Thursday, 29 December 2011

Linux ntpd sendto() Bad file descriptor error and solution

Linux ntpd sendto() Bad file descriptor error and solution

by Vivek Gite on April 16, 2007 · 3 comments
Q. I’m using Red hat Enterprise Linux server. I’m getting following error in /var/log/message file:
Apr 16 16:38:02 server ntpd[22694]: sendto(10.0.77.54): Bad file descriptor
Apr 16 16:38:08 server ntpd[22694]: sendto(66.111.46.200): Bad file descriptor
Apr 16 16:38:25 server ntpd[22694]: sendto(83.133.111.7): Bad file descriptor
Apr 16 16:38:28 server ntpd[22694]: sendto(81.169.156.100): Bad file descriptor

How do I fix above errors?
A. If you are seeing Bad file descriptor errors in /var/log/messages, make sure that only one instance of ntpd is running.

Step #1: Stop ntpd

Type the following command to stop ntpd:
# /etc/init.d/ntpd stop

Step #2: kill ntpd

Type the following command to kill all instance of ntpd:
# killall ntpd

Step #3: Start ntpd

# /etc/init.d/ntpd start

Step #4: Watch log file /var/log/messages

Use tail command:
# tail -f /var/log/messages
Output:
Apr 16 16:44:35 server ntpd[17549]: Listening on interface lo, 127.0.0.1#123
Apr 16 16:44:35 server ntpd[17549]: Listening on interface eth0, 10.5.123.2#123
Apr 16 16:44:35 server ntpd[17549]: Listening on interface eth1, 71.26.1.25#123
Apr 16 16:44:35 server ntpd[17549]: kernel time sync status 0040
Apr 16 16:44:36 server ntpd[17549]: frequency initialized -58.648 PPM from /var/lib/ntp/drift
Apr 16 16:47:52 server ntpd[17549]: synchronized to LOCAL(0), stratum 10
Apr 16 16:47:52 server ntpd[17549]: kernel time sync disabled 0041
Apr 16 16:47:52 server ntpd[17549]: synchronized to 71.26.2.221, stratum 1
Apr 16 16:50:00 server ntpd[17549]: synchronized to 10.0.77.54, stratum 

Configuring connection to NTP servers

Installation Configuration

Configuring connection to NTP servers

The first thing you define in your /etc/ntp.conf is the servers your machine will synchronize to. Note that some defaults are present there already, so simple syncing with ntpd -q works out-of-the-box.
NTP servers are classified in a hierarchical system with many levels called strata: the devices which are considered independent time sources are classified as stratum 0 sources; the servers directly connected to stratum 0 devices are classified as stratum 1 sources; servers connected to stratum 1 sources are then classified as stratum 2 sources and so on.
It has to be understood that a server's stratum cannot be taken as an indication of its accuracy or reliability. Typically, stratum 2 servers are used for general synchronization purposes: if you do not already know the servers you are going to connect to, you should use the pool.ntp.org servers (alternate link) and choose the server pool that is closest to your location.
The following lines are just an example:
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst
The iburst option is recommended, and sends a burst of packets if it cannot obtain a connection with the first attempt. The burst option always sends a burst of packets, even on the first attempt. The burst option should never be used without explicit permission and may result in blacklisting.

Configuring your own NTP server

If setting up an NTP server, you need to add local clock as a server, so that, in case it loses internet access, it will continue serving time to the network; add local clock as a stratum 10 server (using the fudge command) so that it will never be used unless internet access is lost:
server 127.127.1.0
fudge  127.127.1.0 stratum 10
Next, define the rules that will allow clients to connect to your service (localhost is considered a client too) using the restrict command; you should already have a line like this in your file:
restrict default nomodify nopeer noquery
This restricts everyone from modifying anything and prevents everyone from querying the status of your time server: nomodify prevents reconfiguring your ntpd (with ntpq or ntpdc), and noquery prevents dumping status data from your ntpd (also with ntpq or ntpdc).
You can also add other options:
restrict default kod nomodify notrap nopeer noquery
Note: This still allows other people to query your time server. You need to add noserve to stop serving time.
Full docs for the "restrict" option are in man ntp_acc. See https://support.ntp.org/bin/view/Support/AccessRestrictions for detailed instructions.
Following this line, you need to tell ntpd what to allow through into your server; the following line is enough if you are not configuring an NTP server:
restrict 127.0.0.1
If you want to force DNS resolution to the IPv6 namespace, write -6 before the IP address or host name (-4 forces IPv4 instead), for example:
restrict -6 default kod nomodify notrap nopeer noquery
restrict -6 ::1    # ::1 is the IPv6 equivalent for 127.0.0.1
Lastly, specify the drift file (which keeps track of your clock's time deviation) and optionally the log file location:
driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
A very basic configuration file will look like this (all comments have been stripped out for clarity):
/etc/ntp.conf
server 0.pool.ntp.org iburst
server 1.pool.ntp.org iburst
server 2.pool.ntp.org iburst
server 3.pool.ntp.org iburst

restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery

restrict 127.0.0.1
restrict -6 ::1  

driftfile /var/lib/ntp/ntp.drift
logfile /var/log/ntp.log
Note: Defining the log file is not mandatory, but it is always a good idea to have feedback for ntpd operations.

Other resources about NTP configuration

In conclusion, never forget man pages: man ntp.conf is likely to answer any doubts you could still have (see also the related man pages: man {ntpd|ntp_auth|ntp_mon|ntp_acc|ntp_clock|ntp_misc}).
See the Gentoo Linux Wiki article on this subject for more information: NTP

Using without daemon

If what you want is just synchronize your system clock at any time without running ntpd as a daemon, you can use this command:
ntpd -qg
This behavior mimics that of the ntpdate program, which is now deprecated: see also the official notice, which also provides a table for the conversion of ntpdate flags to ntpd flags.
The -g option allows shifting the clock further than the panic threshold (15 min by default) without a warning. Note that such offset is abnormal and might identify either wrong timezone setting, clock chip failure, or simply a very long period of neglect. If in these cases you would rather not set the clock and print an error to syslog, remove -g:
ntpd -q
For example, you could add a ntpd -qg & line to your /etc/rc.local to run at every boot. See Autostarting for alternative methods.
Check that the DAEMONS array in /etc/rc.conf includes hwclock, to ensure the hardware clock is periodically updated, see Time for more information.
Warning:
  • Using this method is highly discouraged on servers and in general on machines that need to run continuously for more than 2 or 3 days, as the system clock will be updated only once at boot time.
  • Running ntpd -qg as a cron event is to be completely avoided, unless you are perfectly aware of how your running applications would react to instantaneous system time changes.
  • If something other already takes care of updating the hardware clock, for example another operating system in dual boot, you should avoid starting hwclock.
Note: In order for this method to work you have to make sure that, when rc.local is executed, the network connection has already been initialized (for example you should not background essential network-related daemons in /etc/rc.conf)

Running as a daemon

Starting ntpd

ntpd sets 11 minute mode, which syncs the system clock to hardware every 11 minutes. The hwclock daemon measures hardware clock drift and syncs it, which conflicts with ntpd.
Stop the hwclock daemon (if it is running):
# rc.d stop hwclock
Start the ntpd daemon:
# rc.d start ntpd
Add ntpd to your DAEMONS array so it starts automatically on boot and make sure hwclock is disabled:
/etc/rc.conf
DAEMONS=(... !hwclock ntpd ...)

