Top of Page

Version Histories:  [4.1]  [3.2]  [3.1]  [2.5]  [2.4]  [2.3]  [2.2]  [2.1[1.x] 

Last Document Revision: 26 October 1999
Last Version: 1.5.b.19991026

    Overview
      Domain Time is a multithreaded NT service that keeps each machine clock in synch with the correct time. One machine is designated as the Domain Time Server -- by default, this is the Primary Domain Controller (PDC) for the NT domain. Domain Time keeps the Domain Time Server's clock up to date by synchronizing it with your choice of external time servers. (You may also choose to not use any external time source, or to connect a cesium clock or other reliable source to the Domain Time server.)

      The Domain Time Server uses either the Simplified Network Time Protocol (SNTP, as defined by RFC1769 and RFC2030), or the older Internet Time Protocol (ITP, as defined by RFC 868) to obtain the current Coordinated Universal Time from a public time server. It translates this information to the proper local date and time and sets its own clock accordingly. Instances of Domain Time running on other machines synch their clocks with the Domain Time Server using NT's built-in LanMan protocols. In this way, the entire domain keeps the correct time to the millisecond, but only the Time Server needs to be connected to the Internet or other accurate time source.

      The Domain Time Server updates its time when it starts, and once every 11 hours thereafter (by default; you may change this interval). Other machines running Domain Time synchronize with the Domain Time Server when they start, and once every two hours thereafter (again, by default).

      The accuracy of the Domain Time Server's time depends on a number of factors. If you use SNTP, the accuracy can be as great as a millisecond, but usually averages somewhat less. If you use the older ITP protocol, the time is guaranteed to be correct within a second, and, due to the way Domain Time calculates network latency, is usually closer to a half-second.

      Within the domain, other servers and clients slaving to the Domain Time Server typically achieve synchronization within 1 millisecond of the Domain Time Server's time.

      Each machine running Domain Time also acts as an Internet Time Protocol (RFC 868) server. Any machine (such as a UNIX or Macintosh workstation) that speaks ITP may synchronize clocks with a machine running Domain Time. Requests for ITP information are logged in the Event Viewer by time and IP address of the requester. Both TCP and UDP requests are honored.

      Domain Time can keep a log in the %systemroot%\system32 directory, called domtime.log. This log contains an entry for each time Domain Time updates the master clock, or when any machine running domain time services an ITP request. The log shows how much the time changed, and the source from which the time was obtained.

      Domain Time also functions as an NT Time Server. After installing Domain Time on any NT machine in the workgroup or domain and rebooting, clients may type NET TIME (without any parameters) to retrieve the Domain Time. NET TIME /SET /YES sets the time. Without Domain Time, the NET TIME command requires either the \\servername or /domain:domainname parameters, making batch files and the entire network harder to configure.

    Requirements
      Windows NT (domtime.exe)
      Domain Time for NT requires version 3.51 with service pack 3 or later (service pack 5 recommended), NT version 4.x service pack 3 or later, or Windows 2000. Domain Time runs on workstations, stand-alone servers, backup domain controllers, or primary domain controllers. TCP/IP must be installed on any machine running Domain Time for NT. Both Intel and Alpha architectures are supported.

      Win95/Win98 (domtimec.exe)
      Domain Time for Win95/Win98 (also called Domain Time Client) works in conjunction with Domain Time for NT. You must have at least one NT machine running Domain Time on your network in order for the Domain Time Client to work. Domain Time Client does not require TCP/IP. It will work over NetBEUI, IPX/SPX, or TCP/IP (provided that your NT machine is running the same protocol). Please see the Domain Time Client section for more information.

    Setup and Installation
      is installed from a command prompt. To start an MS-DOS command prompt, click the Start button, then choose Run. In the Run dialog box, type cmd on the Open line, then click OK. The MS-DOS command prompt window will appear. It doesn't matter what directory you use for the command prompt window.


