Top of Page

Domain Time II
Version 5.x


Version 5.2 Changelog
Click the link to jump to the change details for that build

BuildRelease Type
5.2.b.20190101Current Version - Optional Upgrade
5.2.b.20181111Optional Upgrade
5.2.b.20180805Optional Upgrade
5.2.b.20180801Optional Upgrade
5.2.b.20180606Recommended Upgrade
5.2.b.20180303Recommended Upgrade
5.2.b.20180101Optional Upgrade
5.2.b.20171113Optional Upgrade
5.2.b.20170922Optional Upgrade
5.2.b.20170522Optional Upgrade
5.2.b.20170331Optional Upgrade
5.2.b.20170101Recommended Upgrade
5.2.b.20160922Optional Upgrade
5.2.b.20160711Optional Upgrade
5.2.b.20160415Optional Upgrade
5.2.b.20151127Optional Upgrade
5.2.b.20151102Optional Upgrade
5.2.b.20150828Optional Upgrade
5.2.b.20150516Optional Upgrade
5.2.b.20150307Optional Upgrade
5.2.b.20140922Optional Upgrade
5.2.b.20140707Optional Upgrade
5.2.b.20140523Optional Upgrade
5.2.b.20140404Recommended Upgrade
5.2.b.20140303Optional Upgrade
5.2.b.20140101Optional Upgrade
5.2.b.20131101Optional Upgrade
5.2.b.20130405Optional Upgrade
5.2.b.20130222Optional Upgrade
5.2.b.20121111Optional Upgrade
5.2.b.20120215Optional Upgrade
5.2.b.20120206Optional Upgrade
5.2.b.20120117Optional Upgrade - Pre-release support for Windows 8
5.2.b.20110831Optional Upgrade
5.2.b.20110601Optional Upgrade
5.2.b.20110309Optional Upgrade
5.2.b.20110224Optional Upgrade
5.2.b.20101113First release of Version 5.2. Recommended Upgrade

Version 5.2 Changelog

5.2.b.20190101 Current Release - Optional Upgrade

Several minor enhancements, mostly customer requests. Upgrade if you want the new features.

  • DTDrift
    • Customer request: If run under non-admin credentials, no longer prompts for elevation when viewing the Raw Data text file.

  • DTReader
    • Customer request: If run under non-admin credentials, no longer prompts for elevation when viewing the Raw Data text file.

  • NTPCheck
    • Added "NDIS transit delay" to -raw output. This line will be present only if software timestamps are enabled for the interface used to process the NTPCheck command. If present, the line indicates the number of hectonanoseconds (10ths of a microsecond) the reply took to transit the NDIS layer of the network stack.

  • DTServer
    • Changed clock-change monitor behavior if (a) server is configured to serve the time without verifying its own clock first, and (b) clock-change monitor is also enabled. The prior behavior was to ignore the clock-change monitor checkbox on the CPL, and not start the monitor if no sources were configured (since the monitor won't be able to fix any changes made by other processes). The new behavior is to start the monitor anyway, to produce behavior that correlates with the CPL settings. If admins don't want errors or warnings in this situation, they can uncheck the clock-change monitor box on the CPL.

  • DTServer/DTClient
    • Added checkbox "Enable Trend Filter (recommended)" to PTP configuration dialog. The default value is checked. If unchecked, Domain Time will not include trend data in the clock steering mechanism. Uncheck this box only if your machine is extremely stable (i.e., normally has an average delta of only a few microseconds).

  • DTAlert
    • Customer request: Added right-click "Synchronize this node" to Alert Viewer's list of nodes if the mouse is over a node. Right-clicking on an empty area of the list still brings up the standard configuration menu.
    • Changed the Always-on-Top behavior to avoid switching focus to the clock display when the list of nodes is showing.

  • Misc
    • Updated copyright notices to reflect 2019.
    • Updated patent pending numbers to reflect new filing.
    • Deprecated the never-used GetDriftRecord DT2 command.
    • Eliminated unnecessary QueryPerformaceCounter() calls in some DT2 calculations.
    • Changed Driver Timestamps output in DTServer/DTClient text log to use the adapter's "friendly" name instead of its generic name. The friendly name will appear in quotation marks, followed by adapter name as shown in the device list.
    • Switched log file output routines to use RAII for critical sections.

5.2.b.20181111 - Optional Upgrade

Preliminary support for software timestamping (at the NDIS layer) on Windows 10 and Windows Server 2019 (see section below). Significantly enhanced PTP self-tuning on Domain Time Server and Domain Time Client. Several other small changes and fixes. Upgrade if you want the new features.

  • Software Timestamps (beta support only)
    • Enabled preliminary support for software timestamps on Windows 10 and Windows Server 2019. Software timestamps account for latencies within the NDIS portion of the network stack. Software timestamps must be enabled per adapter before Domain Time can take advantage of them. You may use dtcheck -interfaces or dtcheck -adapters to see which adapters have software timestamps enabled.

      Software timestamping at the NDIS level is not yet fully supported or documented by Microsoft, so support for this feature may change as the API changes. See SoftwareTimestamping for a Powershell script to enable/disable/query software timestamping. It remains unclear whether software timestamping will be included in the forthcoming update for Server 2016. Since this feature is not yet fully documented by Microsoft, Domain Time will not enable or disable software timestamping for you.

  • Audit Server/Manager
    • Preliminary support for software timestamps on Windows 10/Server 2019.
    • Changed delta calculations for Domain Time nodes that respond, but have not set their clocks (no sources defined, all failed, test mode enabled, etc.) to use the calculated delta. The former behavior used either zero or the last-known delta, forcing admins to also check the time-since-last-set value to know whether or not the delta was fresh.
    • Fix for Manager not displaying newly-added NTP Nodes if Audit Server is not installed.

  • DTServer/DTClient
    • Preliminary support for software timestamps on Windows 10/Server 2019.
    • Self-tuning enhancements for PTP continuously-variable clock steering.
    • Changed to ignore domain cascade triggers if PTP slave.
    • Changed handling of PTP time samples if the rate is greater than 1/second.
    • Customer request: Changed Accept First PTP Timestamp to disregard date entirely and step to match first received PTP timestamp. This option remains for highly-specialized environments, and its use is discouraged.

  • Control Panel applet
    • Added checkbox to the Advanced tab for controlling use of software timestamps. This checkbox will be grayed-out unless the operating system is Windows 10/Server 2019 or later. If you have configured software timestamps on an adapter, and this box is checked, then Domain Time will use them.
    • Customer request: Changed PTP Status label from "Raw Offset" to "Current Offset" to prevent confusion.

  • DTDrift
    • Fixed typo on drop-down scale of drift graphs.
    • Fix for drift graphs reporting incorrect average interval between data points when there is more than one data point per second.
    • Added 0.0000000 instead of "None" if the largest positive delta was zero.

5.2.b.20180805 - Optional Upgrade

Change for delta calculation when using DT2-UDP or DT2-TCP over high-latency connections. Version 5.2.b.20180801 introduced significantly increased precision of delta measurements on fast local networks, but neglected to compensate for networks with high latency. Upgrade if you are using DT2-UDP or DT2-TCP over Internet or WAN connections.

5.2.b.20180801 - Optional Upgrade

Support for Windows Server 2019. One major addition (allowing DTServer to become a Telecom master), and one major enhancement (allowing Audit Server to perform pre-audit syncs in parallel). One small fix for the textual summary of drift graphs. Several other minor enhancements or improvements. Upgrade if you are experiencing problems with the prior build, or if you want the new features.

  • All
    • Changed code-signing digest algorithm from SHA1 to SHA256. This is to conform with Microsoft's requirements for newer operating systems. XP and 2003 will not be able to validate the certificate, even though it is present and you may view the details.

  • DTServer
    • Customer request: Added support to allow becoming a Telecom master node. The Telecom Profile requires nodes to be either Telecom slaves or Telecom masters; alternating roles are not permitted. Therefore, the master configuration dialog will be unavailable if Domain Time is configured as a Telecom slave. Domain Time Server has a hard limit of 256 Telecom slaves. The maximum packet delivery rate is 128 packets/second.

  • DTServer/DTClient
    • Customer request: Changed second reply to Audit Sync command (sent only by Audit Server during pre-audit synchronization, or by the stand-alone dtsync.exe utility) to have a source port of 9909. The Audit Sync command, unless you have selected not to wait for it to complete, normally generates two replies to the originator's source port. The first reply, acknowledging the command, always has a source port of 9909. The second reply, which occurs after synchronization has completed, formerly used an ephemeral port as the source port. This has been changed so that both replies use 9909 as the source port.
    • Made telecom slave subscription requests work with PTP v2.1 domains 128-239 using SdoId 0x100.
    • Changed telecom slave delay requests to fire on the tick instead of ±25% of the interval. Some telecom masters don't send replies if the full interval hasn't yet expired.
    • Limited telecom slave subscription rate choices to workable numbers instead of the entire possible range. The telecom slave subscription dialog will still warn you about sub-optimal rate choices.
    • Made telecom slave subscription only request Announces until a best master is chosen.
    • Made telecom slave failure due to active denial of a subscription request a soft fail as long as another telecom master is provisioned and sending Announces.
    • Added small delay between receiving APM power resume event (waking from hibernation or sleep) and restarting the network. Win10 can send the resume signal several seconds before it actually finishes waking up.
    • Increased look-back size of PTP filtering engine for smoother performance.
    • Added lock-free mechanism for sending PTP messages. This helps reduce jitter.

  • Control Panel applet
    • Changed wording on DTClient's Advanced page from "Enable NTP broadcast listener" to "Enable NTP listener on port 123" for clarity.
    • Added Telecom Master option on DTServer's PTP Master configuration dialog.
    • Changed Test button behavior on various dialogs when the Control Panel applet is controlling a remote machine. This is because while the Control Panel applet is showing settings from the remote machine, it it executing on the local machine. Testing connections is therefore meaningless, since a name or IP that resolves on the local machine may or may not have the same behavior on a remote machine. The availability of the Test buttons caused confusion with admins who believed the test would execute remotely. As of this version, attempting to test remotely will display a message explaining the issue rather than running the test.

  • Manager
    • Appended "(deprecated)" to Manager's Pre-Audit Tasks dialog text "Wait for all synchronizations to complete." Pre-audit sync is a holdover from the days when networks needed to be synchronized only a few times per day. We recommend not using pre-audit sync, but have made some improvements (see below) in case you still need this function.

  • Audit Server
    • Rewrote pre-audit sync to handle large numbers of nodes in parallel, reducing the time required.

  • DTDrift
    • Fix for textal summary of a drift data file. Version 5.2.b.20180606 introduced summarized microseconds (instead of milliseconds), however, negative values were miscategorized. The individual delta data points are recorded correctly; only the summary classification was incorrect.
    • Changed lookups for driftptp.dt to use drift.dtex instead of driftptp.dtex. This only affects displays of IPv6 sources.

  • NTPCheck
    • Customer request: Modified SNTP request/reply compatibility.

  • DTCheck
    • Added -ptpslaves command. This command retrieves the current list of Telecom subscribers from a Domain Time Server in the PTP Telecom Master role.
    • Changed -ptptest output to show original source IP of forwarded packets.

  • PTPCheck
    • Added instance limiter, so that only one copy of PTPCheck may run (per logged-on user).

5.2.b.20180606 - Recommended Upgrade

Significant feature enhancements for DTClient/DTServer, and for Manager/Audit Server.

Introduced Audit Groups for Audit Server. Audit groups provide much finer control over how your nodes are audited, and how Real-Time Alerts are handled. When you first upgrade Manager, all of your currently audited nodes will be placed in audit group 1, labeled "Audited," and this will be the only group available until you also upgrade Audit Server.

Added support for the PTP Telecom Profile [00-19-A7-00-01-00] (slave-only) to DTServer/DTClient, and support for monitoring Telecom (or other nodes reachable only by unicast) to Manager/Audit Server. The Telecom Profile uses unicast negotiation with Telecom-capable grandmasters. The Telecom Profile does not use multicast.

Added preliminary support for the forthcoming PTP v2.1. PTPCheck (version management message), and PTPMasters (either from the Control Panel applet or from DTCheck) will show v2.0 vs v2.1, and the incoming SdoID will be displayed. The SdoId restricts which domain numbers are valid. Incoming v2.1 packets with invalid SdoId numbers, or with invalid combinations of SdoId and domain numbers, will be rejected. Support for other v2.1 features will be incorporated in future releases.

  • Audit Server
    • Added Audit Groups. Formerly, a node was either audited or not. Audit Server now keeps eight sets of rules, called Audit Groups. Each group has its own variables and actions. When you set a node to be audited, you also choose its audit group. This allows you to set separate tolerances for nodes with different alerting requirements. You may assign meaningful names to the audit groups. For example, you could name Group 1 "Trading," and make its tolerance 100 s, whereas Group 2 might be named "Workstations," and have a 10-second tolerance, etc. The names you choose will be used for display by Manager, as well as in alerts, logs, and summaries.
    • Added audit error email recipient(s) for each audit group. When an audit alert email is raised, the alert containing all errors will always be sent to the standard TO/CC/BCC recipient(s) in the general email setup. This new option lets you also send a copy to a comma-separated list of email recipient(s) interested in audit alerts for the each specific group, containing only the error from that group.
    • Added Real-Time email recipient(s) for each audit group, similar to the operation described for audit error emails.
    • Added node IP and node name to drift data (.dt) files. This information will show on the title bar when viewing a drift graph, and in the header of a .dt file converted to .txt.
    • Corrected PTP Monitor's behavior to prevent creating IPv6 sockets and joining IPv6 multicast groups when IPv6 is not enabled.
    • Finished changing references to "NTP Servers" to "NTP Nodes" (both singular and plural) to conform with earlier updates. If you are parsing log files, daily reports, or audit result text logs, you should change your scripts to look for "NTP Node" instead of "NTP Server." Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.
    • Changed threading model for several data collection routines to ensure more predictable performance across all supported operating systems.
    • Improved Audit Server's measurement of Domain Time nodes' deltas, provided the nodes are using PTP and have synchronized within the past two minutes. (This change also affects the deltas shown when looking at Domain Time nodes in Manager.)
    • Added --- Begin Audit Results --- and --- End Audit Results --- before and after listing audit results in Audit Server's log. This makes it easier to pick out the audit results from other messages.
    • Rationalized audit result line for each node in Audit Server's log so that all node types use the same format, enabling simpler automated log parsing.
    • Removed ± from Real-Time Alerts, Audit Alerts, and Audit Summaries. Although the ± character (0xB1) displays correctly in text log files, it does not necessarily transit email or syslog when systems are expecting only 7-bit data.
    • Changed Audit Server's Event Log Event ID 3005 (Real-time Alert generated when a node changes to error status) from a simple, "x machines had errors" to individual events for each machine.
    • Added ability for PTP Monitor to follow Telecom slaves (or any slave not reachable by multicast). Unicast-only nodes must support PTP management messages. You may test using PTPCheck to see if a node responds to unicast management messages.
    • PTP Monitor will automatically follow any Telecom masters, provided that Domain Time Server is set to use the Telecom profile. Provision Domain Time Server with the master(s) you want to monitor, and they will automatically appear in PTP Monitor's list.

  • Manager
    • Changed name of Audit Server menu item "Alerts" to "Alerts and Audit Groups."
    • Changed the column name "Audited" to "Audit Group," to reflect that the options are no longer just Yes/No, but Unaudited or one of the eight possible audit groups.
    • Changed double-click on the Audit Group column from a Yes/No toggle to cycle through unaudited and the audit groups. Changed right-click on items to allow you to choose the audit group by name.
    • Added Audit List item to Manager's tree display. When selected, the list side will show you all currently audited nodes. You may sort by audit group, IP address, Location, or Node Name. The Location column indicates from which list the audited node derives. For example, a PTP node will show its location as PTP Nodes, and an NTP node will show NTP Nodes. Right-clicking on empty space in the list will allow you to go directly to Pre- and Post-Audit Tasks, to Alerts and Audit Groups configuration, or to Audit List Management.
    • Added Transport column to the PTP Monitor list. Transport here refers to the method of monitoring: Unicast-Only (e.g., Telecom slaves), or Hybrid (discovery by multicast, and follow-ups either by multicast or unicast).
    • Added Node Name and IP Address columns to the Synchronization Logs list. Note: These two columns are updated only when new drift data is collected by Audit Server, so there may be a lag between when you rename a node and when the new name shows up in the Synchronization Logs list.
    • Added help link and icon to PTP configuration dialog to help explain PTP domain selection options.
    • Added Backup/Restore of Audit List and Audit Group settings to the File menu. Backing up the audit list not only backs up the audited state for each node, but all of the audit group settings, including settings for unaudited nodes. When you restore the audit list, you restore all of the settings as well as the audited state for each node.
    • Changed Real-Time Alert wording on Manager's configuration dialog from "Do not count the first correction after startup as excessive, regardless of magnitude" to "Do not count startup corrections as excessive, regardless of magnitude." Changed Audit Server's processing to allow more than one "startup" correction, based on how long since the reporting machine has booted. This allows time for a recently-booted machine to settle, acquire a PTP master, adjust its timing, etc., before a Real-Time alert from the machine will trigger an email or red flag in Manager's display.
    • Added PTP nodes to Manager's Batch Add function (see Batch Add for details). Batch add for PTP nodes is limited to unicast-only slaves. You may use either an IP address or a DNS name as the identifier, optionally followed by a colon and a PTP domain number. For example, ADD PTP would add the PTP slave at, using domain 3. If you leave the colon and domain number off, Manager will attempt to discover the domain. If you specify a domain number that isn't one of the ones being monitored by PTP Monitor, the node won't be added. If the node already exists in the database but with a different domain number, the domain number will be updated to the one you specify.
    • Changed references to "NTP Servers" to "NTP Nodes" to conform with earlier updates. Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.

  • Control Panel applet
    • Changed label on PTP statistics page from "Delay Mechanism" to "PTP Profile" for clarity. The value following the label is a combination of the selected profile and the delay mechanism used with it.
    • Added Telecom Options dialog for setting variables for use with the Telecom Profile. In general, the default settings are correct and should not be changed unless required by your Telecom-capable grandmaster.
    • Added "PTP Telecom unicast negotiation details" debug category to the Debug Details dialog.
    • Change PTP Domain input box to accept 0-239. The former behavior was to limit the domain to 0-127. PTP v2.1 can use domains 128-239. If you choose a domain number in the range of 128-239, Domain Time will mark its outgoing packets as PTP v2.1 using SdoId 0x100.