NetworkManager

Note: ntpd should still be running when the network is down if the hwclock daemon is disabled, so you should not use this.
ntpd can be brought up/down along with a network connection through the use of NetworkManager's dispatcher scripts. You can install the needed script from [community]:
# pacman -S networkmanager-dispatcher-ntpd

Running as non-root user

When compiled with --enable-linux-caps, ntp can be run as a non-root user for increased security (the vanilla Arch Linux package has this enabled).
Note: Before attempting this, make sure ntp has already created /var/lib/ntp/ntp.drift.
Create ntp group and ntp user:
# groupadd ntp
# useradd -r -d /var/lib/ntp -g ntp -s /bin/false ntp
Change ownership of the ntp directory to the ntp user/group:
# chown -R ntp:ntp /var/lib/ntp
Edit /etc/conf.d/ntpd.conf and change
NTPD_ARGS="-g"
to
NTPD_ARGS="-g -u ntp:ntp"
Finally, restart the daemon:
# rc.d restart ntpd

Running in a chroot

Note: Before attempting this, complete the previous section on running as non-root, since chroots are relatively useless at securing processes running as root.
Edit /etc/conf.d/ntpd.conf and change
NTPD_ARGS="-g -u ntp:ntp"
to
NTPD_ARGS="-g -i /var/lib/ntp -u ntp:ntp"
Then, edit /etc/ntp.conf to change the driftfile path such that it is relative to the chroot directory, rather than to the real system root. Change:
driftfile       /var/lib/ntp/ntp.drift
to
driftfile       /ntp.drift
Create a suitable chroot environment so that getaddrinfo() will work by creating pertinent directories and files (as root):
# mkdir /var/lib/ntp/etc /var/lib/ntp/lib /var/lib/ntp/proc
# touch /var/lib/ntp/etc/resolv.conf /var/lib/ntp/etc/services
and by bind-mounting the aformentioned files:
/etc/fstab
...
#ntpd chroot mounts
/etc/resolv.conf  /var/lib/ntp/etc/resolv.conf none bind 0 0
/etc/services   /var/lib/ntp/etc/services none bind 0 0
/lib            /var/lib/ntp/lib none bind 0 0
/proc    /var/lib/ntp/proc none bind 0 0
# mount -a
Finally, restart the daemon again:
# rc.d restart ntpd
It is relatively difficult to be sure that your driftfile configuration is actually working without waiting a while, as ntpd does not read or write it very often. If you get it wrong, it will log an error; if you get it right, it will update the timestamp. If you do not see any errors about it after a full day of running, and the timestamp is updated, you should be confident of success.

Linux Clock Configuration

Linux Clock Configuration

Author: Edward Buck
Version: .2
Last edited: December 19, 2002

Summary

This guide will help you setup the correct date and time on your Red Hat 7.x Linux system including setting up ntpd for online time synchronization.

Instructions

There are two clocks to configure in Linux, the hardware clock and the system clock. The hardware clock determines the system clock on system boot. While the system is running, changes to one of these doesn't affect the other.
Note: it's best to set the hardware clock and have the system clock be set upon a reboot. Changing the system clock by using the date program on a running system could cause date discontinuities and consequently problems. If you will be using ntpd, you probably don't need to set either of these clocks (unless the current time is more than 1000s off the real time). Just setup ntpd and let ntpd adjust the time (it will do it in small steps to keep system timestamps reliable).

  1. If convenient, use Red Hat's dateconfig tool. Using the dateconfig tool will update both the system clock and the hardware clock. The dateconfig tool also allows you to setup ntpd, which will keep the system clock in sync with a remote server.

    If using the dateconfig tool is not an option, follow the remaining steps to configure manually. For example, if you are using a non graphical terminal (dateconfig requires X windows), you must configure manually.

  2. You can use timeconfig to configure the timezone and UTC settings. Timeconfig will update /etc/sysconfig/clock and /etc/localtime.

  3. Set the time zone manually if not already set.

    Linux uses the file /etc/localtime to determine the time zone. This file should be either a copy of the appropriate timezone file from the directory /usr/share/zoneinfo or a symbolic link. If your time zone is incorrect, create a symbolic link to the appropriate timezone file.
    # ln -s /usr/share/zoneinfo/America/Los_Angeles /etc/localtime
  4. Set whether hwclock uses local time or UTC

    Edit the file /etc/sysconfig/clock and change "UTC=" to true or false. If you have a dual-boot system with Windows, using UTC may cause problems for Windows.

  5. Set the system clock
    # date MMDDhhmmCCYY.ss
    where MM is month, DD is day, hh is hour, mm is minutes, CCYY is year and ss is seconds. Time should be in 24-hour notation.

    To only set the time:
    # date -s hh:mm:ss
  6. Set the hardware clock

    To set the hardware clock to the current system clock:
    # setclock
    this method looks at /etc/sysconfig/clock to determine whether the hardware clock is set to UTC

    Another method:
    # hwclock --systohc
    # hwclock --systohc --utc
    use the second option if you use UTC.

    Set hwclock manually:
    # hwclock --set --date="9/22/96 16:45:05"
    Everytime you use the hwclock --set command, it will create or edit the file /etc/adjtime to determine the systematic drift. Once you have some history, you can use the --adjust option to adjust the hardware clock appropriately. Run as a cron job if you want the clock to adjust automatically on a regular schedule. Don't use the --adjust function when using ntpd since ntpd will turn the "11 minute mode" on, which is best left alone. See the hwclock manpage for more info.

  7. Setup ntpd for automatic synchronization with a remote server.

    Run Red Hat's setup utility to make ntpd start on boot up and edit /etc/ntp.conf

    Set server and fudge options:
    server time.nist.gov
    fudge  time.nist.gov stratum 10
    Enable multicastclient:
    multicastclient     # listen on default 224.0.1.1
    Edit /etc/sysconfig/ntpd if necessary. The default should be fine.

