windows ntp安装及调试

Setting up NTP on Windows

It‘s very helpful that Meinberg have provided an installer for the highly-respected and high-accurate NTP software for Windows users - my thanks to them.  This Web page provides a quick guide to installing NTP on Windows XP, Vista, or Windows-7/8, using the standard out-of-the-box settings to sync your PC to the Internet, and then checking that you have a working installation.  These notes show why you would want to use NTP as opposed to other timekeeping software.  Some programs such as the excellent Plane Plotter even require that NTP be installed before you are allowed to use some of the more advanced features.

If you have more than one PC, you should install NTP as described below on each PC.  If you have more than a few PCs you may want to create one local time server (locked to the Internet) for your network and sync the other PCs to that local server, by adding one line to the configuration file.  More information is here.  This is easy, because the software will work as both a client to a remote NTP server, and as a server to which other NTP clients can connect.  For a rather low extra cost (US $35, £25) you can lock that local time server to GPS, making it far more precise than one locked to Internet sources.  You might like to use something like a Raspberry Pi as a low-cost, stand-alone, precision time server.

Installing

Visit the Meinberg
Web site
(opens in a new tab), and look for the
section entitled: NTP package with IPv6 support for Windows XP and
newer
.  Look for the download icon
and a file named ntp...setup.exe.  Download the setup file and save it to your hard disk.

Where to download software installation files

I normally make a directory named C:\Install\
on new PCs, and it‘s where I out all my software which I‘ve downloaded.  So
in this case, I create a new directory named C:\Install\NTP\,
and download the ...setup.exe file directly to that directory.

As of July 2015, the current Meinberg version was named:  ntp-4.2.8p3-win32-setup.exe
(3.72 MB)
  I
suggest right-clicking the downloaded file, select Properties, and clicking the Unblock
button if it is present.  This will remove one warning message before
running the install procedure.  Then run the setup.exe file by double-clicking.  On
Vista or Windows-7/8 you may need to allow the file to run by answering the UAC
(User Authorisation Control) question, however, you don‘t have to disable UAC
either to install or to
run NTP.  I have had one report that on a Windows-XP/64 installation, using
right-click, Run as Administrator was required, otherwise the account created
for NTP had insufficient privileges.  The screenshots below are from an
earlier Windows-8 installation.

Assuming you agree to the terms, press I Agree.  Select a
location for the files - you have a choice to make here.

Where to install NTP?

In a single-user PC, in a benign environment, I recommend creating a directory called C:\Tools\
if you don‘t already have one, and putting the NTP software into C:\Tools\NTP\. 
I suggest this as the installation includes user-editable files, and C:\Program
Files\ isn‘t an appropriate location for such data.  This is because
of the directory virtualisation which Windows Vista and Windows-7/8 perform, and
you end up editing a file, but it‘s not the file which NTP will read.

When you create the C:\Tools\
directory, give all users full control, by right-clicking the directory in
Windows Explorer, selecting Properties, Security tab, Edit, Add.  In the
object names box, type "everyone", OK, ensure that
"Everyone" is selected, and in the Permissions box, click on Full
Control, OK.

In a multi-user PC or one which is in a not so friendly
environment, leave the default install destination folder as C:\Program
Files\NTP\ (or whatever is suggested), but be aware that you may need to
have Administrator rights when editing the configuration file.  If you
don‘t want to edit the configuration file, and most users will not, it‘s not a
great inconvenience.

Choose your directory and press Next to continue.

Leave all the components selected, and press Next to
continue.  NTP can create an initial configuration for you using servers
from the NTP Pool based on your
geographic location.  You should allow it to do this, as it saves you the task of
choosing which servers to use.  Ensure the box "Create
an initial..." is checked, and select your
nearest country or region from the drop-down list.  In the example below, I
have selected United Kingdom.  NTP will then choose servers in your region
to try and provide the nearest connection for best performance.  Leave the
other settings as the installer suggests.

Once you have selected your region, press Next.  Most
users will not need to edit the file which the installer creates, so press No to
continue.

However, you may find that the security restrictions from the latest version
of the Meinberg installer prevent NTP from seeing any external servers, so if
all your servers later show the "INIT" state, please change the security
"restrict" lines to the following:

# Suggestions for NTP restrictions (accepting ntpq commands from the LAN):
restrict source notrap nomodify nopeer
restrict 127.0.0.1
restrict ::1
restrict 192.168.0.0 mask 255.255.255.0

One source suggests that with 4.2.7 and later, the second line above should be:

restrict source nomodify noquery notrap

NTP can create an account to run the software.  NTP will run even while you are not logged into the computer ensuring even better timekeeping.  The next dialog recommends that the installer will create an account for you, and that is the appropriate setting.  It is recommended not to use the SYSTEM account.  Leave the other options as suggested.

Windows-8 & Windows-10 users: Although not recommended, please select the SYSTEM account, rather than the special NTP account.  I‘m unsure why this is required, but until Meinberg update their installer, it will save you time later to select the SYSTEM account now.  NTP will not function otherwise.