  • DTServer/DTClient
    • Significantly improved PTP slave tracking on Win8/2012 or higher operating systems.
    • Added support for Telecom Profile [00-19-A7-00-01-00], sometimes referred to as the Telecom 2008 Profile. This profile requires a Telecom-capable grandmaster, and you must provision the slave with a list of (up to sixteen) grandmaster IP addresses and domain numbers. Use Ipv4:domainNumber or [IPv6]:domainNumber in the list of acceptable masters. If you omit the domainNumber, the current default domain will be used. Note that an IPv6 address, if used with a domain number, requires the square brackets as shown above. You must know the domain number used by your grandmaster. Domain Time supports the Telecom Profile using Layer 3 (UDP) only.

      The Telecom Profile does not use multicast. The slave negotiates unicast Announces, Syncs, and Delay Response messages with the master (much like a DHCP lease). The delay measurement is End-to-End only. By default, Announces are every other second, while Syncs and Delay are once per second. You may change these values, as well as the lease duration period, from the Control Panel applet. Keep in mind that not all masters support all possible values. You should leave the auto-negotiation checkbox checked, so that Domain Time can negotiate values that both Domain Time and your Telecom master(s) support. Domain Time is heavily optimized for performance at one Sync per second.

      The Telecom Profile uses an alternate Best Master Clock algorithm, as defined by ITU-T G.8265.1. This algorithm selects the best master based on the master's QL (clockClass), the master's priority 2 value, and finally the local priority. Local priority is based on the order in which you provision the list of masters, with the first in the list having the highest priority.

      Domain Time will continue to respond to multicast requests while using the Telecom Profile (if the underlying network permits it), but will not recognize multicast Announces or Syncs. When using the Telecom Profile, Domain Time Server can only be a slave, never a master.

    • Fixed target port for unicast E2E delay responses when DTServer is acting as a PTP master. Previous versions did not always send replies to port 320.
    • Changed default firewall handling to enabled.
    • Enabled multicast loopback for the DT2-UDP service.
    • Changed both E2E and P2P unicast delay responses to use ephemeral source ports for lock-free operations.
    • Improved algorithm to determine if QueryPerformanceCounter is based on the TSC.
    • Changed default transport for Real-Time Alerts (status reports) from TCP to UDP. Our recommendation is to use UDP unless your network experiences problems with dropped packets. TCP is more reliable, but is more "expensive" in connection building and tear-down. TCP also requires ICMP (ping) between the reporting machine and Audit Server, and many networks have ICMP blocked.
    • Fixed startup PTP duplicate node detection to send IPv6 discovery packets only if the network settings include IPv6. Previous versions sent both IPV4 and IPv6 discovery packets even if IPv4-only was selected.
    • Fixed race condition on Windows 10 resume from standby that could prevent PTP from resuming properly.
    • Fixed problem with rejoining multicast groups on Windows 10 after resume from sleep.
    • Added a one-time popup to the Control Panel applet when first enabling PTP as a time source. If the current timings or network settings are not optimized for PTP, the popup offers to fix them for you.
    • Fix for multiple copies of firewall rules on Windows 10.
    • Customer request: Added ability for the SNMP bounds trap ("If the delta exceeds...") to be configured in either microseconds or milliseconds. The minimum bounds alert for milliseconds is 1 (default 1000, or 1 second); the minimum bounds alert value for microseconds is 100 (default 55000, or 55 milliseconds). The Domain Time II group policy for SNMP only supports milliseconds, so if the SNMP group policy is defined, only millisecond bounds limits are allowed.

  • DTAlert
    • Made Last Status column sort by magnitude rather than value. Since this column may not always have numeric values, numerics and textual information are given different weights, so that each type of information will sort together with the same sort.

  • DTDrift
    • Added display of node name and IP address (especially useful when looking at PTP drift files collected by PTP Monitor, where the filename is normally just the PTP portIdentity).
    • Added three new categories under the Clock Discipline category: Under 100 s, 100-499 s, and 500-999 s. Previously, the smallest category was Under 1 ms. Each category now also displays the number of data points within that category's range.

  • DTReader
    • Updated to handle Audit Groups and to refer to an "NTP Server" as an "NTP Node" to conform with displays by Manager and in log files.

  • PTPCheck
    • Harmonized references to Meinberg NetSync Monitor.
    • Added help link and icon to PTPCheck main dialog to help explain PTP domain selection options.
    • Added option to specify a domain number on the unicast test line. For example, will add domain number 3 to the domain list (if not already present), and will test with packets sent only to domain 3. If you don't specify a domain number, PTPCheck will test on all domains in the domain list.
    • Added command-line option to specify an IP address[:domain]. If you specify an IP address on the command line, PTPCheck will treat it as if you had manually entered it as the unicast test address and clicked the Unicast Test button.
    • Enhanced the output of the 0x200C - Version discovery command to include whether the response was marked PTP v2.1 or not. The SdoId is also displayed.

5.2.b.20180303 - Recommended Upgrade

One important enhancement for Audit Server: Added Daily Drift CSV files as the preferred alternative to expanding .dt files to .txt files. Auto-conversion of .dt files into individaul .txt equivalents is still supported, but has limitations, and has been officially deprecated.

Daily Drift CSV files use exactly the same format for each record, regardless of source, and, as the name suggests, collect only one days' worth of data from all of your audited machines per file, making extraction and retention strategies simpler. Daily Drift files roll at either midnight local time or at midnight UTC (your choice). If you are currently using .txt file conversion and then parsing the .txt logs, we strongly encourage you to change to Daily Drift files instead.

Several minor enhancements and fixes, including addition of support for Meinberg's NetSync Monitor messaging. Upgrade to obtain the new functionality.

  • Control Panel applet
    • Changed background color handling of the PTP Status dialog so that display is consistent across all operating system versions.

  • DTServer/DTClient
    • Changed PTP master selection algorithm to discard potential masters with the wrong domain number after the admin has unchecked the Dynamic Domain checkbox. This change means that Domain Time will not attempt to calibrate an unqualified master before going directly to the listening state.
    • Made log file viewer built into the CPL a bit smarter about finding logs other than the main one (if user has changed the main log name or location).
    • Customer Request: Added increment to reported Root Dispersion in NTP reply when the time source is not PTP. The root dispersion is reset at each timeset interval, and increments slowly (best guess at the machine's drift) until the next timeset event.
    • Added "PortNumber Cache" to PTPv2 subkey. The default value is 1, and should only be changed if directed by tech support. Valid values are 1-9999 (decimal).
    • Changed label on PTP Masters dialog from "Help" to "Explain & Fix" because many customers were not aware that the Help button can usually offer an automatic solution as well as explain problems.
    • Added support for Meinberg NetSync Monitor TLV messaging (revision 5). The default is for support to be enabled. This can be disabled on the PTP configuration/advanced dialog. PTPCheck (see below) has been enhanced to test for Meinberg NetSync extensions.
    • Customer request: Changed latency display in summary/aggregate log line from milliseconds to hectonanoseconds; i.e., the same format used in trace output for indivdual samples.
    • Customer request: Added support during command-line install/upgrade to specify a template to use instead of the default dtserver.reg (Server) or dtclient.reg (Client). The template file must be of the proper type (i.e., if installing/upgrading server, the template must be a server template), and must be in the same folder with all the original installation files. The added command-line parameter is -template=template_file_name.reg. For example, to install Client remotely to machine Bar, the command would be dtclient \\Bar -install -template=mytemplate.reg, or to upgrade the local machine, the command would be dtclient -upgrade -template:mytemplate.reg. This new functionality does not change the behavior of -upgrade. An upgrade preserves all current settings unless you also pass the -reset parameter.
    • Added support for -reset when using the command line to upgrade a remote machine. This flag used to be supported only for upgrading the local machine.

  • Manager/Audit Server
    • Audit: Changed behavior of Real-Time Alert "If a Domain Time machine reports that it has lost contact with its master" so that if "Ignore it" is selected, no alerts, warnings, or errors are generated. If "Treat it as a warning" is selected, the Real-Time Alert display will change to warning, but no alerts or errors are generated.
    • Audit: Changed audit event timer to avoid conflict with audit maintenance timer.
    • Audit: Changed behavior of background Ephemera Collection to cancel if Audit starts while collection is still running.
    • Manager: Added "Auto-generate a textual version of the audit results" checkbox to the Audit Tasks dialog (default unchecked). If checked, Audit Server will auto-convert the binary .dtad audit results to a .txt version after each audit. If a .txt version exists, Manager will offer to open the .txt version directly in Notepad as well as offering to open the binary file using the Audit Viewer program. The .txt version of an audit result is what you would see if you opened the file using Audit Viewer program and selected "View All Details of Audit in Text format" from Audit Viewer's menu.
    • Manager: Added node under Audit Server for display of Daily Reports. Formerly, the only way to view Daily Reports was to choose Audit Server/Daily Reports/View from the main menu.
    • Manager: Sorted display of multiple audit schedules by time of day.
    • Manager: Added configurable number of records to convert to text (if text file conversion is enabled).
    • Manager: Changed Open Containing Folder behavior to open the folder and select the right-clicked file. If no file is selected, or if Open Containing Folder is selected from the tree side, the folder is opened with no file pre-selected.
    • Customer request: Added hostname to IP lookup for NTP DROP and NTP DEL statements in DTManager's IMPORT batch command. The former behavior required using an IP literal for dropping or deleting an NTP node. Note: Use this new option with care. A hostname may resolve to more than one IP address. NTP DROP or NTP DEL will operate on the all matching IP addresses, which may not be the intended behavior.
    • Changed PTP Monitor's drift records to show the Check Reason column as "PTPSlave" for slaves and "PTPMaster" for masters (drift records are only collected for audited slaves or masters). The former behavior was to show "Veracity Check" for both types of nodes. The new behavior allows you to distinguish masters from slaves (or changing roles) when looking only at the drift records. (Note: PTP Monitor will not change existing drift records; this change only affects records generated after upgrading.)
    • Fix for non-Domain Time PTP slaves reporting their source stratum as their own stratum instead of the source's stratum (only in Audit Results binary .dtad and expanded .txt versions).
    • Fix for Manager sometimes displaying garbage in the DNS Name column when viewing the Domain Time Nodes list.
    • Fix for PTP masters that don't support PTP management messages from being recorded as offline in audit results. As long as the master continues sending Syncs and Announces, it is online and its delta can be calculated.
    • Customer request: Added checkbox on the Audit Tasks dialog to control whether emailed audit summaries include the error list inline or as an attachment.
    • Added "PTPPortIdentity" token to list of fields available for the daily report. This field will show as "N/A" for all non-PTP nodes. Also changed the output of the Show Example button on the Daily Reports dialog to show an example whether Daily Reports are enabled or not.
    • Fix for dtdrift.exe not being updated in the system32 folder when upgrade is performed via DTPatch vs the installation files.
    • Manager: Fix for Ctrl-F (Find) not working correctly if no row was selected in the list. Removed "No more matches" message if subsequent find locates the same item again.
    • Audit: Deprecated auto-conversion of .dt binary files to text files.
    • Audit: Added Daily Drift .csv file as preferred alternative to auto-conversion to .txt files. Daily Drift .csv files are named yyyy-mm-dd.csv, using either local time or UTC, and will roll at either local midnight or UTC midnight, based on your choice of local time or UTC. The UTC field will be either Y or N to indicate if the DateTime field is UTC. The DateTime field format may be either plain "yyyy-mm-dd hh:mm:ss" or ISO 8601 format. If using ISO 8601 together with local time, the format is "yyyy-mm-ddThh:mm:ss±HH:MM"; otherwise the format is "yyyy-mm-ddThh:mm:ssZ" to indicate "Zulu" time (UTC). Note: Records in a Daily Drift .csv file are not necessarily in ascending DateTime field order, and there may be more than one record with the same DateTime field from the same node. Records are appended as the data is collected, which may mean a few hundred records from one source, then more from a second source, etc. If collation is important for your import procedure, you should sort the data first. A Daily Drift file is held open during its 24-hour collection period, but marked FILE_SHARE_READ, so the file (or portions of it) can be copied while open. Use the RowID column in your dbms import procedure to know whether or not a record is new. RowIDs start with 1 and increment by 1 for each row. Daily Drift files are flushed to disk approximately once every two minutes, and immediately after an audit completes. If you have chosen to show Daily Drift files on Manager's Synchronization Logs page, you may right-click anywhere on the list and choose to flush the Daily Drift queue on command. The Daily Drift CSV columns are fully documented in Manager's Daily Drift configuration dialog.
    • Manager: Changed column of Synchronization Logs display from Count (number of records) to Size (number of bytes).
    • Manager: Added Daily Drift .csv files to list shown on Synchronization Logs page (if selected; see below).
    • Manager: Colorized Synchronization Logs list for easier identification of log types.
    • Manager: Added Display Options... right-click menu to the tree side of the Synchronization Logs list to control which kinds of Synchronization Logs are shown in the list. The status line shows the total number of files, the number being shown, and the total byte count for all files (whether shown or not).

  • LMCheck
    • Changed to require run as administrator to accommodate changes in default permissions granted by Win10 and Win2016. The former behavior was to run as invoker, which fails to enumerate the network correctly unless elevated.

  • NTPCheck
    • Added -localtime switch. If specified, timestamps are expressed in the machine's current timezone, otherwise in UTC.
    • Customer request: Added -csv and -json (mutually exclusive) to command line parms. These switches may be combined with any other switches to control the format of the output. If either -csv or -json is specified, normal headers and progress messages are suppressed (but errors will still print). If -csv is specified, the first line will begin with a hashtag (#) and contain the columm header names. If -json is specifed, only the JSON output is provided. Per ISO 8601, the datetime format for both -csv and -json output is either yyyy-mm-ddThh:mm:ss.mssZ (zulu time), or yyyy-mm-ddThh:mm:ss.mss±HH:MM (if -localtime is specified). The JSON output includes the timezone name.
    • Customer request: Added -micros and -hectos switches. These switches control the output precision. By default, only milliseconds are shown (10-3 seconds). If -micros is specified, then the output precision is microseconds (10-6 seconds); if -hectos is specified, the output precision is in hectonanoseconds (tenths of a microsecond, or 10-7 seconds).

  • DTDrift
    • Added -chop command-line parm. It must be followed by the full path to a .dt file, or use the wildcard path\*.dt (much the same as for -convert). While -convert will read a .dt file and create the corresponding text version, -chop will split the .dt file into chunks named foo_Part001.dt, foo_Part002.dt, etc.
    • Added -repair command-line parm. It must be followed by the full path to a .dt file, or use the wildcard path\*.dt. The -repair switch examines the file(s) for invalid entries and removes them. Note: This is a prophylactic function; no .dt file has ever become corrupted.
    • Added -csv command-line parm. This switch is only valid with -convert, and may optionally be combined with -noheader. The switches must be followed by the full path to a .dt file, or use the wildcard path\*.dt. Example: dtdrift -convert -csv -noheader "d:\drift files\*.dt" or dtdrift -convert -csv c:\myfile.dt. The .csv file(s) will be created in the same folder as the .dt file(s).

  • PTPCheck
    • Added "effective NTP stratum" to all places where PTP's stepsRemoved value is provided. The stepsRemoved value is zero-based, while NTP strata are one-based, with a cap at 15. This addition helps administrators more accustomed to dealing with NTP nodes than with PTP nodes.
    • Expanded the 0x0001 ClockDescription to include all fields sent by the responding node. Several fields in the ClockDescription response are optional, meaningless, or redundant. By expanding the output to show all fields, you can see if a node is sending full, correct information.
    • Added right-click menu option Meinberg NetSync Monitor Test. This option sends a special unicast End-to-End delay request to the selected node with NetSync Monitor TLVs attached. If the node is NetSync Monitor-capable, it will respond with a special End-to-End delay response with NetSync Monitor TLVs attached, plus a follow-up unicast Sync (and Sync Follow-up if the target is a two-step clock). If the node responds, the Delay Response data will show you how many TLVs were attached, and the number of bytes, plus the Sync message(s).

5.2.b.20180101 - Optional Upgrade

Added Authenticode signing to all executables. Several minor fixes and enhancements, mostly for consistency in displays or behavior. Several PTP improvements. One fix for Windows Time compatibility. Added ability for DTDrift to convert binary to text from the command line. Update if you experience any of the problems described, or if you'd like the new behavior.

  • Control Panel applet
    • Added domain number to the "Allow this machine to become a PTP Master server" line of the Master Configuration dialog (DTServer only). Also added profile type(s) and delay measurement transport type(s) that will be supported. These values are drawn from the main PTP configuration page, and presented on the Master Configuration dialog to help admins understand what values will take effect if the node becomes a master. See DTServer below.
    • Fixed several small inconsistencies in PTP variables between the Control Panel applet and DTServer/DTClient. This helps ensure that admins can't use the CPL to set values that the service will override.
    • Added validity check on the list of acceptable masters on the main PTP configuration dialog.
    • Changed the effects of the Reset to Defaults button on the Broadcasts and Multicasts tab to set the multicast IPv4 TTL and IPv6 Hop Count to 4, to conform with the change in defaults introduced in 5.2.b.20171113.