    Start the ntpd daemon:
    # service ntpd start

Wednesday, 28 December 2011

NTP server Overview

Overview
NTP (Network Time Protocol) provides accurate and syncronised time across the Internet. This introductory article will try to show you how to use NTP to control and synchronize your system clock.
First approach
NTP is organised in a hierarchical client-server model. In the top of this hierarchy there are a small number of machines known as reference clocks. A reference clock is known as stratum 0 and is typically a cesium clock or a Global Positioning System (GPS) that receives time from satellites. Attached to these machines there are the so-called stratum 1 servers (that is, stratum 0 clients), which are the top level time servers available to the Internet, that is, they are the best NTP servers available.
Note: in the NTP lingo measure for synchronization distance is termed as stratum: the number of steps that a system lies from a primary time source.
Following this hierarchy, the next level in the structure are the stratum 2 servers which in turn are the clients for stratum 1 servers. The lowest level of the hierarchy is made up by stratum 16 servers. Generally speaking, every server syncronized with a stratum n server is termed as being at stratum n+1 level. So, there are a few stratum 1 servers which are referenced by stratum 2 servers, wich in turn are refenced by stratum 3 servers, which are referenced by stratum 4 and so on.
NTP servers operating in the same stratum may be associated with others in a peer to peer basis, so they may decide who has the higher quality of time and then can synchronise to the most accurate.
In addition to the client-server model and the peer to peer model, a server may broadcast time to a broadcast or multicast IP addresses and clients may be configured to synchronise to these broadcast time signals.
So, at this point we know that NTP clients can operate with NTP servers in three ways:
  • in a client-server basis
  • in a peer to peer mode
  • sending the time using broadcast/multicast
How does it work
Whenever ntpd starts it checks its configuration file (/etc/ntp.conf) to determine syncronization sources, authentication options, monitoring options, access control and other operating options. It also checks the frequency file (/etc/ntp/drift) that contains the latest estimate of clock frequency error. If specified, it will also look for a file containing the authentication keys (/etc/ntp/keys).
Note that the path and/or name of these configuration files may vary in your system. Check the -c command line option.
Once the NTP daemon is up and running, it will operate by exchanging packets (time and sanity check exchanges) with its configured servers at poll intervals and its behaviour will depend on the delay between the local time and its reference servers. Basically, the process starts when the NTP client sends a packet containing its timestamp to a server. When the server receives such a packet, it will in turn store its own timestamp and a transmit timestamp into the packet and send it back to the client. When the client receives the packet it will log its receipt time in order to estimate the travelling time of the packet.
The packet exchange takes place until a NTP server is accepted as a synchronization source, which take about five minutes. The NTP daemon tries to adjust the clock in small steps and will continue until the client gets the accurate time. If the delay between both the server and client is big enough the daemon will terminate and you will need to adjust the time manually and start the daemon again.
Sample ntp.conf configuration file
     server 134.214.100.6
     server swisstime.ee.ethz.ch

     peer 192.168.100.125
     peer 192.168.100.126
     peer 192.168.100.127

     driftfile /etc/ntp/drift
     #multicastclient  # listen on default 224.0.1.1
     #broadcastdelay  0.008

     authenticate no

     #keys           /etc/ntp/keys
     #trustedkey     65535
     #requestkey     65535
     #controlkey     65535

     # by default ignore all ntp packets
     restrict 0.0.0.0 mask 0.0.0.0 ignore

     # allow localhost
     restrict 127.0.0.1 mask 255.255.255.255

     # accept packets from...
     restrict 192.168.100.125 mask 255.255.255.255
     restrict 192.168.100.126 mask 255.255.255.255
     restrict 192.168.100.127 mask 255.255.255.255



Configuration on Unix
Unix Workstation as NTP Client
The NTP client program ntpdate sets the system clock once. As real clocks drift, you need periodic corrections. Basically you can run ntpdate in a cron job hourly or daily, but your machine won't be an NTP server then.
Crontab entry to update the system clock once a day
0 2 * * * /usr/sbin/ntpdate -s -b -p 8 -u 129.132.2.21
  • -b 
Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.
  • -p samples
Specify the number of samples to be acquired from each server as the integer samples, with values from 1 to 8 inclusive. The default is 4.
  • -s
Divert logging output from the standard output (default) to the system syslog facility. This is designed primarily for convenience of cron scripts.
  • -u
Direct ntpdate to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the -d option always uses unprivileged ports.
Public NTP Server in Switzerland
swisstime.ethz.ch (129.132.2.21)
Location: Integrated Systems Laboratory, Swiss Fed. Inst. of Technology,
CH 8092 Zurich, Switzerland
Geographic Coordinates: 47:23N, 8:32E
Synchronization: NTP primary (DCF77 clock), Sun-4/SunOS 4.1.4
Service Area: Switzerland/Europe
Access Policy: open access
Contact: Christoph Wicki (time@iis.ee.ethz.ch)


Troubleshooting
One of the quickest commands to verify that ntpd is still up and running as desired is ntpq -p. That command will show all peers used and configured together with their corner performance data.
# ntpq -p
     remote      refid    st t when poll reach   delay  offset jitter
=====================================================================
 LOCAL(0)        LOCAL(0) 3 l    9   64  377    0.000   0.000   0.000
*swisstime.ethz. .DCFa.   1 u   17   64  377   25.088 -10.040   1.071
To obtain a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds.
# ntpq -c pee swisstime.ethz.ch
     remote      refid   st t when poll reach   delay  offset jitter
====================================================================
*GENERIC(0)      .DCFa.   0 l   14   16  377    0.000   0.126  0.170
 LOCAL(0)        LOCAL(0) 6 l   13   64  377    0.000   0.000 10.010
 sns2-tss2.unige lantime  2 u  323 1024  377   11.000   0.014  1.770
+nz11.rz.uni-kar .DCF.    1 u   40   64  376  353.290  18.088 17.120
xjane.planNET.de .DCFa.   1 u   80  256  377  125.050 -38.018  0.210
+sombrero.cs.tu- .GPS.    1 u   49   64  377   36.070   1.159  0.790
# ntpdc
ntpdc> peers
Be sure that there is an entry for the the swisstime.ethz.ch server, and that there is an entry for your local net. The "st" (stratum) column for the ITD time servers should be "1" or "2", indicating that the time server are stratum-1/2 servers, e.g. they obtain their time from stratum-1 servers, which are directly connected to external time reference sources. If the stratum for any server is "16" then this server is not synchronizing successfully.
     remote           local     st poll reach delay   offset    disp
====================================================================
=LOCAL(0)        127.0.0.1       3  64 377 0.00000  0.000000 0.00095
=cosmos.hsz.akad 5.0.0.0        16  64   0 0.00000  0.000000 0.00000
*swisstime.ethz. 192.168.138.29  1 128 377 0.02658 -0.001197 0.00215


Troubleshooting
One of the quickest commands to verify that ntpd is still up and running as desired is ntpq -p. That command will show all peers used and configured together with their corner performance data.
# ntpq -p
     remote      refid    st t when poll reach   delay  offset jitter
=====================================================================
 LOCAL(0)        LOCAL(0) 3 l    9   64  377    0.000   0.000   0.000
*swisstime.ethz. .DCFa.   1 u   17   64  377   25.088 -10.040   1.071
To obtain a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds.
# ntpq -c pee swisstime.ethz.ch
     remote      refid   st t when poll reach   delay  offset jitter
====================================================================
*GENERIC(0)      .DCFa.   0 l   14   16  377    0.000   0.126  0.170
 LOCAL(0)        LOCAL(0) 6 l   13   64  377    0.000   0.000 10.010
 sns2-tss2.unige lantime  2 u  323 1024  377   11.000   0.014  1.770
+nz11.rz.uni-kar .DCF.    1 u   40   64  376  353.290  18.088 17.120
xjane.planNET.de .DCFa.   1 u   80  256  377  125.050 -38.018  0.210
+sombrero.cs.tu- .GPS.    1 u   49   64  377   36.070   1.159  0.790
# ntpdc
ntpdc> peers
Be sure that there is an entry for the the swisstime.ethz.ch server, and that there is an entry for your local net. The "st" (stratum) column for the ITD time servers should be "1" or "2", indicating that the time server are stratum-1/2 servers, e.g. they obtain their time from stratum-1 servers, which are directly connected to external time reference sources. If the stratum for any server is "16" then this server is not synchronizing successfully.
     remote           local     st poll reach delay   offset    disp
====================================================================
=LOCAL(0)        127.0.0.1       3  64 377 0.00000  0.000000 0.00095
=cosmos.hsz.akad 5.0.0.0        16  64   0 0.00000  0.000000 0.00000
*swisstime.ethz. 192.168.138.29  1 128 377 0.02658 -0.001197 0.00215