One user reported problems as he had unchecked the "Disable other Time Services..." box below, and this lead to Windows and NTP fighting over the time setting, and NTP being unable to do its job.  Unfortunately, the initial install had saved its settings in the file install.ini, so that when a re-install was attempted the same incorrect setting persisted.  Editing the install.ini file restored the correct defaults and allowed a successful installation.  Do check carefully if you are installing for a second time.

Press Next and define a password for the account.  Be sure to make a note of this password in case you need it in the future or for a re-install, but as the account has limited rights there is normally no need for it to be an ultra-secure password.  Should you forget that password, you would need to remove the ntp account in the unlikely event of a re-install.  One person got an Error 2245 from using too simple a password, or re-using the same password, but I‘ve had no other reports.

Once you press Next, the installation completes, and the NTP service is started.

Windows-8.1 and Windows-10

On a recent Windows-8.1/64 completely fresh install, and on a Windows-10/32 fresh install, I have had error messages at this point about the service not being started, and it seems that using the SYSTEM  account is the easiest way round this issue.  Likely this is related to the issues mentioned below.

You may need to allow programs through the Windows Firewall

Like any programs which access the Internet, NTP may trigger your firewall software into asking you if it‘s OK for NTPD to access the Internet.  Be sure to allow ntpd.exe both incoming and outgoing access (called "Act as a server" in Zone Alarm).  There is also a support program (ntpq.exe) you can use to query how well NTP is working either on your own system or any system you have access to in you locally or on the Internet, and that may also need to be allowed through your firewall.  How to add a program to the firewall for Windows-7.  The programs will be found in C:\Tools\NTP\bin\ if you have been using the suggested paths.  Allow  ntpd.exe  to accept incoming UDP requests through the firewall if you intend to set up a local NTP network.  If you haven‘t disabled the hiding of file extensions the programs may show simply as "ntpd" and "ntpq".  I do recommend that you allow Windows Explorer to show file extensions so that you will be less confused.

Although it should not be necessary, you may want to review the Control Panel, Date and Time dialog, the check-box suggesting that Windows automatically synchronise with an Internet server.  There is no need for this setting as NTP does a much better job, indeed - this box must be unchecked for NTP to work correctly.

You can now repeat this installation for each of the PCs on your network.

On Windows-10, this Control Panel setting has been removed.  Instead, enter the PC Settings menu, Time & language, Date & time tab.  Ensure that the setting "Set time automatically" is set to Off.  To check that NTP is installed and running (from the disable W32Time settings), using the Task Manager:

  • On the Details tab, check that there is no program "w32time.exe" running (click on "Name" to sort by name).
  • On the Services tab (click to sort by name again), check that the W32Time service is Stopped.

You should also check in the Control Panel, Local Services, that the Windows Time
service is set to Disabled.

Routers

No special configuration should be needed for the majority of routers, as
support for NTP (UDP packets on port 123) is already built-in.

Using with a virtual PC

VMware

VMware publish their own recommendations
for using NTP
in a virtual PC environment.  These recommendations have
changed with the various software releases, so it‘s best to check the VMware
Web site
for the current ideas.

Microsoft Hyper-V

With the Microsoft Hyper-V 2012 software, some suggestions from Steve Walker
(who needs good timekeeping for the excellent Plane
Plotter software
) are:

  • Host PC configuration:

    • NTP: installed and working
    • OS: Microsoft Windows Server 2012 Standard
    • Virtual PC: Hyper-V 2012, with the Time Sync option enabled for the
      client
    • See this
      screen-shot
      , where the setting is shown in its disabled state, you
      want to be sure it‘s checked.
  • Virtual PC configuration:
    • OS: Microsoft Windows XP SP3
    • Application software: Plane Plotter 6.3.6

Steve Walker comments: I made sure the Hyper-V Time Synchronisation Service is started,
as this will then allow the client to sync its time with the host.

Domain Time II

If the timekeeping from Hyper-V Time Synchronisation Service isn‘t good
enough for you, you may be interested in Domain Time II noted by Larry Ellis - he
writes
:

I ended up getting an amazing little $20 time client call Domain Time II from
www.greyware.com. It appears to
do a fantastic job in the VMs (<15ms error most of the time). 
Of course, it has to sample pretty frequently to get that value, but
fortunately I have a physical NTP server (thanks!) on the LAN that will
provide that capability. 
They have a server component, too.
You can pick a free evaluation of the software if you‘ve not seen it and want to take a look. They did a great job.

Checking it‘s working

Check after a few minutes, to allow the program to connect to
the Internet.  If you are comfortable working with the command-line,
obtain a command prompt (Start, All Programs, Accessories, Command
Prompt; or
Windows-key-R, cmd), and simply enter the command:

ntpq -pn

Note that the "-pn" must be lower-case, and that
there must be a space between the "ntpq" and the "-p". 
An alternative command which may work a little quicker is "ntpq -pn". 
You should get output similar to the display below. 
Alternatively, from the Start menu, select Meinberg, Network Time Protocol,
Quick NTP status - which gives you a handy ntpq display which automatically
refreshes every ten seconds.  This screen-shot was taken immediately after
starting, so the poll is 64, and the reach only"1".

