Version Histories:
[4.1]
[3.2]
[3.1]
[2.5]
[2.4]
[2.3]
[2.2]
[2.1]
[1.x]
Last Document Revision: 26 October 1999
Last Version: 1.5.b.19991026
Overview
Domain Time is a multithreaded NT service that keeps each machine
clock in synch with the correct time. One machine is designated as the Domain Time Server -- by
default, this is the Primary Domain Controller (PDC) for the NT domain. Domain Time keeps
the Domain Time Server's clock up to date by synchronizing it with your choice of external time
servers. (You may also choose to not use any external time source, or to connect a cesium clock
or other reliable source to the Domain Time server.)
The Domain Time Server uses either the Simplified Network Time Protocol (SNTP, as defined by RFC1769 and RFC2030),
or the older Internet Time Protocol (ITP, as defined by RFC 868) to obtain the current Coordinated Universal Time from a public
time server. It translates this information to the proper local date and time and sets its own clock
accordingly. Instances of Domain Time running on other machines synch their clocks with
the Domain Time Server using NT's built-in LanMan protocols. In this way, the entire domain keeps
the correct time to the millisecond, but only the Time Server needs to be connected to the Internet or
other accurate time source.
The Domain Time Server updates its time when it starts, and once every 11 hours thereafter (by default;
you may change this interval). Other machines running Domain Time synchronize with the Domain
Time Server when they start, and once every two hours thereafter (again, by default).
The accuracy of the Domain Time Server's time depends on a number of factors. If you use
SNTP, the accuracy can be as great as a millisecond, but usually averages somewhat less. If
you use the older ITP protocol, the time is guaranteed to be correct within a second, and,
due to the way Domain Time calculates network latency, is usually closer to a half-second.
Within the domain, other servers and clients slaving to the Domain Time Server typically achieve
synchronization within 1 millisecond of the Domain Time Server's time.
Each machine running Domain Time also acts as an Internet Time Protocol (RFC 868) server. Any machine
(such as a UNIX or Macintosh workstation) that speaks ITP may synchronize clocks with a machine running
Domain Time. Requests for ITP information are logged in the Event Viewer by time and IP address of
the requester. Both TCP and UDP requests are honored.
Domain Time can keep a log in the %systemroot%\system32 directory, called domtime.log. This log contains
an entry for each time Domain Time updates the master clock, or when any machine running domain
time services an ITP request. The log shows how much the time
changed, and the source from which the time was obtained.
Domain Time also functions as an NT Time Server. After installing Domain Time on any NT machine in the
workgroup or domain and rebooting, clients may type NET TIME (without any parameters) to retrieve
the Domain Time. NET TIME /SET /YES sets the time. Without Domain Time, the NET TIME command
requires either the \\servername or /domain:domainname parameters, making batch files and the
entire network harder to configure.
Requirements
Windows NT (domtime.exe)
Domain Time for NT requires version 3.51 with service pack 3 or later (service pack 5 recommended),
NT version 4.x service pack 3 or later, or Windows 2000. Domain Time runs on workstations,
stand-alone servers, backup domain controllers, or primary domain controllers.
TCP/IP must be installed on any machine running Domain Time for NT. Both Intel and Alpha
architectures are supported.
Win95/Win98 (domtimec.exe)
Domain Time for Win95/Win98 (also called Domain Time Client) works in conjunction with Domain Time for NT. You must have
at least one NT machine running Domain Time on your network in order for the Domain Time Client
to work. Domain Time Client does not require TCP/IP. It will work over
NetBEUI, IPX/SPX, or TCP/IP (provided that your NT machine is running the same protocol).
Please see the Domain Time Client section for more information.
Version History
- 1.5.b.19991026 - maintenance release. Fixed bug that can cause the Domain Time
service to stop with a access violation while attempting to access the PDCs
registry. Upgrade from 1.5.b.19990510 is optional; this bug only affects domains
with certain types of computer names. To upgrade, stop the Domain Time service,
replace your existing domtime.exe with the new one, and restart the service.