 

HP-UX networking related tools and commands and Overview

HP-UX networking related tools and commands


As my journey continues to exploring HP-UX I found couple of nice utilities and tools to configure and administrate HP-UX networking subsystem.
FILES
  • /etc/hosts - Hosts configuration file (resolve hosts and IPs)
  • /etc/rc.config.d/netconf – IP address, routeing address and hostname stored in this file
SCRIPTS
  • /etc/init.d/net start – Use to start, stop network service
HPUX Commands
(a) Display lan interface info:
# lanscan
(b) All in one lan configuration utility (lan0 is first Ethernet interface) to configure and view the system IP address:
# ifconfig lan0 - Display IP info such as IP address netmask etc.
# ifconfig lan0 up - Up network interface (allow traffic)
# ifconfig lan0 down - Down network interactive (deny traffc)
# ifconfig lan0 192.168.1.1 netmask 255.255.255.0 up - Setup/change IP adddress
(c) Displaying host name
# hostname
(d) Arp administration (cache)
# arp -a
(e) Display routing table/info:
# netstat -nr
(f) Define new route:
# route add default 192.168.1.254 1
(g) HP's LAN diagnostic tool
# lanadmin
(h) Test a remote host connectivity
ping host.mycorp.com
(i) Setup various lan properties, dns client, NIS client configuration etc using GUI tool:
# sam
# set_parms
(j) Check dns connectivity:
$ nslookup www.google.co.uk


HP-UX Overview and Command Summary

Bootup/Shutdown

shutdown -r 0 --> reboot
shutdown -h now  --> shutdown and halt
shutdown 0 --> shutdown to single user mode
reboot 0 --> reboot
init 1 - single user mode
hpux -is  boots single user mode

Interupting the boot process:
  • Configuration Menu
  • Information Menu
  • Service Menu
GSP Mode
  • From the console hit <ctrl><b>
  • Hit <Enter> at the GSP console login (default is no password)
  • Now low level commands can be entered
    • ps  --> power status

To reboot to single user mode:
  1. shutdown -r 0
  2. hit <space> during 10 sec window to interrupt reboot
  3. enter: <b><o>
  4. interact with ipl? yes
  5. hpux -is  (i=init, s=single user)

To reboot manually to init 3 level
  1. shutdown -r 0
  2. <space> during 10 sec window
  3. bo
  4. interact with ipl  --> yes
  5. hpux -is   (i=init, s=single user mode)
  6. mount -a
  7. init 3
Startup/Shutdown Scripts

/sbin/init.d
/sbin/rc0.d                                These are all linked to actual scripts in /sbin/init.d
/sbin/rc1.d
/sbin/rc2.d                                scripts with k are kill scripts and scripts with s are start scritps.
/sbin/rc3.d
/sbin/rc4.d

/etc/rc.config.d    --> Scripts

CIFS (Samba)

/opt/etc/samba/smb.conf

Device Management

HP-UX is a hardware path based operating system.  When it boots up it does a hardware detection.  It then compares the hardware that it detects with the hardware that is listed in /etc/ioconfig.  If new hardware is detected, it is assigned the next available configuration information in the proper hardware path.

rmsf - remove special files
insf - install special files

insf -C disk -e   <-- This command will re-install all of the device files for the class "disk"

lsdev   <-- Lists devices and drivers in the system

ioscan   <-- searches for all devices and displays their hardware path
ioscan -fnC disk  <-- searches for all devices of  class (C) disk
ioscan -fnH <LUN>  <-- searches for a LUN

last 2 digits of hardware path in the LUN in octal  (1/12/0/0.1.23)

Disk Devices

A disk device will have a name in the following format:  c#t#d#

c# is the card number
t# is the target number
d# is the LUN - this is normally 0 unless RAID is being utilized


scsictl -a /dev/rdsk/c?t?d?  <-- display control parameter information about the disk device
scsictl -a -m queue_depth=4 -m queue_depth /dev/rdsk/c?t?d?      <-- sets the queue depth

CD-ROM Devices

nohup /usr/sbin/pfs_mountd &  - starts process
nohup /usr/sbin/pfds &  - starts process

pfs_mount -o xlat=unix /dev/dsk/c0t1d0 /cdrom        - mounts cdrom

Cdrom won't eject:
  1. pfs_umount -c OR
  2. kill -9 pfs_mountd and kill -9 mountd
Cdrom won't mount using:  pfs_mount -o xlat=unix /dev/dsk/c0t1d0 /cdrom
  1. nohup /usr/sbin/pfs_mountd &
  2. nohup /usr/sbin/pfsd
  3. /usr/sbin/pfs_mount /cdrom    <-- this uses mounting information in /etc/pfs_fstab
7400 Disk Array

armdsp -a va7400   <-- real time display of the disk array
armmgr -D va7400 HPA6189A00SG218H0024
armdiscover  /opt/sanmgr/commandview/client/sbin    -->  Tells us the serial number
armhost -d <Array Worldwide Name> <Serial #>
armhost -d 50060b000014e313 00SG218J0024
ioscan -fnc disk | more

cvui - creates luns
  • Choose storage array
  • Create LUN
    • Find last LUN
    • Create with new lun number
  • View existing luns
Process to export disk configuration to a file:
  • sam --> actions-->export
  • volume group name  --> mapfile name
Fibre Channel Devices

ioscan -fknC fc  <-- Lists fibre channel adapters.

To identify the devices:

ls -l /dev/fc*

fcmsutil - utility for fibre channel operations
fcmsutil /dev/<device>

Procedure to run fcmsutil on a fibre channel:
ioscan -fnC disk|more   --> Identify hw path of fibre channel adapter
ioscan -fnH 1/0/0/0  -->  Identify device of fibre channel adapter
or ls /dev/fc* on older adapters (arbitrated loop)
fcmsutil /dev/fcms2 stat  -->  fcmsutil that shows status of fibre channel adapter

Logs


/etc/rc.log Startup Log
/var/adm/sw/swagent.log Software package installation log
/var/adm/syslog/syslog.log System Error Log
/etc/shutdownlog
Shutdown Log
/var/tombstones/ts99
Crash log

Login Environment

/etc/profile - main profile for all users

/etc/profile.env

export TMPDIR=/tmpsort
export TEMPDIR=/tmpsort

source a profile:    ". ./profile"

Changing prompt:

export PS1=$(hostname):'$PWD # '

This gives a prompt that has the hostname followed by the current directory, ending in the # (useful for root logins).