Note that the two screen-shots below were taken with "ntpq -p",
which includes the resolution of numbers to names.  Using the "-pn"
version suggested above is quicker.

After some time running, the output might look more like this
(synthesised) screen-shot:

where you can see that one server (linnaeus) has an asterisk
(*) as the first column, and a reach of 377.  This likely indicates that
all is well.

Interpreting the ntpq output:

  • The display is a list of remote servers with various status
    reports arranged in columns.
  • One remote server should have an asterisk (*) in the
    first column.  This marks the server which NTP has selected as the current
    preferred source.
  • Servers which have a plus sign (+) are good enough for NTP
    to sync to, others are not.
  • The reach column should not be 0, and will expand
    from 1 during
    the normal working of NTP until it reaches 377.  It is an octal display
    of a bit-mask showing when the server was reached.  In the screenshot,
    NTP has been running for less than a minute, and hence only made contact
    once with each server.  Normally you expect to see 377 in this column
    against each server.  A column of all zeros means that NTP can‘t
    contact any servers - check your firewall settings.
  • The offset shows how far your PC is off from a nominal UTC,
    and the value is in milliseconds.  So the PC above is within about
    1/40s of correct time!
  • The poll value should gradually increase from 64 seconds to
    1024 seconds as NTP needs to contact the server less and less frequently as
    the clock offset and frequency are gradually corrected.  Changing the
    poll is automatic in NTP.
  • The delay shows the time for a packet from your PC to reach
    the remote server and vice versa.  Values above 150ms may indicate a
    satellite circuit and it‘s best to avoid such servers if possible.  You
    will get best performance from servers which are close to you on the
    network.
  • The jitter column shows how stable the connection between
    you and the remote server is.
  • The st column shows the stratum of the server,
    with stratum 1 servers having a local reference such as an atomic clock or,
    for many servers, a radio-clock or GPS receiver reference.  Most
    servers you will see are at stratum 2, so they are locked to a stratum-1
    server.  A lightly loaded stratum-2 server is probably a better
    reference than a heavily loaded stratum-1 server such as those with widely-publicised
    addresses.

Meinberg provide further information here
Once basic operation is OK, if you wish to experiment I recommend you update to a more
recent version
, as the one in the Meinberg install is the "stable"
release, but the "development" versions have some performance and operational advantages.

Troubleshooting

NTP s a network application, so the basics of troubleshooting
any network application apply.  In today‘s Windows environments:

  • Check firewall access.

    • Are the programs ntpd.exe and ntpq.exe
      "known" to the firewall?
    • Do they have both incoming and outgoing access enabled?
    • In Zone Alarm, this means "Act as a server".
    • Are the access requests from the firewall software
      enabled - you aren‘t missing any?
  • Can you PING and TRACERT to the ntp server in question?
    • Be aware that this is a poor test today, as many
      networks and servers disable PING access.
  • Can you use the "ntpq  -p" command as shown
    above against a server your PC is trying to use?

    • Again, this can be a poor test, but I found one server
      which responds:  louie.udel.edu, however, many servers now prevent
      such access.

    • Do you get a similar result running "ntpq 
      -p" on its own?
  • Check that you are allowed access to the server -many
    stratum-1 servers require that you contact them before accessing.  Look
    for an "open access" server.  There is a list of servers here.

Note that NTP has a maximum clock error it will correct of 500ppm
(43.2 seconds per day, or 1.8s per hour), so if you see the offset
gradually increasing by more than this rate you know that your PC‘s
clock is too inaccurate to disciplined by NTP. 
But there is a work-round reported by one user - set up a scheduled task
to run
twice (or more often) a day to stop and restart the NTP service. 
Cunning! 
You can also tell NTP what your clock drift rate is
and that may help.
For more complex issues, be aware of http://support.ntp.org
and its "Support" web - it‘s a wiki, you may add or change content there.

Service will not start

This may be due to the lack of one or more DLLs

  • The Microsoft Visual C++ 2008 (x86) runtime library is required. 
    Most often this will be installed on your PC, but if not, download and
    install the runtime
    library
    .
  • If you have chosen not to install the SSL components above (which
    was not what I recommended), the service will not start as these components are
    required.  Simply run the install again, selecting the "Update
    files" option.

I get "System error 5 - access is denied"
when starting NTP

If you use the Meinberg menus to stop, start or restart NTP on Windows Vista,
Windows-7 or later, you will likely get the error message above.  This is
because administrator privilege is needed to stop and start services.  The
solution is to right-click the menu item, and select "Run as
administrator".

