nor-this-bit.co.uk> writes:

> Heiko Gerstung wrote:
> > Hi Gurus of Time!
> >
> > I am very happy to announce that we just released a new stable
> > version of our NTP Installer for Windows, including ntp-4.2.4p3 and
> > openssl-0.9.8e.
> []
> > Best Regards,
> >  Heiko
> 
> Heiko,
> 
> There /may/ be another issue with Windows 2000, in that NTP is producing 
> event-log messages about not being able to write ntp.drift.TEMP.  I 
> checked the ntp.drift (actually in \WinNT\ in this installation) and it 
> didn't have a permissions entry for the ntp account, so I have now changed 
> the permissions to all-users, full control.  It's about 30 minutes before 
> the next error message is due, so I'll try and check back then....

Why not use %USERPROFILE% instead of "%SystemRoot% for state information?
There may be also %TMP% or %TEMP% defined.  UNIX users always make a
difference between program directories (which may be shared read-only) and
data directories which should be writable and private).

> 
> No, it seems to still want to write to ntp.drift.TEMP rather than 
> ntp.drift, so I've started NTP after checking the permissions on 
> ntp.drift.  Check back in just over an hour....

AFAIK: if the temporary file is removed, so are your ACLs.

> 
> Well, now it /is/ writing to ntp.drift.TEMP, but seem to have deleted the 
> file ntp.drift.  I don't understand this behaviour.
> 
> Version:
>   ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)
> 
> Cheers,
> David 

Ulrich Windl wrote:
[]
> Why not use %USERPROFILE% instead of "%SystemRoot% for state
> information?
> There may be also %TMP% or %TEMP% defined.  UNIX users always make a
> difference between program directories (which may be shared
> read-only) and
> data directories which should be writable and private).

Oh, I agree, but on this system had:

   driftfile %windir%\ntp.drift

and I was simply doing an upgrade on what I thought was a working system.

>> No, it seems to still want to write to ntp.drift.TEMP rather than
>> ntp.drift, so I've started NTP after checking the permissions on
>> ntp.drift.  Check back in just over an hour....
>
> AFAIK: if the temporary file is removed, so are your ACLs.

So I've added the user "ntp" with full access rights to %windir% and it's 
OK now.  On this particular box, security isn't /that/ critical.  A fresh 
installation would probably have done everything properly, and would have 
been a better choice for that system.

Thanks for your comments, Ulrich.

Cheers,
David 

Ulrich Windl schrieb:
> "David J Taylor" <david-taylor@blueyonder.not-this-bit.nor-this-bit.co.uk> writes:
> 
>> Heiko Gerstung wrote:
>>> Hi Gurus of Time!
>>>
>>> I am very happy to announce that we just released a new stable
>>> version of our NTP Installer for Windows, including ntp-4.2.4p3 and
>>> openssl-0.9.8e.
>> []
>>> Best Regards,
>>>  Heiko
>> Heiko,
>>
>> There /may/ be another issue with Windows 2000, in that NTP is producing 
>> event-log messages about not being able to write ntp.drift.TEMP.  I 
>> checked the ntp.drift (actually in \WinNT\ in this installation) and it 
>> didn't have a permissions entry for the ntp account, so I have now changed 
>> the permissions to all-users, full control.  It's about 30 minutes before 
>> the next error message is due, so I'll try and check back then....
> 
> Why not use %USERPROFILE% instead of "%SystemRoot% for state information?
> There may be also %TMP% or %TEMP% defined.  UNIX users always make a
> difference between program directories (which may be shared read-only) and
> data directories which should be writable and private).

This is how it works with the installer per default. It creates an 
account with which the service is running and uses %PROGRAM 
FILES%\ntp\etc as its default location for the drift file. The service 
account is granted read-write access to "his" directories and there is 
no need to grant any rights to other directories.

