Top of Page

Domain Time II Manager
Version 5.2

How to Manage Domain Time Remotely


You can use Domain Time II Manager to easily accomplish these common management tasks:
 
Click a link to jump to the discussion about each task:

Remote management      Generate reports

. Install/Upgrade/Remove Domain Time remotely

. Reset the configuration on one or more machines

. Reset the symmetric keyring on one or more machines

. Remotely control and configure individual machines

. Set the timezone on one or more machines

. Get machine stats and trigger synchronization

. Troubleshoot problems and resolve conflicts

    

. Report the variance of machines on the network

. Report the license status of Domain Time
 

Audit Server functions

. Select machines to audit with Audit Server

. Real-time Alerts

 
 
Install/Upgrade/Remove Domain Time remotely
Be sure you meet the minimum requirements for remote operations.

  • On a single machine:
    Highlight the target machine's name from either the list on the Tree pane or from a list on the Details pane, right-click and choose the action you want from the context-menu.

  • On multiple machines:
    1. Click on a domain category in the Domains and Workgroups list on the Tree pane to display all of its machines in the Details pane.
    2. Sort the list by any column you'd like to help identify the machines you want to work with.
    3. You can also refine which machines to choose by right-clicking in the Details Pane and choosing Select from the context menu to highlight different types of machines (Servers, Client, Installed machines, Uninstalled machines, etc.).
    4. Select the machines you'd like as targets (using Shift+Click, Ctrl+Click, etc.) and then right-click to select the action you want to perform from the context-menu.

    Select multiple machines to install
    Select multiple machines to install   [Click for smaller size]

    Before proceeding, you have the option to verify your selection(s) on the Remote Computer Operation dialog.

      Remote Computer Operation dialog
      Remote Computer Operation dialog   [Click for larger size]

      Installations and upgrades will use Manager's default configuration Templates for Server or Client unless you select alternates by clicking the Choose templates link. Read about using Templates

      Prompt for credentials (when needed): Manager uses the Windows credentials store to securely keep the usernames/passwords used to connect to machines. When this box is checked, Manager will prompt for any credentials it does not already know. When unchecked, Manager will move on to the next system without prompting if the connection fails.

      Prompt for other correctable errors: When checked, Manager will display a prompt if it cannot connect to a machine, allowing you to attempt to correct the error (such as by supplying an IP address instead of a DNS name). When unchecked, Manager will merely move on to the next system without prompting when it encounters an error.

      Force Auto-Manage Windows Firewall
      As of Version 5.2.b.20150828, Domain Time supports automatic management of the Windows Firewall to allow access to the required time protocol and control ports. This checkbox is tri-state (click on the box several times to cycle through the options). See Auto-Manage Windows Firewall Settings for a detailed explanation of the effect of each option.

      When you click OK, Manager will proceed, showing you the status of the operation on each machine. Any errors will be logged in Manager's log file. Be sure to review it by pressing F9 or choosing View Manager Log File... from the Options menu.

      If Manager encounters an error processing a machine, use the Connection Troubleshooter (highlight the machine in the Tree or Details pane and click Test Connection... from the right-click context menu) to help identify the cause of the problem. See the Troubleshoot task below for more information.

 

Reset the configuration on one or more machines
Be sure you meet the minimum requirements for remote operations.

    After Server or Client is installed on a machine, Manager can cause the component to reset itself to the default settings it was installed with, or Manager can push out new settings for the component to use. You can do this for any number of installed machines.

    This function allows you to easily make large-scale changes to groups of machines if necessary. For example, you could choose to change the specified time sources for all the machines in a particular city, or adjust the sync timings of all your servers, etc.

    The process is very similar to the Install procedure described above, except that you use the Reset Configuration command from the right-click context menu once you have selected the target machine(s).

    Reset Configuration on selected machines
    Reset Configuration on selected machines   [Click for larger size]

    The Remote Computer Operation dialog lets you confirm your selected machines, and also decide what method to use for the reset:

    Remote Computer Operation dialog
    Remote Computer Operation dialog   [Click for larger size]

      Use Installation Defaults: Causes the machine to revert to the exact configuration it used when it was first installed.
      Use Templates: Templates can set all or just a portion of the machine's configuration parameters. Click the Choose templates link to specify a template to use. Read about using Templates

      Prompt for credentials (when needed): Manager uses the Windows credentials store to securely keep the usernames/passwords used to connect to machines. When this box is checked, Manager will prompt for any credentials it does not already know. When unchecked, Manager will move on to the next system without prompting if the connection fails.