I get a message like "no associations found" from running ntpq -p

Check that your configuration file (C:\Tools\NTP\etc\ntp.conf) does contain
server entries, such as in this sample simplified configuration file:

# Use drift file
driftfile    "C:\Tools\NTP\etc\ntp.drift"

# Use NTP servers from the ntp pool project (see http://www.pool.ntp.org)
server    0.uk.pool.ntp.org    iburst
server    1.uk.pool.ntp.org    iburst
server    0.nl.pool.ntp.org    iburst
server    1.nl.pool.ntp.org    iburst

Use the Event Viewer

Windows records events from programs including NTP in the Event Log.  You can use the Windows Event Viewer to look at events which NTP records as a help in diagnosing more difficult issues.  There is more information about the Event Viewer for Windows XP, and Windows Vista and Windows-7 as the format is different between Windows versions.

Look at the Application log by clicking on "Application":

You will see a list of events from all sources, not just NTP,
with the most recent events at the top.  Now use the View | Filter... 
menu of
the Event Viewer to select only those events from  NTP.

In the event source, select NTP from the drop-down list, and
click the OK button.

Now double-click on one of the NTP events, in particular those
with an Error status and the red cross.

and see what the actual NTP message is, for example:

You can use the up and down arrows to scroll through the NTP messages.

There is more
information about using the Event Viewer on the Internet, for example, here
You will get some event information messages as NTP starts and these are quite normal,
and you will get occasional messages during the normal running of NTP.  Look out for those which indicate failure.

Use the Administrative Tools, Services program

You can check that the NTP service is running and, perhaps
more importantly that the W32Time (the older Windows time service) is stopped
using the Services applet.  This may be found under the Control Panel, Administrative
Tools options with Windows XP.

Check that:

  • The service "Network Time Protocol" is shown as
    Status: Started, and Startup: Automatic.
  • The service "Windows Time" is shown as Status:
    (blank), and Startup: Disabled

Broken PC clock

A clock near the 43 seconds/day limit

If the file ntp.drift in your ..\ntp\etc\ directory consistently shows a
value near +/- 500, and NTP stops working, then it may be that your PC‘s clock
is outside the normal limits for NTP (a drift of up to +/- 43 seconds per day is
allowed).  A new feature in ntp-4.2.6p4 and later allows you to provide a base offset
value to NTP when it starts, so that the +/- 500 ppm (parts per million) applies
to that base value, rather than being an absolute limit.  So your clock
must be well behaved, but need not be quite so close to correct.  There are
two steps to using this new functionality:

  • Set the system environment variable: NTPD_TICKADJ_PPM to the value you
    need.  On Windows XP, this is through the Control Panel.  System..., System, Advanced..., Environment variables
    button, System variables.  Add a New system variable, with the name
    NTPD_TICKADJ_PPM and the value 500 (or -500 if your ntp.drift was limiting
    at its negative extreme).
  • Install ntp-4.2.6p4 or later.  You can download the new version here:
      http://davehart.net/ntp/win/x86/ntp-4.2.6p4-win-x86-bin.zipIf you already have ntp-4.2.6p5 from a Sep-2012 Meinberg installation
    there is no need to update.
    Right-click, Properties, Unblock the download.  Then, using the
    Services application, stop NTP (Network Time Protocol), save the .EXE files
    from your ..\ntp\bin\ directory (in case you need to revert), and copy the
    .EXE files from the Zip archive you downloaded.  Restart NTP in
    Services, and check for correct operation.  As the files have changed,
    you may need to tell your firewall to allow the new programs incoming and
    outgoing access.

You may need to repeat the set environment variable/restart NTP loop a number
of times to get the best value for your system.  Whilst I haven‘t tried
this myself, I guess you would try and get a value in the ntp.drift file of,
say, under 100, after an hour or two of operation.  Have patience!

Power-saving features may cause problems

It‘s also possible that your PC clock appears broken to NTP, while the actual
issue is some software which is tampering with the CPU speed.  If you have
some power-saving features enabled, you may try disabling those features and see
whether NTP‘s performance improves.  Symptoms may include the PC keeping
time correctly until some CPU-intensive activity is commenced.

Windows systems in a domain

Hartmut Schulla reports:

On Windows Server 2008, 64-bit, release 2,
I needed to run ntpd.exe as Administrator.  Right click and go to properties of
ntpd.exe. 
Select compatibility tab and check "Run as Administrator" for all users. 
In the service settings select "local system account" instead of the special account created by setup. 
It seems for me, only "local system account" has necessary rights to access "windows time".

ntpq -p is further not working in Server2008R2 => timeout.  I don‘t understand why .....
but "NTP Time Server Monitor" as replacement for ntpq from the Meinberg website works fine. 
Also "NTP Time Server Monitor" requires "run as administrator".
[DJT later comment]  This issue may be due to the machine having
both an IPv4 and an IPv6 address.  Try using ntpq
-p 127.0.0.1 instead to force the use of the IPv4 address.  The
NTP Time Server Monitor only needs to be run as Administrator if you
want to use the start and stop service commands, and this is to be expected.

Patrick O‘Keeffe reports:

I installed NTP 4.2.8 on a domain-controlled Windows 7 Professional
x64 machine today and I have feedback for your NTP setup troubleshooting
section.