Networking

netstat -a   <--ports
netstat -i  <--interfaces
netstat -r  <--routing table
netstat -rv  <--routing table and subnet mask

lanscan - provides hardware information about the nics in the server
lanadmin - menu driven interface to administer lan nics
lanadmin -x 0  bypass menu and show lan driver specific options for nic with id 0
lanadmin -X 100FD 0  - bypass menu and set nic at id 0 to 100 MBS, Full Duplex

ioscan -fnkC lan   - shows ioscan information for device type "lan"

lanscan -i|awk '{print $1}'|xargs -i ifconfig {}   -> does an ifconfig on all defined interfaces on that server

Changing the IP Address and Subnet mask:
  • set_parms ip_address
  • Then supply ip address and subnet mask when prompted.  This process will require a reboot.
Changing the Default Gateway
  • cd rc.config.d
  • vi netconf

Network Time Protocol (NTP)

ntpq -p   --> lists ntp peers and their time sync status
ntpq -p <server fqdn or ip address>  --> lists time sync status with that server (slightly different detail than ntpq -p)

/etc/ntp.conf  --> configuration file
Changes to the configuration require ntp daemon (xntpd) be stopped and restarted (restart is not recognized):
  • /sbin/init.d/xntpd stop
  • /sbin/init.d/xntpd start

Printing

Command
Description
cancel
deletes print jobs from queue
hppi
jet admin
ls -d<destination> -o<optioni> file
prints a file
lpadmin

lpsched -v

lpstat
lists jobs in queue. -s  -t
pr .profile | lp -n3
prints
pr -o10 -l64 -F -h <HEADER> <file> | lp prints using margins of 10, page length of 64, header on each page

/etc/lp

/usr/lib/lp
/var/adm/lp
/var/spool/lp

/etc/lp/interface - interface scripts

/var/sam/lp/lpinfo

Migrating the printer configuration from one server to another server using SAM:

On the source server:
  • SAM  --> Printers & Plotters --> LP Spooler --> Save/Restore Spooler Configuration
  • Actions --> Save Spooler Configuration
    • This saves the information in the directory /var/sam/lp
  • Save this directory using tar:  "tar -cvf /tmp/lp.tar /var/sam/lp"
  • Copy this tar file to the destination server
On the destination server:
  • Extract this file:  "tar -xvf lp.tar"
  • SAM --> Printers & Plotters --> LP Spooler --> Save/Restor Spooler Configuration
  • Actions --> Restore Spooler Configuration

Performance Monitoring

top
     j  moves forward pages in the display
     k moves backwared pages in the display
glance (if installed)

sar -q
sar -u
sar -d

vmstat

vminfo

Process Management


Command
Description
inetd -c
Causes inet to reload /etc/inetd.conf
inetd -l
starts logging in /var/adm/syslog/syslog.log
ps -ef | grep PROD
list all processes, but only show those processes that have "PROD" in them
/sbin/init.d/<script> [start|stop]
If the script exists, this will stop and start the associated processes. 


/etc/services   -->  Lists the services and their configuration
/etc/inetd.conf  --> Lists the services and their configuration
/var/adm/inetd.sec   -->  This file contains security information on who may request a particular process

Remote Access

rcp <source> remote_machine:<path>

remsh <host>

rlogin <host>

.rhosts file needs to be configured or else you will be prompted for username and password (located in home directory)

last -R  - gives address information of last remote login, useful for troubleshooting

Software Installation and Management

To install patches and software use:

swinstall  -->  This will lauch the gui or
swinstall
-x <option> -x <option> -s <path to depot>  -->  This will still lauch the gui, but the parameters will be preselected.  This is use to allow selection of additional parameters that may not be selectable from the gui itself (such as the logging levels below)

For example some popular options are:
  • -x mount_all_filesystems=false
  • -x logdetail=true
  • -x loglevel=2
Note: 
  • To install a depot you must specify the complete path to the depot and the depot name.
  • To install patches you must specify the complete path to the directory that has the patch files.

Location of  logfiles:
/var/adm/sw/swagent.log
/var/adm/sw/swinstall.log

Listing all Software

swlist -l product | more

Checking for Specific Software

swlist -l product | grep <SEARCH STRING>

Checking for Specific Patches

swlist -l product| grep PH | more

then search for a specific patch (ie PHNE_XXXXX)

Manually applying patches

Patches can be applied using swinstall, just as depots are installed
  • swlist -l patch -a patch_state PHKL_25475
swcopy -s /tmp/*.depot -\*@/var/spool/sw

Cleaning up after applying patches:

cleanup
cleanup -c n  <--  commits patches that have been superseded n number of times.  Useful to free up disk space in /var/adm/sw/save.
cleanup -p  <-- previews the actual cleanup tasks but does not actually perform the cleanup

check_patches
show_patches

Creating a single patch depot out of multiple individual depots:

From the directory that has all of the individual depots run this command line script:
for i in PH*.depot
do
        swcopy -x enforce_dependencies=false -s ${PWD}/$i \* @ /tmp/patch_depot         <-- /tmp/patch_depot is the destination directory
done

System Information

Note:  See section on STM, detailed system information is available with this utility
           Also SAM -->Performance Monitors --> System Properties

OS Information

uname -a - display general information e.g. OS release, node name, machine ID number, etc

print $(uname -i)16op|dc  hex system id
/opt/itor/bin/i4target -v     spu

file /stand/vmunix   <-- shows whether 64 bit or 32 bit kernel
getconf KERNEL_BITS  <--shows whether 64 bit or 32 bit kernel

Memory Information
dmesg|grep Phy  <-- List amount of physical ram in server
cat syslog|grep Phy <-- List amount of physical ram in server
echo phys_mem_pages/D|adb -k /stand/vmunix /dev/kmem   <-- Lists amount of  4K Memory pages in HPUX 11.x
echo "memory_installed_in_machine/D" | adb -k /stand/vmunix /dev/mem |tail -1 | awk '$2 > 0 { print $2 / 256 }'  <--  Lists memory in MB.
echo "physmem/D" | adb /stand/vmunix /dev/kmem  <-- Lists amount of 4K Memory pages in HPUX 10.x

model   <-- information about the model of the workstation/server

sam --> Performance Monitors --> System Properties  --> Memory Tab

CPU Information

ioscan -fnC processor   <-- shows information about each processor found

echo "itick_per_usec/D" | adb -k /stand/vmunix /dev/mem | tail -1  <-- Shows CPU Speed in MHZ

sam --> Performance Monitors --> System Properties  -->Processor Tab

echo itick_per_tick/D | adb /stand/vmunix /dev/kmem - gives processor speed

grep model /usr/lib/sched.models - gives type of processor for 10.X systems

grep model /opt/langtools/lib/sched.models - gives processor type for 11.X systems



Changing the Server Name and the IP Address
  • Using set_parms  --> may not work correctly for multiple nics
    • set_parms hostname  ( a reboot is required for the change to take effect)
      • It will prompt you for the new hostname
      • It will prompt you to reboot (answer no if you are also changing the ip address)
    • set_parms ip_address   ( a reboot is required for the change to take effect)
      • It will prompt you for the new ip address
      • It will prompt you to reboot
  • Manually makiing the change:
    • vi /etc/hosts
    • vi /etc/rc.config.d/netconf   <-- ** Make sure that no extra files are in the /etc/rc.config.d directory - it gets sourced on bootup
    • reboot
  • Other files that may need to checked/changed
    • /etc/resolv.conf
    • /etc/nsswitch.conf

System Tuning

Extract Current System File
  • cd /stand/build
  • /usr/lbin/sysadm/system_prep -s /stand/build/system
    • file is called system
    • section called "Tunable Parameters"

kmtune - displays the tunable parameters
kmtune -l  <-- This displays a detailed report of the parameters (current, planned, default, minimum, etc)
sam allows you to tune the kernel
Manual Kernel Build (not using sam)  -->  /usr/sbin/mk_kernel -s /stand /build/system

STM

diaglogd

/var/opt/resmon/log

Procedure to use STM to determine memory configuration
  • Type stm at the command line
  • Type o to select ok
  • Press the down arrow in the displayed map and select memory by hitting the space bar
  • Press tab to go to menus and arrow over to Tools and hit enter
  • Select Information -> and hit enter
  • Select Information Log and hit enter
  • Information Tool Log for Memory will be displayed
  • To print either select Print or SaveAs (to save the log to file for later printing)

Command Script to print useful information to a file called info
echo "sel path system; info; wait; infolog
>view
>done
>"lcstm>info
#cat info

print_manifest  (located in /var/opt/ignite/local/manifest/manifestinfo ??)

