Skip to content

T-Series NTP Server Support – General Queries

Table of Contents

  1. Firmware Update Queries
    • Where To Obtain Firmware Updates
    • Updating Firmware Using TFTP
  2. GNSS / GPS Issues
    • No GPS / GNSS Signal Lock
    • Coax Cable Crimping Tool Specification
    • Syslog ‘Error Updating GNSS Firmware’ Message
  3. General System Queries
    • RS232 Serial Port Settings For Console Connection
    • Resetting User Password to Default.
    • Obtaining the Root Password
    • Disabling ‘root’ and ‘timetools’ User Accounts
    • Disable USB Networking
    • Testing SNMP Traps from the command line
    • Remote Syslogging
    • Savecert command not working
    • SSL Certificate File Format
    • T-Series MTBF – Mean Time Between Failure
    • SysLog Error Messages
    • Real Time Clock is Incorrect After Power Up
    • Device Powered Up But Display Blank and Alarm LED Off
  4. Network Time Protocol – NTP Queries
    • T-Series NTP Server Local Clock configuration
    • NTP Authentication Key Length
    • NTP Service Stopped
    • Useful Commands To Debug NTP
  5. Networking Issues
    • Adding a static route to the routing table
    • Adding VLAN Support
    • Disabling TLSv1 TLSv1.1 TLSv1.2
    • TCP Port 111 Open
    • T550 Both NICS With Same IPv4 Subnet Mask
    • Issue Using “ip route add” in ‘Additional Network Configuration’ field.
    • Ethernet Port Not Responding After Firmware Update

Firmware Update Queries

Where To Obtain Firmware Updates

TimeTools provides regular firmware updates for all T-Series NTP servers.

To take advantage of new features, security updates and bug fixes, TimeTools recommends that customers regularly check that their T-Series network time servers firmware is up to date.

Updates are provided free of charge and can be downloaded here.

Updating Firmware Using TFTP

TFTP definitely works and is the preferred method of updating firmware – indeed we use it here to update our own servers. However, the instructions must be followed exactly.

A couple of things to check:

  1. Once configured, can you ping the TFTP sever from the NTP server?
  2. Have you extracted the firmware update zip file to the ROOT TFTP directory. Also, check that all files are present.
  3. Check that the TFTP port – TCP port 69 is not blocked by antivirus or Microsoft defender.
  4. Check what is the version of uboot that you have on the NTP server? See instructions page 6

TFTP communicates using UDP port 69. Ensure that UDP port 69 is open on host PC firewall. Consider temporarily disabling Windows Firewall or any Anti-Virus software!

GNSS / GPS Issues

No GPS / GNSS Signal Lock

T-Series GPS and GNSS time servers utilize a remotely located active antenna separate from the server unit. Correct specification and installation of the antenna and cabling is paramount.

Check here for tips and pointers on troubleshooting or improving your time servers GPS/GNSS signal reception.

Coax Cable Crimping Tool Specification

TimeTools provide a range of cable lengths for use with T-Series models. Standard lengths are 10m, 30m, 50m and 100m. A crimp tool may be required to install a surge suppressor or to customize the length of the supplied cable.

The 10m, 30m and 50m cables are a LMR195 equivalent cable. Use a LMR195 crimp tool.

The 100m cable is a LMR400 equivalent cable. Use a LMR400 crimp tool

See:

https://www.solwise.co.uk/wireless_sundries.htm
https://ccsukltd.co.uk/coax-crimp-tools-lmr400
https://uk.farnell.com/amphenol-rf/47-10210/crimp-tool-coax-conn-lmr400-b9913/dp/2500881

Syslog ‘Error Updating GNSS Firmware’ Message

After updating to firmware 2.0.003, the device will attempt to update the GNSS firmware, if necessary.
If the device is powered down during the GNSS update, the update may fail when power is reapplied.

Use “ttgnssflash -res360” or “ttgnssflash -icm360” to manually update GNSS firmware from a CLI (SSH/Console) session.

The command operand depends on model and serial number.

General System Queries

RS232 Serial Port Settings For Console Connection

The T-Series can be configured using a dumb terminal emulator, running on a PC, connected to the devices console port using the supplied serial console lead.

  1. Connect T-Series unit to PC RS232 serial port (or USB serial converter) using supplied console cable.
  2. On the PC, use a dumb terminal emulator (such as putty) to connect to the device with the following settings: Connect Using: Direct to COMx (where x is the com port number)
    Bits per second: 115200
    Data bits: 8
    Parity: None
    Stop bits: 1
    Flow control: None
    Terminal Emulation: ANSI
  3. Press the key on the dumb terminal emulator a few times to establish a connection.