  • DTServer/DTClient
    • Allowed PTP management error responses to queries sent to all domains.
    • Added support for 0xDEEE "AllowedMasterList" PTP management message query.
    • Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL used by other multicasts. This is to conform with IEEE 1588-2008 requirements.
    • Removed spurious warning about not being able to determine a PTP master's delay mechanism when using Peer-to-Peer without auto-detect enabled. The warning was a side-effect of believing the auto-detect mechanism had failed when in fact it was never invoked.
    • Increase speed and reliability of profile and delay auto-detect routines.
    • Inlined a few critical PTP-related computations, and also changed them to use bit-shifting instead of multiplication/division or exponentiation.
    • DTServer: Enforced profile type and delay measurement transport type when functioning as a PTP master as well as when functioning as a PTP slave. Our recommendation continues to be to use Auto-Detect unless you have a very good reason to change.
      • Auto-Detect: Both End-to-End and Peer-to-Peer supported, either unicast or multicast
      • End-to-End Default Profile: Only End-to-End supported, either unicast or multicast
      • End-To-End Enterprise Profile: Only End-to-End supported, only unicast
      • Peer-To-Peer Default Profile: Only Peer-to-Peer, either unicast or multicast
      • Disable Link Delay Measurement: No delay requests generated by slaves, or responded to by masters
    • DTServer: Changed default value (for new installations, or when the Reset to Defaults button is clicked) of radio button introduced in 5.2.b.20171113 on the PTP Master configuration dialog to have the reply to a CurrentDS management query tell the truth. This only affects the response to a CurrentDS query when DTServer is acting as a PTP master.
    • Added checkbox on PTP advanced properties labeled "Reply to source port of unicast requests instead of port 320." IEEE 1588-2008 is ambiguous about whether replies to management messages should be sent to the PTP "General" port 320, or to the requesting node's source port. The informal convention among manufacturers is to direct all management responses to port 320, whether the request was unicast or multicast. This checkbox tells Domain Time whether to follow the informal convention for unicast requests (i.e., send the reply to the requestor's IP address, port 320), or whether to follow the convention used by most other protocols (i.e., send the reply to the requestor's IP addess and source port). Most PTP programs resolve the ambiguity by sending requests from port 320, thus ensuring that no matter which convention is followed, replies will return to port 320. Some programs, however, use ephemeral ports for unicast management queries. Check this box only if you experience interoperability problems with third-party programs that send management requests using ephemeral source ports.
    • Changed the delay request timer to be pseudo-randomized so that delay requests are not sent exactly on the tick. The range is 75% to 125% of the nominal delay request interval. For example, if the delay request interval is set to once every two seconds, delay requests will be sent no more often than every 1.5 seconds, and no less often than every 2.5 seconds, with the mean over time coinciding with 2 seconds. Decoupling the delay requests from the PPS timer helps reduce the concurrency of delay requests from multiple machines hitting the network (and therefore the grandmaster) at the same time on each tick of the protocol.
    • Changed evaluation of NTP reply when coming from Windows Time on a Windows DC version 2012r2 or above, and when the domain/forest level is 2012r2 or above. Microsoft changed the behavior of the Windows Time reply to include a value in the Key Identifier field. Prior versions of MS-SNTP required the reply's Key Identifier field to be zero in the 68-byte version of an NTP reply. Per [MS-SNTP] clients must now ignore the Key Identifier field. (In practice the value now filling the field is the requesting client's RID.)
    • Improved detection of duplicate PTP portIdentities on the network.
    • Improved detection of VM resume from saved state, and added extra debug output in the in the Clock Sync Status Notices category.
    • Changed PTP to the listening state upon power resume or VM resume from saved state.
    • Extended text log lazy write to include syslog. If checked, syslog messages will be saved and sent at each flush interval.
    • Added checkbox "Send each PTP data point to syslog (trace or debug level only)" to the syslog configuration page. If checked, and if the syslog level is set to either trace or debug, then each PTP data point will be sent to syslog. The format is "PTP sample offset ±0.0000000, mpd 0.0000000, source ipaddress" where 0.0000000 is that sample's delta and the current meanPathDelay. Syslog log collectors may parse for trace-level messages beginning with "PTP sample offset" to categorize these messages. Caution: Enabling this output can create a large number of syslog messages. This option was added for those using syslog to collect compliance data.
    • Added support for permissions changes on Win10 regarding querying services.

  • Manager/Audit Server
    • DTAudit: Added Stand-By replication for Archives subfolder(s) under Synchronization Logs main folder.
    • DTAudit: Added Stand-By replication for Real-Time Alerts history folder.
    • DTAudit: Fix for initial Stand-By replication not starting on schedule.
    • DTAudit: PTP node status change notices in the Audit Server text log file are now info or warning level instead of trace. If info level, the level column label will be "Status:" instead of "Info:" to help with log-parsing. Notices referring to PTP master changes (online, upgrade, degrade, or leap change) will begin with "PTP Master," while other messages will begin with "PTP Node," in each case followed by the portIdentity and IP address. Note that a master going offline, or transitioning to slave, will generate a warning. A PTP master coming online or changing its timeQuality will generate a status notice.
    • Manager: Added two checkboxes to the Manager interface dialog to control auto-closing of DTReader (Audit Viewer) and DTDrift (drift graph viewer) when Manager exits. In prior versions, Manager did not attempt to close instances of DTReader or DTDrift. Manager now closes them at exit. To regain the former behavior, uncheck the box(es).
    • Manager: Added checkbox "Send info-level syslog message about each slave after sweeps" to the PTP Monitor configuration dialog. If checked, data pertaining to each tracked PTP slave is sent (info-level) to syslog after each sweep. You must have Audit Server's syslog level set to Info for these messages to be sent.
    • Manager: Added "Open Containing Folder" for Real-Time Alert history folder.
    • Manager: Added drift files from archives subfolders to list of Synchronization Logs.
    • Manager: Added Real-Time Alert history folder to Advanced/Data Folders dialog. Changed file data relocation to be recursive (because drift files may now have Archives subfolders). Changed behavior to stop Audit Server briefly while files are being relocated.
    • Manager: Added F5/Refresh for PTP Nodes on Stand-By (shows most recently-replicated data). Also disabled F5/Refresh and PTP node display on Stand-By when the primary node's PTP Monitor is turned off.
    • Manager: Changed "Domain Time II Machines" and "NTP Servers" to "Domain Time Nodes" and "NTP Nodes" respectively. This change only affects displays on Manager, and was introduced at the request of several customers who found the former labels confusing.
    • Customer request: Added confirmation notice when disabling an Audit Server alert type by unchecking the menu item.
    • Customer request: Added syslog output from Audit Server. You may set up to eight IPv4 or IPv6 addresses, and choose either RFC 3164 or RFC 5424 format.
    • Manager: Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Manager: Added a pair of radio buttons to the PTPMonitor configuration dialog so you may choose to accept a grandmaster at face value if it claims zero stepsRemoved from a primary time source such as GPS/GNSS. If "Assume Grandmasters with stepsRemoved of 0 have zero deltas" is selected, each master's delta will not be measured against the local clock, and will show as 0 s. This is the correct behavior according to IEEE1588-2008 Table 13. The other option, "Measure all Grandmasters to discover deltas (estimate 150s)," tells PTPMonitor to observe the Sync/Follow-up messages and estimate each master's delta by comparing it against the local clock, accounting for measured E2E or P2P latency. The computation of the master's delta is only an estimate because PTPMonitor only observes packets and does not attempt to syntonize or synchronize with any particular master. It may be following multiple masters in several domains simultaneously. Previous versions of Domain Time Audit Server always attempted to measure the deltas, leading to some confusion among admins who expected a grandmaster to be at least as accurate as a slave and did not realize that master deltas were estimates. The new default is to assume grandmasters are telling the truth, provided they report stepsRemoved as zero. You may regain the former behavior by choosing the second radio button. Note that masters that claim stepsRemoved of non-zero are always measured against the local clock, yielding estimated deltas.
    • Added support for permissions changes on Win10 regarding querying services.

  • Synchronization Logs (drift graphs)
    • Added ability to show sub-seconds when displaying the average interval between samples. This is useful when your PTP grandmaster is sending more than one sync packet per second and you are looking at the PTP graph. Values greater than a few seconds will be shown as days, hours, minutes, and whole number of seconds.

  • DTCheck
    • Added -allowedmasters as an optional parameter to -ptplist. If -allowedmasters is specified, DTCheck sends management message 0xDEEE instead of 0xDEEF. 0xDEEE returns the list of acceptable masters.
    • Added option to filter results of -ptplist or -ptplist -allowedmasters. Use -ptplist IpAddress or -ptplist hostname to limit output to just that one node. IpAddress may either be a dotted-quad IPv4, or fully-formed IPv6 address.
    • Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Added -resetClockId command. Use this if you have cloned your Domain Time installation and discover duplicate PTP nodes. PTP requires that each node has a unique portIdentity; the clockIdentity portion is normally created from the NIC's MAC address, but if you clone an installation without using -prepclone, the clockIdentity will be duplicated.
    • Added support for permissions changes on Win10 regarding querying services.

  • PTPCheck
    • Changed list displayed by Discovery Management Messages dialog to be sorted by management messageId.
    • Added 0xDEEE "AllowedMasterList" to the list of management messages that can be sent. The return value is "Any" if no restrictions are in place, or the list of IPs/CIDR masks/names considered acceptable masters.
    • Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL used for other types of message. This is to conform with IEEE 1588-2008 requirements.

  • NTPCheck
    • Added auto-elevation for functions that need to access the symmetric secrets keyring. For example, NTPCheck " key windows" or NTPCheck "myserver key 1". If the user does not have sufficient priveleges to access the keyring, the program will relaunch itself in elevated mode (prompting for an admin username/password if required). The program already did this for NTPCheck -ad.

  • DTAlert

    • Changed default permissions on Domain Time II Alert Parameters registry key so that settings are saved when run by a non-administrator.

  • DTDrift
    • Added command line parm -convert [-localtime] filespec. -localtime is optional. If not supplied, UTC will be used. filespec may be either a fully-qualified path and filename, or a path with *.dt (no other file extensions are supported). If the path or filename has spaces, you must enclose it in quotation marks. For example, dtdrift -convert "C:\Program Files\Domain Time II\Synchronization Logs\*.dt" will convert each .dt file in the named folder to its .txt equivalent. The original .dt file is not altered.

  • Miscellaneous
    • Changed synchronization log (drift graph) window to have a title bar with an icon and system menu. The former appearance was a "toolbar" window containing only a caption.
    • Fix for inconsistent setting of the hasAllowedMasterList bit in reply to PTP management messages 0xDEEF (DomainTimeProperties) and 0x201B (AcceptableMasterTableEnabled). In addition, version 5.2.b.20171113 interprets this bit incorrectly in DTCheck -ptplist and in PTPCheck's details display. Version 5.2.b.20171113's output should be considered meaningless for this particular bit. Upgrade to obtain consistent behavior in both setting the bit and in interpreting it.
    • See also addition of 0xDEEE PTP management message described in DTCheck and PTPCheck sections.
    • Changed display in places that show log2 values as 2^n, where n may range from -128 to +127 (typically -7 to +7). The former behavior was to display n as 0xNN (two hex digits), which was fine for positive values, but became confusing for negative values. In most places where a log2 value is displayed, the millisecond interval (or text saying pkts/sec) is also shown beside it. log2 values are used by NTP and by PTP, and the values usually represent a frequency in seconds. 2^0 is 1 second, or 1000 ms; 2^1 is 2 seconds, or 2000 ms; and 2^-1 is half a second, or 500 ms, and so forth.
    • Changed various numeric displays and their parenthetical meanings to be the same in all places.
    • Added "Patent Pending No. 62-597170" notice to various dialogs and text displays. This software algorithm applies to DTServer, DTClient, Audit Server, PTP Monitor, DTCheck, and PTPCheck, and may include other products in the future.

5.2.b.20171113 - Optional Upgrade

One important fix for an error introduced in 5.2.b.20170922. If you are using Domain Time II Monitor (DTMonitor) and you downloaded between Sep 22nd and Sep 27th 2017, you should upgrade to obtain this fix. Otherwise, this release is optional; upgrade if you want the new features.

Many minor changes, enhancements, and customer requests. Introduction of PTPCheck, a new utility program.

  • DTMonitor
    • Fixed invalid memory access in DTMonitor's Control Panel applet. (Only affects version 5.2.b.20170922 downloaded between Sep 22nd and Sep 27th 2017.)

  • All
    • Changed "us" to "" or "s" in logs, reports, and dialogs where possible. is the lower-case Latin Mu character, representing microseconds.

  • PTPCheck
    • New GUI-based utility program to scan/test PTP nodes for management message handling. It is a single stand-alone executable, so it may be copied to various machines on your network in order to compare views.
    • PTPCheck is installed to the system32 folder along with DTCheck and NTPCheck during installation/upgrade of either DTClient or DTServer.
    • PTPCheck is installed to the Manager folder when management tools are installed/upgraded.

  • Control Panel applet
    • Added new page, PTP Masters, accessible from the PTP Stats page. The PTP Masters page shows the same information available from DTCheck -ptpmasters, but in a graphical format. The new PTP Masters page shows all current and former masters seen by the selected node, whether being followed or not. A help button is available to explain why a particular master is not being followed. In many cases, the Help dialog will not only explain why a master isn't being followed, but offer to automatically adjust settings to allow the master.

  • DTServer/DTClient
    • Customer request: changed text-log-only trace messages (primarily the summaries of which servers among a group are selected as time sources) to be forwarded to trace-level syslog output. Sources used to correct the clock will be listed as Source *sourcename whereas sources not used will be listed as Source -sourcename; reject reason.
    • Other warning messages regarding PTP status (such as running but not yet synchronized) are now also forwarded to syslog. The former behavior was to send these messages only to the text log.
    • Added ability to use either IPv4 or IPv6 for syslog targets. The former behavior was limited to IPv4 only. If you use a DNS name instead of an address literal, IPv4 will be favored over IPv6. For example, if you use localhost as the target on a dual stack machine, the resolver will provide both and ::1 as valid IP addresses corresponding to the localhost. Domain Time will choose the IPv4 version. To force IPv6, use an IPv6 literal or a DNS name that only resolves to an IPv6 address.
    • Added support for RFC 5424 syslog format (UDP only). The TLS option for RFC 5424 is not supported. Prior versions of Domain Time supported only RFC 3154. Syslog messages are sent from an ephemeral port to the target port 514/udp.
    • Customer request: Added "Time Sample Errors as Warnings" (REG_SZ, default "False") to the Parameters subkey.
    • Changed default IPv4 TTL and IPv6 Hop Count from 1 to 4.
    • Changed registry security settings for symmetric keys to restrict access to SYSTEM and the Administrators group.
    • When acting as PTP Master with a clockClass of 6 (Primary), DTServer now marks the TAI-UTC offset valid only if it knows the TAI-UTC offset from prior contact with a primary source. If the TAI-UTC offset if not known, DTServer clockClass 6 behaves like DTServer clockClass 248 (default) - serving UTC timestamps marked as the ptpTimescale, with a utcOffset of zero. The net effect of this change is to make DTServer's Announce messages unambiguous, mostly for the benefit of protocol analyzers, If the clockClass is 13 or 255, DTServer's timestamps will be UTC, timeScale ARBitrary, with a utcOffset of zero. The drop-down on the PTP Master configuration page has been updated to clarify which timeScale is used with which clockClass.
    • Cosmetic fix for dynamic domain statistics display updating incorrectly when admin changes the default domain using the Control Panel applet, but the selected master does not change as a result (i.e., the previously discovered best master in a non-default domain remains the best master.)
    • Added two radio buttons to the PTP Master configuration dialog. The default choice is compliance with IEEE1588-2008 Table 13 ("Updates for state decision codes M1 and M2"), which requires all fields of the currentDS be set to zero. The second radio button allows Domain Time to tell the truth about these values. The standard presumes that any clock that becomes a master is necessarily connected directly to a primary time source (GPS/GNSS, atomic clock, etc.), and will always have stepsRemoved, offsetFromMaster, and meanPathDelay of zero. This is obviously not always the case. For example, a master relying on an NTP stratum 2 device is one step removed from a primary source, and it will have an offset and a delay that are meaningful. Even if its source is an NTP stratum 1 (zero stepsRemoved from a primary time source), it will still have a meaningful offset and delay. The choice (whether to follow the standard and lie, or ignore the standard and tell the truth) only affects the reply to the CURRENT_DATA_SET management query; it does not affect clock operation or the BMC algorithm.

  • DTCheck
    • Change simple syslog listener (DTCheck -syslog) to listen for both IPv4 and IPv6 on port 514 using a single dual-stack socket. On XP/2003, dual-stack sockets are not supported, so if you have IPv6 installed, only IPv6 messages will be seen; if you don't have IPv6 installed, only IPv4 messages will be seen.
    • Added -yes to DTCheck's -leapfile command. If specified, DTCheck will update Domain Time Client or Server with the current TAI-UTC offset derived from the leap-seconds.list file. Without the -y, DTCheck will only report the information.
    • Added -ptplist command. This command only works with Domain Time machines version 5.2.b.20171111 or later. It sends two multicast 0xDEEF management queries (one IPv4, one IPv6), using an ephemeral source port directed to the IPv4/IPv6 PTP multicast addresses, with a target port of 320. Replies will have a source port of 320, and a target port of whatever ephemeral port the operating system has assigned. Your firewalls must allow this traffic in order for -ptplist to work. The outgoing TTL is fixed at 64, and the boundary hop count is fixed at 8. All Domain Time nodes within reach of the queries will respond, regardless of PTP domain number or portIdentity. Non-Domain Time nodes will not reply. The text output from this command is a list of all visible PTP nodes running Domain Time 20171111 or later, along with useful information about their configuration, current status, and so forth. The list format designed to be parseable.
    • Added -ipv4 and -ipv6 switches for use with either -ptplist or -syslog. The default is to use listen for both IPv4 and IPv6 packets. If you specify -ipv4, only IPv4 packets will be displayed. If you specify -ipv6, only IPv6 packets will be displayed. If you specify neither (or both), then both IPv4 and IPv6 packets will be displayed.

  • DTTray
    • Added PTPCheck to the Management Tools submenu (only shown if management tools are installed).

  • Manager/Audit Server
    • Allowed PTP Monitor to display management error messages (trace level).
    • Added PTPCheck to the Utilities menu.
    • Fix for PTP Monitor drift files occasionally having data point timestamps of zero.
    • Change for IPv4 broadcast discovery. Symptom: If you had IPv4 Broadcast Discovery enabled on Manager's Network Discovery dialog, and had selected the Primary subnet only radio button, but had changed the default broadcast address from to a different broadcast address, Manager and Audit Server would continue to use This was reflected in the log. As of this version, Manager and Audit Server will use the specified broadcast address instead of the default.
    • Change for NTPQ behavior when scanning list of known NTP servers. NTPQ will only be solicited upon first adding an NTP server, or when a specific server is refreshed from Manager's list. NTPQ will be skipped for Audit scans, startup scans, and refresh of the entire list. (NTPQ can provide additional information about an NTP Server, e.g., its operating system and processor. Most organizations have disabled NTPQ due to security flaws in ntpd's handling of control messages. The queries sent by Manager and Audit Server cannot result in amplification attacks or other security violations.)
    • Exposed number of minutes between background drift collection on Synchronization Log dialog. This was formerly a registry-only setting.
    • Added ability to collect NTP drift stats more frequently than the normal collection interval. If background drift collection is enabled, you may now choose to collect NTP stats at the same interval as DT2 and PTP, or at a much shorter interval.
    • Changed Firmware column of PTP Monitor to reflect x86 or x64 accurately. Under certain circumstances, an x86 machine could be reported as x64, even though the Hardware column correctly says Win32.