      Prompt for other correctable errors: When checked, Manager will display a prompt if it cannot connect to a machine, allowing you to attempt to correct the error (such as by supplying an IP address instead of a DNS name). When unchecked, Manager will merely move on to the next system without prompting when it encounters an error.

      Force Auto-Manage Windows Firewall
      As of Version 5.2.b.20150828, Domain Time supports automatic management of the Windows Firewall to allow access to the required time protocol and control ports. This checkbox is tri-state (click on the box several times to cycle through the options). See Auto-Manage Windows Firewall Settings for a detailed explanation of the effect of each option.

      When you click OK, Manager will proceed, showing you the status of the operation on each machine.

      If Manager encounters an error processing a machine, use the Connection Troubleshooter (highlight the machine in the Tree or Details pane and click Test Connection... from the right-click context menu) to help identify the cause of the problem. See the Troubleshoot task below for more information.

 

Reset the symmetric keyring on one or more machines
Be sure you meet the minimum requirements for remote operations.

    Manager can push out a common symmetric keyring to Domain Time Servers and Clients. You can do this for any number of installed machines. This allows you to easily ensure all your machines are using the same set of symmetric keys for authentication. Read more about Symmetric Keys.

    The process is very similar to the Reset Configuration procedure described above, except that you use the Reset Keyring command from the right-click context menu once you have selected the target machine(s). The right-click option will not be available for the Domain Time Server on the same machine as Manager, because it is, by definition, already up to date.

    The keyring configured on the Domain Time Server on the Manager machine is used as the master keyring. Each time you modify the Server's keyring, registry files called Current Symmetric Keys are created/updated on Manager in the Client and Server template folders. Reset Keyring uses these files to reset the keyrings on your selected machines.

    NTFS security restricts these files to Administrators and SYSTEM only. To change the information in these auto-generated templates, use the Control Panel applet for Domain Time Server on the Manager machine and edit the keyring. Do not attempt to edit the keys manually. (There are also "Compatible" versions of these two files for use with older Domain Time machines that don't understand the syntax for clearing a key's values before repopulating with information from the template. Manager will automatically select the Compatible version when required.)

    Reset Keyring on selected machines
    Reset Keyring on selected machines   [Click for larger size]

    The Remote Computer Operation dialog lets you confirm your selected machines, and also decide what method to use for the reset:

    Remote Computer Operation dialog - Reset Keyring
    Remote Computer Operation dialog - Reset Keyring   [Click for larger size]

      Prompt for credentials (when needed): Manager uses the Windows credentials store to securely keep the usernames/passwords used to connect to machines. When this box is checked, Manager will prompt for any credentials it does not already know. When unchecked, Manager will move on to the next system without prompting if the connection fails.

      Prompt for other correctable errors: When checked, Manager will display a prompt if it cannot connect to a machine, allowing you to attempt to correct the error (such as by supplying an IP address instead of a DNS name). When unchecked, Manager will merely move on to the next system without prompting when it encounters an error.

      When you click OK, Manager will proceed, showing you the status of the operation on each machine.

      If Manager encounters an error processing a machine, use the Connection Troubleshooter (highlight the machine in the Tree or Details pane and click Test Connection... from the right-click context menu) to help identify the cause of the problem. See the Troubleshoot task below for more information.

 

Remotely control and configure individual machines
Be sure you meet the minimum requirements for remote operations.

    You can use Manager to connect to any installed Server or Client and bring up its Control Panel applet, which will allow you to remotely configure and control the machine. You can change settings, view the various logs and graphs, start and stop the service, etc. just as if you were sitting at the console of the remote system.

    To connect, simply double-click on the machine's name in the Tree pane. You can also highlight the name in any Tree or Details pane list, and choose Action -> Control Machine from the main menu, press F7, or right-click and choose Control Panel from the context menu.

    Manager first uses the computer name to attempt the connection. If the name does not resolve to a running Domain Time system, you'll see the Connect error dialog where you can tell Manager to try a DNS name or IP address instead. You can also instruct Manager to try the DNS name or IP address instead of the machine name for all future connections.

    Connection Error dialog
    Connection Error dialog   [Click for larger size]

    If Manager still cannot connect to the machine, use the Connection Troubleshooter (highlight the machine in the Tree or Details pane and click Test Connection... from the right-click context menu) to help identify the cause of the problem. See the Troubleshoot task below for more information.

 

Set the timezone on one or more machines
Be sure you meet the minimum requirements for remote operations.
  • On a single machine:
    Highlight the target machine's name from either the list on the Tree pane or from a list on the Details pane, right-click and choose the action you want from the context-menu.