Resetting User Password to Default.

Resetting the T-Series user password can only be acheived by logging into the device using the serial console cable supplied with the unit.

  1. Establish a serial connection between a PC and the T-Series unit, see: “RS232 Serial Port Settings For Console Connection” above.
  2. Login to the device using username “timetools”. The password can be obtained by emailing TimeTools at Info@TimeToolsLtd.com with the units serial number from the rear of the device.
  3. Use ‘ttdefaultpwd’ command to reset ‘admin’ password to default. The default password is ‘admin’.
  4. Logout
  5. All admin passwords will now be reset to default.

Obtaining the Root Password

The root password is not required to configure normal operation of the device. The devices file system can be damaged from the root user account. Therefore, TimeTools do not recommend using the root user account.

In the unlikely event that the root password is required, it can be obtained by emailing TimeTools at Info@TimeToolsLtd.com with the units serial number from the rear of the device.

T-Series NTP server root password can only be used from a serial console session or after logging into an admin account.

Disabling ‘root’ and ‘timetools’ User Accounts

Firmware required: 2.0.003 or later.

The ‘root’ and ‘timetools’ user accounts can only be used from a serial console session. They are intended to be used to allow lost passwords to be recovered.

The system ‘root’ and ‘timetools’ user accounts can be disabled or enabled using the “nts” command from a CLI prompt:

nts security root

Warning: Disabling the ‘root’ and ‘timetools’ accounts will prevent lost passwords from being recovered. TimeTools does not recommend using this command.

Default: nts security root enable

Disable USB Networking

From firmware 2.0.001 – USB networking is disabled by default.

The T-Series currently configures USB0 for potential USB networking. It emulates IP address 192.168.11.1.

The easiest way to disable this feature is to add the following line to the “Additional Ethernet Configuration:” field of the “Network Configuration” web page:

ifconfig usb0 down

Alternatively, you can assign a different IP address to USB0 using:

ifconfig usb0 192.168.12.1 netmask 255.255.255.0

Testing SNMP Traps from the command line.

Open a SSH or serial console session to the NTP server.

Log in as user “admin”.

Change to user “root” using “su -l”. The password must be obtained from TimeTools by phone, stating the model and serial number of the device.

The T-Series NTP servers use Net-SNMP to generate traps.

SNMP v1 Command Line

/usr/bin/snmptrap -v 1 -c community trapdestination 'snmpoid' 'srcipaddress' 6 trapnr '' 'snmptxtoid' s "traptxt"

SNMP v2c Command Line

/usr/bin/snmptrap -v 2c -c community trapdestination '' 'snmpoid.trapnr' 'snmptxtoid' s "traptxt"

Operands:

community – community string.
trapdestination – IP address to send trap message to.
snmpoid – SNMP OID address: “1.3.6.1.4.1.36555.1.1.0”
srcipaddress – source IP address (NTP server IP address)
snmptxtoid – SNMP trap text message OID address “1.3.6.1.4.1.36555.1.1.0.100”

trapnr traptxt
10 “T-NTS Heartbeat”
11 “T-NTS Startup”
20 “T-NTS GPS Error”
21 “T-NTS GPS Holdover”
22 “T-NTS GPS No Lock”
23 “T-NTS GPS Lock OK”
41 “T-NTS NTP No Sync”
42 “T-NTS NTP Sync OK”

SNMP v1 Example

/usr/bin/snmptrap -v 1 -c mycommunity 192.168.1.222 '1.3.6.1.4.1.36555.1.1.0' '192.168.1.108' 6 22 '' '1.3.6.1.4.1.36555.1.1.0.100' s "T-NTS GPS No Lock"

SNMP v2c Example

/usr/bin/snmptrap -v 2c -c mycommunity 192.168.1.222 '' '1.3.6.1.4.1.36555.1.1.0.22' '1.3.6.1.4.1.36555.1.1.0.100' s "T-NTS GPS No Lock"

Remote Syslogging

As of firmware 2.0.002, the T-Series currently uses journald for logging, which does not support remote syslogging. We will however look at alternatives in future firmware updates.

However, the latest T-Series firmware does support SNMP which can be used for remote monitoring of the device.

Savecert command not working

The userguide provides information on saving SSL certificates using the ‘savecert’ command.

It should read ‘ttsavecert’.

Also, in older firmware versions, the path can become over-written, requiring a system path to also be specified:

/usr/sbin/ttsavecert

Alternatively, from firmware version 2.0.001 onwards, the ‘nts security savecert’ command can be used.