  • Synchronization Logs (drift graphs)
    • Changed the max number of records kept by Audit Server to 604800, enough for one data point per second for one full week (just over 12MB of binary data). If you have disabled the size limit for drift files, a file that grows larger than the maximum will be moved into an "Archives/yyyymmdd" subfolder, and then the file restarted. A warning message will appear in Audit Server's text log. If the file cannot be archived, an error message will appear in the text log and the older data will be lost.
    • The graphical viewer for drift graphs will no longer open files larger than 604800 records.
    • Audit Server will no longer attempt to create textual versions of drift files with more than 64K records (approximately 6MB). A warning message will appear in Audit Server's log.
    • Customer request: Added new bracket to the Clock Discipline breakout in the textual version of all drift graphs, range 10-49 ms.

  • PTP Enterprise Profile
    • Internet Draft "PTP Enterprise Profile" has assigned an IETF profile ID of [00-00-5E-00-01-00] to the still-developing Enterprise profile. Domain Time uses this profile number in response to management requests, and in dialogs. For clarity, Domain Time refers to this profile as "End-to-End Enterprise Profile."

5.2.b.20170922 - - Optional Upgrade

Added SHA1 hash support for symmetric key authentication. Fixed a few inconsequential bugs. Added several customer requests for additional capabilities. Added several other enhancements. Upgrade if you experience any of the problems described, or if you want the new functionality.

  • All
    • Added support for SHA1 symmetric keys as well as MD5. This is primarily for FIPS 140-2 conformance. SHA1 keys are always exactly forty hex characters (0-9 and A-F) long, producing a 20-byte binary key. MD5 keys are ASCII text; different implementations of the NTP daemon have allowed different maximum key lengths. In general, an MD5 key should be composed only from 7-bit ASCII-printable text, excluding space, tab, and the # character. MD5 keys should be at least 8 characters long, and should not exceed 20 characters. Some versions of NTP daemons allow lengths of 32, while others have a maximum of 8 or 16. You will need to choose MD5 keys that are interoperable with all of your various devices and daemons.

      SHA1 keys work with NTP, DT2-UDP, DT2-TCP, and DT2-HTTP, including NTP broadcast and DT2-UDP broadcast. Domain Time Servers or Clients must be upgraded before they will recognize SHA1 entries as SHA1. Older versions of Domain Time will treat an SHA1 hash like a very long MD5 key (which won't verify). Added "SHA1" or "MD5" to all logs (where possible) to indicate the type of key used.

  • DTClean
    • Customer request: Added /yes option to perform silent clean. The graphical interface still shows, but the buttons are clicked automatically.

  • Manager/Audit Server
    • Customer request: Added option to send PTP Monitor E2E or P2P delay requests by multicast instead of unicast (to help with hardware devices that don't support hybrid mode).
    • Customer request: Added option to send PTP Monitor follow-up messages by multicast instead of unicast. Use this option only if your PTP nodes cannot reply to a unicast request. The default behavior of PTP Monitor is to "sweep" the networking using mulitcast, then send individual follow-up messages to each node using unicast. Using multicast for follow-ups may significantly increase network traffic.
    • Corrected long-standing misbehavior on Manager after installing to or upgrading a remote machine. The prior behavior was to check that the remote machine's service had started and would reply to a DT2 query, but discard the contents of the reply. The new behavior is to use the contents of the reply to update the Domain Time II Machines list with the returned information (version, operating system, status, etc). This may lead to newly installed or upgraded machines showing "NoSync" in the Alarm column. This is the correct status immediately after starting the service, because the machine, although up and responding, has not yet synchronized its clock. Use F5 (or right-click and select Refresh) after installing/upgrading. This change allows you to determine if a machine can or cannot obtain the time. A machine that persists in the "NoSync" state after a few seconds likely is having trouble.
    • Added checkbox labeled "Log messages if Audit Server's log is in trace or debug mode" to the PTP Monitor configuration dialog. If checked, and if Audit Server's log is set to either trace or debug, Audit Server will log (trace level) all incoming and outgoing management message activity.
    • Customer request: Added checkbox "Show Non-Responding DT2 Machines" to Manager's View menu. If checked, the Domain Time II Machines list will show both the results of the current scan and any known DT2 machines in the cache. Machines from the cache that didn't respond to scan will show "Unknown" in the Alarm column. Menus and DEL key handling updated to allow removal of machines from the Domain Time II Machines list. Deleting from the Domain Time II Machines list is the same as selecting "Remove from Cache" from the Domains and Workgroups list.
    • Changed the NTP list to show "Unknown" in the Alarm column if a machine does not respond to scan (to match the behavior of DT2 machines). The NTP list always shows all NTP servers, whether they respond to a scan or not. This change helps call your attention to machines that are not currently responding.
    • Deprecated "ReferenceProtocol" and "ReferenceServer" parameters from the Daily Report. These are holdovers from version 4.1 and are not particularly meaningful. The full reference time, including all of the sources, protocols, offsets, and strata used for an audit are listed at the top of the Daily Report (in the comments) and in the main Audit log file as part of the audit summary. Since the reference time applies to all machines audited, and may consist of multiple sources and protocols, it does not have a separate per-machine meaning.
    • Fix for symmetric key keyring not being pre-loaded for the Reference Time dialog if prior selection was "Use this machine's clock."
    • On the Help menu, added item for Version History, which opens a browser window to the complete product history for Domain Time.
    • Fix for trace-level output from Audit Server regarding received PTP messages: Source and target portIdentities/IPs were switched in the log output. This did not affect the program logic, but made the trace log difficult to interpret.
    • Changed behavior of Manager's startup scan (Options/Network Options/Scan Options) to honor the checkbox for "If a known NTP server does not respond to startup scan, try to contact it directly." The former behavior was to ignore this flag on startup, but honor it if you pressed F5 (or right-clicked and selected Refresh) while examining the NTP Servers list. This may mean a longer startup time for Manager if your NTP machines cannot all be queried by broadcast/multicast. You may uncheck the box to regain original startup speed. Added a new checkbox to the same dialog, "If a known NTP server does not respond to F5/Refresh, try to contact it directly," which controls the behavior of NTP followups when viewing the NTP list. You may still right-click/Refresh an individual NTP machine to update just that one machine's status. Note that these changes do not affect Audit Server, which always sends follow-ups to unresponding machines.

  • DTServer/DTClient
    • Changed trace and debug logging to make it easier to identify rejected broadcast/multicast NTP packets.
    • Changed wording from "the server is not known" to "not on list of configured sources" when ignoring an NTP or DT2 broadcast source.
    • Fixed case where a broadcast source was listed more than once with differing protocols (for example, trusted for NTP only, and the same IP also trusted for DT2-UDP only). Symptom: If NTP was listed first, but a DT2 broadcast packet arrived (or vice versa), the packet would be rejected for not matching the listed protocol.
    • Changed saved list of recent broadcast servers to discard any more than a month old. This list is only used by the Control Panel applet when helping an admin choose from among recently-seen broadcasters.
    • Changed wording on CPL when entering an MD5 key from "The password secret is longer than supported by all ntpd implementations" to "The password secret is too long for many older ntpd implementations." The former wording suggested that no ntpd implementation would accept a long password, whereas the message was meant to warn that not all will. The reference implementation of NTPv3 limits the length to eight characters, whereas NTPv4 extends the length to 16 ( Domain Time itself has never had an upper limit, and, in the wild, admins often use secrets with lengths of 20 or greater.
    • Added VM Guest detection for running as a VM under Amazon's AWS-EC2 hypervisor.
    • Customer request: Added Accept First PTP Timestamp (REG_SZ, default False) to Parameters key. If set to True and if the first PTP timestamp received is unacceptable (outside allowed range), then the clock will be STEPPED to match the first PTP timestamp received. Use of this setting is highly discouraged; it is there solely for isolated systems without reliable CMOS clocks on the motherboard.
    • Customer request: Added Min Success Interval (seconds) to the Parameters key. This is a REG_DWORD value. The default is 5. You should not change it.
    • Customer request: Domain Time no longer counts the first correction after service startup in the cumulative drift counter. The first correction is often large, and not representative of the overall performance of the machine over time.
    • Customer request: Server and Client now support multiple syslog targets. You may list up to eight IPv4 addresses on the syslog server line. Separate targets with a space. For maximum backward compatibility with older versions of Domain Time, avoid using a DNS name if you list more than one target. If all of your machines have been upgraded, then you may use either DNS names or IPv4 addresses.
    • Fix for DT2-HTTP reporting "unauthenticated" regardless of whether a symmetric key or Windows authentication was used. This problem only affected the log output, not whether authentication was used.
    • Added buffer size check when a Domain Time Server in master mode replicates settings to its slaves. The buffer cannot overflow, and therefore cannot be exploited, but adding the size check ensures that responses larger than the allowed buffer are not truncated mid-entry.
    • PTP: Added compensatory control for when a Domain Time Server is set to become a PTP master, but PTP's "No Master Detect Timeout" is set to a number of seconds lower than required for the first time check to complete (e.g., 2 seconds). Symptom: DTServer would remain in the PTP Listening state until a sync trigger was applied. The default No Master Detect Timeout is 8 seconds, but admins who want a quicker convergence often change it to 4. Domain Time allows the timeout to be any value between 2 and 3600 (inclusive).
    • Added number of days remaining to the startup banner on eval copies.

  • Control Panel applet
    • Added Browse... buttons to import/export dialogs for symmetric keys, time sources, and broadcast souces.
    • Changed symmetric keys dialog to show SHA1 vs MD5 password types.
    • Changed symmetric keys dialog list to sort in numeric order for the key number column, and in text order for the other columns.
    • Changed maximum symmetric key number ("keyid") from 65535 to 65534 to comply with ntpd version 4.2.x. Some implementations of NTP, including prior versions of ntpd, use a range of 1 to 65535 (inclusive). Since the keyid is a 32-bit unsigned integer, there is no technical reason it could not be a much larger number.
    • Changed symmetric keys dialog broadcast key dropdown to sort numerically instead of alphabetically.
    • Added choice of line terminators (LF or CRLF) to key export dialog. The former behavior was to create the file using only LFs, on the assumption that exporting a file was primarily so it could be imported into a Linux machine. This is still the default, but you may now choose CRLF if desired. Note that key file import is not affected by the type of line termination. It has always been able to handle either CRLF or plain LF line terminators.
    • Changed key import routine to recognise both SHA1 and MD5 key types. The former behavior was to ignore any key type not marked MD5.
    • On the Correction Limits page, removed Minimum Correction ("Deltas smaller than ___ milliseconds will not cause a correction....) because any value other than the default value of 1 has been deprecated for over a decade. The presence of the setting and its wording suggested that deltas of less than 1 millisecond could not be corrected, whereas it really only applies to situations where slewing is diabled. Stepping the clock has an OS-dependent uncertainty, so Domain Time will not step a correction of less than 1 millisecond. Removed the same setting from the recommendations page on Domain Time Server operating in Master mode.
    • On the Support page, changed Online Documentation Index link to go to the overall Domain Time index page instead of the client or server index page.
    • On the Support Page, added link to Version History, which opens a browser window to the complete product history for Domain Time.
    • On the server test results dialog, restored the green/red/yellow indicator at the bottom-left corner. The code for displaying the indicator had been inadvertently commented out.
    • On the PTP Master configuration dialog, added prompts to ensure the admin chooses legitimate timeout and priority values.

  • Miscellaneous
    • Some 15-year+ old routines inexplicably thought that because there were 60 seconds in a minute, and 60 minutes in an hour, there must also be 60 hours in a day. We have educated these routines. The error only affected a few displays, not any timing calculation or function.

  • DTCheck
    • Added -leapfile command. This fetches and parses the default leap-seconds.list file from If you want to use a different source, use -leapfile:http://location. Only HTTP is supported. The file, if successfully fetched, is placed in the system32 folder. If the file in system32 does not exist, or is older than the version on the server, it will be updated. If the file in system32 is the same as or newer than the version on the server, the file in system32 will not be updated. In either case, the output shows the last leap second and its TAI-UTC offset, as well as the next leap second to come (if one has been scheduled). Domain Time does not use the leap-seconds.list file. This command is present only to let you check the current TAI-UTC offset and any scheduled leap seconds. Since it writes to the system32 folder, you must run DTCheck with admin privileges for this command.

5.2.b.20170522 - Optional Upgrade

One important fix for Manager. Several minor improvements elsewhere. NOTE: If you upgrade the Management Tools, you should also upgrade Audit Server. Mismatched versions may produce unwanted results (see description of changes below).

  • Real-Time Alerts
    • Widened the precision of remembered deltas from milliseconds (10^-3) to hectonanoseconds (10^-7, or tenths of a microsecond). The information was already being sent to Audit Server in hectonanoseconds, and displayed to that precision in the log files, but was being truncated to milliseconds in Audit Server's database and in emailed Real-Time Alert messages. The truncation was a holdover from 2009 (version 5.1), when all reports were limited to milliseconds. This change allows you to see sub-millisecond deltas that are being sent by Client or Server without having to examine the log file.

      Also changed the threshold scale for raising alerts from milliseconds to microseconds. The threshold is kept internally as microseconds, and expressed in alert emails or logs as ±s.nnnnn second(s) when practical. For example, if your threshold is 1.5 seconds, the program will display "±1.5 seconds"; for 15 milliseconds, the program will display "±0.015 seconds"; for 100 microseconds, it will display "±100 microseconds," and so forth. Changed Manager to allow you to express the threshold as seconds, milliseconds, or microseconds.

      Note: If you upgrade Audit Server but do not upgrade Manager and Alert Viewer, Manager and Alert Viewer will display incorrect values in the delta column. The display will be correct if you upgrade Manager and Alert Viewer without also upgrading Audit Server, but a mismatch between Audit Server and Manager is not supported. Alert Viewer, which can connect to multiple Audit Servers, will display the precision supported by each of its servers (as long as you upgrade Alert Viewer).

  • Stratum Reporting
    • Changed drift graph stratum to display the source's stratum rather than the machine's stratum. This change affects NTP and PTP graphs; DT2 graphs already displayed the source's stratum. This change is for consistency among protocols, and only affects graphs displayed in Manager or by the stand-alone DTDrift program.
    • Changed Audit Viewer's reporting of strata to match what's shown in the drift graph. Audit Viewer already reported the correct stratum on the summary dialog page, but did not use each source's stratum in either the details dialog or the textual report.

  • Email
    • Fixed quoted-printable encoding to prevent inserting a soft CRLF between the CR and LF of a hard CRLF. Symptoms: None known; this fix is to ensure strict compliance with RFC2821 and RFC2045.
    • Added workaround for non-conformant SMTP smarthosts. Symptom: Email session would terminate with a timeout after sending the email data but before seeing a 235 from the smarthost. These non-conformant servers are expecting an extra CRLF at the end of data.
    • Changed charset from US-ASCII to Windows-1252 to support 8-bit characters.

  • Manager
    • Widened display of real-time alert deltas as noted above under Real-Time Alerts.
    • Changed display of strata as noted above in Stratum Reporting.
    • Changed real-time alert threshold from milliseconds to your choice of seconds, milliseconds, or microseconds, as noted above.
    • Added checkbox to Real-Time Alert configuration dialog to allow choice of whether to raise alerts for all machines or only audited machines.
    • Fix for Manager freezing when NTP list is emptied. Symptom: Manager would pop up a blank message box (no text or buttons), and wait for you to click on the non-existent button to continue. The problem only exists in versions 5.2.b.20170101 and 5.2.b.20170331.
    • Added optimization for computer name enumeration in AD forests. If enumeration fails due to global catalogue errors, you may disable this optimization by changing the registry value Optimize Computer Enumeration to False in Manager's Parameters subkey.
    • Added History... to right-click menu for items in the real-time alert list. Also added F6 accelerator key to perform the same function.
    • Added real-time alert history settings to Real-Time Alert configuration dialog.
    • Added Email Setup... to Audit Server menu for convenience (the same dialog is available from locations where you enable or disable email).
    • Added "Time Traceable" and "Frequency Traceable" fields in detail view of PTP nodes. For masters, this is their own traceability status. Time traceability propagates to slaves, but frequency traceability for slave is implementation-dependent and may not be meaningful.
    • Colorized PTP node detail display to match other protocol detail displays.
    • Changed default for View - Show Grid Lines to false (only affects new installs).

  • Real-Time Alert Viewer
    • Fixed the audio alert to honor the state of the checkmark on the pop-up menu. Symptoms: Sounds were continuing to play when the checkmark was unchecked.
    • Widened display of real-time alert deltas as noted above.

  • Audit Server
    • Widened display of real-time alert deltas as noted above.
    • Added abiltity to customize the subject line in email alerts and summaries (only for this version or newer). To change, edit the HKLM\Software\Greyware\Domain Time II Audit Server\Logs and Alerts\SMTP key and change any of the Email Subject... values. Changes take effect upon service restart.
    • Ignoring excessive deltas upon receipt of a Status Report (Real-Time Alert) from a machine that has just resumed from standby is now treated as if the machine had just booted.
    • Changed wording on alert dialog from "after boot" to "after startup" to reflect the above change.
    • Added ability to skip raising an alert for unaudited machines.
    • Added code to skip updating Status Report delta when a Status Report is only a notification of PTP status change. Symptom: The "Last Status" column in Manager would change to zero for approximately five seconds after a PTP master was lost or gained.
    • Changed "PTPv2" to just "PTP" in audit debug logs.
    • Added real-time alert history folder and logfiles for each reporting machine.
    • Changed real-time alert logging to show deltas on machines that are in the PTP-lost-master state.

  • PTP Monitor
    • Changed display for masters who are zero "stepsRemoved" from a primary source to show an effective NTP stratum of 1 instead of 0.

