The Domain Time II Thin Client is a fully automatic time client that runs as a background service
on Windows systems. It is designed to be a "zero-administration" service.
The Thin Client has no user-definable configuration options (however, certain variance reporting, clock training,
and broadcast address subnet features can be set by an administrator using the
Domain Time II Manager program).
Finding a server
The Thin Client only uses the Domain Time II protocol and attempts to automatically find and
synchronize with a Domain Time II Server using either UDP broadcast or by obtaining a server
address from a DHCP server.
UDP Broadcast Method
In order for the UDP server discovery method to work, a Domain Time II Server (master, slave, or independent)
must be reachable via the Domain Time II protocol using UDP broadcasts.
The Thin Client will use UDP server discovery broadcasts to locate the nearest Domain Time II Server. See the
Discovery Process page for more info on how this works. If Domain Time II Servers are installed on the PDC, BDCs and RAS servers of a
domain (the recommended configuration), a time server will probably be on the same subnet as the client machine, and discovery will
happen automatically.
An automatic Domain Time client will perform a local network broadcast on UDP port 9909 to locate a Domain Time II Server.
Note that UDP broadcasts sent to the local network usually do not cross routers.
Domain Time II servers respond via the Domain Time II protocol to inform the client they are available to serve time.
The client then contacts and syncs with the server.
If, however, your network structure
has clients on a different subnet from the servers, you can tell the client to use the broadcast address of the server's subnet by using
Domain Time II Manager to enter the additional broadcast subnet(s) in the Broadcast Addresses
section of the Options remote control function. Alternately, you can enter the necessary broadcast subnet(s) into the
BroadcastAddresses key in the client machine's registry.
However, altering the Broadcast Addresses in this way is somewhat cumbersome and creates additional network broadcast traffic. If you have
machines that need to contact a time server on a different subnet, you should consider using either the
Full Client or the DHCP server discovery method described below.
When additional broadcast addresses are defined for an automatic client, it will send broadcasts to those subnets. This diagram shows
both a broadcast to the local subnet and a broadcast to a remote subnet being passed by the router.
Domain Time II servers respond via the Domain Time II protocol to inform the client they are available to serve time.
The client then contacts and syncs with the server..
DHCP Method
The Thin Client also examines the time server options on any DHCP server it locates on its subnet. If the DHCP server is configured
to provide the IP address of one or more time servers, then the Thin Client will automatically
use those servers.
If DHCP time options exist on a DHCP server, the Thin Client will use those settings and will not use server discovery broadcasts
to locate a local net server unless the specified servers are unavailable.
Any IP address for a time server can be assigned using the DHCP method, not just one on the local
subnet. Use DHCP if you have time servers outside the local network that you wish Thin Client to use.
Note: It is not necessary to set the TCP/IP protocol to get its IP address from a DHCP server
in order for the Thin Client to get a time server address. The Thin Client uses its own independent inquiry of the
DHCP server to discover the time server options. Therefore DHCP discovery of time servers can be used
on a machine with either a fixed or DHCP-assigned IP address.
An automatic Domain Time client with DHCP enabled will broadcast to locate a DHCP Server. Note that DHCP broadcasts usually do not cross routers.
If DHCP options 004 or 042 are configured, the DHCP server will respond with the IP address of the time server.
The client then uses the IP address provided by the DHCP server to contact and sync with the designated time server, even across a router.
DTProbe Utility
The Domain Time II Management Tools include a handy utility called DTProbe to help you determine which time server a Domain Time II
Client will use. See the Utilities page for instructions
on how to use DTProbe.
Additional Security
Beginning with Domain Time II version 4.1, you have additional control over the configuration of the Thin Client which extends its excellent built-in security. You
can now set restrictions on the kind of control messages the Thin Client responds to. These options can only be set by using Domain Time II Manager
to connect to the Thin Client remotely.
Use Domain Time II Manager to connect to the machine running the Thin Client by double-clicking on it in Manager's
Browse list. On the Connected to screen, click the Options icon.
This will bring up the Client Options screen (for a complete description of the Connected To... Client Options screen, see the
Domain Time II Manager documentation).
Click the DT2 Commands button to bring up the Domain Time II Command Restrictions dialog.
You can use these settings to restrict what kind of Domain Time II control and sync messages your server listens for on the network.
The default protocol restriction settings assure both maximum functionality and a high degree of security; in most cases you will have no need to adjust them from the defaults.
Domain Time II components communicate with each other primarily through directed communication, and are therefore highly resistant to spoofing and malign
interference.
The Domain Time II protocol command restriction capability is intended for use by system administrators in environments where an extra level of
security is required. Using the restrictions list, you can determine exactly what Domain Time II protocol
command messages the service is allowed to listen for. Think of the command restriction list as an application-level "firewall" allowing in only the
desired Domain Time II commands and blocking any others. Keep in mind that the restriction list only affects incoming DTII protocol commands - outgoing
commands are not affected.
Warning:
Disabling protocol commands can have unintended consequences on the operation of your entire time distribution network, including the prevention
of cascade triggers and sync notifications, which may result in inaccurate clocks. Problems resulting from disabled protocol messages can be quite
hard to troubleshoot later, particulary by the next system administrator after you. Make adjustments only if you understand and require them, and be
sure you document the changes so you can maintain the consistency and smooth operation of your time network.
System Tray Applet
The Thin Client can display the System Tray Applet in the Start Bar system tray.*
The System Tray Applet provides visual and audible (if desired) confirmation that the system is correctly synchronized. It also allows a user the
ability to trigger a time sync, launch other Domain Time II applications, turn the chimes features on or off, view the Activity Monitor,
the client statistics, and drift graphs, etc.
Hint: Right-click the system tray icon to see the context menu.
You can also use the System Tray applet to check for and download new versions of the software (if your support contract is current). The logged-in
user must have access to the Internet and also have rights to install software in order to check for new versions.
If you do not want the system tray applet to appear, it can be disabled from the System Tray menu. This feature
can also be disabled by default during installation by changing the INI Defaults file.
Chime features
Thin Client has two different type of audio features:
Timeset Chime
Plays a sound whenever the Thin Client successfully sets its time from its time source. Useful for audible confirmation of time syncs
If enabled, the sound will play whether or not there is a logged-in user. The default for this option is Chime Off.
Time of Day Chimes
This option will be unavailable if the Sytem Tray icon is not visible in the System Tray.
The Time of Day Chimes feature plays sound files at specific times of the day, such as every 15, 30 45 minutes and on the hour.
There must be a logged-in user and the Domain Time II System Tray icon must be present in the Windows System Tray for the chimes to play.
You must also have installed at least one free Domain Time II Chime Pack
for this feature to work.
See the documentation for the System Tray Applet for complete instructions and
to download free Domain Time II Chime Packs.
*Not available on Windows Server Core
Windows Time Agent
When Domain Time II Thin Client is installed on a machine with the Windows Time service, the Domain Time II Windows Time Agent Control Panel Applet is also installed.
The Windows Time Agent is a handy utility to configure the Windows Time service without using the arcane command-line utilities that ship with Windows.
By default, Domain Time II Thin Client sets the Windows Time service to not manage the clock or participate in synchronization, however, there may be circumstances
where you need to change the Windows Time configuration. The Windows Time Agent will allow you to easily set those options.
The Windows Time Agent can be started from its icon in the Control Panel.