Page 1 of 1

NTP Configuration - ERROR

Posted: Tue Dec 03, 2019 5:51 pm
by vmskostoff
I am running into a peculiar error when trying to enable and start NTP in TCPIP on OpenVMS 8.4,
TCPIP V5.7 - ECO 1.
NTP had been previously configured and working on this particular node. So it did work.

$ @tcpip$config.com
option 3 - Server components
option 12 - NTP DISABLED STOPPED
option 1 - Enable service on this node

%TCPIP-E-NOACNT, TCPIP$NTP account not configured
Press <ENTER> key to continue ...
-TCPIP-E-NOACNTID, identifier for account not found in rights database
Press <ENTER> key to continue ...
Creating template SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE
%LIBRAR-F-OPENOUT, error opening SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE; as
output
-RMS-E-DNF, directory not found
-SYSTEM-W-NOSUCHFILE, no such file
$

In AUTHORIZE, Owner of TCPIP$NTP exists.
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,12] ([3655,12])

On another node in AUTHORIZE, it is different:
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,11] ([TCPIP$AUX,TCPIP$BOOTP])

How to resolve?

Re: NTP Configuration - ERROR

Posted: Fri Dec 06, 2019 6:16 am
by brianreiter
The TCPIP$AUX identifier is missing on one machine. Looking at TCPIP$CONFIG it could be added using:

Code: Select all

tcpip$uaf add /identifier tcpip$aux /value=uic=[3655,*]
but it should be created by TCPIP$CONFIG. Is this being run from an account with the appropriate privileges? Just seems odd that TCPIP$CONFIG can't see the directory.

I've had issues in the past when the SYSUAF and RIGHTLIST files have been created as part of the initial machine setup and used to setup TCPIP etc. When the machine was booted into the cluster it picked up the cluster wide SYSUAF and RIGHTSLIST files which had different values for the various accounts created by TCPIP$CONFIG during the initial configuration.

Re: NTP Configuration - ERROR

Posted: Fri Dec 06, 2019 6:32 am
by martinv
The numbering of members in the TCPIP Services UIC group differs based on the order of the initial configuration of services.

Just guessing:

Does an identifier exist for TCPIP$NTP? Is it the same as the UIC shown in the UAF record?

And: Set your process to traditional parsing before calling TCPIP$CONFIG.COM. Been there, got bitten by that.

Re: NTP Configuration - ERROR

Posted: Fri Dec 06, 2019 9:13 am
by marty.stu
Also probably you have an issue similar to this one: https://groups.google.com/forum/#!topic ... pVpUhbb1nY

Re: NTP Configuration - ERROR

Posted: Sun Dec 08, 2019 6:54 am
by debbee.west
Good day to you.

You have a possibility of a few things going wrong here.

%TCPIP-E-NOACNT, TCPIP$NTP account not configured
Press <ENTER> key to continue ...
-TCPIP-E-NOACNTID, identifier for account not found in rights database
Press <ENTER> key to continue ...

First, when you went into tcpip$config and selected NTP, there was likely some information right at the top of the screen, before you picked enable service on this node. On my system, I removed NTP from UAF and disabled it. This is the information that I get.

NTP Configuration

Service is not defined in the SYSUAF.
Service is not defined in the TCPIP$SERVICE database.
Service is not enabled.
Service is stopped.

So we know that, as I said, I removed the UAF entry and the service database entry.

Now, when I go to enable the service, I get

%TCPIP-I-INFO, TCPIP$AUX identifier (uic=[3656,*]) already exists
Creating NTP Service Entry

Someone already replied on how to add the tcpip$aux identifier to the database. You should probably also see if there is an identifier for tcpip$ntp. In your case, you may want to look at what is in your UAF record:

From mine -
$mcr authorize
UAF> show/ident tcpip$aux
Name Value Attributes
TCPIP$AUX [003656,177777]
UAF> show/ident tcpip$ntp
Name Value Attributes
TCPIP$NTP [003656,000016]



Once you have your UAF worked out, lets turn our attention to the next set of errors/information.

Creating template SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE
%LIBRAR-F-OPENOUT, error opening SYS$SPECIFIC:[TCPIP$NTP]TCPIP$NTP.TEMPLATE; as
output
-RMS-E-DNF, directory not found
-SYSTEM-W-NOSUCHFILE, no such file
$


When you do this command/ who owns the file?

$ dir/sec sys$specific:[000000]tcpip$ntp.dir

Now, remember on the system that I used for this example, that I removed the service entry and the UAF entry. I DID NOT remove the directory structure on disk. You will see that my rights id for tcpip$ntp was [3655,16], and my files are owned by [3655,12]. You are likely in a similar situation as well.

SYSTEM IA18> $ dir/sec sys$specific:[000000]tcpip$ntp.dir

Directory SYS$SPECIFIC:[000000]

TCPIP$NTP.DIR;1 [3655,12] (RWE,RWE,RE,E)

Total of 1 file.

I will need to make tcpip$ntp the owner. Since we fixed the rights database earlier, I will set this by the rights id. (and then verify the change.)

$ set file/owner=tcpip$ntp sys$specific:[000000]tcpip$ntp.dir
$ dir/sec sys$specific:[000000]tcpip$ntp.dir

Directory SYS$SPECIFIC:[000000]

TCPIP$NTP.DIR;1 [TCPIP$AUX,TCPIP$NTP] (RWE,RWE,RE,E)

Total of 1 file.