  • DTServer/DTClient
    • Added ability to track number of seconds since a resume-from-standby event. This data is sent in Status Reports (Real-Time Alerts) so that Audit Server can decide whether or not to ignore excessive startup deltas. A recent resume from standby also counts as a "startup" event for the purposes of overriding the min/max correction allowed. This change allows laptops or similar devices that use sleep or hybernate to resume synchronization and avoid being flagged as out of tolerance when they resume operation.
    • Increased IOCP worker thread count to help prevent starvation of UDP service requests while TCP teardown is occupying a worker.
    • DTServer: Changed error message to "Access Denied" when DT2-HTTP is disabled for the type of access requested. Also streamlined HTTP request processing to reduce transaction duration.
    • Added secondary audit server value to the domtime.adm GPO. To obtain this functionality, you need to update the GPO with the new domtime.adm file, and set the value secondary audit server value using your normal policy editor. You must also update any DTClient or DTServer set to use the policy (previous versions will ignore the new value).
    • Corrected auditdata command response to include all time sources (up to eight) if multiple sources were used to steer the clock. If multiple samples from the same source are used, only the first sample from that server is included. Previous versions did not always show the individual source data.
    • Added source's stratum (if known) to the auditdata command response. This value is displayed by DTCheck or the Audit Viewer.
    • Added caller's IP/port and listening IP/port to debug-level messages for TCP hang-ups due to inactivity or error.
    • Improved overall socket server shutdown time for very busy DTServers with many concurrent TCP connections.

  • DTUpdate
    • Fixed logic error in the Domain Time II Update Server service which allowed installation to newly-discovered machines when the Administrator had selected only upgrades, not new installations.

  • DTCheck
    • Added each source's stratum (if known) to the output of dtcheck -cmd=auditdata when multiple sources were used by the queried machine.
    • Changed -ptpmasters output for two-step clocks to add count of missing Sync Follow-ups. An occasional Sync without its Follow-up is not an error, but a sufficient number in a row can lead a slave to abandon a master.
    • Changed -ptpmasters output for one-step clocks to omit showing zero Sync Follow-ups received.

  • DTDrift
    • Changed display of strata as noted above in Stratum Reporting.

  • DTTray
    • Reduced redundant registry reads.

  • DTLockdn & DTClean
    • Fixed code that disabled filesystem redirection and then failed to re-enabled it. This affects only 32-bit versions of the programs when running on 64-bit operating systems. Symptoms: None. In all cases, the programs perform correctly. This change is for consistency's sake, in case the programs are ever rewritten to operate recursively.

5.2.b.20170331 - Optional Upgrade

This version adds new features to Audit Server, especially for large networks where an audit can take a significant amount of time to complete. Added a fix for sleep problems on Windows 10 machines. Updated Denial-of-Service (DoS) protection algorithm. Several other minor enhancements and features at customer request. Upgrade if you are affected by any of the problems fixed, or if you want the new functionality.

  • All
    • Fixed problem with weekly text log rollover. Symptom: Log would roll at the first Sunday, then never again, unless you switched to monthly or daily, then back to weekly.

  • Manager
    • Changed wording on Audit Server/Alerts/Configure page to say "anomalous test results" instead of "anomalous scan results" because the double-check occurs for both NTP and DT2 sources after obtaining a result, whether it was obtained from either a scan or a directed query.
    • Added Cancel Audit menu option to cancel a running audit.
    • Disabled critical timing processor lock on machines with invariant TSCs.
    • Added checkbox to Audit Server/Audit Tasks dialog: "Scan the network before contacting individual machines" (default checked). If checked, Audit Server will use Manager's scan settings to collect data by multicast/broadcast before attempting to check with each machine. If unchecked, Audit Server will skip the initial scan.
    • Added checkbox to Audit Server/Audit Tasks dialog: "Use multicast to locate DT2 machines that may have changed IPs or names" (default checked). This checkbox exposes an existing registry setting that controls how Audit Server locates machines that may have changed NetBIOS names or IP addresses since the last audit.
    • Added version mismatch warning to the Conflicts and Problems display. If Audit Server is installed and is not the same version as Manager, a notice will appear advising you to upgrade the incorrect component.

  • Real-Time Alert Viewer
    • Added ability to play sounds when the overall status changes to red or yellow. You may turn this functionality on or off by checking/unchecking the right-click menu item titled, "Audio Alert Enabled." To change the .wav files played for each type of alert, edit the registry: HKEY_LOCAL_MACHINE\Software\Greyware\Domain Time II Alert\Parameters, and change the "Realtime Alert Sound Error" and "Realtime Alert Sound Warning" values to whatever you want. The full file path and name must be provided.

  • Audit Server
    • Added method for Manager to signal that a currently-running audit should be cancelled.
    • Added dynamic scan timeout value based on size of the recordset being audited.
    • Split unicast follow-ups to non-responding audited machines into multiple threads.
    • Disabled critical timing processor lock on machines with invariant TSCs.
    • Added ability to skip initial audit scan and do only unicast queries.
    • Split auto-acknowledge of Real-Time Alerts into a separate task; this change prevents auto-acknowledgement from being starved for CPU on busy Audit Servers.
    • PTP Monitor Logging
      • Added trace-level log event if a PTP master upgrades or downgrades its time quality.
      • Added trace-level log event if a PTP master changes its leap status flags.

  • Audit Viewer
    • Added DNS name, if known, on display and reports of NTP servers. Prior behavior was to say either "N/A" or the IP address in the name field.

  • DTServer/DTClient
    • Added work-around for Windows 10 machines with sleep function enabled. Symptom of problem: When sleep mode exits, the main thread may not resume. This is due to the Windows 10 kernel not sending matching pairs of APM up/down events to the service handler.
    • Added trace-level log messages for APM signals.
    • Changed default interpolator behavior to avoid unneeded cycles when using the kernel interpolator (Windows 8 or above).
    • Changed Denial-of-Service (DoS) behavior to not restart DoS timer with hits from poisoned sources during the rehabilitation window. The former behavior required n second to pass without any hits from a poisoned source before absolution would be granted. The new behavior grants absolution n seconds after the first excess. This makes the DoS protection more of a rate limiter than a block.

  • PTP Master Mode
    • Corrected inconsistency between announced and queried time quality, so that queries via management messages are dynamic using the same algorithm used for announces when Domain Time Server is operating as a PTP master.

5.2.b.20170101 - Recommended Upgrade

Introduced PTP Monitor, a component of Audit Server integrated with Manager. Several minor bug fixes; many performance enhancements. Added support for the "PTP Enterprise Profile." Added preliminary support for PTPv3 (subject to modification as the specification evolves).

  • All
    • Changed log file and dialog mentions of "variance" to "delta" where the value being referenced is a simple ±Δ (delta). The term "variance" is now used only it its strict mathematical sense (squared deviation from a set's mean). The former use of "variance" to mean "delta" was a holdover from when variances were exposed directly.
    • Changed most messages and prompts to say PTP instead of PTPv2. Messages specific to v2 (IEEE 1588-2008) as opposed to v3 (forthcoming) will have v2 or v3 appended when v3 is released and supported. Since much of v3 will be interoperable with v2 in terms of message types and formats, the version number is important only when a difference must be distinguished for debugging purposes. Certain instances of PTPv2 will be retained for backward compatibility (such as the names of keys and values in the registry).
    • Changed PTP node portIdentity textual representations to use a period instead of a colon to separate the clockIdentity from the portNumber. (There is no standard for textual representations of portIdentities. An 80-bit hex string is difficult for humans to read, so we split the clockIdentity into three portions using dashes, and separate the portNumber from the rest using a period.)

  • Manager
    • Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
    • Changed internal audit delta value for alerts from milliseconds to microseconds. Manager shows a radio button to allow selection of seconds, milliseconds, or microseconds. The value will be converted to microseconds when the dialog is closed. Internal time is still kept in hectonanoseconds (tenths of a microsecond).
    • Added check for wsnmp32.dll before allowing install to or upgrade of a remote machine. All versions of Windows from XP up have this DLL installed, execpt for Windws Server 2016 Nano Server, where it is optional. The admin must install SNMP trap support on Nano Server before installing Domain Time.
    • Changed default display precision for deltas and latencies from milliseconds to microseconds. This value is still adjustable from the Options/Appearance/Format Options/Significant digits dropdown. Several customers were unaware that the number of significant digits displayed was adjustable, and thought that Manager was only able to measure to the millisecond.
    • Changed the default sort order for deltas to use absolute value (magnitude). This may be changed on the same dialog box as the number of significant digits.
    • Added multicast interface enumeration to scanner functions used by Audit Server, Manager, and Monitor.
    • Added tooltips over list column headers to make it easier to read a column header's label without widening the column (with additional information for columns with obscure or potentially-confusing labels).
    • Added right-click item "Details" on lists to switch to the corresponding tree node's details view.
    • Added "Leap" column to Domain Time II Machines list.
    • Added "(UTC±HH:MM)" after timezone name in Domain Time II Machines details view.
    • Fixed slow redraw when deleting Audit Results or Synchronization Logs. Also fixed count of items shown on the status bar to reflect remaining items after deletion.
    • Fix for scan receive timeout resetting to 1500 on Manager's Options/Network Options/Network Discovery page. This value affects both Manager and Audit Server. Also applied fix to ensure that values entered are within the minimum and maximums allowed.
    • Fixed Alarm column on the Domain Time II Machine's list to reflect "NoSync" if a Domain Time machine has not been able to set its clock since startup. This information is already available via Audit Server's Real-Time Alerts and reports, but was not shown in the machine's list.
    • Added "PortIdentity" column to command-line DTMan EXPORT column, showing blank if the entry is not a PTP node, else showing the node's PortIdentity. For PTP nodes that are slaves, the existing PTPStatus column will show the master's IP address if available, else it will show the master's PortIdentity.
    • Fix for long Manager startup time when database size is large.
    • Improved Manager's exclusion of unwanted Organizational Units (OUs) to include both AD enumeration and tree/list display. The former behavior was to include all machines in the database, and excluded unwanted ones from the display.
    • Added number of elements and memory used by each of the major indices to the System Information page.
    • Added secondary sort by common name (DNS name for NTP servers) when sorting by other columns, so that machines in the same group are listed alphabetically within that group.
    • Changed display name for domtimed Domain Time II role from "Full Client" to "Linux Client" to make them sort separately from Windows clients.

  • Audit Server
    • Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
    • Fix for scan receive timeout resetting to 1500 in error.
    • Added info-level timing information for each phase of an audit. This helps identify which phase (if any) is consuming too much time for users with a very large number of machines being audited.
    • Added "lazy" write to the text log output (same mechanism as available for DTClient/DTServer). This helps improve accuracy of time-sensitive operations that must log their output.

  • Audit Viewer
    • Added "Delta" column.
    • Added NTP stratum (or equivalent) to display of a machine's time source. Strata only apply to NTP servers, but an effective stratum may be determined in most situations. In cases where there is no equivalent, or the information is missing, the stratum is not displayed.
    • Added UTC±HH:MM where applicable.
    • Added support for PTP Nodes (as opposed to Domain Time machines using PTP to obtain the time). Note that you may audit by more than one protocol (NTP, DT2, or PTP, or any combination); each shows up as a separate entry in the audit list.
    • Added support for showing last correction in sub-milliseconds (if provided by DTClient or DTServer; previous versions reported deltas to the hectonanosecond, but corrections only in milliseconds).

  • DTServer/DTClient
    • Added dynamic reset of outgoing socket TTL (IPv4) and hop count (IPv6) when changed on the Control Panel applet (former versions required a service restart).
    • Added links in all users start menu, similar to those created by installing management tools.
    • Fix for negative delta not firing SNMP trap for bounds exceeded.
    • Added shared memory section for PTP statistics (used by DTCheck and the Control Panel applet).
    • Added ability to keep NTP4-style loopstats and peerstats files, including symlinks to the current file, plus several other internal changes for ntpq and nptd-compatibility. Please see ntpd Compatibility for details.
    • Increased the maximum number of drift records kept by each machine. This provides a longer span of history; this is particularly important for PTP drift, which can accumulate one or more points per second.
    • Added socket drain for TCP connections after sending FIN but before closing socket. This helps prevent spurious connection reset errors on the peer.
    • Added non-zero values roughly equivalent to ntpd's concepts of root delay and root dispersion to NTP reply packets (DTServer only). Note that Domain Time does not keep internal statistics in the same fashion as ntpd, so there are no exact equivalents.
    • Added poll value to nearest power of two to NTP reply packets; this value was formerly fixed at the default interval, whereas now it reflects the anticipated number of seconds between time checks. Note that Domain Time does not calculate or maintain polling intervals in the same fashion as ntpd, so the poll interval reported is approximate. In particular, the state machine itself has a value, but not individual time sources. Domain Time is not restricted to ntpd's minimum, maximum, or power-of-two intervals, but reports as if it were for ntpd compatibility.
    • Changed precision value in NTP reply packets (DTServer only) from -23 to -22. 2^-23 (0.000000119 seconds) is the nearest approximation of Domain Time's actual granularity, but 2^-22 (0.000000238 seconds) is closer to the standard deviation representing Domain Time's best-case ability to measure the clock.
    • Changed default value for "Enumerate multicast interfaces..." and "Initiate rebind and resync..." to true.
    • Fixed log message format error after applying leap-second. The bug was introduced in version 5.2.b.20160922, and only affected machines running at trace-level or debug-level text log output.
    • Changed "Service Notify Time Change" log messages from debug level to trace level.
    • Added PTP grandmaster's offsetScaledLogVariance (oslv) to log lines that display the master's general attributes. This value is a four-digit hex number.
    • Added error-level output to log if PTP calibration fails due to invalid timestamps from the grandmaster. This information is also available in debug mode if the PTP packet rejection category is enabled, and will fire with every rejected packet. The new error-level information does not fire with each Sync packet, and does not require debug mode.

  • Control Panel applet
    • Further simplified and clarified the wording for Delay Transport on the Control Panel applet's PTP configuration dialog.
    • Added checkbox and configuration link for PTP to DTServer's "Serve the Time" page. This is a shortcut to the same PTP configuration dialogs on the "Obtain the Time" page, but put on the Serve the Time page for convenience. Unlike other protocols, PTP will be either a slave or a master depending on the overall network conditions.
    • Added checkboxes on the Logs and Status page for enabling NTP4 loopstats and peerstats. Added display of the NTP Stats folder. This display will be "N/A" for earlier versions of Domain Time, and "Not set yet" if you haven't enabled loopstats or peerstats. The folder path, if not set manually, is determined the first time Domain Time collects loopstats or peerstats. Close and reopen the Control Panel applet in order to see the path after first enabling loopstats or peerstats.
    • Removed Refresh and Autorefresh control from PTP Stats display when operating on the local machine using shared memory. The title bar includes either "shared memory" or "network" for your reference.
    • Added dropdown selection for "End-to-End Enterprise Profile" on the PTP configuration page. See PTP Profiles for details.

  • PTP
    • Added support for slaves choosing a master from among multiple domains, whether or not the Enterprise Profile is selected. This is controlled by a checkbox labeled "Dynamic (allow any domain when slave)" on the PTP Options page. On the PTP Status page, older versions will display "Domain Number" and the domain number. Newer versions will display either "Dynamic Domain" and the domain number currently in use, or "Operating Domain" and the domain number chosen on the Options page. See Dynamic Domain on the PTP Profiles page.
    • Shortened or eliminated the delay time for recalibration when switching from one master to another if multiple masters are advertising simultaneously (for example, when a master in domain 0 and another in domain 1, are both visible to the slave, and the slave has Dynamic Domain available, it will have already pre-qualified both masters, and be able to switch without reentering the listening state when the master it has chosen goes offline).
    • Added support for management GET of the PTP fault log.
    • Added support for management COMMAND to clear the PTP fault log.
    • Increased incoming buffer size to accommodate receipt of large fault log packets.
    • Changed reply to management requests sent to all domains (0xFF) to indicate the clock's true operating domain instead of copying the incoming request's domain. Note that management requests addressed to all domains are not part of the PTPv2 specification (although they will likely be part of v3); this functionality is included in Domain Time in emulation of PTP's "all clock identities" and "all clock ports" concepts. Domain Time does not send these requests, but will respond appropriately if so queried. Prior versions responded from domain 0xFF, as required by a strict interpretation of PTPv2.

  • DTCheck
    • Added prompt before -test and other options that may affect the clock, requiring confirmation before beginning the procedure. Added -yes parameter to skip the confirmation.
    • Added -driftfiles parameter to fetch drift files. If no machine name or IP address is specified, the local machine is targeted. The files are placed in the current directory. Example: dtcheck -driftfiles

  • NTPCheck
    • Added display of precision, poll, root delay, and root dispersion to -raw output. Note that sources providing a zero for root delay or root dispersion is valid but undefined; the value is either omitted (typical with appliances and previous version of Domain Time) or too small to represent in the fixed-point field provided. NTPCheck will display root delay and root dispersion, but only convert to seconds and fractions of a second if non-zero values are provided.

  • Setup
    • Added automatic backup of audit server database during upgrade.

5.2.b.20160922 - Optional Upgrade

Preliminary support for Windows Server 2016 Nano Server. Contact tech support for instructions before deploying.

Several enhancements for UTC traceability. Several enhancements to Audit Server and Manager. Minor bug fixes or enhancements for the Daytime protocol, for NTPQ, and for PTPv2 Peer-to-Peer. Upgrade if you need the new functionality, or are affected by the minor bugs.

  • UTC Traceability Enhancements
    • Added reference time type and details to the comments section of the Daily Report.
    • Added reference time type and details to audit data files and dtreader.exe.
    • Widened reference time offset and latency results to hectonanoseconds in Audit Server's log.
    • Changed reference time list from trace- or debug- to info-level in Audit Server's log.
    • Added display of timezone UTC offset in standard "UTC±HH:MM" format to the end of timezone names.

  • Nano Server and ServerCore Headless
    • Preliminary support for DTClient and DTServer on Windows Server 2016 Nano Server. Contact tech support for instructions.
    • Preliminary support for DTCheck and NTPCheck on Nano Server (via Powershell remoting).
    • Disabled automatic start of the system tray icon when running on ServerCore (if headless) and on Nano Server.
    • Disabled Clock Change Monitor when running on Nano Server.
    • Disabled Virtual NIC Reconection Monitor when running on Nano Server.
    • Disabled Time Change Event Monitor when running on Nano Server.
    • Changed to static link for iphlpapi.dll (required for Nano Server).