In particular, I was able to avoid both (a) using ‘Run as Administrator‘ compatibility mode on
ntpd.exe and (b) running the daemon under the Local System Account by updating two Local Security Policies.

  • Launch secpol.msc
  • Browse to Local Policies => User Rights Assignment
  • Add the ntp account to these policies: 
    • Change the system time
    • Log on as service

On my machine, before the change system time permission was enabled, I would see these error messages in the Application Event Log:

  • SetSystemTime failed: A required privilege is not held by the client.
  • Can‘t adjust time: A required privilege is not held by the client.

This machine has both IPv4 and IPv6 enabled so I suspect it‘s nearly always the
Change system time security policy not being modified.  By default, that right is only available to admins & power users (ref:
http://msdn.microsoft.com/en-us/library/ms813808.aspx).

Other issues

  • If NTP doesn‘t appear to start, use the Start NTP entry
    which Meinberg provides for you in the Start button, All Programs, Meinberg,
    Network Time Protocol, Service Control menu set.  You may then see
    messages such as "Unable to log on", and then check the event
    viewer
    for more details.
  • Once you have defined the password for the NTP account, the
    setup procedure doesn‘t allow you to change it.  Keep using the
    original password.
  • I found that when updating Windows-10 preview to a different version, the ntp
    account was not deleted, but a subsequent install of NTP would not use the
    old account, or create a new one from scratch.  The error appeared to
    be logon password.  As that system was not used on the Internet, and
    was not providing any services to the Internet, I used the system
    account instead.

Updating NTP to a more recent version

The Meinberg site uses NTP 4.2.6p5, which is current and works well. 
The command:

ntpq -crv

will include a list of parameters, including the version information on the second line.

If you do want to experiment:

  1. Copy (not Move!) all the .exe files in ..\NTP\bin\ to a fresh directory for safe keeping,
    just in case you need to revert.
  2. Download and save the new version (I suggest the latest as I will have
    tested that
    version) from this Web page.
  3. Right-click the Zip file, Properties, click the Unblock button if it is present.
  4. Stop NTP with the Administrative Tools, Services program.  It may be
    shown as Network Time Protocol Daemon.
  5. Copy the files from the Zip download on top of those in ..\NTP\bin\
  6. Restart NTP.

Any problems and you simply reverse the steps and use the version you saved
in step (1).  The later versions of NTP offer more options, and fix a few
bugs.  If you want the most recent version- see below.

Using the "pool" directive

With NTP 4.2.6p5 (as installed by a recent Meinberg release), you can make a
saving on the lines in the ntp.conf file, and get access to what NTP considers
to be the most appropriate number of servers by replacing the lines:

# Use pool NTP servers
server 0.uk.pool.ntp.org  iburst
server 1.uk.pool.ntp.org  iburst
server 2.uk.pool.ntp.org  iburst
server 0.nl.pool.ntp.org  iburst
server 1.nl.pool.ntp.org  iburst

with the single line:

# Use pool NTP servers
pool uk.pool.ntp.org  maxpoll 6 iburst

NTP will determine how many servers it should connect to automatically, and it may be more than the few from a default installation.  Perhaps of more significance is that NTP monitors the connectivity to each server in a "pool", and if a server goes down it will try to connect a different one, thus maintaining a good number of working servers.  The pool directive introduces a new line to the ntpq -pn output - don‘t be put off by the line showing stratum-16, this is normal, and the pool servers below that line will show normal connectivity.  The top four servers are local to my network, and those below the .POOL. line are from the Internet over the WAN.  This is from a Windows-7/32 system where the jitter is limited to a minimum value of 0.977 milliseconds.  The maxpoll 6  in the configuration is to work round a different problem with some versions of Windows where a system call limits the precision with which the clock rate can be set.

Recipe for building NTP from the source

Some notes on rebuilding NTP from the source code.  Likely to be
peculiar to my system and possibly incomplete.  Typically, you will not
need to recompile the source, so please treat this section as guidance and notes
only, and not bullet-proof step-by-step instructions.  Good
luck!

Requirements:

What do I install?

Start by downloading the Visual C++ compiler.  It may be better to
download the entire Visual Studio 2010 Express CD (as an ISO file) as you might
want to re-install later, when Microsoft have withdrawn this version, or you
might want to try some of the other components.  Install the compiler to
the default location, unless you are tight on space on the system drive.