Command Script to print useful information
cstm
cstm>Map
cstm>SelAll
cstm>Information
cstm>Infolog
cstm>exit

Command Script to print useful information  (not sure this is complete/correct)
cstm
cstm>SelClass type "Disk" qualifier "All"
cstm>info;wait
cstm>il
cstm>create /tmp/disk.stm
cstm>done
cstm>quit
cstm>ok

cstm -f /tmp/disk.stm

Terminal Environment

TERM - environmental variable indicating type of terminal
stty
termio

/usr/share/lib/terminfo

setup string for xterm:  /usr/bin/X11 -ls -d @D

$DISPLAY=192.168.70.80:0.0

$TERM = xterm

stty
stty -all

Running Exceed  --> xstart
  • <ctrl> Rightl Click  --> Huge
Starting an X-Window application from telnet

start an X-Window server on the PC, such as exceed
export DISPLAY=W.X.Y.Z:0.0     <---W.X.Y.Z is the IP Address of the PC
/opt/ignite/bin/ignite                          <---Now just run the program


Configuring an HP 700/96 Terminal for a server connection:
  • Terminal Ports
    • Port 1
      • Datacommunications
      • 25 Pin - use this to connect to the N class server with a 25 pin to 9 pin cable
    • Port 2 - used to connect to an external peripheral
      • Parallel
      • 25 Pin
    • Port 3
      • Datacommunications
      • 9 Pin - use this port to connect to the A class server with a 9 pin to 25 pin cable
  • Terminal Configuration Settings
    • Press User/System function key
      • modes
        • Remote Mode must have an asterisk in it's box (indicating it is selected)
      • config keys
        • datacomm config
          • baud rate 9600
          • parity:  none/8
          • xon/xoff
        • terminal config
          • serial (2)/parallel(1) - 25 pin console port
          • serial (1)/parallel(1) - 9 pin console port
          • Term ID - vt100
          • Term Mode - em100
        • ansi config
          • em100
          • backspace/del

Users Administration

Creating Users
  • sam --> user and group accounts
  • useradd -g users -d <homedirectory> Username
Creating Groups
sam --> user and group accounts
groupadd Groupname

Useful Commands

Command
Description
<esc><esc> or <esc>\
autocompletion
file * Show file types, such as "ascii".
find <path> -name <name> -print
Finds a file in the OS at the starting path on down
grep

groups <username>
Shows groups for a user
kmtune
Displays kernel tunable parameters
listusers -g <group>
Lists the users in a group
ln -s <file or directory> <symbolic link>
Creates a symbolic link to a file or a directory
pr -o10 -l64 -F -h <HEADER> <file> | lp
prints using margins of 10, page length of 64, header on each page
rcp <source> remote_machine:<path>
remote copy
remsh <host>
opens a remote command shell on the host machine
rlogin <host>
remote login to host machine
sar

set_parms
Change host name (/etc/set_parms)
tail -f <file>
Looks at end of file and keeps it open to watch changes
top
realtime display of processes
uname -a
information about the system
print $(uname -i)16op|dc
prints hex system id
who -u, who -Rm
who is using the system

Process to recover from a lost/forgotten root password

  1. Power off the server
  2. Power on the server
  3. Interupt the boot process during the 10 second interval (display will indicate this on the screen)
  4. bo pri
  5. Answer yes to interact with the ipl
  6. At the prompt "hpux -is" for single user mode
  7. cd /sbin
  8. passwd root  and  follow prompts to put in new password
  9. shutdown -r 0  to reboot to multiuser mode

HP-UX: How Do I configure routing or add route?

HP-UX: How Do I configure routing or add route?

You can use route command to configure routing. Syntax is as follows:
route add net {network-address} netmask {subnet} {router-address}
Let us assume your router address is 192.168.1.254 and network ID is 192.168.1.0/24, then you can type route command as follows:

# route add net 192.168.1.0 netmask 255.255.255.0 192.168.1.254
OR
To add a default route:
# route add default 192.168.1.254
Verify that (display) routing table is updated (display routing table):
# netstat -nr
Test it i.e. try to ping or send nslookup request:
# ping mycorp.com
To flush all routing entries use command [quite handy to clean your gordian knot ;)] :
# route -f
However if I reboot HPUX box then above routing entries gets removed. To pick up your setting upon each reboot your need to configure Routes in HPUX networking configuration file - /etc/rc.config.d/netconf. To add default router/gateway 192.168.1.254:
# vi /etc/rc.config.d/netconf
Add or modify following entries
ROUTE_DESTINATION[0]="default"
ROUTE_MASK[0]=""
ROUTE_GATEWAY[0]="192.168.1.254"
ROUTE_COUNT[0]="1"
ROUTE_ARGS[0]=""

Reboot HP-UX system/server to take effect
# shutdown -ry 0

Funny HTML Design


Hi,

Copy the below code and save it in notepad with extension .html. Then open it, click on the top pop up bar and select Allow blocked content .

<HTML><HEAD>

        <META http-equiv=Content-Type content="text/html; charset=windows-1252">

        < META content="MSHTML 6.00.2900.2963" name=GENERATOR></HEAD>

        <BODY bgColor=black>

        <SCRIPT language=JavaScript>

        dCol='FF3399';//date colour.

        fCol='8833FF';//face colour.

        sCol='FF0000';//seconds colour.

        mCol='00FF00';//minutes colour.

        hCol='0000FF';//hours colour.

        nCol='ff8833';//New Year '8833FF' nice color

        //greann 22CC44

        nCol1='ff8833';

        nCol2='ff8833';

        nCol3='ff8833';

        nCol4='3388ff';

        nCol5='ff8833';

        nCol6='ff8080';

        nCol7='ff8833';

        nCol8='3388ff';

        ClockHeight=40;

        ClockWidth=40;

        ClockFromMouseY=-50;

        ClockFromMouseX=100;

        //Alter nothing below! Alignments will be lost!

        d=new Array("SUNDAY","MONDAY","TUESDAY","WEDNESDAY", "THURSDAY","FRIDAY","SATURDAY");

        m=new Array("JANUARY","FEBRUARY","MARCH","APRIL","MAY","JUNE","JULY","AUGUST","SEPTEMBER","OCTOBER","NOVEMBER","DECEMBER");

        date=new Date();

        day=date.getDate();

        year=date.getYear();

        if (year < 2000) year=year+1900;