  • Management Tools
    • Allowed Monitor service and Audit Server service to run on Win10/Win2016 platform.
    • Fixed %LocalTime% and %LocalTime#% reporting in the Daily Report output.
    • Corrected Manager's debug level output for ntp reference time field obtained during scan.
    • Added "Configure..." option to Manager's right-click pop-up menu on the tree side that goes directly to the configuration dialog for the type of item selected. This is just a shortcut to subitems on the main menu.
    • Improved detection and startup of Domain Time Server if not already running when Manager or Audit Server starts. Changed text log message from error level to warning level if Domain Time Server is not already started.
    • Gave reference time check its own separate timeout value to improve reliability. It was formerly using the overall scan timeout value, which could be set too short for some time sources to respond.
    • Customer request: Added doctype, xmlns, and viewport to HTML emails for improved experience on handhelds.
    • Customer request: Added ability to direct Audit Summaries and Real-Time Alerts to their own group of email recipients instead of to the standard To/CC/BCC lists used by Audit Alerts.
    • Customer request: Added HTML support to the Daily Report file. If the filename extension is either .htm or .html, then Audit Server will wrap the output in minimal HTML tags sufficient for viewing with a browser.

  • DTServer/DTClient
    • Fixed bug in debug-level log output for missing PTPv2 messages.
    • Fixed bug in creation of IPv6 generic unicast outgoing socket.
    • Fixed bug introduced in version 5.2.b.20160415 that prevented PTPv2 Peer-To-Peer (P2P) delay measurement from working correctly.
    • Changed wording in warning log message for real-time status alerts to indicate if the problem was ICMP related, rather than UDP or TCP.
    • Customer request: Added padding bytes to ntpq responses to reach a 32-bit boundary. Some implementations of ntpq interpret the March 1992 RFC 1305 to mean padding is required, even though Appendix B says that padding is required only if an authenticator is used. This change is a concession to those using overly-strict versions of ntpq, and should not affect other versions.
    • Changed PTPv2 master Announce message "timeTraceable" flag to true if the machine is synchronizing to a timesource that claims to be GPS-derived (i.e., a stratum 1 NTP server, or a PTPv2 grandmaster claiming stepsAway of zero). This does not affect the BMC decision; it only provides additional information for auditing and monitoring purposes.
    • Changed PTPv2 one- and two-step sync processing to reject timestamps more than a day off from the machine's current time. This is a sanity check, implemented due to customers whose grandmaster is either misconfigured or broken.
    • Added registry parm TAI-UTC Offset Locked (default False) to the PTPv2 section of the registry. If changed to True, DT will not adjust its discovered TAI-UTC offset to match a new master advertising a different offset. The service must be stopped/restarted for this change to take effect. You should use this setting only if you have a broken PTPv2 master.
    • Added registry value Current Offset Enabled to the PTPv2 subkey. This value defaults to false, and changes the behavior introduced in 5.2.b.20160415. When false, Domain Time will not update the current offset in the registry or fire the offset-changed event. To regain this behavior, set Current Offset Enabled to true, then trigger a sync or issue dtcheck -reload. See sdk.doc for details.

  • Control Panel Applet
    • Added "(deprecated)" to the Get the Time's radio button "Set this machine's time from broadcast or multicast sources" label. Distributing and receiving time by broadcast/multicast DT2/NTP is still supported, but seldom used, primarily because client-server requests and PTPv2 are much more accurate. The only change is in the label, to help customers select the correct option.
    • Added "(recommended)" to other Get the Time page options, for reasons similar to the above change.
    • Removed checkbox "Allow Non-exclusive bind for PTPv2 sockets" from the Network page. The default state is true, and corresponds to the registry setting "Non-exclusive bind" in the PTPv2 subkey. This should almost never be set to false, since it prevents other PTPv2 multicast listeners from binding.
    • Added warning prompt if user sets the Minimum Correction on the Correction Limits page to anything other than the default value of 1 millisecond.
    • Changed PTPv2 drop-down label from "Unicast Support" to "Delay Transport," and changed drop-down item text to clarify the choices: Auto-Detect, Only support unicast..., and Only support multicast... (cosmetic change only).

  • DTServer Daytime Protocol (RFC867)
    • Customer request: Added "NISTLF" as an alternative to "NIST" or a ddd MMM yyyy format string for the Daytime Format registry setting. If set to NISTLF, the output consists of an LF, followed by the normal NIST format string, followed by a space and then a terminating LF. If set to plain NIST, there is no leading LF, and the terminator is a CRLF (no extra space). For other options, any legal combination of specifiers in Microsoft's GetDateFormat API are acceptable.
    • Fixed the "H" digit ( in the NIST or NISTLF output format so that zero indicates healthy, and 4 indicates unhealthy. These two values were formerly reversed. No other H digits are used by Domain Time.
    • Removed "Daytime Identifier String" value from registry. This value is not used in version 5.x.

  • DTCheck
    • Added Lost Master Reason (if known) to output for -ptpstats and -ptpmasters.
    • Rearranged output of -ptpmasters option to put Priority 1 and Priority 2 on separate lines.
    • Added -ptpmasters -noexpired option. If -noexpired is specified, then the output list of known masters will not include masters that have stopped announcing but are still in the cache.
    • Changed output for -ptpmasters so that former masters who are still advertising show as Former Master rather than Current Master or Potential Master.
    • Added information regarding syncs and follow-ups to the -ptpmasters command.
    • Changed the -cmd= option to allow commands containing spaces to be specified without the spaces. For example, previous version required quotation marks for -cmd="Audit Data" because the command name contains a space. You may now skip the quotation marks and spaces: -cmd=AuditData.
    • Added (UTC±HH:MM) after name of time zone if known.
    • Added IPv6 listen to -ptptest
    • Customer request: Added implicit -nopause argument if output is redirected or program is remoted.
    • Extended explicit -nopause argument to all commands that loop with "Press any key..." prompts.

5.2.b.20160711 - Optional Upgrade

One major new debugging tool available through DTCheck. One major usability change to UAC's interaction with Control Panel applets. Several visual/usability enhancements to DTCheck and NTPCheck. A few minor OEM changes, and one obscure bug fix. Several minor enhancements to SMTP sending. Upgrade if you want the new functionality, or are experiencing any of the problems addressed by this release.

  • DTCheck
    • Added -ptpmasters option. This displays the table of PTPv2 masters seen on the network by the node you query. The information is drawn from a cache of announce messages. Each master will be shown as Current, Potential, or will have an error message showing why the announces from that master are being rejected (wrong domain, invalid UTC settings, etc.). This is helpful for debugging when PTPv2 won't slave to a master. Masters who sent announce messages, then stopped, will remain in the list, but be shown as expired.

  • DTCheck and NTPCheck
    • Added "Press any key to close..." prompt at end of program output when the command-line programs are run from a shortcut, Explorer, the start button, or another GUI method. This prevents the window from flashing up, running, and disappearing. The prompt to close does not appear when you start these programs from a command-line prompt.
    • Added -nopause parameter to defeat the above behavior. This is primarily useful for those who don't care to see the results or are running either DTCheck or NTPCheck from within a batch file.
    • Changed manifest from requireAdministrator to asInvoker. For operations not requiring admin privileges, you no longer need to launch from an elevated command prompt (or select Run as Adminstrator). For operations requiring admin privileges or requiring elevation, the programs will prompt you to elevate unless UAC is turned entirely off. Successful elevation will cause the program to run in a separate window. If you are using DTCheck in a batch file, you should elevate the original command prompt that runs the batch; otherwise, depending on the operation, you may be prompted for each invocation of DTCheck.

  • Control Panel Applets
    • Improved launching of CPLs when UAC is enabled but the user either isn't an administrator, or is an administrator without already being elevated. When possible, the normal UAC prompt to run elevated (or provide a username/password) is presented instead of a popup explaining what to do. Note that is is still not possible to run an administrative CPL as an ordinary user when UAC is disabled completely. You need to log on as an administrator, use the command-line RUNAS, or administer the machine remotely.
    • Fixed rare condition that allowed you to make a change, then click OK to close the CPL, but the change was not saved.
    • Added prompt to save changes when a user checks the box to enable PTPv2, and then wants to view the PTPv2 stats without having first clicked Apply.

  • DTServer/DTClient
    • Added DWORD registry value "Send Port Generic" in the Parameters subkey. The default is zero. Domain Time uses several sockets for generic outgoing messages. By default, the port used is an ephemeral port assigned by the system. This is the proper behavior for client-server systems; only the server should have a fixed listening port, and clients should use ephemeral ports. However, in rare cases, applications have high-number ephemeral ports hard-coded as their communications ports. If Domain Time happens to start first, and happens to obtain those particular ports, the hard-coded application may fail. Set this value to the beginning port number (n) of a range you want Domain Time to use for its generic outgoing sockets. Domain Time will attempt to use (n) through (n + 50) to bind its generic outgoing sockets. If none of the ports (n) through (n + 50) are available, Domain Time will revert to letting the system choose an ephemeral port. Be very careful not to specify any well-known ports or IANA-registered ports for your range, and only set this value if you have a specific problem that you know will be solved by changing the ephemeral ports Domain Time uses.
    • Fixed problem with DHCP auto-discovery option hanging if no DHCP server is present on the network, or if it replies with an unrecognized format.
    • Improved handling of derived stratum changes when using samples from multiple sources with different strata. Clarified log message to indicate if a registry override is in effect. Changed broadcast DT2/NTP time to honor the registry override if present.

  • SMTP Email
    • Changed SMTP SSL/TLS default registry value TLSIgnoreCertErrors (introduced in 5.2.b.20140922) from zero (ignore no errors) to 0x3100 (accept certs that are self-signed, expired, or have the wrong CN). SMTP encryption is opportunistic in nature, and many, if not most, SMTP hosts use self-signed certs, or certs copied from a web server, or certs whose common name does not match the name you must use in order to contact it. You may set the value to 0x10000000 in order to regain strict certificate checking, 0x0000FFFF to disable certificate checking altogether, or any combination of values documented in the release notes for 5.2.b.20140922 for specific checks.
    • Added registry value TLSAcceptableProtocols (same registry key as TLSIgnoreCertErrors). This is a bitmask of acceptable encryption protocols. The default value is 0x0AA0. Use a logical OR to combine multiple values.
      • 0x00000002 - PTC1 (not recommended)
      • 0x00000008 - SSL2 (not recommended)
      • 0x00000020 - SSL3 (not recommended, but included in default for backward compatibility)
      • 0x00000080 - TLS 1.0 (not recommended, but included in default for backward compatibility)
      • 0x00000200 - TLS 1.1
      • 0x00000800 - TLS 1.2
      • 0xFFFFFFFF - any available protocol (not recommended)
    • Added registry value FQDN (same registry key as TLSIgnoreCertErrors). This REG_SZ (string) value contains the name to use during SMTP envelope negotiations; specifically, it is the name presented as the EHLO or HELO name immediately after receiving the server's greeting. In previous versions, the name used was the sending machine's fully-qualified host name. However, workgroup members or machines just starting may only have a bald hostname available. This new value is set the first time an email is sent, and used thereafter for all subsequent emails. If a fully-qualified name is not discoverable, then Domain Time will use either a dotted-quad IP enclosed in brackets, or the computer name followed by .smtp.local. RFC 2821 section requires one of these two forms. You may change the name if your particular email server requires an externally-verifiable DNS name to be presented.

5.2.b.20160415 - Optional Upgrade

Minor changes to accommodate non-compliant PTPv2 nodes, and to accommodate PTPv2 grandmasters that send signals in an unexpected order. Added check for duplicate PTPv2 portIdentities on the network. Changed graphics and links for OEM partners.

  • DTServer/DTClient
    • Changed calibration check for PTPv2 to work around rare race condition where an announce arrives between a sync and its followup.
    • Changed debug output for wrong packet size on PortDS Management reply to indicate the count of TLV bytes received and the count expected.
    • Changed handler for PortDS Management reply to allow incorrect value in TLV length member for non-compliant masters.
    • Added outgoing delay request sequence numbers to debug output.
    • Added incoming delay response sequence numbers to debug output.
    • Added bias count to MeanPathDelay smoothing debug output
    • Added check for delay replies received outside of reasonable round-trip times.
    • Changed category for out-of-sequence or invalid delay responses from ignored packets to delay calculation packets.
    • Added multicast at startup to check for duplicate PTPv2 portIdentity nodes on the network. If a duplicate is detected, PTPv2 will switch to the "faulty" state and refuse to run until the problem is corrected. This condition can only happen if an admin clones an installation and neglects to run DTCheck -prepclone, or otherwise produces a network with duplicate node IDs. PTPv2 requires each node to have a unique portIdentity. An error-level text log message includes the other node's IP address and portIdentity. This check may be disabled by setting the "Duplicate Node Detection Enabled" registry entry in the PTPv2 subkey to false.

  • DTCheck
    • Updated the DTCheck -eventmonitor function to monitor the two new PTPv2 events.

5.2.b.20151127 - Optional Upgrade

One important fix for SDK users. Several minor improvements to system timer detection, mostly for Windows 10, but also affecting earlier systems. Many improvements for Audit Server behavior and Manager's interface.

  • SDK
    • Fixed handling of non-conformant performance counters when using GetDomainTimeAsFileTime() and internal routines that use it inside the DLL. In rare circumstances, earlier versions of the DLL could return incorrect time if the performance counter misbehaved when the DLL was queried in very rapid succession over long periods of time. Upgrading the DLL to the new version is highly recommended for SDK users. You should not have to recompile your application.
    • Amended the list of documented error codes in the comments of DTHRes.h.

  • DTServer/DTClient
    • Improved system timer detection and calculation of timing variables. In particular, recalculation of non-dependent variables is skipped when possible. On Win8 and later versions, unneeded recalibration is skipped when other processes raise the timer resolution in a way that doesn't affect Domain Time.
    • Improved handling of non-conformant performance counters. On DTClient and DTServer, a misbehaving system timer does not cause calculation errors, but can reduce the accuracy of interpolated time until the performance counter renormalizes.
    • Fix for the Control Panel applet not saving the "Force Timeset Success Messages" value in the registry when the corresponding checkbox on the Text Log configuration dialog was checked or unchecked.

  • DTAudit/DTManager
    • Added Periodic Interval (minutes) to both the Drift Collection and Ephemera Collection subkeys. The default value is 60. In previous versions, this value was hard-coded to 60 minutes. You may change it to a shorter or longer interval. Changes are recognized only after you stop/restart the Audit Server service. Note that an audit always triggers Drift Collection (if Drift Collection is enabled), regardless of the background periodic interval.
    • Removed duplicate entries in the drift data recorded by Audit Server for NTP machines when asynchronous (background) data collection is enabled.
    • Changed drift graph text report for NTP servers to indicate leap indicator ("L-I") and stratum ("Strat") instead of irrelevant or unavailable DT2 data. This information also appears on the graph display when you click on a data point to see its value. Note that this change may cause an erroneous display of phase or interphase values when viewing a new drift file using an older version of the drift viewer.
    • Fixed bug in NTP drift logs collected by Audit Server that caused the time source displayed to be the IP of the audited machine instead of its source. The new version of the drift graph viewer correctly interprets this value as meaning "unavailable," whereas prior versions might show a dotted-quad that represents either the audited machine itself, or the dotted-quad equivalent of "GPS" or other stratum-1 text string.
    • Fixed Manager's Audit Server/Synchronization Logs/Configure dialog to leave Log Filename Format dropdown enabled regardless of whether Expand is checked. The filename format controls all drift logs, whether or not expansion of binary files to text is enabled, and they all use the selected format (but with different extensions).
    • Added new column "Type" to Manager's Synchronization Logs list display. The type reflects the underlying data: "Drift" for DT2 machine drift records; "NTP" for NTP server audit data; "PTPv2" for PTPv2 Offset data.
    • Added support for DEL key to Manager's Synchronization Logs list display.
    • Changed background color and text on drift graph viewer when examining an NTP audit data file (PTPv2 and normal drift data already had separate background colors).
    • Increased size of drift graph window and changed number of points to correspond to the larger size.
    • Added new drift collection filename format choice called "Default (recommended)" to the Log Filename Format dropdown. This new choice is the default for new installations. If you are upgrading, you should switch to "Default (recommended)" if you can, since the new format resolves most naming ambiguities in the old format choices.

        Default (recommended) uses "NTP Server - DNSName - IPAddress" for NTP servers (with DNSName and IPAddress replaced with the actual DNS name and IP address), and uses "SerialNumber - CommonName" for DT2 machines (with SerialNumber and CommonName replaced by the xxxx-xxxx serial number and the NetBIOS name).

        Serial - Name - IPAddress uses "NTP Server - DNSName - IPAddress" for NTP servers, and "SerialNumber - CommonName - IPAddress" for DT2 machines. This can lead to unnecessary file proliferation with data spread amongst multiple files for DT2 machines that use DHCP or are multihomed with the ability to respond from multiple IP addresses. This format is no longer supported except for backward compatibility.

        NetBIOS name only uses the first node of the DNS name for NTP servers, and the NetBIOS name for DT2 machines. This can lead to data corruption of NTP server records if more than one NTP server has the same first node for the DNS name. This format is no longer supported except for backward compatibility.

        DNS name only uses the full DNS name only for both types of records, but does not guarantee against data corruption if rDNS is static but IPs are dynamic. The machine corresponding to a.b.c.d may change with each DCHP allocation, but if the rDNS remains the same, data from multiple machines may be mingled in a single file. This format is no longer supported except for backward compatibility.

        IP Address only uses only the IP address to format the filename, but does not guarantee against data corruption unless all audited machines have statically-assigned IP addresses. Even if this is true, if you have multihomed machines able to respond from multiple IP addresses, data may be spread across multiple files. This format is no longer supported except for backward compatibility.

    • Added code to prevent command-line triggering of audit, drift collection, or ephemera collection during an audit run. The return code is ERROR_SERVICE_ALREADY_RUNNING (1056).
    • Added deletion of old drift data files if all records have expired. Expiry of old records is optional; if selected, and all records are too old, then the zero-length file will now be deleted.
    • Added Ctrl-A, Ctrl-S, Ctrl-L, and Ctrl-W handlers for Manager's Real-Time Alerts list display. These items were documented on the right-click menu as shortcuts, but never implemented.

5.2.b.20151102 - Optional Upgrade

Several minor unreported bug fixes. Several enhancements to Manager's display and properties. One important fix for PTPv2 cross-check functionality. Exposed new functionality for DTServer and DTClient on the Control Panel applet. Improved continuous interphase steering (PTPv2) and sampling filter. Upgrade if you are affected by any of the bugs, or if you want the new functionality.