  • On multiple machines:
    1. Click on category in the Tree pane to display a list of machines in the Details pane.
    2. Sort the list by any column you'd like to help identify the machines you want to work with.
    3. You can also refine which machines to choose by right-clicking in the Details Pane and choosing Select from the context menu to highlight different types of machines (Servers, Client, Installed machines, Uninstalled machines, etc.).
    4. Select the machines you'd like as targets (using Shift+Click, Ctrl+Click, etc.) and then right-click to select Timezone... from the context-menu.

    Change the timezone on multiple machines
    Change the timezone on multiple machines   [Click for larger size]

    Choose the timezone you want from the Change Timezone dialog.

    Change Timezone dialog
    Change Timezone dialog   [Click for larger size]

    If Manager encounters an error setting the timezone, use the Connection Troubleshooter (highlight the machine in the Tree or Details pane and click Test Connection... from the right-click context menu) to help identify the cause of the problem. See the Troubleshoot task below for more information.

 

Get machine stats and trigger synchronization
Manager presents statistical information obtained from systems in a number of ways.

  • You can see basic information on a machine by highlighting its name in any list the Tree pane.

      The Details pane will show information derived from a variety of sources such as Active Directory, network discovery scans, and direct contact with Domain Time on the machine.

      Some data may initially be missing or not available depending on what kind of contact has been made with the machine. You can sometimes fill in missing data by clicking Action -> Refresh from the main menu (or right-clicking and choosing Refresh from the context menu.


       [Click for larger size]
  • You can also get statistical information from machines by customizing the columns displayed in lists shown on the Details pane.

      Click a category name in the Tree pane to display a list of machines in that category. Choose View ->: Add/Remove Columns... from the main menu (or right-click on any column label and choose which columns to display).

      Update the list by clicking Action -> Refresh from the main menu (or right-clicking and choosing Refresh from the context menu.

  • You can get extremely detailed statistics from any machine running Domain Time.

      Highlight the name of a machine running Domain Time in either a Tree or Details pane list and right-click to choose Statistics from the context menu. This information is provided by contacting the Domain Time II component directly, and it can therefore contain extremely detailed information about the machine and its operations. Versions of Domain Time 5.1 or newer provide additional statistics such as Network I/O Counters.

      Detailed Domain Time statistics
      Detailed Domain Time statistics   [Click for larger size]

      Update the list by clicking the Refresh button on the Statistics dialog. You can also reset the statistics and counters on the remote machine by clicking the Reset button. Note that this will also clear the machine's drift graph data, so if you are using Audit Server to collect this information for historical purposes, be sure you have run a recent Audit before clearing the data. See Audit Server Synchronization Logs for more info.

  • To see statistical information on the Domain Time II Manager itself, click the System Information System Information category in the Tree pane. Click the Reference Time Reference Time item underneath it to show current info on the Reference Clock.

 

Troubleshoot problems and resolve conflicts
Manager gives you several tools to help troubleshoot connection issues and resolve serial number conflicts.

  • The Manager Log can display extensive information on what Manager is doing. If you are having difficulties, the first step you'll want to take is to enable Manager's Debug logging using the Options -> Manager Log File Settings menu item.

  • The Verify command tells Manager to attempt to identify whether Domain Time is installed on selected machines and obtain updated statistical information, if possible.

      This is particularly useful if the normal Network Discovery processes aren't able to determine if Domain Time is installed, or if statistical information hasn't been filled in correctly.

    1. Click on a list category in the Tree pane to display all of its machines in the Details pane.
    2. Sort the list by any column you'd like to help identify the machines you want to work with.
    3. Select the machines you'd like as targets (using Shift+Click, Ctrl+Click, etc.) and then right-click to select Verify... from the context-menu.

      Select multiple machines to verify
      Select multiple machines to verify   [Click for larger size]

    4. Next, you'll be presented with the Network Operations dialog, which allows you to confirm which machines you want to verify:

      Remote Computer Operation dialog
      Remote Computer Operation dialog   [Click for larger size]

      Prompt for credentials (when needed): Manager uses the Windows credentials store to securely keep the usernames/passwords used to connect to machines. When this box is checked, Manager will prompt for any credentials it does not already know. When unchecked, Manager will move on to the next system without prompting if the connection fails.

      Prompt for other correctable errors: When checked, Manager will display a prompt if it cannot connect to a machine, allowing you to attempt to correct the error (such as by supplying an IP address instead of a DNS name). When unchecked, Manager will merely move on to the next system without prompting when it encounters an error.

