Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 30
  1. #11
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    So what exactly do you gain by having time closer than a second? We don't have networks working off that clock anymore. So why so anal about the timing? It isn't that hard to line up logs.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  2. #12
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    It's a long story, but mostly an exercise to see how well it can work. There's very little useful documentation on this, so it has boiled down to a trial and error effort. Just chalk it up to curiosity.

    As the experimentation progresses, I'm becoming increasingly convinced that MS has pretty much slapped this functionality together without much regard to whether it actually works or not. Thus the laughable disclaimer about the "boundary conditions". Translated: "We know this doesn't really work and we don't care."

    OTOH, you can make it pretty good by cranking down on some of the parameters, but it's in an ugly kind of way. It takes relatively little effort to make it pretty good, actually. Eventually, I'll post a .reg file that contains the parameters. Merge it, make the proper setting on the pointer to the local server, and you're good to go.

  3. #13
    Master Untangler k6rtm's Avatar
    Join Date
    Feb 2010
    Location
    Silicon Valley
    Posts
    110

    Default Time nuts...

    Quote Originally Posted by sky-knight View Post
    So what exactly do you gain by having time closer than a second? We don't have networks working off that clock anymore. So why so anal about the timing? It isn't that hard to line up logs.
    Uh, there are those of us who have the "time nut" affliction. Google "trimble thunderbolt" for examples. Many of us have GPS-disciplined standards, either crystal or rubidium. The real crazies have their own cesium and/or hydrogen standards (and more than one).

    For a modest investment (around $100), a good clear view of the sky, and some effort, you can have your own standard that is accurate and stable to 1 part in 10e-11 (or better) for frequency, and time accurate to 10e-8 or better.

    That's one of the reasons I'd like to be able to use Untangle to capture all port 123 traffic, so I don't have to go in and reconfigure every box, and more important, when something new gets added, I don't have to dig into it to try and figure out how to reconfigure it (if such reconfiguration is even possible).

    bob k6rtm in sunny silicon valley

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    Port foward rule?

    Destination port: 123
    Protocol: UDP

    new IP: Untangle's IP address?
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,548

    Default

    Quote Originally Posted by GeneralEclectic View Post
    The problem with W32Time is that it's configured badly out of the box in Vista and W7. I suspect that this is true of Windows Server too, but do not have a way to confirm that right now.
    W32time service is reliable, it's the server(s) that it points to which you need to do homework on and change.

    Since I do SMB networks for a living, most of my clients networks are run under Windows Servers. So since there's a domain there, workstations will pull their time from the DC just from being joined to the domain. Set the time service on the server, and the rest of your network will be controlled properly and synched with the DC. So I'd set the DC's W32time service to point to servers in my region based on this list.
    http://tf.nist.gov/tf-cgi/servers.cgi

    Many people don't know enough to configure the time service on a server to manage it for their network..so they leave it default, and naturally things aren't accurate across the network. Bummer for them..learn it, or change occupations.

    A while later I found NTP.ORG
    http://www.ntp.org/

    I found that their servers were nice and responsive, especially when you set your w32 time service to use their "pool". So, being east coast US, I set the DCs time service to us.pool.ntp.org...and with that one incredibly easily done step...the whole network is synched properly.

  6. #16
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    If you mean by "reliable" that it reliably serves up time stamps on request, I'd agree with that. Once you start it, it runs fine. If you mean by "reliable", "accurate".... well, we might have a slight difference of opinion there. I do recognize that "accurate" is subjective, and one person might consider an error of one or two seconds acceptable, where someone else, myself included, does not.

    You are kidding yourself if you think that by using the default time settings on your workstations the clocks are "controlled properly", no matter what server you point them to. The errors can become very large, in the range of minutes, using the default settings. Moreover it is unpredictable and subject to variation in the hardware clock and the adverse effects some applications appear to have on timekeeping. If you're just using XP, Vista, or 7 out of the box, you ought to do a survey of how inaccurate your workstations actually are before proclaiming that "the whole network is synced properly". I predict that you'll be in for an unpleasant surprise.