  • Miscellaneous
    • Optimized syslog writing for lower latency by pre-creating a send socket and setting the target address only when changed rather than every time syslog output is called. This affects all services that have a syslog output option. The syslog format continues to be RFC 3164. RFC 5424 is not supported.
    • Changed load-order for services (DTServer, DTClient, DTMonitor, DTUpdate, and DTAudit) so that some initializations are delayed until after informing the Service Control Manager (SCM) that the service had started correctly. This step eliminates an extremely rare race condition that can occur during the boot sequence, when Domain Time is waiting for other services to start.
    • Added upper and lower bounds lines (dark blue) and average line (green, red, or yellow) to drift graphs if the highest/lowest points are sufficiently far from the zero line. Lines that would go through points off-screen are drawn at the screen edges instead. Double-click any blank area of the graph to toggle bounds and average lines on and off.

  • DTAudit/DTManager
    • Added "Domain derived from" and "DNS Name" to DT2 item detail display.
    • Changed item list display for computers and DT2 list to say "workgroup" instead of "domain" if domain membership has not established.
    • Changed double-click action on columns in list views. If you double-click the IP address, Manager will try to connect to the IP address first. If you double-click the DNS name, Manager will try the DNS name first. If you double-click the Common Name, Manager will try the Common Name first (unless you have FavorIP set for that record). This new behavior helps in situations where machines don't have rDNS, or are workgroup members, or cannot resolve by the NetBIOS name, or have multiple IPs that respond to queries but are not necessarily open for connection attempts.
    • Changed all list columns called "Name" to "Common Name" to help distinguish CNs from DNS names or other types of names. A common name is usually the bald NetBIOS name of a computer.
    • Fixed unreported bug in manual editing of NTP node's Time Software field via right-click on list item.
    • Fixed unreported bug that prevented v5.x Manager from remotely setting a v4.x machine's timezone.
    • Removed leading plus sign ("+") from all columns reporting latency, since latencies are always positive numbers.
    • Clarified text of debug-level messages during scans to indicate both the from and to addresses, as well as unicast, broadcast, or multicast.
    • Clarified text of trace-level messages during maintenance work when purging old records.

  • DTServer/DTClient
    • Added delta smoothing to PTPv2 calculations. Delta smoothing moderates the steering mechanism, and helps improve overall accuracy. The PTPv2 offset graph shows the smoothed deltas; moment-by-moment deltas can still be seen on the statistics page. The new behavior is enabled by default, but can be disabled by unchecking the Use smoothing for delta calculations checkbox. The existing Use smoothing to reduce jitter has been renamed Use smoothing for meanPathDelay for clarity. Delta smoothing can dramatically reduce spikes and overall clock offset from the PTPv2 grandmaster.
    • Fix for skipping cross-check when PTPv2 time exceeds the specified bounds (default 55ms). In the release notes for 5.2.b.20150828, we reported "This change does not disable the 'crosscheck' functionality introduced in 5.2.b.20120117." In rare circumstances, however, the change introduced in 5.2.b.20150828 does indeed bypass the cross-check function. This version fixes that problem.
    • Fix for SNMP traps that stop sending if the first attempt at DNS resolution fails. Also added support for IPv6-literal trap destinations on operating systems that support WinSNMP with IPv6.
    • Allowed extended reply to the Query Timezone command from DTCheck (see DTCheck section below).
    • Added "Wait for Network Startup" (REG_SZ, String, default value "True") to the Parameters subkey. If present and set to True, Domain Time will wait up to 30 seconds after boot for an IPv4 address to appear. At boot time, some network adapter drivers report ready before assigning IP addresses to an interface, even if the IPs are pre-configured as fixed addresses. DHCP-obtained addresses can take several seconds longer. The new wait period helps ensure that Domain Time's initial enumeration of adapters and IPs is correct before protocol listeners or timechecks are started.
    • Changed log message "NtTimerResolution changed" from warning level to trace level due to Win10's practice of changing the timer resolution on the fly for performance boosts. In previous versions of Windows, an unexpected change of the NtTimerResolution was unusual enough to warrant a warning message.
    • Fixed unreported bug that could prevent syslog output from starting until after a manual change in the Control Panel applet (or other action causing a reload) occurred.
    • Added NTP Era to the startup banner. This is calculated based on the date/time at startup. NTP eras span 68 years. The NTP era is currently 0, but will change to 1 on Feb 8, 2036. NTP delta calculations across adjacent eras work correctly, but only the difference between clocks is available. To convert an NTP time stamp to wall-clock time, the era must be known. This entry in the startup banner is for informational purposes only; Domain Time recalculates the era of received NTP timestamps dynamically during runtime, so crossing the 2036 boundary will not affect time-of-day calculations among different time protocols. Only NTP requires a calculated era; other time protocols have a range of thousands of years.
    • Added check for advanced clock training while using broadcast NTP or DT2 time sources. Clock training is not applicable when using broadcast time, and does not occur even if enabled, since Domain Time has no control over the receipt of broadcast samples and cannot predict or control their frequency. Enabling advanced clock training when using broadcast time had no effect other than reporting training was running without the iteration counter ever changing. This fix informs the user via an info-level log message that training is inapplicable, and sets the training iteration to zero periods left.
    • Added check for advanced clock training while in the PTPv2 slave state with continuous interphase enabled. Although (unlike with broadcast sources) the training iterations would count down correctly, advanced clock training is inapplicable under PTPv2. Therefore, when detected, advanced clock training is cancelled.
    • Changed trace-level log message about ignoring disabled DT2/udp commands to warning level (but suppressed unless client access logging is enabled). This change makes DT2/udp conform with the existing behavior of DT2/tcp.
    • Changed default for interphase recovery on new installs to true for OS versions Vista, 2008, Win7, and 2008r2. The default on new installs remains false for all other operating system versions.
    • Exposed alternate profile on Security tab of the control panel applet. The alternate profile allows you to permit specific DT2 commands from trusted networks when the main profile denies those commands. In general, you shouldn't touch these settings. The alternate profile is primarily of use when your server is public-facing and you want to limit commands from external sources, but want to allow them from internal sources. Note that the command prohibitions cannot protect against UDP source address spoofing. Your boundary firewall should be set to prevent transit of internal IP addresses.
    • Exposed checkbox on Logs and Status tab (text log) labeled "Include info-level timeset success messages in warning- and error-level logs. If checked, and the log level is set to either Warning or Errors, then the info-level message for a successful timeset will be logged, too. This allows you to set the log level to the minimum needed while still seeing that the clock has been set successfully.
    • Denial-of-Service log messages must now be explicitly enabled by changing the log level to Debug and checking the box for Denial-of-Service messages (checked by default). They are still trace-level messages, but only occur when the log is set to Debug level.
    • Speeded up Denial-of-Service protection check; increased size of offenders list to the 2048 most recent.
    • Added debug category "Uncategorized debug messages," which covers miscellaneous debug-level output not included in other categories.
    • Changed bind error 10049 ("address unavailable") to a debug-level error when trying to enable multicast reception on an interface that does not support direct interface bindings despite being marked by Winsock as multicast-capable. This applies primarily to RRAS servers and other special situations where an IP with a netmask of is actually a gateway rather than an interface.

  • DTServer
    • Corrected "stepsRemoved" value in PTPv2 master-mode announce messages to reflect the zero-based PTPv2 steps rather than the one-based NTP stratum (i.e., if the server's derived stratum is 2 because it is synchronizing to a stratum 1 source, it should report stratum 2 via NTP, but "stepsRemoved" 1 via PTPv2, since it is only 1 step away from a primary source).
    • Added "UTC" to the end of the time string reported by DT2-HTTP queries. This is for documentation purposes only, since DT2-HTTP has only ever served time in UTC.
    • Added time source header to DT2-HTTP replies; only used for filling in data for ntpq. If the server is using multiple time sources, the resultant NTP reference ID will be If the server's last source was a name or IPv6 source rather than an IPv4 number, the resultant NTP reference ID will be If the server's last time source was an IPv4 address, it will be reported as a standard dotted-quad IPv4 address.
    • Fixed timing issue with sending RTAlerts when becoming a PTPv2 master; depending on which thread had priority at the moment of the change, DTServer could either send "became master" or "internal failure" as the state-change reason. It still reported itself correctly as a PTPv2 master, so only the log messages on Audit Server were affected.

  • DTAlert
    • Changed auto-dismiss of lost connection pop-up from 10 seconds to 5 seconds.
    • Added code to help ensure the "Stay on Top" option keeps the window on top, regardless of opacity settings.

  • Control Panel Applet
    • Enhanced Problem Report to include registry settings for all Domain Time products installed, rather than just Domain Time Server or Domain Time Client.
    • Disabled advanced training button when using broadcast time sources (see DTServer/DTClient above for more information).
    • Modified the security dialog (see DTServer/DTClient above for more information).

  • DTMonitor
    • Added checkbox "DNS Lookups Enabled" to the setup page of Monitor's Control Panel applet. By default, the box is unchecked. This is a change in behavior. Earlier versions always tried to look up the DNS name for all IPs encountered. You may regain the former behavior by checking the "DNS Lookups Enabled" box. Scans without DNS lookups enabled run very quickly, usually in under 1 second. DNS lookups, especially if responding machines don't have rDNS records, can take an arbitrary amount of time. If you have dozens or hundreds of machines that don't have rDNS records, or if your network isn't configured to allow bald NetBIOS names to resolve to IP addresses, the time for a scan to complete can be quite long.

  • DTCheck
    • Added code to allow -Cmd="Query Timezone" to show all available timezone information, whether or not the machine is DTServer set up to share timezone information. The extended query sent by DTCheck will not be recognized as extended by older versions of DTServer or DTClient (they will reply, but the timezone information will be limited to that provided by older versions).
    • Added -interfaces command. This is similar to the -adapters command, but provides more detailed information.
    • Changed parser to emit "argument not understood" message instead of defaulting to -stats if the argument was unknown.

5.2.b.20150828 - Optional Upgrade

Windows 10 officially supported. Added preliminary support for Windows 2016 Server preview versions. Improved functionality for ICMP, audit retries, analysis of time samples, client automatic server discovery, and ntpq responses. Corrected or added previously-documented Windows Event Viewer messages. Several enhancements for checking pending leap second status without having to look through the text log files. Upgraded reporting abilities for both DTCheck and NTPCheck. Fixed one unreported minor bug. Added automatic management of Windows Firewall to Client, Server, and Audit Server. Upgrade if you want the new functionality.

  • DTAudit/DTManager
    • Added automatic management of Windows Firewall. See Auto-Manage Windows Firewall for details.
    • Customer request: Added SNMP trap from Audit Server upon successful completion of an audit with no errors SNMP traps from Audit Server are free-form text. An all-okay message will read "Audit completed without errors" and the domtimeMachinename field will be the NetBIOS name of the Audit Server itself. The default value for sending this trap is false, but can be changed to true on Manager's Configure Alerts dialog. Note that the all-okay trap may only be sent if overall SNMP traps are enabled for Audit Server.
    • Fixed follow-up procedure for non-responding machines to use the machine's name first, and the last-known IP address only if the machine name fails. This allows Audit Server to discover machines whose names resolve but whose IP address has changed since the last successful contact.
    • Added Multicast by Serial Number to locate non-responding audited machines to the HKLM\Software\Greyware\Domain Time II Audit Server\Logs and Alerts\Audit Data Collection key. This value can be either "True" or "False" (default "True") and controls whether Audit Server tries to locate non-responding audited machines by sending a DT2 multicast using the audited machine's serial number. In prior versions (and in the documentation), this action was automatic; however, it was broken in the past several releases. Now that the function is working as documented, we made using it optional, since if the audited machine were going to respond to multicast, it probably did so during the initial audit scan. If a machine is not going to respond to multicast, this check adds extra time waiting for the timeout to the follow-up sequence. Change this value to "False" if your network does not allow multicast. Changes take effect at the next scan; you do not need to restart any services. Note that his function is valuable on networks that allow DT2 multicasting, since a non-responding machine may have changed its name or IP since the last successful contact.
    • Added "Retries on Contact Failure (range 1-5, default 1)" DWORD value to the HKLM\Software\Greyware\Domain Time II Audit Server\Logs and Alerts\Audit Data Collection key. Until now, DTAudit has always retried once to contact a machine that fails to respond to scanning broadcasts/multicasts. You may now change how many times Manager and Audit Server will retry. Multiple retries are generally a bad idea, since if a machine fails to respond to a unicast once, it is unlikely to respond a second later. However, in some circumstances, such as auditing remote offices or dealing with a congested switch or router that is discarding packets, you may want to increase the retries. Changes take effect at the next scan; you do not need to restart any services.
    • Added support for LDAP_OPT_AREC_EXCLUSIVE in LDAP domain enumeration when an IP address or machine name is entered in the LDAP Server field of the Computer Enumeration dialog. This can speed up LDAP domain enumeration by 3-6 seconds in mixed-level AD networks, or DCs that have been upgraded. You should normally leave the LDAP Server field blank. The only time it is needed is when your network is set up so that your Manager/Audit machine cannot enumerate the list of domains without being directed to a specific DC.
    • Added ICMP TTL (hop limit) to the Parameters subkey of DTManager (which controls both DTManager and DTAudit's behavior). The default value is 32. The allowed range is 1 to 255. Previous versions of Domain Time had a hard-coded value of 10. This value controls the number of router hops an ICMP echo ("ping") will be allowed. ICMP is used to verify reachability, primarily prior to trying to establish a TCP connection. Establishing a TCP connection can take an arbitrary amount of time depending on network topology and number of retries. Domain Time pings machines first to help eliminate long waits for machines that are unreachable. You should only need to adjust this value if you have an LAN/WAN configuration requiring more than the default 32 hops.
    • Added dynamic restart for RTAlert sharing if the port number is changed. This eliminates the need to stop and restart the Audit service.

  • DTTray
    • Set default value of "Allow Multiple Instances" to true instead of false. This value may be found in the tray's parameters subkey. If true, then on terminal servers, or on individual machines using the Switch User functionality, the notification area icon will appear on all instances. If set to false, only the first logon session will show the tray icon. Each instance of DTTray knows if it is a clone instance or not. Only the first instance will play chimes, although you may control them from any instance. Exposed this setting as a new checkbox on the Advanced tab of the Control Panel applet.

  • DTServer/DTClient
    • Added automatic management of Windows Firewall. See Auto-Manage Windows Firewall for details.
    • Changed behavior of the Analyze time samples from all servers and choose the best feature to stop iterating the time sources list if PTPv2 is currently a slave. This prevents NTP or DT2 samples from being collected during scheduled timechecks, since they are not desired when a PTPv2 slave is locked to its master. In prior versions, we recommended unchecking the analyze checkbox when using PTPv2, which had the drawback of preventing sample analysis of listed NTP/DT2 sources when PTPv2 fails. This change makes it as if you had unchecked the analyze checkbox only when PTPv2 is functioning as a slave. This change does not disable the "crosscheck" functionality introduced in 5.2.b.20120117.
    • Changed log message about not being able to start the system tray icon from error level to trace level to accommodate headless servers.
    • Added Time Sample PreFilters to the Parameters subkey for both DTClient and DTServer. This parameter is a REG_SZ (string), default value HighLow. This value controls the prefilters used to discard samples before applying statistical analysis. Prefilters only operate when there are five or more samples available for analysis, and are chiefly useful when the number of samples is very large, or the sources are unstable. It is best to leave this value at the default, which eliminates only egregious spikes. Statistical analysis of the entire group of samples usually performs better than prefiltering more samples out of the mix. Allowed options are HighLow, Latency, Delta, and Stratum. Prefilters are applied in the order listed; separate filter names with a comma or semi-colon. For example, HighLow,Latency would apply first the Highlow filter, then if at least five samples remain, the latency filter. Stratum,Latency,Delta would first apply the Stratum filter; then if at least five samples remain, the Latency filter; then, if at least five samples remain, the Delta filter. Changes to the list of prefilters are recognized only when parameters are reloaded (server stop/restart, machine reboot, a CPL-initiated sync, or a DTCheck /reload).
      Prefilter operations are:
      • HighLow (default) - Rejects the most extreme samples, based on absolute magnitude delta (max of 2 samples rejected)
      • Latency - Rejects highest latency samples (max 1/3 of samples rejected)
      • Delta - Rejects highest magnitude delta (max 1/3 of samples rejected)
      • Stratum - Rejects all but the lowest-stratum samples present. Be very careful with this filter. Example 1: If your selection of samples includes one sample from a stratum 1 server, and ten more from a mix of stratum 2 and stratum 3 servers, then all but the single stratum 1 sample would be rejected. Example 2: If your lowest-stratum samples are a mix of stratum 2 servers, then all the stratum 2 samples would survive, but all your samples from strata 3 and up would be rejected. It is probably better to use the "NTP Client Max Stratum" value introduced in version 5.2.b.20110224 to control the highest stratum acceptable for NTP sources. The Stratum filter introduced here applies to all sources that report a stratum, including NTP, DT2, and PTPv2 (the PTPv2 "stepsRemoved" value is used to mimic NTP strata, as documented in the release notes for 5.2.b.20150516). Samples that do not report a stratum are not eliminated by this filter.
    • Added pending leap second status to the global stats structure used to display stats in the Control Panel, in problem reports, and on the output of DTCheck /stats command. You must upgrade in order to obtain this new functionality.
    • Fixed unreported bug in the tLocalTime member of audit stamps. This member was the same as UTC time, but is not used for any functions; it was present for potential future use. If you need to know the time on a client or server, use either DTCheck [machine] /cmd=localtime for a display according to the target machine's local time, or DTCheck [machine] /cmd=systemtime for a display of UTC on the target machine.
    • Added near-future timecheck after the machine becomes a PTPv2 slave. Since it takes a few seconds to acquire and calibrate to a PTPv2 master after startup (or after you enable the option while the service is running), the machine can become a slave either during or immediately after the startup timecheck. In previous versions, this wouldn't be reflected in the stats of real-time alerts until after the next scheduled timecheck occurrs. From now on, the machine will schedule a timecheck for up to 15 seconds in the future, to allow the new slave to acquire sufficient time samples to report its status accurately. The delay is calculated based on the machine's state at the moment the machine becomes a slave.
    • Added Windows Event Viewer warning Event ID 3007 for when a time zone change is detected. Event ID 3008 still refers to a change only in Daylight Saving (a transition from standard to DST or back).
    • Corrected Server and Client to emit event log error codes 3000 and 3009 as documented.
    • Allowed the DT2-HTTP protocol time sampler to honor one level of redirection (HTTP response codes 301-307). If a redirection is indicated, the trace log will note that the time did not come from the source specified. This functionality is chiefly useful for admins who want to install IIS or Apache on the same machine as DTServer, but already have DTServer providing DT2-HTTP on port 80. They can change DTServer to serve on some random port (say 82), and set up IIS or Apache with a simple redirect to the same machine:82. Domain Time treats all 3xx redirects as absolute; that is, they should be set up with a full http://fullDnsNameOrIp:port rather than a /relativeToServer:port path.
    • Changed default UDP/ICMP receive timeout from 125ms to 1000ms (1 second). This value is used for all ICMP tests, and for most scanning and timecheck waits. The value is not changed on existing installations, but may be changed manually by editing UDP Recv Timeout (milliseconds) in the Parameters subkey of DTClient or DTServer. Change this value only if you are seeing timeouts due to slow LAN/WAN problems. The standard dtclient.reg and dtserver.reg files distributed with Domain Time set this value to 2000ms (2 seconds), so the new default only applies to new installations using customized template files with UDP Recv Timeout (milliseconds) either not included or included but set to zero.
    • Added ICMP TTL (hop limit) to the Parameters subkey of DTClient and DTServer. The default value is 32. Previous versions of Domain Time had a hard-coded value of 10. The allowed range is 1 to 255. This value controls the number of router hops an ICMP echo ("ping") will be allowed. ICMP is used to verify reachability, primarily prior to trying to establish a TCP connection. Establishing a TCP connection can take an arbitrary amount of time depending on network topology and number of retries. Domain Time pings machines first to help eliminate long waits for machines that are unreachable. You should only need to adjust this value if you have an LAN/WAN configuration requiring more than the default 32 hops.
    • Increased width of "Server name or IP address" column in trace-mode text log; added ellipsis to any server name truncated to fit.
    • Added faked-up NTP precision member to PTPv2 and DT2 time samples so ntpq results show a better representation of the server, even though the protocol wasn't NTP. Also fixed case where the RefID sometimes reported for peers depending on which protocol was used.
    • Changed two startup warnings to go only to the text log (not event viewer, syslog, or SNMP), because they are a normal function of the startup process. The two warnings are "Server will NOT provide the time to clients until its own clock has been set" (DTServer only), and "PTPv2 is running, but has not yet synchronized; no samples are available" (DTServer or DTClient).
    • Improved detection, from within a VM guest, that the machine has been resumed from the pause state or restarted from the saved state. Prior versions only detected resumption by examining TSC irregularities. These irregularities do not occur if the host is Win2012 or later with a CPU supporting invariant TSCs. Only guests running Win2003r2 or later can benefit from the improved detection, and only when running under Hyper-V. Earlier operating system guests, or guests running under VMWare, are not aware they have been paused unless the TSC misbehaves. Changed wording on CPL's Advanced tab to reflect the new functionality.
    • Added invalidation of accumulated PTPv2 samples upon resume from standby or resume from hibernation. Note that if the machine is a VM guest, and if time synchronization integration services are disabled, the clock will be wrong after resume from pause (standby), or restart from save (hibernation), by approximately the amount of time you had the guest paused or saved. Even though previously-collected PTPv2 samples are discarded and PTPv2 is skipped as a time source during the next timecheck, the PTPv2 state machine does not know it has been suspended, and therefore may take some time to recalibrate.