Next, download and install OpenSSL.  You need the full 16.9 MB
installation so that you can get the source files for compiling programs to run
with OpenSSL.  However, you don‘t need the full OpenSSL installed as
such for compiling, you only need the files for software development, so when asked whether the binaries should be
copied to the Windows system directory, answer "no".  After
installation, look to see what environment variables have been set for
OpenSSL.  On a second install on a different PC, I did not see these set,
and had to set them manually.  You need at least two, and on my first system these were:

OPENSSL_INC=D:\Tools\openssl\OpenSSL.1.0.0c\inc32
OPENSSL_LIB=D:\Tools\openssl\OpenSSL.1.0.0c\out32dll

On the second PC, I installed to C:\Tools\OpenSSL and required the following:

OPENSSL_INC=C:\Tools\OpenSSL\lib
OPENSSL_LIB=C:\Tools\OpenSSL\bin

The compile will look for the OpenSSL files by referencing these environment variables.  The %OPENSSL_INC% directory contains a sub-directory "openssl", which contains files starting "aes.h".  Locate that directory and take a copy.  The %OPENSSL_LIB% directory contains files with "aep.dll" as the first or second file.  What I did on my first PC was to copy the files from the as-installed OpenSSL directories into the directories which I already had from a previous installation.

On the first PC, the NTP compile will also require a couple of library definition files from the OpenSSL install to be in the out32dll directory.  Locate the files: libeay32.lib and ssleay32.lib  in the OpenSSL install tree, and copy them to your out32dll directory.  Then take a backup of that directory as well.  Once you have self-contained, populated %OPENSSL_INC% and %OPENSSL_LIB% directories, you can uninstall OpenSSL.  I suspect that my lack of C/C++ experience may have led me to make a poor choice for either the install directory or the %OPENSSL_LIB% environment variable.

Finally you can download the source code.  It will be in the form of a 6 MB UNIX zipped archive, such as: ntp-dev-4.2.7p326.tar.gz.  I find that the easiest way to unzip this is to send it to the 7-zip File Manager, where it appears as a file of unknown properties, double-click on that file and it turns into a directory within the 7-Zip File Manager,  and then just drag that directory on to your desired location in an open Windows Explorer window.  In my case, I wanted to put the source into D:\Tools\, so after the drag-and-drop I ended up with a directory:

D:\Tools\ntp-dev\ntp-dev-4.2.7p326\

Compiling

The NTP source comes ready to compile in Visual Studio 2005, 2008 and 2013, but not 2010.  However, this is no problem, as VS 2010 will convert the .SLN (solution) file into the new format.  Locate the file:

D:\Tools\ntp-dev\ntp-dev-4.2.7p326\ports\winnt\vs2008\ntp.sln

and double-click on it.  If you have more than one VS2010 product installed, you may need to right-click on the ntp.sln file and select: Open with, Visual C++.  At this point, Visual Studio will invite you to convert the project, so allow it to do so.  There should be no errors.  On the top line of Visual Studio there are three drop-down lists.  On the first drop-down, select "Release" (chooses between making a Release or a Debug version).  The second should be "Win32", and the third will depend on your last search.  Then, from the Debug menu, select Build Solution (or press F7 - being a Delphi man I am more used to pressing F9!).  After a few minutes (it would be a few seconds in Delphi), you should get a message "== Build: 9 succeeded, 0 failed, 0 up-to-date, 0 skipped ==" or similar.  If you get errors, I am the last person to ask!  Sorry!

Installing the newly compiled version

The new files will have been created in:

D:\Tools\ntp-dev\ntp-dev-4.2.7p326\ports\winnt\vs2008\Win32-bin\Release\

If you can‘t compile NTP yourself, there are downloadable sets of recent, ready-made .exe files here.  Be sure to right-click, Properties, Unblock the .zip file after downloading, and then copy the files into a temporary directory.

It may be most convenient to sort that directory by Type (click on the Type column header), and you will see 6 .EXE files and one .DLL.  There may be more or fewer .EXE files.  My own practice is to:

  • Use the Services manager to stop NTP
  • Copy the new ntp*.exe files from the Release to my ..\ntp\bin\ directory
  • Use the Services manager to start NTP

In fact, I do this so much that I made a batch file for the task, which needs to be run as  administrator in Windows Vista and later.  The core of the file is:

set DEST="C:\Tools\NTP\bin\"
net stop ntp
copy ntpd.exe %DEST%
copy ntpdate.exe %DEST%
copy ntpdc.exe %DEST%
copy ntp-keygen.exe %DEST%
copy ntpq.exe %DEST%
net start ntp
timeout 20
ntpq -crv -pn

I‘ve coded it this way - with the %DEST% - because I have a similar file on each of my systems which run NTP.  I can set DEST according to the needs of the particular PC, leaving the bulk of the file unchanged.  In practice, providing you are staying within the same major version (i.e. 4.2.7), copying the ntpd.exe alone is likely to be sufficient.  My actual file has some logging as well.  The ntpq call at the end of the file provides a check that the update has produced a working ntp, after the 20 second delay produced by the timeout command.

If working on Windows XP, the timeout command is not available, and can be replaced by:

ping -n 20 127.0.0.1

OpenSSL version issue

Earlier versions of the Meinberg NTP were distributed with OpenSSL 0.9.8, and later versions with 1.1.0c.  However, we have found that if you compile with 0.9.8k the resulting NTP executable files will not run on a system with the 1.1.0c DLLs, and vice-versa.  The working compromise appears to be to get version 1.0.0c OpenSSL, as the resulting .EXE files will run on systems with either OpenSSL DLLs.  Thanks to Dave Hart, I managed to locate a copy of this version, which I have placed here.