See user guide 14.7. Security Commands
Documented in User Guide T1300-04 page 29.

SSL Certificate File Format

All T-Series NTP servers can accept a user generated SSL certificate for authentication. The user generated certificate must be uploaded to the devices ‘/tmp/admin’ directory using ftp or sftp.

The uploaded certificate then needs to be saved to flash using the ‘ttsavecert’ or ‘nts security savecert’ commands from a console or SSH session to the NTP server.

The SSL certificate should be in the PEM file format.

The ‘ttsavecert’ and ‘nts security savecert’ commands require two certificate files: certificate.crt and certificate.key. Both files should be located in the /tmp/admin directory.

The ‘certificate.crt’ file should contain the server certificate. The certificate should be contained between —- BEGIN CERTIFICATE—- and —-END CERTIFICATE—- statements.

The seperate ‘certificate.key’ file should contain the private key. The private key should be contained between —- BEGIN RSA PRIVATE KEY—– and —–END RSA PRIVATE KEY—– statements.

The default SSL certificate can be reinstated by using the ‘ ttsavecert -remove’ or ‘nts security savecert default’ commands

NOTE: The device will need to be restarted for the changes to take effect.

Documented in User Guide T1300-04 page 29.

T-Series MTBF – Mean Time Between Failure

We do not currently have MTBF figures for the T-Series NTP Servers. However, we can provide manufacturer specified MTBF figures for the individual modules used in the T-Series, as follows:

Processor module: 1,578,684 Hours @ 20C
PSU: 824,600 Hours
GNSS module: 7,668,124 Hours

SysLog Error Messages

There are a number of messages that appear in the system log (SysLog). The messages also appear in the standard binary image for processor module. They do not affect performance.

Messages:
systemd-sysctl[94]: Couldn’t write ’16’ to ‘kernel/sysrq’, ignoring: No such file or directory
systemd-sysctl[94]: Couldn’t write ‘fq_codel’ to ‘net/core/default_qdisc’, ignoring: No such file or directory
systemd-udevd[101]: Invalid rule /lib/udev/rules.d/73-seat-late.rules:15: RUN{builtin}: ‘uaccess’ unknown
systemd-udevd[132]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.

Real Time Clock is Incorrect After Power Up

When the T-Series Real Time Clock (RTC) Battery expires, the correct time will not be kept after a power cycle. The time will revert to the date of the firmware update.

By default, the NTP service and GNSS reference clock service perform a 10 minute system time – reference clock time validation check at start up. If the system time is incorrect, the check can fail.

The RTC battery is non-rechargable and can only be replaced by returning the unit to TimeTools.

The T-Series NTP server is designed to be continuously powered. The RTC battery is only used when the device is powered down. No current is drawn from the battery when the device is powered up.

Assuming 80% on time, the battery has a 15-20 year lifespan, without requiring replacement.

From firmware version 2.0.003, the CLI command “nts ntp panic disable” can be used to disable the ‘system time’ – ‘reference clock time’ validity check.

Device Powered Up But Display Blank and Alarm LED Off

If the T-Series device is powered up, i.e. the LCD backlight is illuminated (T300 and T550), but the display is blank and the Alarm LED is off, it generally indicates a fault condition.
However, in the first instance, before returning to TimeTools, re-flash the firmware to the device.

Firmware updates are provided free of charge and can be downloaded here.

Network Time Protocol – NTP Queries

Local Clock configuration

The T-Series can utilise the undisciplined local clock, by specifying it in the “NTP Configuration Menu > Additional NTP Configuration” as follows:

server 127.127.1.0
fudge 127.127.1.0 stratum 10

However, please bear in mind that the NTP server will then provide time to clients regardless of how accurate its internal time is. It will provide time even if its internal system time is incorrect!

The T-Series RTC oscillator has a frequency tolerance of +/-20ppm @25C, but this will increase with temperature variation. +/-20ppm is approximately +/-2 sec per day.

The time will need to be periodically set from a SSH or console session using the ttsetclock command, e.g.:

ttsetclock 0930 05012017   # HHMM DDMMYYYY

NTP Authentication Key Length

Configuring NTP keys on a NTP server, gives clients the option of using keys to authenticate the server. Any client that does not wish to use authentication is unaffected and can continue to receive time stamps.

There is a typo in the manual – the key must consist of up to 20 printable ASCII characters, excluding “#”.

Alternatively, up to 32 bytes can be specified if the key is hexified. Keys longer than 20 characters are assumed to be hex. If you want to use an ASCII key longer than 20 bytes, you must hexify it.

There are no minimum requirements for the complexity of the key.