      When you click OK, Manager will proceed with the verification, showing you the status of the operation on each machine.

  • The Connection Troubleshooter is an extremely helpful utility that will show you all of the steps Manager performs when connecting to a remote machine. This allows you to immediately pinpoint the exact problem preventing communication with any machine.

      To launch the Troubleshooter, right-click a machine name in either the Tree or Details pane and select Test Connection... from the context menu. Alternately, you can select Utilities -> Connection Troubleshooter from the Main Menu.

      Once the Troubleshooter is running, you can enter the DNS name or IP address of the system to test.

      The Troubleshooter will perform each action required to connect to the remote machine and display the results of each test.

      Critical errors that prevent particular Manager functions from operating will be shown in red, warnings that may represent a problem will be shown in yellow, and tests that pass will be shown in green.

      Most connection issues are due to network configuration, name resolution, firewall, or permissions problems. Please refer to the minimum requirements for remote operations list for details on what types of access is required.

      As of version 5.2.b.20170101, the troubleshooter checks for the presense of wsnmp32.dll as it must be present for Domain Time installation. Nano Server 2016 does not install this .dll by default; it must be manually installed before this test will pass. See the Nano Server FAQ for more information.

        
      Connection Troubleshooter, showing a firewall problem<br>
      Connection Troubleshooter, showing a firewall problem
         [Click for larger size]

  • The Conflict and Problems Conflicts and Problems Category
    Items will appear in this category if a problem is detected by Manager.

      For example, a conflict will be flagged if Domain Time machines are detected running with the same Domain Time serial number. Domain Time serial numbers must be unique.

      Domain Time II Manager - Reset Duplicated Serial Numbers dialog
      Domain Time II Manager - Reset Duplicated Serial Numbers dialog   [Click for larger size]

      In most cases, you can resolve the conflict by highlighting the conflict item Duplicate Serial Numbers in the Tree and double-clicking the Repair link on the Details Pane. This will bring up the Reset Duplicated Serial Numbers dialog which lets you select which machines to renumber. If renumbering the first machine listed doesn't work, try again and renumber the other(s). It doesn't matter which machine has which number, they just must be unique.

      If you are repeatedly seeing machines appear with conflicts, you may be bringing up machines that were created by cloning. Please see this KB article on how to properly set up Domain Time on cloned images or manually reset the serial numbers if you cannot reset them using Manager.

 

Report the variance and current synchronization status of the network
You can create a custom report showing how much variance (delta) machines on the network currently have from Manager's Reference Time.

    First, be sure you have set Manager to use correct and stable Reference Time. See the Configure Reference Time instructions.

    Next, highlight the Domain Time Nodes category in the Tree pane to display a list of currently-running Domain Time machines. Choose which columns to include in your report by clicking View -> Add/Remove Columns... or right-clicking on any column header and choosing the columns. Be sure you include the Delta column, which shows the variance information. You can include any other details you want on your report, such as Latency, Last Timeset, Corrections, etc.

    Finally, you can show the current variance by clicking Action -> Refresh or right-click and choose Refresh from the context menu to update the list.

    If this list isn't showing you all Domain Time machines you expect, check your settings on the Network Discovery page.

    The list in the Details pane can be exported to a file using File -> Export from the main menu. The exports will only include the currently-visible columns. You may export to CSV (comma-separated value), XML, or HTML formatted files.

    Also, see the Real-Time Alerts function for live monitoring of your time synchronization status.

 

Report the license status of Domain Time
To show the license status and type of currently-running Domain Time machines, click the License Report License Report item in the Tree pane (found under the System Information System Information category).

    The License Report
    The License Report   [Click for larger size]

    Choose which columns to include in your report by clicking View -> Add/Remove Columns... or right-clicking on any column header and choosing the columns.

    If you have the Eval Status column visible, it will show whether a machine is running a registered copy of Domain Time, or show how many days remain on an evaluation version.

    If this list isn't showing you all Domain Time machines you expect, check your settings on the Network Discovery page.

    The list in the Details pane can be exported to a file using File -> Export from the main menu. The exports will only include the currently-visible columns. You may export to CSV (comma-separated value), XML, or HTML formatted files.

 

Select machines to audit with Audit Server

If you have Audit Server installed, you can use Manager to determine which machines will be included in audit runs.

    You can select machines for Audit from the Domains & Workgroups, Domain Time Nodes, NTP Nodes, Real-Time Alerts, or PTP Monitor pane by exposing the Audit column and making your selection, or you can click on any individual machine and change its audited status by double-clicking on the Audited editable item shown on the Details pane. Clicking multiple times will toggle through all available Audit Groups.