      Local Machine

      1. Make sure you are logged on as Administrator, or using an account with administrative privileges.
      2. Copy domtime.exe and domtime.cpl (plus any other distribution files) to the SYSTEM32 directory (usually \WINNT\SYSTEM32 on NT 4.x, or WINNT35\SYSTEM32 on NT 3.5x) of your local machine.
      3. If is already installed on your machine, you must remove the existing service before installing the new one. In the command prompt window, type domtime -remove and press Enter.
      4. In the command prompt window, type domtime -install and press Enter.


      Network

      1. Make sure you are logged on as a Domain Administrator, or using an account with administrative privileges on the target machine.
      2. From any machine where is already installed, or from a directory that has all of the distribution files, type domtime -install \\machinename, where machinename is the name of the machine to install the software on.
      3. For example, if you want to install on a machine named Wilma, in the command prompt window you'd type domtime -install \\wilma and press Enter.
      4. If is already installed on Wilma, type domtime -remove \\wilma first.


      Command-line Parms
      Here is the complete list of command-line parameters supported by .

      • domtime -install to install on the local machine. The files must be in the SYSTEM32 directory first. Reboot if machine is the PDC.
      • domtime -install \\machinename to install on a remote machine.
      • domtime -remove to remove from the local machine.
      • domtime -remove \\machinename to remove from a remote machine.
      • domtime -version to see the version information.
      • domtime -foreground to run the service as a foreground application.
    Version History
    • 1.5.b.19991026 - maintenance release. Fixed bug that can cause the Domain Time service to stop with a access violation while attempting to access the PDCs registry. Upgrade from 1.5.b.19990510 is optional; this bug only affects domains with certain types of computer names. To upgrade, stop the Domain Time service, replace your existing domtime.exe with the new one, and restart the service.

    • 1.5.b.19990510 - Alpha version released. Added -installservice:x option to Domain Time Client (domtimec.exe), where x represents the number of minutes between DomTimeC time-checks. Previously this was only changeable by editing the registry. DomTimeC now also attempts to get the time from its NT logon server (if available), falling back to broadcast only if the logon server does not respond. Directed requests receive directed replies, whereas broadcast requests receive broadcast replies. By checking the logon server first, DomTimeC can significantly reduce its network traffic on the local segment. The main Domain Time log (if enabled) now shows which Win95/Win98 machine has been serviced. Previously the log only said "anonymous local client."

    • 1.4.b.19990205 - several enhancements. Changes to Domain Time Client (domtimec.exe) include new command line switch -installservice, which installs DomTimeC as a Win95/Win98 service instead of regular program. Earlier versions of DomTimeC ran only when double-clicked or when a user logs on; the new version runs periodically, whether or not anyone logs on. It may still be run manually by double-clicking, and may still be installed using the -install switch to run in the former mode.

      Numerous internal enhancements to the main Domain Time program to increase speed and efficiency. Control Panel Applet more reliably detects domain controllers on low-speed connection. Logging more reliable.

      Domain Time Trigger (dttrigger.exe) now allows command-line parameters so you can force a sync of the entire domain, a specific domain in a multi-domain environment, or an individual machine. A return code (testable using ERRORLEVEL in batch files) is zero for success, or an NT error code in case of error.