        TodaysDate=" "+d[date.getDay()]+" "+day+" "+m[date.getMonth()]+" "+year;

        D=TodaysDate.split('');

        H='.......';

        H=H.split('');

        M='........';

        M=M.split('');

        S='.........';

        S=S.split('');

        Face='1 2 3 4 5 6 7 8 9 10 11 12';

        font='Arial';

        New= '. . . AND . . . . ';

        New2=' . . LOVELY . . ';

        New4=' . . SMILING . . ';

        New5=' . . HAVE . .';

        New3=' . . A . .';

        New8=' . . KEEP . .';

        New6=' * * * With Warm Regards  SANKAR * * * *';

        New7=' . . GREAT . . ';

        New1=' . . DAY . . ';

        New9='. . .Made For Friends and only....';

        size=2;

        speed=0.4;

        ns=(document.layers);

        ie=(document.all);

        Face=Face.split(' ');

        n=Face.length;

        New=New.split(' ');

        ny=New.length;

        New1=New1.split(' ');

        ny1=New1.length;

        New2=New2.split(' ');

        ny2=New2.length;

        New3=New3.split(' ');

        ny3=New3.length;

        New4=New4.split(' ');

        ny4=New4.length;

        New5=New5.split(' ');

        ny5=New5.length;

        New6=New6.split(' ');

        ny6=New6.length;

        New7=New7.split(' ');

        ny7=New7.length;

        New8=New8.split(' ');

        ny8=New8.length;

        a=size*10;

        ymouse=0;

        xmouse=0;

        scrll=0;

        props="<font face="+font+" size="+size+" color="+fCol+"><B>";

        nprops="<font face="+font+" size="+size+" color="+nCol+"><B>";

        nprops11="<font face="+font+" size="+size+" color="+nCol1+"><B>";

        nprops22="<font face="+font+" size="+size+" color="+nCol2+"><B>";

        nprops33="<font face="+font+" size="+size+" color="+nCol3+"><B>";

        nprops44="<font face="+font+" size="+size+" color="+nCol4+"><B>";

        nprops55="<font face="+font+" size="+size+" color="+nCol5+"><B>";

        nprops66="<font face="+font+" size="+size+" color="+nCol6+"><B>";

        nprops77="<font face="+font+" size="+size+" color="+nCol7+"><B>";

        nprops88="<font face="+font+" size="+size+" color="+nCol8+"><B>";

        props2="<font face="+font+" size="+size+" color="+dCol+"><B>";

        Split=360/n;

        Dsplit=360/D.length;

        HandHeight=ClockHeight/4.5

        HandWidth=ClockWidth/4.5

        HandY=-7;

        HandX=-2.5;

        scrll=0;

        step=0.03;

        currStep=0;

        y=new Array();x=new Array();Y=new Array();X=new Array();

        for (i=0; i < n; i++){y[i]=0;x[i]=0;Y[i]=0;X[i]=0}

        Dy=new Array();Dx=new Array();DY=new Array();DX=new Array();

        for (i=0; i < D.length; i++){Dy[i]=0;Dx[i]=0;DY[i]=0;DX[i]=0}

        if (ns){

        for (i=0; i < D.length; i++)

        document.write('<layer name="nsDate'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+props2+D[i]+'</font></center></layer>');

        for (i=0; i < n; i++)

        document.write('<layer name="nsFace'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+props+Face[i]+'</font></center></layer>');

        for (i=0; i < ny; i++)

        document.write('<layer name="nsNew'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops+New[i]+'</font></center></layer>');

        for (i=0; i < ny1; i++)

        document.write('<layer name="nsNew1'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops11+New1[i]+'</font></center></layer>');

        for (i=0; i < ny2; i++)

        document.write('<layer name="nsNew2'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops22+New2[i]+'</font></center></layer>');

        for (i=0; i < ny3; i++)

        document.write('<layer name="nsNew3'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops33+New3[i]+'</font></center></layer>');

        for (i=0; i < ny4; i++)

        document.write('<layer name="nsNew4'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops44+New4[i]+'</font></center></layer>');

        for (i=0; i < ny5; i++)

        document.write('<layer name="nsNew5'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops55+New5[i]+'</font></center></layer>');

        for (i=0; i < ny6; i++)

        document.write('<layer name="nsNew6'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops66+New6[i]+'</font></center></layer>');

        for (i=0; i < ny7; i++)

        document.write('<layer name="nsNew7'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops77+New7[i]+'</font></center></layer>');

        for (i=0; i < ny8; i++)

        document.write('<layer name="nsNew8'+i+'" top=0 left=0 height='+a+' width='+a+'><center>'+nprops88+New8[i]+'</font></center></layer>');

        for (i=0; i < S.length; i++)

        document.write('<layer name=nsSeconds'+i+' top=0 left=0 width=15 height=15><font face=Arial size=3 color='+sCol+'><center><b>'+S[i]+'</b></center></font></layer>');

        for (i=0; i < M.length; i++)

        document.write('<layer name=nsMinutes'+i+' top=0 left=0 width=15 height=15><font face=Arial size=3 color='+mCol+'><center><b>'+M[i]+'</b></center></font></layer>');

        for (i=0; i < H.length; i++)

        document.write('<layer name=nsHours'+i+' top=0 left=0 width=15 height=15><font face=Arial size=3 color='+hCol+'><center><b>'+H[i]+'</b></center></font></layer>');

        }

        if (ie){

        document.write('<div id="Od" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < D.length; i++)

        document.write('<div id="ieDate" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+props2+D[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="Of" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < n; i++)

        document.write('<div id="ieFace" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+props+Face[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny; i++)

        document.write('<div id="ieNew" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops+New[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On1" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny1; i++)

        document.write('<div id="ieNew1" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops11+New1[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On2" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny2; i++)

        document.write('<div id="ieNew2" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops22+New2[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On3" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny3; i++)

        document.write('<div id="ieNew3" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops33+New3[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On4" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny4; i++)

        document.write('<div id="ieNew4" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops44+New4[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On5" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny5; i++)

        document.write('<div id="ieNew5" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops55+New5[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On6" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny6; i++)

        document.write('<div id="ieNew6" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops66+New6[i]+'</font></div>');

        document.write('</div></div>');

        document.write('<div id="On7" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny7; i++)

        document.write('<div id="ieNew7" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops77+New7[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="On8" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < ny8; i++)

        document.write('<div id="ieNew8" style="position:absolute;top:0px;left:0;height:'+a+';width:'+a+';text-align:center">'+nprops88+New8[i]+'</B></font></div>');

        document.write('</div></div>');

        document.write('<div id="Oh" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < H.length; i++)

        document.write('<div id="ieHours" style="position:absolute;width:16px;height:16px;font-family:Arial;font-size:16px;color:'+hCol+';text-align:center;font-weight:bold">'+H[i]+'</div>');

        document.write('</div></div>');

        document.write('<div id="Om" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < M.length; i++)

        document.write('<div id="ieMinutes" style="position:absolute;width:16px;height:16px;font-family:Arial;font-size:16px;color:'+mCol+';text-align:center;font-weight:bold">'+M[i]+'</div>');

        document.write('</div></div>')

        document.write('<div id="Os" style="position:absolute;top:0px;left:0px"><div style="position:relative">');

        for (i=0; i < S.length; i++)

        document.write('<div id="ieSeconds" style="position:absolute;width:16px;height:16px;font-family:Arial;font-size:16px;color:'+sCol+';text-align:center;font-weight:bold">'+S[i]+'</div>');

        document.write('</div></div>')