Now, the contents of the directory file will need to be checked as well. Note that in my case, they are still owned by [3655,12].

$ dir/sec sys$specific:[tcpip$ntp]

Directory SYS$SPECIFIC:[TCPIP$NTP]

LOGIN.COM;1 [3655,12] (RWED,RWED,RE,RE)
TCPIP$NTP.CONF;7 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.CONF;6 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.CONF;5 [3655,12] (RWED,RWED,RE,)
TCPIP$NTP.DRIFT;10737
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP.TEMPLATE;1
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;437
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;436
[3655,12] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;435
[3655,12] (RWED,RWED,RE,)


So, I corrected the owner:

set file/owner=tcpip$ntp sys$specific:[tcpip$ntp]*.*;*
SYSTEM IA18> $ dir/sec sys$specific:[tcpip$ntp]

Directory SYS$SPECIFIC:[TCPIP$NTP]

LOGIN.COM;1 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,RE)
TCPIP$NTP.CONF;7 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.CONF;6 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.CONF;5 [TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.DRIFT;10737
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP.TEMPLATE;1
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;437
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;436
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)
TCPIP$NTP_RUN.LOG;435
[TCPIP$AUX,TCPIP$NTP] (RWED,RWED,RE,)

All of my files are now owned by TCPIP$NTP and NTP will start up.

$ @sys$manager:tcpip$ntp_startup

$ sho sys/proc=*ntp*
OpenVMS XEND-T7Y on node IA18 8-DEC-2019 07:47:49.49 Uptime 81 09:30:10
Pid Process Name State Pri I/O CPU Page flts Pages
34C00B81 TCPIP$NTP_1 LEF 9 985 0 00:00:01.66 593 614 N


So, when we look at the last bit of information you provided, we can see that NTP was not properly affiliated with the tcpip$ntp rights it, and possibly the TCPIP$AUX id needs some attention as well.

In AUTHORIZE, Owner of TCPIP$NTP exists.
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,12] ([3655,12])


On your other system, we can see the that the tcpip$ntp account is associated with the tcpip$bootp identifier. I would say that the other system could use some attention as well.

On another node in AUTHORIZE, it is different:
when do SHO TCPIP$NTP in AUTHORIZE, UIC: [3655,11] ([TCPIP$AUX,TCPIP$BOOTP])


If you clean up these items, NTP may be fine. If you do not have the file sys$specific:[000000]tcpip$ntp.dir and you still get the errors that you cannot create the file, then you will want to take a look at the permissions on the 000000.dir directory. Perhaps tcpip$config is not able to create the directory file. For help in troubleshooting that,

$ set audit/alarm/enable=file=fail
$ reply/enable

Then go back into tcpip$ntp and try to enable ntp again. When tcpip$config attempts to create the directory and fails, an opcom should appear explaining the issue.

You will want to disable the logging after you have gotten your opcom output.

$ reply/disable
$ set audit/alarm/disable=file=fail

If that does not work, please post any errors that you found along the way that differ from the path that I was showing you.

Re: NTP Configuration - ERROR

Posted: Tue Jan 07, 2020 3:57 pm
by vmskostoff
martinv wrote:
Fri Dec 06, 2019 6:32 am
The numbering of members in the TCPIP Services UIC group differs based on the order of the initial configuration of services.

Just guessing:

Does an identifier exist for TCPIP$NTP? Is it the same as the UIC shown in the UAF record?

And: Set your process to traditional parsing before calling TCPIP$CONFIG.COM. Been there, got bitten by that.
There is no identifier for TCPIP$NTP. It comes back as follows:
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier
UAF>
The UIC for TCPIP$NTP is: [3655,12]

Process was set for traditional parsing style after checking by:
$ sho process/parsing_style

Parse Style: Traditional

Re: NTP Configuration - ERROR

Posted: Fri Jan 10, 2020 2:47 am
by martinv
vmskostoff wrote:
Tue Jan 07, 2020 3:57 pm
There is no identifier for TCPIP$NTP. It comes back as follows:
%UAF-E-SHOWERR, unable to complete SHOW command
-SYSTEM-F-NOSUCHID, unknown rights identifier
UAF>
The UIC for TCPIP$NTP is: [3655,12]
So, does the situation improve when you add the identifier via UAF> ADD/IDENTIFIER/USER=TCPIP$NTP ?

Re: NTP Configuration - ERROR

Posted: Fri Jan 10, 2020 3:10 pm
by vmskostoff
martinv: The situation improved but it also did not. Adding the identifier in UAF to TCPIP$NTP removed the ownership issues that existed prior to this. This was an item pointed out by debbee.west. Again, once the identified was added in UAF, the ownership issues on files and directories were eliminated and resolved.

In following debbee.west path, I tried to start NTP.
$@TCPIP$NTP_STARTUP.COM Nope. Did not start.
$@TCPIP$CONFIG.COM and noticed that NTP was listed as Disabled Started.
So I Selected 1 - Enable Service on this node.
It was then listed as Enabled Started.

Shutdown NTP
$@TCPIP$NTP_SHUTDOWN.COM.

Checked TCPIP$CONFIG.COM. NTP Enabled Stopped.

I then went back to to start NTP.
$@TCPIP$NTP_STARTUP.COM. Started NTP. All was good.

Thanks for all your help. Once the identifier for TCPIP$NTP was resolved, the file and directory ownership followed immediately.