    • 1.4.b.980804 - maintenance release. Further correction for problem caused by NT 3.51/4.x security fixes (both hotfixes and service packs).
    • 1.4.b.980228 - maintenance release. Corrected registry update problem caused by NT 3.51/4.x security fixes (part of service packs 3 and 5, respectively). This problem caused some workstations to overlook setting changes made at the PDC. The workstations continued to synchronize correctly, but not at the intervals specified at the PDC.
    • 1.3.b.971029 - maintenance release. Corrected problem caused by increased accuracy introduced in 1.3.b.970821. Accuracy reduced to 1/10 second (automatic fallback) if higher-accuracy update fails. This problem caused by NT's internal time structure, and appeared occasionally on non-PDC servers only. Symptom: "The parameter is incorrect" error messages in the event log on non-PDC NT servers attempting to synchronize with the PDC. To upgrade: Replace your existing domtime.exe with the new version. No other changes required.
    • 1.3.b.970821 - maintenance release. Increased accuracy of time resolution among servers on the same LAN, by accounting for local traffic latency problems. Domain Time servers on the same LAN should now synch to within a half-millisecond of each other on average. To upgrade: Replace your existing domtime.exe with the new version. No other changes required.
    • 1.3.b.970727 - upgrade. Domain Time can now retrieve ITP time using either UDP or TCP. The user may specify which to use, or let the program figure it out. Domain Time also now supports retrieving the time from SNTP sources. The log file is now optional, and the log output has been enhanced. Upgraded Control Panel applet. No changes to the DOMTIMEC program.
    • 1.2.b.970520 - maintenance release. Fixed minor bug that prevented Domain Time from advertising LanMan time server services correctly on all versions of NT. As of release 970520, if a Domain Time server is on the network, clients (whether running Domain Time or not) may type NET TIME at the command prompt without any parameters. This functionality was implemented originally in release 970503, but did not always work correctly. To upgrade from 970503 to 970520, remove and reinstall the service.
    • 1.2.b.970503 - added RFC 868 server support for UDP and TCP. Updated Control Panel applet to allow immediate resynch of the domain. Added support for stand-alone machines (not part of a domain or workgroup with a domain controller). Added many Event Viewer messages, showing which machine provided the time, whether the time was updated or not, and (for the time server) by how much the time was adjusted. Also added code to detect and prohibit clock changes if the variance between the time source and the local machine is too great. This setting is user-adjustable. Removed requirement for greymsgs.dll. Added remote install capability. Added drift log. Added Win95/Win98 client program.
    • 1.0.b.960921 - removed dependency on TCP/IP
    • 1.0.b.960422 - fixed bug in install routine that occasionally wrote garbage to the dependency string in the registry during installation.
    • 1.0.b.960113 - initial release. Basic functionality established.
    Notes
      There are a number of different ways to configure Domain Time for your network. Below are some of the more popular configurations.


      Standard Configuration
      Domain Time or Domain Time Client running on all machines in the domain. No alternate Time Server is specified. This means that the Primary Domain Controller (PDC) is the Time Server for the domain. Once every two hours, the PDC will update its own time. Once every six hours, other machines will set their clocks to match the PDCs. Machines running Domain Time Client will set their clocks every time a user logs on.


      Configuration with Designated Time Server
      Again, all machines are running Domain Time or Domain Time Client, but a machine is specified as the Time Server in the control panel applet. Once every two hours, the Time Server will update its own time. Once every six hours, other machines will set their clocks to match the Time Server's. Note that in this configuration, even the


      Configuration without a PDC
      Networks composed entirely of workstations (or mixed with servers that are not Domain Controllers) don't have a Primary Domain Controller. In this case, you must set the name of the Time Server individually at each workstation, using the control panel applet. (Since there is no PDC, the applet cannot distribute the information for you.) A Time Server must be designated. The other machines will synch with the Time Server once every six hours. Domain Time Client will pick up the time from any machine running Domain Time, so it is not affected by the lack of PDC.


      Configuration on One Machine
      You can use Domain Time just to set your clock automatically. If you are a member of a domain and there is a PDC, your machine will synch itself with the PDCs clock once every six hours. If you are not a member of a domain, or there is no PDC, then you must specify a Time Server using the Control Panel applet. As of version 1.2, you may leave the Time Server blank, but check the Stand-Alone checkbox. This makes your machine its own controller.


      Forcing the Time Server
      In the single-machine scenario above, your machine might be connected to the Internet, even though it is not the PDC for the domain (or there is no domain). In this case, you can force your machine to be its own Time Server by specify your own machine's name in the Time Server box on the control panel. Once every two hours, your machine will update its own clock from the time source you designate.