NTP Service Stopped

Description: NTP: Stopped on LCD and status web page.

Check:

Check NTP Log for any error or warning messages.
Check “NTP Additional Configuration”. The following command will prevent LCD and web applications from monitoring the status of the NTP daemon:

restrict default kod nomodify notrap nopeer noquery limited

Remedy:

Replace with:

Give the localhost full access rights (required) – IPv4 and IPv6:

restrict 127.0.0.1 nomodify
restrict 0::1 nomodify

Prevent remote clients from querying server – IPv4 and IPv6:

restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

Useful Commands To Debug NTP

A couple of NTP server SSH commands you may find useful:

Display a list of NTP peers (-p) and system variables (-c rv):

 ntpq -p -c rv

Display number of NTP packets sent and received (iostats) and a list of NTP clients (mrulist):

 ntpq  -c iostats -c mrulist

Networking Issues

Adding a static route to the routing table

The T-Series NTP Servers “Network” web configuration page has an “Additional Ethernet Configuration” field which can be used to automatically run Linux commands when the device boots.

You can add a static route by using the Linux ‘ip route add’ command:

Format: ip route add {NETWORK/MASK} dev {DEVICE}

ip route add 192.168.1.0/24 dev eth0

Check the syslog file for any potential errors in the script.

Adding VLAN Support

The T-Series NTP Servers “Network” web configuration page has an “Additional Ethernet Configuration” field which can be used to automatically run Linux commands when the device boots..

Most useful is the Linux “ip” command to add VLAN’s / routes / ip addresses etc.

Add a VLAN:

ip link add link eth0 name eth0.100 type vlan id 100

Add an IP:

ip addr add 192.168.100.1/24 brd 192.168.100.255 dev eth0.100
ip link set dev eth0.100 up

The device must be rebooted after making any changes. Also, check the system log to ensure that the commands have executed without errors.

More information on the Linux ip command is available here:

https://linux.die.net/man/8/ip

Disabling TLSv1 TLSv1.1 TLSv1.2

From firmware version 2.0.003 onwards, only TLSv1.3 is enabled, TLSv1 TLSv1.1 TLSv1.2 versions are disabled by default.

TCP Port 111 Open

T-Series
Version 2.0.001
10/3/21

After running a port scan TCP port 111 is open. This is due to the RpcBind service.
It can be closed by “su -l” to root and running:

systemctl stop rpcbind
systemctl disable rpcbind

May also need:

systemctl mask rpcbind.service

See:

https://unix.stackexchange.com/questions/176115/how-stop-rpcbind-from-being-started-on-arch-linux/355027

T550 Both NICS With Same IPv4 Subnet Mask

The T-Series uses a much later version of Linux. It relies on an internal routing table to send packets to a specific NIC.

A problem can arise if you have both NIC’s in the same subnet. The routing table will always direct responses to the first NIC in the routing table associated with the subnet – regardless of which NIC a packet arrived at. It is therefore possible that a response to a packet arriving at one NIC is sent via the other NIC.

There is a good explanation of this here:

https://www.ni.com/en-gb/support/documentation/supplemental/11/best-practices-for-using-multiple-network-interfaces–nics–with.html

See: Rule 2: Avoid Assigning Multiple NICs in the Same Computer to the Same Subnet

Alternatively, use IPv6 rather than IPv4, which does not have the limitation.

Issue Using “ip route add” in ‘Additional Network Configuration’ field.

Fixed: Firmware 2.0.003

There is an issue in later firmware versions where the ‘Additional Network Configuration’ field script is executed in the boot procedure before networking is properly up and running. This can cause any network configuration commands (such as ‘ip route add’) to fail. The issue can be easily corrected by modifying the service file for the script to execute the script after networking is up and running.

The following commands can be run from a console or SSH session. Firstly, login as user admin, su to root, modify the networkadd.service file and lastly restart the device, as follows:

su -l

The root password can be obtained by emailing TimeTools at Info@TimeToolsLtd.com with the units serial number from the rear of the device.

sed -i 's/network.target/multi-user.target/' /lib/systemd/system/networkadd.service
ttrestart

Any network commands in the ‘Additional Network Configuration’ field script should now be executed correctly. The issue will be corrected in the next firmware release.

The following command can be used to check for script errors:

journalctl -b -u networkadd.service

Ethernet Port Not Responding After Firmware Update

We have had a few reports from customers of Ethernet ports not responding after a firmware update.

The T-Series uses an Ethernet controller chip which under some circumstances may not respond to a reset.

The best solution is to simply power the unit down and back up again. The Ethernet controller should then correctly restart.

Share:
LinkedInPrint