- 1.5.b.19990510 - Alpha version released. Added -installservice:x option to
Domain Time Client (domtimec.exe), where x represents the number of
minutes between DomTimeC time-checks. Previously this was only changeable
by editing the registry. DomTimeC now also attempts to get the time from
its NT logon server (if available), falling back to broadcast only if the
logon server does not respond. Directed requests receive directed replies,
whereas broadcast requests receive broadcast replies. By checking the
logon server first, DomTimeC can significantly reduce its network traffic on
the local segment. The main Domain Time log (if enabled) now shows which
Win95/Win98 machine has been serviced. Previously the log only said
"anonymous local client."
- 1.4.b.19990205 - several enhancements. Changes to Domain Time Client (domtimec.exe) include
new command line switch -installservice, which installs DomTimeC as a Win95/Win98
service instead of regular program. Earlier versions of DomTimeC ran only when double-clicked
or when a user logs on; the new version runs periodically, whether or not anyone logs
on. It may still be run manually by double-clicking, and may still be installed using
the -install switch to run in the former mode.
Numerous internal enhancements to the main Domain Time program to increase speed and
efficiency. Control Panel Applet more reliably detects domain controllers on low-speed
connection. Logging more reliable.
Domain Time Trigger (dttrigger.exe) now allows command-line parameters so you can
force a sync of the entire domain, a specific domain in a multi-domain environment,
or an individual machine. A return code (testable using ERRORLEVEL in batch
files) is zero for success, or an NT error code in case of error.
- 1.4.b.980804 - maintenance release. Further correction for problem caused by NT 3.51/4.x
security fixes (both hotfixes and service packs).
- 1.4.b.980228 - maintenance release. Corrected registry update problem caused by NT 3.51/4.x
security fixes (part of service packs 3 and 5, respectively). This problem caused some
workstations to overlook setting changes made at the PDC. The workstations continued to
synchronize correctly, but not at the intervals specified at the PDC.
- 1.3.b.971029 - maintenance release. Corrected problem caused by increased accuracy introduced
in 1.3.b.970821. Accuracy reduced to 1/10 second (automatic fallback) if higher-accuracy
update fails. This problem caused by NT's internal time structure, and appeared occasionally
on non-PDC servers only. Symptom: "The parameter is incorrect" error messages in the event
log on non-PDC NT servers attempting to synchronize with the PDC. To upgrade: Replace
your existing domtime.exe with the new version. No other changes required.
- 1.3.b.970821 - maintenance release. Increased accuracy of time resolution among
servers on the same LAN, by accounting for local traffic latency problems. Domain
Time servers on the same LAN should now synch to within a half-millisecond of each
other on average. To upgrade: Replace your existing domtime.exe with the new version.
No other changes required.
- 1.3.b.970727 - upgrade. Domain Time can now retrieve ITP time using either UDP or
TCP. The user may specify which to use, or let the program figure it out. Domain Time
also now supports retrieving the time from SNTP sources. The log file is now optional,
and the log output has been enhanced. Upgraded Control Panel applet. No changes to
the DOMTIMEC program.
- 1.2.b.970520 - maintenance release. Fixed minor bug that prevented Domain Time from advertising LanMan
time server services correctly on all versions of NT. As of release 970520, if a
Domain Time server is on the network, clients (whether running Domain Time or not)
may type NET TIME at the command prompt without any parameters. This functionality
was implemented originally in release 970503, but did not always work correctly.
To upgrade from 970503 to 970520, remove and reinstall the service.
- 1.2.b.970503 - added RFC 868 server support for UDP and TCP. Updated Control Panel
applet to allow immediate resynch of the domain. Added support for
stand-alone machines (not part of a domain or workgroup with a domain
controller). Added many Event Viewer messages, showing which machine
provided the time, whether the time was updated or not, and (for the
time server) by how much the time was adjusted. Also added code to
detect and prohibit clock changes if the variance between the time source
and the local machine is too great. This setting is user-adjustable. Removed
requirement for greymsgs.dll. Added remote install capability. Added
drift log. Added Win95/Win98 client program.
- 1.0.b.960921 - removed dependency on TCP/IP
- 1.0.b.960422 - fixed bug in install routine that occasionally wrote
garbage to the dependency string in the registry during installation.