    Control Panel Applet
    • Domain Time Server   Under normal circumstances, leave this box blank. When blank, Domain Time will use the network's Primary Domain Controller as the Time Server. If you specify a server here, it will override the Primary Domain Controller, and all machines in the domain will synch to the specified machine's clock. You might need to specify a Time Server under the following conditions:

      1. You don't want to expose your Primary Domain Controller to the Internet;
      2. Your network has a firewall in place, and only machines sitting on the outside may talk directly to Internet Hosts;
      3. You don't have a Primary Domain Controller in your network (NT Workstations and/or servers only).

      If you specify a machine name, use the \\MACHINE form. For example, if you want machine FRED to be the Time Server, type \\FRED.

    • Stand-Alone   Check this box only if your machine is not part of a domain, or not part of a workgroup that has an NT primary domain controller on a domain of the same name as your workgroup. Checking this box isolates your machine from the rest of the domain.

    • Enable Log file   Check this box if you want each instance of Domain Time to keep a log file. Domain Time always records its activities in the main Application Event log, but this setting allows you to keep a text log file, too. The log file is called domtime.log, and is located in your system32 directory. Only the Time Server's log will show external connection status messages and the amount of correction applied. Other DomTime machines will show when they sync to the Time Server, and when they service a client request.

    • Use External Source   Check this box if you want the Domain Time Server to obtain its time from an external source. If you leave this box unchecked, the Domain Time Server will never attempt to validate its time against another machine, although all other machines running Domain Time will still set their clocks to the Domain Time Server's.

    • Primary SNTP -- specify the host name or IP number for the Domain Time Server to use when obtaining the current time from an external SNTP source. The host you specify must support the Simplified Network Time Protocol (SNTP) as defined by RFCs 1769 and 2030. The default value for this field is tick.usno.navy.mil.

    • Secondary (under Primary SNTP) -- specify a backup SNTP host for the Domain Time Server to use if it cannot connect to the primary SNTP host. The default is tock.usno.navy.mil.

    • Primary ITP -- specify the host name or IP number for the Domain Time Server to use when obtaining the current time from an external ITP source. The host you specify must support the Internet Time Protocol defined by RFC 868.

    • Secondary (under Primary ITP) -- specify a backup ITP host for the Domain Time Server to use if it cannot connect to the primary ITP host.

      NOTE:   Domain Time will try to use the Primary SNTP host first. Only if that host fails will Domain Time attempt to use the Secondary SNTP host. If both the Primary and Secondary SNTP hosts fail (or both are left blank), Domain Time will move on to the ITP hosts. Again, Domain Time will try the Primary ITP host first, then fall back on the Secondary ITP host only if the primary fails. If you don't want Domain Time to use ITP at all, fill in values for the Primary and Secondary SNTP hosts, and leave the other two blank. Likewise, if you want Domain Time to use only ITP, leave the NTP hosts blank. If all four hosts are left blank, this is equivalent to unchecking the Use External Source checkbox.

    Public Time Servers
      There are hundreds of SNTP servers available on the Internet. Here is a list of SNTP servers from which you may choose. You should probably pick a stratum 2 server, although if your network is very large, you may qualify for using a stratum 1 server. Please read and abide by the suggested rules for using public time servers!

      The default hosts used by Domain Time are tick.usno.navy.mil and tock.usno.navy.mil. These servers support SNTP, ITP by UDP and ITP by TCP. Support for ITP will be discontinued in the near future. Although tick and tock are stratum 1 NTP servers, Domain Time uses them for installation defaults because they are the closest thing to "official" servers available. Unless you qualify to use a stratum 1 server, you must visit the list mentioned above and pick some stratum 2 servers for your network.

    Win95/Win98 Client
      A special version of Domain Time, called Domain Time Client, is provided for Win95/Win98 machines. The filename is domtimec.exe. The client does not have any controls, and does not rely on domain participation or TCP/IP being installed. It just sets the time.