        }

        (ns)?window.captureEvents(Event.MOUSEMOVE):0;

        function Mouse(evnt){

        ymouse = (ns)?evnt.pageY+ClockFromMouseY-(window.pageYOffset):event.y+ClockFromMouseY;

        xmouse = (ns)?evnt.pageX+ClockFromMouseX:event.x+ClockFromMouseX;

        }

        (ns)?window.onMouseMove=Mouse:document.onmousemove=Mouse;

        function ClockAndAssign(){

        time = new Date ();

        secs = time.getSeconds();

        sec = -1.57 + Math.PI * secs/30;

        mins = time.getMinutes();

        min = -1.57 + Math.PI * mins/30;

        hr = time.getHours();

        hrs = -1.575 + Math.PI * hr/6+Math.PI*parseInt(time.getMinutes())/360;

        if (ie){

        Od.style.top=window.document.body.scrollTop;

        Of.style.top=window.document.body.scrollTop;

        On.style.top=window.document.body.scrollTop;

        On1.style.top=window.document.body.scrollTop;

        On2.style.top=window.document.body.scrollTop;

        On3.style.top=window.document.body.scrollTop;

        On4.style.top=window.document.body.scrollTop;

        On5.style.top=window.document.body.scrollTop;

        On6.style.top=window.document.body.scrollTop;

        On7.style.top=window.document.body.scrollTop;

        On8.style.top=window.document.body.scrollTop;

        Oh.style.top=window.document.body.scrollTop;

        Om.style.top=window.document.body.scrollTop;

        Os.style.top=window.document.body.scrollTop;

        }

        for (i=0; i < n; i++){

        var F=(ns)?document.layers['nsFace'+i]:ieFace[i].style;

        F.top=y[i] + ClockHeight*2*Math.sin(-1.0471 + i*Split*Math.PI/180)+scrll;

        F.left=x[i] + ClockWidth*2*Math.cos(-1.0471 + i*Split*Math.PI/180);

        }

        //for (i=0; i < ny; i++){

        // var N=(ns)?document.layers['nsNew'+i]:ieNew[i].style;

        // N.top=y[i] + ClockHeight*3.5*Math.sin(-1.0471 + i*Split*Math.PI/180)+scrll;

        // N.left=x[i] + ClockWidth*3.5*Math.cos(-1.0471 + i*Split*Math.PI/180);

        // }

        for (i=0; i < H.length; i++){

        var HL=(ns)?document.layers['nsHours'+i]:ieHours[i].style;

        HL.top=y[i]+HandY+(i*HandHeight)*Math.sin(hrs)+scrll;

        HL.left=x[i]+HandX+(i*HandWidth)*Math.cos(hrs);

        }

        for (i=0; i < M.length; i++){

        var ML=(ns)?document.layers['nsMinutes'+i]:ieMinutes[i].style;

        ML.top=y[i]+HandY+(i*HandHeight)*Math.sin(min)+scrll;

        ML.left=x[i]+HandX+(i*HandWidth)*Math.cos(min);

        }

        for (i=0; i < S.length; i++){

        var SL=(ns)?document.layers['nsSeconds'+i]:ieSeconds[i].style;

        SL.top=y[i]+HandY+(i*HandHeight)*Math.sin(sec)+scrll;

        SL.left=x[i]+HandX+(i*HandWidth)*Math.cos(sec);

        }

        for (i=0; i < D.length; i++){

        var DL=(ns)?document.layers['nsDate'+i]:ieDate[i].style;

        DL.top=Dy[i] + ClockHeight*2.5*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        DL.left=Dx[i] + ClockWidth*2.5*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny; i++){

        var NY=(ns)?document.layers['nsNew'+i]:ieNew[i].style;

        NY.top=120+Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY.left=140+Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny1; i++){

        var NY1=(ns)?document.layers['nsNew1'+i]:ieNew1[i].style;

        NY1.top=120+Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY1.left=Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180)-140;

        }

        for (i=0; i < ny2; i++){

        var NY2=(ns)?document.layers['nsNew2'+i]:ieNew2[i].style;

        NY2.top=150+Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY2.left=Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny3; i++){

        var NY3=(ns)?document.layers['nsNew3'+i]:ieNew3[i].style;

        NY3.top=Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll-120;

        NY3.left=140+Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny4; i++){

        var NY4=(ns)?document.layers['nsNew4'+i]:ieNew4[i].style;

        NY4.top=Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll-120;

        NY4.left=Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180)-140;

        }

        for (i=0; i < ny5; i++){

        var NY5=(ns)?document.layers['nsNew5'+i]:ieNew5[i].style;

        NY5.top=Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll-150;

        NY5.left=Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny6; i++){

        var NY6=(ns)?document.layers['nsNew6'+i]:ieNew6[i].style;

        NY6.top=200+Dy[i] + ClockHeight*2.0*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY6.left=220+Dx[i] + ClockWidth*2.0*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny7; i++){

        var NY7=(ns)?document.layers['nsNew7'+i]:ieNew7[i].style;

        NY7.top=Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY7.left=160+Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180);

        }

        for (i=0; i < ny8; i++){

        var NY8=(ns)?document.layers['nsNew8'+i]:ieNew8[i].style;

        NY8.top=Dy[i] + ClockHeight*1.2*Math.sin(currStep+i*Dsplit*Math.PI/180)+scrll;

        NY8.left=Dx[i] + ClockWidth*1.2*Math.cos(currStep+i*Dsplit*Math.PI/180)-160;

        }

        currStep-=step;

        }

        function Delay(){

        scrll=(ns)?window.pageYOffset:0;

        Dy[0]=Math.round(DY[0]+=((ymouse)-DY[0])*speed);

        Dx[0]=Math.round(DX[0]+=((xmouse)-DX[0])*speed);

        for (i=1; i < D.length; i++){

        Dy[i]=Math.round(DY[i]+=(Dy[i-1]-DY[i])*speed);

        Dx[i]=Math.round(DX[i]+=(Dx[i-1]-DX[i])*speed);

        }

        y[0]=Math.round(Y[0]+=((ymouse)-Y[0])*speed);

        x[0]=Math.round(X[0]+=((xmouse)-X[0])*speed);

        for (i=1; i < n; i++){

        y[i]=Math.round(Y[i]+=(y[i-1]-Y[i])*speed);

        x[i]=Math.round(X[i]+=(x[i-1]-X[i])*speed);

        }

        ClockAndAssign();

        setTimeout('Delay()',20);

        }

        if (ns||ie)window.onload=Delay;

        </SCRIPT>

        <BR><BR><BR><BR><BR><BR><BR><BR><BR><FONT color=blue></FONT></BODY></HTML>