- 1.0.b.960113 - initial release. Basic functionality established.
Notes
There are a number of different ways to configure Domain Time for your network. Below
are some of the more popular configurations.
Standard Configuration
Domain Time or Domain Time Client running on all machines in the domain. No
alternate Time Server is specified. This means that the Primary Domain Controller (PDC) is the Time
Server for the domain. Once every two hours, the PDC will update its own time. Once every
six hours, other machines will set their clocks to match the PDCs. Machines running Domain Time
Client will set their clocks every time a user logs on.
Configuration with Designated Time Server
Again, all machines are running Domain
Time or Domain Time Client, but a machine is specified as the Time Server in the control panel applet. Once every
two hours, the Time Server will update its own time. Once every six hours, other machines
will set their clocks to match the Time Server's. Note that in this configuration, even the
Configuration without a PDC
Networks composed entirely of workstations (or mixed
with servers that are not Domain Controllers) don't have a Primary Domain Controller. In
this case, you must set the name of the Time Server individually at each workstation, using
the control panel applet. (Since there is no PDC, the applet cannot distribute the information
for you.) A Time Server must be designated. The other machines will synch with the Time
Server once every six hours. Domain Time Client will pick up the time from any machine
running Domain Time, so it is not affected by the lack of PDC.
Configuration on One Machine
You can use Domain Time just to set your clock
automatically. If you are a member of a domain and there is a PDC, your machine will synch
itself with the PDCs clock once every six hours. If you are not a member of a domain, or
there is no PDC, then you must specify a Time Server using the Control Panel applet. As of
version 1.2, you may leave the Time Server blank, but check the Stand-Alone checkbox. This
makes your machine its own controller.
Forcing the Time Server
In the single-machine scenario above, your machine might
be connected to the Internet, even though it is not the PDC for the domain (or there is
no domain). In this case, you can force your machine to be its own Time Server by specify
your own machine's name in the Time Server box on the control panel. Once every two hours,
your machine will update its own clock from the time source you designate.
Control Panel Applet
- Domain Time Server Under normal circumstances, leave this box blank. When blank,
Domain Time will use the network's Primary Domain Controller as the Time Server.
If you specify a server here, it will override the Primary Domain Controller, and
all machines in the domain will synch to the specified machine's clock. You might
need to specify a Time Server under the following conditions:
- You don't want to expose your Primary Domain Controller to the Internet;
- Your network has a firewall in place, and only machines sitting on the
outside may talk directly to Internet Hosts;
- You don't have a Primary Domain Controller in your network (NT Workstations and/or servers only).
If you specify a machine name, use the \\MACHINE form. For example, if you want machine FRED to
be the Time Server, type \\FRED.
- Stand-Alone Check this box only if your machine is not part of a domain,
or not part of a workgroup that has an NT primary domain controller on a domain of the
same name as your workgroup. Checking this box isolates your machine from the rest
of the domain.
- Enable Log file Check this box if you want each instance
of Domain Time to keep a log file. Domain Time always records its activities in the
main Application Event log, but this setting allows you to keep a text log file, too.
The log file is called domtime.log, and is located in your system32 directory. Only
the Time Server's log will show external connection status messages and the amount
of correction applied. Other DomTime machines will show when they sync to the
Time Server, and when they service a client request.
- Use External Source Check this box if you want the Domain Time Server to obtain
its time from an external source. If you leave this box unchecked, the Domain Time Server
will never attempt to validate its time against another machine, although all other
machines running Domain Time will still set their clocks to the Domain Time Server's.
- Primary SNTP -- specify the host name or IP number for the Domain Time Server to use
when obtaining the current time from an external SNTP source. The host you specify must
support the Simplified Network Time Protocol (SNTP) as defined by RFCs 1769 and 2030. The
default value for this field is tick.usno.navy.mil.
- Secondary (under Primary SNTP) -- specify a backup SNTP host for the Domain Time Server
to use if it cannot connect to the primary SNTP host. The default is tock.usno.navy.mil.