      Domain Time Client runs on demand (just double-click the program), or it can be installed to run every time a user logs on, or, as of version 1.1.b.19990205, can be installed to run as a Win95/Win98 service.

      When you run Domain Time Client, it attempts to locate an NT machine running Domain Time. If it finds a machine, it updates the local time to match the server's time. For this to work, there must be an NT machine running Domain Time

      1. in the same workgroup;
      2. in the same domain;
      3. in a domain with the same name as the client's workgroup;
      4. running at least one of the same network protocols as the client.

      If the client cannot find an NT machine running Domain Time within approximately 5 seconds, it gives up and the clock is not changed.

      Create a shortcut on your desktop to domtimec.exe if you want to be able to update the time just by double-clicking the icon.

      You can also set up the client to run automatically. Installation is pretty simple:

      1. Copy domtimec.exe to the Windows system directory (usually C:\windows\system).

      2. Open a COMMAND window (MS-DOS Prompt) and type

        • domtimec -install to install so DomTimeC runs every time a user logs in.
        • domtimec -installservice to install so DomTimeC runs every xx minutes. (see below)
        • domtimec -remove to remove DomTimeC. Can still be run manually by double-clicking.
        • domtimec -version to see the version information.
        • domtimec -quiet to update the clock without any interaction.
        • domtimec -help to see the online help (about the same as you see here).

      The -install procedure adds DomTimeC with the -quiet switch to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run key in the registry. You may manually edit the registry key to remove the -quiet switch if you want to see notifications when DomTimeC runs. When DomTimeC is installed this way, it runs any time someone logs onto the machine.

      The -installservice procedure adds DomTimeC with the parameter -a:30 to the HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices key in the registry. The default of 30 represents the number of minutes DomTimeC waits between checking/updating the clock. You may override this number on the command line during installation by using -installservice:xx and replacing xx with the number you want. You may also edit the registry key after installation.

      When DomTimeC is installed as a service, it runs continuously in the background (whether or not anyone is logged onto the machine), and updates the clock every xx minutes. When running as a Win95/Win98 service, you cannot have desktop notifications of DomTimeC's activity (there is no -quiet switch to remove; DomTimeC as a service is always quiet).

    Registry Settings
      Domain Time stores its configuration information in
          HKEY_LOCAL_MACHINE
            \System
               \CurrentControlSet
                  \Services
                     \Domain Time
                        \Parameters
      
      Changes made via the control panel take effect the next time Domain Time checks the time, or immediately if you click the Synchronize Domain Now button. There is no need to stop & restart the service. The following information is presented for documentation purposes only. Use the Control Panel Applet to configure Domain Time. You should never have to edit these registry entries manually. Domain Time uses a few other registry parameters as well which should never be changed manually.

      • Primary
        REG_SZ. Defaults to tick.usno.navy.mil
        Host name (or IP address) of primary time ITP source. Not used unless Use External Source is checked on the control panel applet.

      • Secondary
        REG_SZ. Defaults to tock.usno.navy.mil
        Host name (or IP address) of secondary, or backup, ITP time source. Not used unless Use External Source is checked on the control panel applet, and the primary source cannot be contacted.

      • PrimaryNTP
        REG_SZ. Defaults to tick.usno.navy.mil
        Host name (or IP address) of primary SNTP time source.

      • SecondaryNTP
        REG_SZ. Defaults to tock.usno.navy.mil
        Host name (or IP address) of secondary SNTP time source.

      • UseExternal
        REG_SZ. Defaults to TRUE
        Set this to TRUE (or any non-zero value) to cause Domain Time to retrieve date/time information from an external source.

      • TimeServer
        REG_SZ. Defaults to blank
        This value, if present, specifies that Domain Time should use this machine instead of the Primary Domain Controller as the Domain Time Server.

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2024 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.