NTP Configuration - ERROR

All types of networks, network stacks, and protocols supported by OpenVMS.
Post Reply

Topic author
vmskostoff
Active Contributor
Posts: 39
Joined: Fri Jun 28, 2019 10:29 am
Reputation: 0
Location: Gary, Indiana
Status: Offline

NTP Configuration - ERROR

Post by vmskostoff » Tue Dec 03, 2019 5:51 pm

I am running into a peculiar error when trying to enable and start NTP in TCPIP on OpenVMS 8.4,
TCPIP V5.7 - ECO 1.
NTP had been previously configured and working on this particular node. So it did work.

$ @tcpip$config.com
option 3 - Server components
option 12 - NTP DISABLED STOPPED
option 1 - Enable service on this node

%TCPIP-E-NOACNT, TCPIP$NTP account not configured
Press <ENTER> key to continue ...
-TCPIP-E-NOACNTID, identifier for account not found in rights database
Press <ENTER> key to continue ...
Creating template SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE
%LIBRAR-F-OPENOUT, error opening SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE; as
output
-RMS-E-DNF, directory not found
-SYSTEM-W-NOSUCHFILE, no such file
$

In AUTHORIZE, Owner of TCPIP$NTP exists.
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,12] ([3655,12])

On another node in AUTHORIZE, it is different:
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,11] ([TCPIP$AUX,TCPIP$BOOTP])

How to resolve?


brianreiter
Active Contributor
Posts: 26
Joined: Fri Jun 14, 2019 4:17 pm
Reputation: 0
Status: Offline

Re: NTP Configuration - ERROR

Post by brianreiter » Fri Dec 06, 2019 6:16 am

The TCPIP$AUX identifier is missing on one machine. Looking at TCPIP$CONFIG it could be added using:

Code: Select all

tcpip$uaf add /identifier tcpip$aux /value=uic=[3655,*]
but it should be created by TCPIP$CONFIG. Is this being run from an account with the appropriate privileges? Just seems odd that TCPIP$CONFIG can't see the directory.

I've had issues in the past when the SYSUAF and RIGHTLIST files have been created as part of the initial machine setup and used to setup TCPIP etc. When the machine was booted into the cluster it picked up the cluster wide SYSUAF and RIGHTSLIST files which had different values for the various accounts created by TCPIP$CONFIG during the initial configuration.

User avatar

martinv
Master
Posts: 101
Joined: Fri Jun 14, 2019 11:05 pm
Reputation: 0
Location: Goslar, Germany
Status: Offline
Contact:

Re: NTP Configuration - ERROR

Post by martinv » Fri Dec 06, 2019 6:32 am

The numbering of members in the TCPIP Services UIC group differs based on the order of the initial configuration of services.

Just guessing:

Does an identifier exist for TCPIP$NTP? Is it the same as the UIC shown in the UAF record?

And: Set your process to traditional parsing before calling TCPIP$CONFIG.COM. Been there, got bitten by that.
Working hard for something we don't care about is called stress;
working hard for something we love is called passion.
(Simon Sinek)


marty.stu
Site Admin
Valued Contributor
Posts: 96
Joined: Tue May 21, 2019 6:56 am
Reputation: 0
Status: Offline

Re: NTP Configuration - ERROR

Post by marty.stu » Fri Dec 06, 2019 9:13 am

Also probably you have an issue similar to this one: https://groups.google.com/forum/#!topic ... pVpUhbb1nY
Run to the bedroom, In the suitcase on the left You'll find my favorite axe.


debbee.west
VSI Expert
Contributor
Posts: 12
Joined: Mon Oct 07, 2019 11:10 am
Reputation: 0
Status: Offline

Re: NTP Configuration - ERROR

Post by debbee.west » Sun Dec 08, 2019 6:54 am

Good day to you.

You have a possibility of a few things going wrong here.

%TCPIP-E-NOACNT, TCPIP$NTP account not configured
Press <ENTER> key to continue ...
-TCPIP-E-NOACNTID, identifier for account not found in rights database
Press <ENTER> key to continue ...