- Primary ITP -- specify the host name or IP number for the Domain Time Server to use
when obtaining the current time from an external ITP source. The host you specify must
support the Internet Time Protocol defined by RFC 868.
- Secondary (under Primary ITP) -- specify a backup ITP host for the Domain Time Server
to use if it cannot connect to the primary ITP host.
NOTE: Domain Time will try to use the Primary SNTP host first. Only if that host fails
will Domain Time attempt to use the Secondary SNTP host. If both the Primary and Secondary SNTP hosts
fail (or both are left blank), Domain Time will move on to the ITP hosts. Again, Domain Time will
try the Primary ITP host first, then fall back on the Secondary ITP host only if the primary fails.
If you don't want Domain Time to use ITP at all, fill in values for the Primary and Secondary SNTP hosts, and
leave the other two blank. Likewise, if you want Domain Time to use only ITP, leave the NTP hosts
blank. If all four hosts are left blank, this is equivalent to unchecking the Use External Source
checkbox.
Public Time Servers
There are hundreds of SNTP servers available on the Internet. Here is
a list of SNTP servers from
which you may choose. You should probably pick a stratum 2 server, although if your network
is very large, you may qualify for using a stratum 1 server. Please read and abide by the
suggested rules for using public time servers!
The default hosts used by Domain Time are tick.usno.navy.mil and tock.usno.navy.mil. These
servers support SNTP, ITP by UDP and ITP by TCP. Support for ITP will be discontinued in
the near future. Although tick and tock are stratum 1 NTP servers, Domain Time
uses them for installation defaults because they are the closest thing to "official" servers
available. Unless you qualify to use a stratum 1 server, you must visit the list mentioned above
and pick some stratum 2 servers for your network.
Win95/Win98 Client
A special version of Domain Time, called Domain Time Client, is provided for Win95/Win98
machines. The filename is domtimec.exe. The client does not have any controls,
and does not rely on domain participation or TCP/IP being installed. It just sets the
time.
Domain Time Client runs on demand (just double-click the program), or it can be
installed to run every time a user logs on, or, as of version 1.1.b.19990205, can
be installed to run as a Win95/Win98 service.
When you run Domain Time Client, it attempts to locate an NT machine running Domain Time.
If it finds a machine, it updates the local time to match the server's time. For this to
work, there must be an NT machine running Domain Time
- in the same workgroup;
- in the same domain;
- in a domain with the same name as the client's workgroup;
- running at least one of the same network protocols as the client.
If the client cannot find an NT machine running Domain Time within approximately 5 seconds,
it gives up and the clock is not changed.
Create a shortcut on your desktop to domtimec.exe if you want to be able to update the
time just by double-clicking the icon.
You can also set up the client to run automatically. Installation is
pretty simple:
- Copy domtimec.exe to the Windows system directory (usually C:\windows\system).
- Open a COMMAND window (MS-DOS Prompt) and type
- domtimec -install to install so DomTimeC runs every time a user logs in.
- domtimec -installservice to install so DomTimeC runs every xx minutes. (see below)
- domtimec -remove to remove DomTimeC. Can still be run manually by double-clicking.
- domtimec -version to see the version information.
- domtimec -quiet to update the clock without any interaction.
- domtimec -help to see the online help (about the same as you see here).
The -install procedure adds DomTimeC with the -quiet switch to the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run key in the
registry. You may manually edit the registry key to remove the -quiet switch if
you want to see notifications when DomTimeC runs. When DomTimeC is installed this
way, it runs any time someone logs onto the machine.
The -installservice procedure adds DomTimeC with the parameter -a:30 to the
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices key in the
registry. The default of 30 represents the number of minutes DomTimeC waits between
checking/updating the clock. You may override this number on the command line during
installation by using -installservice:xx and replacing xx with the number
you want. You may also edit the registry key after installation.
When DomTimeC is installed as a service, it runs continuously in the background (whether or
not anyone is logged onto the machine), and updates the clock every xx minutes. When running as a
Win95/Win98 service, you cannot have desktop notifications of DomTimeC's activity (there
is no -quiet switch to remove; DomTimeC as a service is always quiet).
|