A catch for Windows 2000

Programs compiled with VS 2010 don‘t run on Windows 2000.

Fix needed for NTP 4.2.7p349-356

Between NTP 4.2.7p349 to 4.2.7p356, a small edit was required to two of the files which were incorrectly automatically generated.  The fixes are described here.

Why NTP?

People sometimes ask why they should use this NTP software,
rather than the W32Time service built into Windows, or other so-called
"atomic time" programs.

  • NTP uses multiple servers, and automatically chooses the best one based on
    continuous monitoring.  If a server goes down, another one is selected without user intervention. 
    By comparison W32Time, like many clock programs, only uses a single server.
  • NTP contacts the servers only as frequently as needed, between once a minute and once every
    17 minutes. 
    W32Time, by default, only contacts servers once a week, so your PC could be
    minutes out between corrections!
  • NTP from the Meinberg installation will try and use pool
    servers
    located nearer to you for better performance, and not servers located a
    continent away.
  • NTP runs as a service once setup - it will even keep time
    while you are logged off your PC.
  • NTP is much more accurate:
    • NTP alters the clock rate, as well as initially setting the
      clock time, so that the clock will stay as close as possible to UTC
      between corrections.
    • Once NTP is running, the time is not routinely stepped, but is
      adjusted smoothly.
    • Time will normally not step backwards.
    • Leap seconds are handled without user intervention, and without
      stepping the PC‘s clock.
    • Even on Windows, accuracies down to the millisecond level can be
      achieved with suitable configurations - required for certain software.
  • You can use your own time sources with NTP, such as a radio-clock or
    GPS receiver, and it will then work independently of an internet
    connection, such as when you are out in the field.
  • You can run NTP on many operating systems including Windows, Linux,
    FreeBSD and the
    Mac OS, so managing and
    monitoring NTP expertise doesn‘t need to be re-learned.
  • NTP provides comprehensive performance checks, other programs
    typically do not.  Monitoring can be across the network from a central
    point, if needed.  Here is an example of automated
    NTP monitoring
    .
  • NTP is open-source software, 100% compliant with the
    Internet protocol for network time.

The Next Step forward - your own precision time server

Having appreciated the benefits of installing NTP, you may wonder about
keeping precise time when the Internet goes down, or on a PC without an Internet
connection, or perhaps you want your PC(s) to keep even closer time than NTP
provides as standard?  The answer is to setup your own Stratum-1 reference
server, and you can do this either using Windows, Linux or FreeBSD
No extra software is required as the NTP install can act as both a client to a
remote server, or as a server itself to local PC clients. 
NTP is a very small load, so you can run it as an extra on an existing PC
without impacting the work which may be running there.  All you need is a
GPS device which outputs a PPS (pulse per second) signal, and these are usually accurate
to within a microsecond even on the lowest cost of today‘s GPS timing
devices.  For a low-cost device, I recommend the Sure
Electronics GPS evaluation board
, and I have written up a page on how
to use the Sure board
.  This costs about £25 (US $35) including the
magnetic puck antenna and USB lead, so it is unlikely to break the bank! 
There are alternatives listed on my Raspberry
Pi NTP server
page, and you will have fun making a Raspberry Pi NTP server!

Once you have one accurate PC within your network, you can sync the other PCs
to that either other the LAN or with a wireless connection, and all PCs will
have improved accuracy compared to an Internet-only synced configuration. 
Note that you may need to set your firewall software so that PCs other than your
main server can access NTP - set NTP to allow inbound access as described here
To test, be sure that you can run:  ntpq -pn
<my-time-server>  from a client PC.  If you get a
time-out response, likely it‘s a firewall issue. 
When the PCs are only talking to LAN servers, you can make them even more
precise by polling your local reference clock more frequently, and lessen your
load on the Internet servers by polling them less frequently, so you might use
configuration file such as:

# Use local stratum 1 server
server my-time-server iburst maxpoll 5 prefer

# Use pool NTP servers
pool  uk.pool.ntp.org  minpoll 10  iburst

Replace my-time-server by the name or IP address of your local accurate PC.  A configuration such as this makes the PC poll the local stratum-1 server every 32 seconds (2**5), but only poll the Internet servers once every 1024 seconds (2**10).  You should keep the Internet servers as a backup, though, in case your local NTP server fails or loses GPS lock or whatever.  Why not make this your next project?