Older versions of the NTP port for Windows did not honor all file 
location statements in the config file (such as "driftfile") and ignored 
the "-c configfile" commandline parameter, instead they searched for the 
config file in three fixed locations (in the windir subtree) and used 
hardcoded (AFAIK) locations for the driftfile.

I guess that David's system once ran such an old ntpd and the installer 
now does not touch this existing setup, if you choose the "update 
binaries only" approach.

>> No, it seems to still want to write to ntp.drift.TEMP rather than 
>> ntp.drift, so I've started NTP after checking the permissions on 
>> ntp.drift.  Check back in just over an hour....
> 
> AFAIK: if the temporary file is removed, so are your ACLs.

Correct. The biggest problem in terms of security was that using the 
temporary file approach requires ntpd to have write access to the whole 
directory.

> 
>> Well, now it /is/ writing to ntp.drift.TEMP, but seem to have deleted the 
>> file ntp.drift.  I don't understand this behaviour.
>>
>> Version:
>>   ntpd 4.2.4p3-RC1@foehr-o Jun 29 13:52:39 (UTC+02:00) 2007  (10)
It writes to ntp.drift.TEMP, deletes ntp.drift and then renames 
ntp.drift.TEMP back to ntp.drift ...

A 3 minute re-install would fix this, just backup your config file, 
uninstall your old installation of ntp, reinstall ntpd using the new 
foehr installer and copy your ntp.config file to the etc subdirectory of 
your NTP installation.

Best Regards.
Heiko


>> Cheers,
>> David 

Heiko Gerstung wrote:
[]
> A 3 minute re-install would fix this, just backup your config file,
> uninstall your old installation of ntp, reinstall ntpd using the new
> foehr installer and copy your ntp.config file to the etc subdirectory
> of your NTP installation.
>
> Best Regards.
> Heiko

Heiko,

Yes, I did a re-install today, without the Replace Files Only option, and 
everything seems fine.  It's not a 100% fresh install as I copied the 
existing drift file and loopstats, but the SSL DLL error is gone, and the 
drift file and loopstats are updating correctly.  The previous install 
probably used the System account rather than the new "ntp" account.

This was on Windows 2000 Professional, using the download on your Web site 
this afternoon.  All seems to be OK.

Cheers,
David 

Maarten Wiltink schrieb:
> "Ulrich Windl" <Ulrich.Windl@RZ.Uni-Regensburg.DE> wrote in message
> news:87myxdxc8s.fsf@pc9454.klinik.uni-regensburg.de...
> [...]
>> But you can also define service-dependencies in recent Windows releases.
>> The only question is: What's the name of the service to wait for, and
>> if it's know, is it i18nd (Internationalizationed)?
> 
> Well, in both an English and a Dutch Windows 2000, the short name was
> Dnscache, and the long name was 'DNS Client'. Which may not say much
> for the long name, but I'd guess the short name isn't.
> 
> Groetjes,
> Maarten Wiltink
> 
> 

The installer now simply checks for the existence of a service called Dnscache 
and if it finds it (and it is marked for "automatic start"), it will be used as 
a dependency. If not, the installer falls back to Tcpip.

Thanks a lot for your input, Ulrich and Maarten.

Best Regards,
Heiko

Heiko Gerstung wrote:
[]
> The installer now simply checks for the existence of a service called
> Dnscache and if it finds it (and it is marked for "automatic start"),
> it will be used as a dependency. If not, the installer falls back to
> Tcpip.
> Thanks a lot for your input, Ulrich and Maarten.
>
> Best Regards,
> Heiko

Heiko,

This sounds like a good improvement, but I'm not quite clear whether it 
will help my "portable with wireless" problem.  Perhaps it will.  However, 
simply having the DNS Client running does not mean that the wireless 
network is connected, and the DNS Client is actually resolving DNS 
addresses.

I can't recall now if there's anything in the NTP code itself which will 
repeated try to resolve IP addresses if they don't work first time. 
Something like once a minute would probably be frequent enough at 
start-up, and perhaps once an hour in the event of the connection to one 
server being lost.

Cheers,
David