    To select using the Audit column, highlight any list category in the Tree pane to display a list of machines in the Details pane. Click View -> Add/Remove Columns... or right-click on any column header and then click to display the Audit column. You can change the audited state of any individual machine, or you can change multiple machines by selecting them, then right-click and choose Auditing from the context menu. You may choose from up to 8 custom audit groups. See Audit Groups for details on configuring Audit Groups.

    You may also set which machines should be audited from a batch file. See the Batch Add section of the How to use the Manager Interface page for details.

    Note: The auditing of PTP Nodes is a separate function from other types Audit Server auditing. The "Audited" setting's column for PTP Monitor is independent of the "Audited" settings on the Domains & Workgroups, NTP Nodes, Domain Time Nodes, or Real-Time Alerts displays. Enabling/Disabling auditing on the PTP Monitor display will not change the audit settings on the other pages, and vice versa.

    1. To audit Windows machines:
      1. Install Domain Time Client or Server on the machine.
      2. Choose to audit the machine either from the the Domains & Workgroups or Domain Time Nodes list.
      3. If the machine does not appear in either list, you manually add it to the Domains & Workgroups list by right-clicking and choosing Add computer from the context menu. You may also add multiple machines using the Batch Add function.

    2. To audit Linux machines:
      1. If your machine is running an NTP daemon like ntpd or chronyd, set it to act as an NTP Server (responding to NTP time requests). If your Linux machine is running PTP, see the next section. You can test whether it will respond correctly by using the ntpcheck utility from any machine running Domain Time. Open an elevated command prompt and enter:

          ntpcheck [name or ip address of your linux machine]

        If you see a response like this, you're good to go:

          C:\WINDOWS\system32>ntpcheck 192.168.1.203
          Domain Time NTP Check 5.2
          Copyright (c) Greyware Automation Products, Inc.
          Hostname: MYHOST
          
          Checking server 192.168.1.203 protocol ntp... okay
          
          Timezone: UTC
          
                             Server  YYYY:MM:DD HH:MM:SS.mss  Latency  Secs Delta
          -------------------------  ---------- ------------  -------  ----------
                     192.168.10.203  2019-08-26 17:51:04.145    0.007  +0.0003348
          

      2. In the NTP Nodes section of Domain Time Manager, right-click and choose "Add NTP Node". Enter the IP address of your NTP Server. Once added, you can audit the machine just like you audit other machines. You may also add multiple machines using the Batch Add function.
      3. On the Audit Server -> Synchronization Logs -> Configure dialog, set your desired NTP drift collection schedule, either on the same schedule you've set for your other sync logs, or you can set a custom schedule. NTP data will then be written to the Synchronization Logs folder on that schedule.

    3. To audit PTP devices:
      1. Make sure your PTP device or daemon can respond to standard PTP management requests and is visible via both multicast and unicast from the Audit Server.
      2. Choose to audit the machine from the the PTP Nodeslist. Note, Windows machines using Domain Time's PTP should be audited from the the Domains & Workgroups or Domain Time Nodes list.
      3. On the Audit Server -> Synchronization Logs -> Configure dialog, set your desired PTP data collection methods.

        Read more about how to use PTP Monitor.

 

Real-time Alerts If you have Audit Server installed, Manager can show and reset the current status of the Real-Time Alerts notifications.

    Click the Real-Time Alerts Real-Time Alerts category in the Tree pane to show the list of machines sending Real-Time Alert notifications to Audit Server. (see the Audit Server Alerts page for information on configuring Real-Time Alerts.)

    The listed machines will show the current synchronization status reported by each machine, as well as the time of the last contact, number of errors since last reset, and last error encountered.

    The Status column shows the currently-reported state of each machine. Machines that have not yet reported their status will be shown with no color; if the machine has reported with no errors, it will be shown in green.

    If a machine has reported an error, the indicator will be red if the error condition still exists, or will be yellow if at least one red error has occurred since the last reset but the error condition has since resolved. The indicator will stay red or yellow until the alert has been cleared manually.

    By default, the Real-Time Alerts list will auto-refresh while displayed. You can turn off auto-refresh by unchecking View -> Auto-Refresh Real-Time Alerts from the menu.

    To clear an alert
    Highlight the alert line(s) in the list, right-click and choose Reset Alert Status from the context-menu. This will also clear the error count and error message information for the machine. After an alert is cleared, the status indicator will be reset to the initial status and will not change until the next real-time notification is received from the machine.

 

Next Proceed to the Discovery page
Back Back to the Using the Manager Interface page

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2024 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.