Running a publicly accessible NTP server

If you are running a server which is accessible from the public Internet -
perhaps you are contributing to the NTP
Pool
project - there are some simple precautions you should take to ensure
that your server is not used as the source of an attack on other PCs.  Note
that this doesn‘t apply to most end-user clients sitting on your local PC, you
would need to have specially opened a port in your firewall or router to allow
public incoming unsolicited UDP port 123 packets into your local network. 
If you are using a recent version (4.2.8p1 or later) you are already
protected.  The following notice explains more:

NTP users are strongly urged to take immediate action
to ensure that their NTP daemon is not susceptible to use in a reflected
denial-of-service (DRDoS) attack. Please see the NTP
Security Notice
for vulnerability and mitigation details, and the Network
Time Foundation Blog
for more information. (January 2014)

时间: 2024-10-09 11:30:09

windows ntp安装及调试的相关文章

Sphinx在windows下安装使用(支持中文全文检索)

前段时间听同事谈起过,公司内部的一个搜索功能用的就是Sphinx,但一直没时间去整一下,今天刚好有点时间,那么就折腾一次吧.一般在linux上比较多,今天就在windows下安装于调试一下吧. 前言: 一.关于Sphinx Sphinx 是一个在GPLv2 下发布的一个全文检索引擎,商业授权(例如, 嵌入到其他程序中)需要联系作者(Sphinxsearch.com)以获得商业授权.一般而言,Sphinx是一个独立的搜索引擎,意图为其他应用提供高速.低空间占用.高结果相关度的全文搜索功能.Sphi

【Windows Service】Windows Service在Visual Studio中安装、调试

目录结构: contents structure [-] 创建Windows服务 配置 安装Windows服务 在Visual Studio中调试 常见问题 最近写了一个TCP连接的程序,由于这种通信协议不同于HTTP协议,因此还不能部署到网站上面,于是就用到了Window服务.接下面笔者介绍一下在Visual Studio中如何安装.调试Windows服务.笔者的Visual studio版本为2012,window版本为win7. 1.创建Windows服务 这时候点击“启动”按钮,会提示我

在windows下安装OpenDaylight的Helium(氦)版本

前言 OpenDaylight(以下简写为ODL)的Helium(氦)版本已经成为相对稳定的版本(相对于Li版本).Helium(氦)版本下载链接地址为http://www.opendaylight.org/software/downloads/helium.官网中分别共享了版本.安装向导.用户向导.开发者向导手册,可进行下载学习.在本篇文章中,着重讲一下在Windows下的安装过程. 1 Helium安装 虽然官方要求ODL Helium(氦)版本是基于Ubuntu的,但是在实际学习过程中,U

(转)windows下安装Ionic

原文:http://www.itwap.net/ArticleContent.aspx?id=26 Ionic官方教程: http://learn.ionicframework.com/videos/windows-android/ 以下内容参考官方教程得出.         1.下载JDK并配置好Java运行环境   下载地址: http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

在Windows下安装Tomcat服务器

Tomcat 服务器是一个免费的开放源代码的Web 应用服务器,属于轻量级应用服务器,在中小型系统和并发访问用户不是很多的场合下被普遍使用,是开发和调试JSP 程序的首选服务器. 在Windows下安装Tomcat服务器的方式有两种,一种是直接安装,一种是绿色版,解压后就可以直接使用的 这篇博客为大家介绍第二种方式 首先从http://download.csdn.net/detail/u010105970/9493219中下载Tomcat服务器 第一步将Tomcat服务器的压缩包放在D:\dev

安装ARM调试器

一.概述 1.调试ARM应用程序的软硬件组成 硬件JTAG/SWD仿真器 Eclipse调试插件 GDB调试客户端 GDB服务器端 JTAG/SWD需要的硬件驱动 2.GNU ARM Eclipse推荐的两种调试方案 SEGGER J-Link仿真器 & GDB server是一种非常高效的解决方案,支持 JTAG and SWD(加上SWO的跟踪输出) OpenOCD应用程序是一种通用的工具,支持便宜的JATG仿真器,但是它只能支持JTAG而不支持SWD,而且速度比较慢. 配置经常是模糊的,在

在Windows上安装Nexus 3.2.0-01

在Windows上安装Nexus 环境: Windows 7 apache-maven-3.3.9 JDK 1.8 下载Nexus: https://sonatype-download.global.ssl.fastly.net/nexus/3/nexus-3.2.0-01-win64.zip 解压后看可以到nexus-3.2.0-01和sonatype-work两个文件夹: 配置到系统环境Path:\Path\to\nexus 运行: Path\to\nexus\nexus-3.2.0-01\

在Windows上编译和调试CoreCLR

生成CoreCLR - Windows篇 本文的唯一目的就是让你运行Hello World 运行环境 Window 7+ Visual studio 2015 确保C++ 工具已经被安装,默认是不安装的,所以要选择自定义模式,VS 2015 精简版不支持. CMake 下载 CMake for windows,并把Cmake的目录添加到为PATH的系统变量里. Python 下载Python for windows 并安装,并把Python的目录地址添加到Path系统变量中. Powershel

ubuntu14.04下nodejs + npm + bower的安装、调试和部署

  1. 简介 本文介绍ubuntu14.04下nodejs+npm+bower的安装.调试和部署 参考文档 https://docs.npmjs.com/getting-started https://github.com/npm/npm/issues/ 另外: Windows nodejs版本https://nodejs.org/download/release/latest/node-v5.5.0-x64.msi Windows下ide可选用WebStorm-10.0.2.exe 2.