    The setting that comes out of the box with Untangle is already far superior to what you achieve by the W32Time configuration you describe. For a given set of servers, you'll probably see an order of magnitude difference in mean offset and standard deviation of error. I may just test that proposition one of these days....

  7. #17
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,548

    Default

    Well, if you read my first sentence (and hell...for that matter..the rest of my blurb)...you'd see that I clearly specified the success was based on selecting a good time server and NOT using the default one...I even provided links for crying out loud! The time service works fine, the ability for computers behind YOUR network on YOUR bandwidth to communicate with a default often overburdened time server on the internet is the main problem.

    Little peer to peer networks I generally don't touch, can't make good money installing/supporting those networks that any junior high school kid can slap together. But for my home computers I manually set the time service at the command prompt (net stop w32time, net time /setsntp:us.pool.ntp.org, net start w32time). (heck of a lot faster than any GUI method BTW) I deal with larger SMB networks with Windows Servers thus active directory thus the server controls all the workstations. Been doing this for a living for a long time..sorry, can't say I've sat there and been in for a real surprise being shocked at some huge disparity of time. Else I've not had made the statement that it actually does work well. I know it's trendy to join the "bash Microsoft" wagon, but...I've gotta say just a quick adjustment on the servers time service and it works just fine.

    So in what way is setting the Untangle box to pass this along "far superior"? Untangle is still running on a piece of hardware too with a questionable clock! I'm still setting the time forwarding requests of the local time server (the DC) to ntp.org. I do the "pool" version though, for the weighted redundancy.

    For little peer to peer networks..yeah, settings your local nodes to use the router for their time server forwarding is fine..many "off the shelf" retail routers support that. Or I'm actually just fine with manually setting a workstation to use ntp.org via command prompt (takes about 20 seconds..or less).

  8. #18
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    Whatever. Go do your thing and let those who are interested in better timekeeping read this thread.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,071

    Default

    Stonecat you're missing the boat here. General is attempting to maintain a time system that is GPS accurate or more. He's correct in that Windows's time server implementation doesn't do this very well.

    You are also correct in that in most networks what Microsoft provides is more than enough once configured properly. Untangle could in theory provide a more accurate time service, as long as Untangle itself doesn't get over loaded. I suspect Microsoft's largest issue with time services on the DC is load derived. All of the DCs I have in the field are a bit over worked just by file IO and DNS. Dealing in those protocols a few nanoseconds of delay is nothing, but when dealing with GPS grade time sync, that's HUGE!

    I'm still at a loss as to why you'd want that level of accurate time on PCs... but if that's the goal there you have it.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  10. #20
    Master Untangler
    Join Date
    Nov 2009
    Posts
    106

    Default

    Basically, yes. Not necessarily GPS level, but more like "How good can it be for free?" The overhead associated with answering ntp queries is very low. I don't have a number for you, but it's definitely not going to break anything that's not already on the edge.

    My other point is that the more I investigated this the more I came to appreciate how truly awful the default settings are in Windows workstations from XP up. And they're not a heck of a lot better on Server 2003/8. Making them better costs nothing except a few minutes of your time with gpedit or regedit and the willingness to hit your time server more often.

    The pleasant surprise in all this was how very good timekeeping could be on your existing Untangle box, again with no more investment than a few minutes of finding optimal servers and editing the config file, not to mention the added bonus of having an external interface so there's one less delay in the chain. The pool servers, as I pointed out in the first post, are broadly regionalized so what you get isn't going to be nearly as good as what you can achieve with a few minutes of testing. When I stopped using them, there was one from California and one from Oregon in the list. I'm in Pennsylvania.

    I never said this was for everyone. If you're okay with 2 or 3 seconds inaccuracy on your local reference, then stop reading now. If you don't care that the workstations on your local network can be 10 or more minutes off at times between their 1/week update, it's perfectly okay with me.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2