Howto:Obtaining the current time for innovaphone devices using NTP
The innovaphone devices require an NTP server to obtain the current time in order for several functions to work as desired. This is especially important for PBX installations where phones shall show the correct time and call detail records must include the correct time stamp. Also, TLS won't work without a valid time.
While freely accessible time servers exist in the internet, it is often desirable to obtain the time from a computer in the network. All Linux/Unix and Windows computers can serve as a time server. Here is how to configure windows computers to act as time servers.
This information applies to
- All innovaphone devices directly connected to the network.
The innovaphone NTP client
All innovaphone devices which are connected directly to the LAN support a NTP client. It is configured in the Services/NTP page of the configuration.
Also, if the device is configured using DHCP and the DHCP servers provides a time server address, it is used by the device.
If it has no time server configured (neither directly nor via DHCP), then it assumes its gatekeeper as being a time server. Since all innovaphone gateway devices provide a time service, phones registered with an innovaphone gatekeeper will obtain the time from there.
For more details see the appropriate section in the administrator manual.
Finding a time server
There are 2 choices for finding a time server. First you can use a publicly accessible time server in the internet. This of course requires access to the internet which enables the SNTP protocol. See your local router/firewall documentation for information on SNTP.
A list of time servers on the internet can be found at http://support.ntp.org/bin/view/Servers/WebHome.
If you use an external NTP server, make sure you keep the traffic low by using a reasonable update frequency (once every 2 hours should be sufficient). Also, have only one device querying the external NTP server and configure all others such that they obtain the time from this device.
The other choice is to use an existing workstation or server PC as a time server.
Using a windows PC as a time server
All windows PC running as a PDC can be used as time server right away.
If a non-PDC server or a workstation is to be used as time server, the w32time service must be started. This can be done manually using the commands
% net start w32time
% net stop w32time
To make sure the time server is started whenever the systems boots up, you will need to change a system variable in the computers registry. Please make sure you know what you are doing when manipulating the windows registry since doing this improperly can make the computer unusable.
To enable the time server at system boot time, set the DWORD registry key
Windows-based computers use the following hierarchy by default:
All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
All member servers follow the same process as client desktop computers.
Domain controllers may nominate the primary domain controller (PDC) operations master as their inbound time partner but may use a parent domain controller based on stratum numbering.
All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.
Following this hierarchy, the PDC operations master at the root of the forest becomes authoritative for the organization, and you should configure the PDC operations master to gather the time from an external source. This is logged in the System event log on the computer as event ID 62. Administrators can configure the Time service on the PDC operations master at the root of the forest to recognize an external Simple Network Time Protocol (SNTP) time server as authoritative by using the following net time command, where server_list is the server list:
% net time /setsntp:server_list
Using a Linux/Unix box as time server
A nice article on how to set up a Unix-ish box to work as a time server can be found here: http://www.rgrjr.com/linux/ntp.html.
Dealing with the firewall
If your firewall is able to allow NTP then you will be able to configure it such that NTP clients can query remote NTP servers.
If your firewall does not specifically support NTP, you need to be sure that packets to and from remote NTP servers can get through. When NTP queries a server, it sends a series of UDP packets, each of which is addressed to UDP port 123 on the remote machine and bears a quasi-random source port, call it X, as the return address on the local machine. Responses are returned with a destination port of X on the local machine and a source port of 123 on the remote machine. In order for the query to succeed, both packets must be able to traverse the firewall.