First, when you went into tcpip$config and selected NTP, there was likely some information right at the top of the screen, before you picked enable service on this node. On my system, I removed NTP from UAF and disabled it. This is the information that I get.

NTP Configuration

Service is not defined in the SYSUAF.
Service is not defined in the TCPIP$SERVICE database.
Service is not enabled.
Service is stopped.

So we know that, as I said, I removed the UAF entry and the service database entry.

Now, when I go to enable the service, I get

%TCPIP-I-INFO, TCPIP$AUX identifier (uic=[3656,*]) already exists
Creating NTP Service Entry

Someone already replied on how to add the tcpip$aux identifier to the database. You should probably also see if there is an identifier for tcpip$ntp. In your case, you may want to look at what is in your UAF record:

From mine -
$mcr authorize
UAF> show/ident tcpip$aux
Name Value Attributes
TCPIP$AUX [003656,177777]
UAF> show/ident tcpip$ntp
Name Value Attributes
TCPIP$NTP [003656,000016]



Once you have your UAF worked out, lets turn our attention to the next set of errors/information.

Creating template SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE
%LIBRAR-F-OPENOUT, error opening SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE; as
output
-RMS-E-DNF, directory not found
-SYSTEM-W-NOSUCHFILE, no such file
$


When you do this command/ who owns the file?

$ dir/sec sys$specific:[000000]tcpip$ntp.dir

Now, remember on the system that I used for this example, that I removed the service entry and the UAF entry. I DID NOT remove the directory structure on disk. You will see that my rights id for tcpip$ntp was [3655,16], and my files are owned by [3655,12]. You are likely in a similar situation as well.

SYSTEM IA18> $ dir/sec sys$specific:[000000]tcpip$ntp.dir

Directory SYS$SPECIFIC:[000000]

TCPIP$NTP.DIR;1 [3655,12] (RWE,RWE,RE,E)

Total of 1 file.

I will need to make tcpip$ntp the owner. Since we fixed the rights database earlier, I will set this by the rights id. (and then verify the change.)

$ set file/owner=tcpip$ntp sys$specific:[000000]tcpip$ntp.dir
$ dir/sec sys$specific:[000000]tcpip$ntp.dir

Directory SYS$SPECIFIC:[000000]

TCPIP$NTP.DIR;1 [TCPIP$AUX,TCPIP$NTP] (RWE,RWE,RE,E)

Total of 1 file.

Now, the contents of the directory file will need to be checked as well. Note that in my case, they are still owned by [3655,12].

$ dir/sec sys$specific:[tcpip$ntp]

Directory SYS$SPECIFIC:[TCPIP$NTP]

LOGIN.COM;1 [3655,12] (RWED,RWED,RE,RE)
TCPIP$NTP.CONF;7 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.CONF;6 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.CONF;5 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.DRIFT;10737
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP.TEMPLATE;1
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;437
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;436
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;435
[3655,12] (RWED,RWED,RE,)


So, I corrected the owner:

set file/owner=tcpip$ntp sys$specific:[tcpip$ntp]*.*;*
SYSTEM IA18> $ dir/sec sys$specific:[tcpip$ntp]

Directory SYS$SPECIFIC:[TCPIP$NTP]

LOGIN.COM;1 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,RE)
TCPIP$NTP.CONF;7 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.CONF;6 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.CONF;5 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.DRIFT;10737
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.TEMPLATE;1
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;437
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;436
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;435
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)

All of my files are now owned by TCPIP$NTP and NTP will start up.

$ @sys$manager:tcpip$ntp_startup

$ sho sys/proc=*ntp*
OpenVMS XEND-T7Y on node IA18 8-DEC-2019 07:47:49.49 Uptime 81 09:30:10
Pid Process Name State Pri I/O CPU Page flts Pages
34C00B81 TCPIP$NTP_1 LEF 9 985 0 00:00:01.66 593 614 N


So, when we look at the last bit of information you provided, we can see that NTP was not properly affiliated with the tcpip$ntp rights it, and possibly the TCPIP$AUX id needs some attention as well.

In AUTHORIZE, Owner of TCPIP$NTP exists.
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,12] ([3655,12])


On your other system, we can see the that the tcpip$ntp account is associated with the tcpip$bootp identifier. I would say that the other system could use some attention as well.

On another node in AUTHORIZE, it is different:
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,11] ([TCPIP$AUX,TCPIP$BOOTP])


If you clean up these items, NTP may be fine. If you do not have the file sys$specific:[000000]tcpip$ntp.dir and you still get the errors that you cannot create the file, then you will want to take a look at the permissions on the 000000.dir directory. Perhaps tcpip$config is not able to create the directory file. For help in troubleshooting that,

$ set audit/alarm/enable=file=fail
$ reply/enable

Then go back into tcpip$ntp and try to enable ntp again. When tcpip$config attempts to create the directory and fails, an opcom should appear explaining the issue.

You will want to disable the logging after you have gotten your opcom output.

$ reply/disable
$ set audit/alarm/disable=file=fail

If that does not work, please post any errors that you found along the way that differ from the path that I was showing you.


Topic author
vmskostoff
Active Contributor
Posts: 39
Joined: Fri Jun 28, 2019 10:29 am
Reputation: 0
Location: Gary, Indiana
Status: Offline

Re: NTP Configuration - ERROR

Post by vmskostoff » Tue Jan 07, 2020 3:57 pm

martinv wrote:
Fri Dec 06, 2019 6:32 am
The numbering of members in the TCPIP Services UIC group differs based on the order of the initial configuration of services.

Just guessing:

Does an identifier exist for TCPIP$NTP? Is it the same as the UIC shown in the UAF record?

And: Set your process to traditional parsing before calling TCPIP$CONFIG.COM. Been there, got bitten by that.
There is no identifier for TCPIP$NTP. It comes back as follows:
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier
UAF>
The UIC for TCPIP$NTP is: [3655,12]

Process was set for traditional parsing style after checking by:
$ sho process/parsing_style

Parse Style: Traditional
Last edited by vmskostoff on Tue Jan 07, 2020 4:05 pm, edited 2 times in total.

User avatar

martinv
Master
Posts: 101
Joined: Fri Jun 14, 2019 11:05 pm
Reputation: 0
Location: Goslar, Germany
Status: Offline
Contact:

Re: NTP Configuration - ERROR

Post by martinv » Fri Jan 10, 2020 2:47 am

vmskostoff wrote:
Tue Jan 07, 2020 3:57 pm
There is no identifier for TCPIP$NTP. It comes back as follows:
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier
UAF>
The UIC for TCPIP$NTP is: [3655,12]
So, does the situation improve when you add the identifier via UAF> ADD/IDENTIFIER/USER=TCPIP$NTP ?
Working hard for something we don't care about is called stress;
working hard for something we love is called passion.
(Simon Sinek)


Topic author
vmskostoff
Active Contributor
Posts: 39
Joined: Fri Jun 28, 2019 10:29 am
Reputation: 0
Location: Gary, Indiana
Status: Offline

Re: NTP Configuration - ERROR

Post by vmskostoff » Fri Jan 10, 2020 3:10 pm

martinv: The situation improved but it also did not. Adding the identifier in UAF to TCPIP$NTP removed the ownership issues that existed prior to this. This was an item pointed out by debbee.west. Again, once the identified was added in UAF, the ownership issues on files and directories were eliminated and resolved.

In following debbee.west path, I tried to start NTP.
$@TCPIP$NTP_STARTUP.COM Nope. Did not start.
$@TCPIP$CONFIG.COM and noticed that NTP was listed as Disabled Started.
So I Selected 1 - Enable Service on this node.
It was then listed as Enabled Started.

Shutdown NTP
$@TCPIP$NTP_SHUTDOWN.COM.

Checked TCPIP$CONFIG.COM. NTP Enabled Stopped.

I then went back to to start NTP.
$@TCPIP$NTP_STARTUP.COM. Started NTP. All was good.

Thanks for all your help. Once the identifier for TCPIP$NTP was resolved, the file and directory ownership followed immediately.

Post Reply