  • DTServer
    • Added code to allow a machine set to serve the time without having its own time set first to update the pending leap settings. This information is normally updated after each successful timecheck, but since a server set to use only its own clock as the time source will never have a successful timecheck, the code needed to be modified to ensure compliance with the new stats structure and remote queries.
    • Added code to support becoming PTPv2 master when clock is first successfully set, after the initial announce timeout waiting period has already elapsed. This change covers rare instances when the machine's normal time sources do not provide the time during service startup, and the machine is eligible to become a PTPv2 master once its own clock has been set.
    • Added server's current leap second status to the headers of a DT2/HTTP response.
    • Added server's current leap second status to the output of web page statistics.
    • Added registry setting Display Network Info (REG_SZ, string, default "True") to the HTML section. If you change this value to False and restart DTServer, then the webpage will not disclose any information about your network or timesources.
    • Changed the default HTTP listen port back to 80 (for new installs only). We had set the default port to 90 to avoid clashes with web servers running on the same machine (only one process may "own" a port), but this caused more confusion than it solved because an admin wanting to server DT2-HTTP would need to remember to configure all clients using it to use a non-HTTP port. This change only affects new installations.

  • DTClient
    • Added ability for client to use the configured list of time sources in addition to searching the local network when "Discover sources automatically" is selected on the Obtain the Time page. Click the Discovery Options... button to see the list of discovery methods. If the "Use servers in configured list of time sources" checkbox is checked, and if there are any enabled time sources in the configuration list, they will be added to the list of discovered sources. This checkbox will be checked by default on new installs; upgrades will not see the new behavior unless you choose to enable it. Domain Time Client comes pre-configured with a list of internet time sources, but also pre-configured to auto-discover servers locally instead of using the list. This new behavior will allow machines on networks without local time sources to use the configured list.
    • Added checkbox "Ignore DT2 masters, slaves, or independent servers observed via cascades" to the Discovery Options dialog to ignore masters, slaves, or independent servers discovered by overhearing their cascade signals. The default behavior, since version 4.1 until now, is for the discovery process to remember the last master, slave, or indie that had broadcast a cascade, and to use those (if present) instead of doing an active broadcast/multicast to locate a master, slave, or indie. You may now force the broadcast/multicast process by checking the new checkbox.
    • Added check for leap second status in headers of reply to a DT2/HTTP request.

  • Control Panel Applet
    • Added checkbox "Use servers in configured list of time sources" to the Discovery Options dialog (see DTClient for description).
    • Changed the drift graph's raw data report to say "UTC" instead of "GMT" in the date format.
    • Fixed text label to show "Service is running" or "Service is stopped" as appropriate.
    • Added ICMP test prior to establishing a TCP connection when testing Real-Time Alerts on the Status Reports page. This additional test makes the Control Panel applet's test function match what DTClient and DTServer already do.
    • Enhanced the error message information from failed testing on the Status Reports page to help diagnose problems.
    • Corrected unreported bug where a text log line could appear in the wrong color (green) for warning messages.
    • Changed text of checkbox on Advanced tab from "Signal resync if TSC indicates resume from pause (VM guest only)" to "Signal resync if VM guest resumes from paused or saved state"
    • Added checkbox "Allow multiple instances of tray icon" beside the checkbox for "Show system tray icon" (see DTTray section above for a description of what this checkbox controls).

  • DTCheck
    • Changed from version 4.x to version 5.x request for DTCheck [machine] /cmd="Audit Data". This provides more information, including pending leap second status. Note that the machine being queried must be version 5.2.b.20150516 or later in order for the leap second information to be present. You may continue using DTCheck [machine] /leapcheck against a Domain Time Server without upgrading, but this command will not work with Domain Time Client. If you don't upgrade your machines and want to know the pending leap status on Domain Time Client, you must examine the client's log file.
    • Enhanced output of DTCheck [machine] /cmd="Query Timezone" to show more information, such as the names for standard vs. daylight saving time, and the zone's changeover dates (if the zone observes DST and it hasn't been disabled). Note that this extra information is never available from DTClient, and is deliberately withheld by DTServer if the Allow clients to match this server's timezone checkbox is unchecked on the recommendations tab.
    • Updated /? documentation to show that either - or / may be used for switches, and to explain how the firewall commands operate. Please see Auto-Manage Windows Firewall for details.

  • NTPCheck
    • Enhanced search (when you issue ntpcheck.exe with no parameters) to use the same discovery techniques used by the dtcheck /variance search.
    • Widened first column of multi-column reports to accommodate IPv6 addresses more gracefully.

5.2.b.20150516 - Optional Upgrade

Several enhancements to deal with misbehaving PTPv2 grandmasters. One typo fix on the Control Panel Applet. Minor additions to NTPCheck. Several new features in DTServer and DTClient. One important change for those using DTServer on a 2012 or higher Domain Controller with Windows Time Clients if the domain functional level is set to 2012 or higher. Upgrade if you want the new features.

  • All
    • Added additional support for Windows 10 preview (calling itself version 10.0 instead of 6.3).
    • Changed default compiler option to /fp:fast instead of /fp:precise. This change only affects the use of floating point variables used for display or logging purposes.

  • PTPv2
    • Added countdown timer for two-step grandmasters to catch missing Sync Follow-Ups. Prior behavior left the machine in the Slave state, but with no time samples if the Follow-Ups did not arrive. New behavior is to call this an error condition.
    • Changed "Calibrating" mode (1588-2008 portState 8) to track incoming Sync and Sync Follow-Ups as well as Announces. Machines will not progress to Slave unless the grandmaster is also sending Syncs (and Sync Follow-Ups in the case of two-step clocks). Instead the machine will report it has failed to calibrate, and will revert to Listening. A grandmaster that sends Announces but does not send Syncs and Sync Follow-ups is either misconfigured or broken, and cannot be used as a time source.
    • Added extra PTPv2 debugging option PTPv2 timestamps, which displays the offset, packet arrival timestamp, ingressEvent timestamp, and origin (or preciseOrigin for two-step clocks) timestamps. It also shows the meanPathDelay and correction (or cor1 and cor2 for two-step clocks) at the arrival of each Sync (or Sync Follow-Up for two-step clocks). As with all debugging options, use this only when required to solve a particular problem, and turn it off again immediately thereafter. Debug logging during delicate time packet processing can significantly affect accuracy.

  • NTPCheck
    • Added syntax check for invalid parameters to display which parameter was wrong.
    • Added symmetric key (or Windows RID if using "key windows") number to -raw display output.
    • Added -help as a synonym for the standard ? parameter.
    • Added additional samples for help's output and clarified the general instructions.
    • Added more information for when either Windows or NTP Symmetric Key authentication fails

  • DTServer/DTClient
    • Added additional rate history information to the startup banner
    • Added NTP version, stratum number, and reference source to trace-level log display "Time sample from..." if the source was NTP. This is for informational purposes only.
    • Changed NTP "Kiss-o-Death" detail display to trace-level output. An "Access Denied" error-level line will still be generated, since the server's time is unusable regardless of the reason.
    • Changed NTP client default request version from 3 to 4. This can be overridden by changing the NTP Client Version value in the Parameters section of the registry. Any value from 1 to 7 is legal, although using anything but 3 or 4 is not recommended. Note that the change will only affect new installations, since the NTP Client Version value will already be set to 3 in existing installations.
    • Reduced threshold for determining phase "runaway" to allow extremely unstable machines (or machines with extremely unstable networks or time sources) to recover more quickly from false analyses.
    • Added registry parm (REG_MULTI_SZ) Dependent Services in the Parameters key. Any services listed here will be started by Domain Time after the first successful timecheck, as long as the services are set to manual start. This is an alternative to using the built-in service database's dependencies. If you use the built-in functions, dependent services will wait for Domain Time to start, but won't know to wait until the first synchronization has completed. You may list services by their display names (e.g. "Disk Defragmenter") or by their internal service names (e.g. "defragsvc"). List services one per line, without quotation marks. Domain Time will only attempt to start services that are listed, not yet running, and set to manual startup. Note: If Domain Time cannot set the clock for some reason (invalid sources, firewall settings, etc.), then services you have set to manual start will not be started.
    • Added registry parm (REG_SZ) Clock Adjustment Statistical Method in the Parameters key. The default value is Automatic. Domain Time uses the calculated performance to evaluate and remember each integral rate it tries. Changes to this setting take effect immediately after the next group of samples is ready for analysis. You do not need to restart the service. You should clear your clock history using dtcheck -resettimings before changing this value. Allowed values are:
      • Automatic - On Vista/2008/Win7/2008r2 machines, Automatic will use the median value from each group of samples. On all other versions of Windows, it will use the arithmetic mean (average) of each group of samples.
      • Average - The arithmetic mean of values
      • Median - The median number in the array of values
      • Toss (same as Toss Hi-Lo) - average of values excluding the highest high and lowest low
      • RMS - the quadratic mean (signed root-mean-square) of the array of values
      • Disabled - no statistical analysis is retained for future comparison
    • Added extra debug output for phase change calculations and bucket summarization, including the type of analysis used, and the statistical range.
    • Added registry parm (REG_DWORD) Clock Adjustment Bucket Size in the Parmeters key. The default value is 7, although 5 (not configurable) is used during clock training. The bucket size is the number of samples collected before a particular rate is evaluated. The minimum value allowed is 3, and the maximum is 32. You should not change this number unless instructed by techsupport.
    • Added dynamic determination of NTP-style stratum level, based on strata reported by sources (including PTPv2, which uses "stepsRemoved" to correspond, roughly, with NTP strata). Since Domain Time can use multiple sources with multiple protocols, there may not be an ultimate single stratum from which time was received. In these cases, Domain Time takes the highest-level stratum of all used sources (discarded sources are not counted), and adds one to derive its own stratum number. So, for example, if Domain Time obtains its time from a PTPv2 grandmaster directly, it will report itself as stratum 2. If it receives its time from three NTP sources, two of which report stratum 1, and one of which reports stratum 2, Domain Time will report itself as stratum 3. If all three NTP sources reported stratum 1, Domain Time would report stratum 2, and so forth. Domain Time caps its stratum at 15, reserving 16 as an error, and 17-255 as meaningless (per the NTP RFCs). The reported stratum is now included in audit data as well as time responses. It is mainly of use in Domain Time Server, where other machines may choose to use the reported stratum to choose clocks (a configurable option in certain Linux ntpd implementations).

      The prior behavior was for Domain Time Server in the master role to report itself as stratum 2, presuming that it got its information from a stratum 1 device like a hardware appliance. Domain Time Server in the slave role reported itself as level 3, on the assumption that it got its time from a Domain Time Server Master. Clients internally considered themselves stratum 2, but since they don't serve the time, this wouldn't affect clock selection algorithms.

      The registry DWORD NTP Server Stratum in the Parameters key on Domain Time Server defaults to zero, which means that Domain Time itself should determine what stratum it reports. Setting this to any value between 1 and 15 will force Domain Time Server to skip derivation and simply use the stratum provided in all cases.

  • DTServer
    • Added NTP support for 120-byte requests. These requests come from Windows Time clients in a domain environment, where the domain functional level is 2012 or above, and where the client is also Windows 2012 or above. See Microsoft's "[MS-SNTP] v20140502 - Network Time Protocol (NTP) Authentication Extensions" for details. Domain Time does not attempt to honor the bit-flags; upon recognizing an ExtendedAuthenticator request, it sends the standard 68-byte signed reply. Clients use the reply to decide dynamically how to query the server on future requests. This support may not work in all circumstances. Our advice remains to avoid using the Windows Time service as a client, since it uses proprietary extensions to the NTP RFCs, and does not keep accurate time.

  • Control Panel Applet
    • Fixed unreported typo in prompt on main Security dialog.
    • Added PTPv2 timestamps to the scrollable list of checkboxes of types of debug details.

5.2.b.20150307 - Optional Upgrade

Several small bug fixes and enhancements. Upgrade if you are affected by any of the bugs, or if you want the new functionality.

  • DTAudit
    • Changed sync log collection for audited NTP machines to use hectonanoseconds instead of milliseconds.
    • Added ability to collect PTPv2 offset data during collection of synchronization logs.
    • Fixed unreported bug that could cause false alert if double-checking is enabled and the second check failed.
    • Changed debug output of NTP queries to show ASCII for Kiss-o-Death and Primary machines, IP addresses for others.
    • Changed log output when pruning old records from "drift file" to actual filename for disambiguation.
    • Added checkbox "Add machines discovered by receipt of startup Real-Time Alerts" to Advanced/Audit List Management dialog. If checked, and a previously-unknown machine sends a Real-Time Alert shortly after boot or service restart, Audit Server will attempt to add the machine to the audit list. The sending machine must respond to Audit Server's query before it can be added. Audit Server will only try unknown machines a few times before giving up.

  • DTManager
    • Fixed failure to load symmetric keys when using the host machine's list of time sources.

  • DTAlert
    • Made "lost connection" dialog auto-dismiss after 10 seconds.

  • DTServer/DTClient
    • Corrected Server and Client to emit event log error code 4009 as documented.
    • Enhanced MD5 symmetric key import/export to support more formats.
    • Added extra debug output for PTPv2 master selection sample validation.
    • Added workaround for invalid PTPv2 Announce packet logMessageInterval outside allowed range of 0-4.
    • Added ability to supply PTPv2 offset data during remote collection of synchronization logs.
    • Added UDP reset and outgoing TTL/hopcount to generic outgoing sockets used as helpers when the correct outgoing interface is known (as opposed to the server listening sockets, or dynamically-created sockets for client-server transactions). The generic outgoing sockets are primarily used by PTPv2, but occasionally by other protocols.

5.2.b.20140922 - Optional Upgrade

Support for Windows 10 pre-release. Optional encryption for email. Several small bug fixes and enhancements. Upgrade if you are affected by any of the bugs, or if you want the new functionality.

  • All
    • Added support for Windows 10 workstation and server pre-release (Windows internal version 6.4) to all components. Complete support is not possible until the RTM versions become available.

  • SMTP Email
    • Added dropdown beside server port box to select the type of security/encryption. The options are no encryption (default), STARTTLS if available, STARTTLS required, and SSL/TLS (end-to-end encryption). When you change the dropdown, it will automatically update the server port number to the default for that type of connection. If you are using a non-standard port, you may change the port number manually after selecting the type of security desired. Note: For STARTTLS or SSL/TLS to work, the server must have a working certificate installed and support either SSL/TLS or STARTTLS.
    • Added registry value HKEY_CLASSES_ROOT\Gap\GWServiceSMTP\TLSIgnoreCertErrors (default 0). If this value is zero, the server cert must pass all tests. If the value is non-zero, it is a bitmask specifying which particular types of errors may be ignored. See Microsoft's documentation for a list of certificate errors that may be ignored. Use a logical OR to combine multiple values.
      • 0x00000080 - Ignore errors associated with certificate revocation
      • 0x00000100 - Ignore errors associated with an unknown (or self-signed) certificate authority
      • 0x00000200 - Ignore errors associated with wrong use of a certificate
      • 0x00001000 - Ignore errors associated with an invalid/mismatched common name
      • 0x00002000 - Ignore errors associated with an expired certificate

  • DTAudit
    • Corrected Daily Report output field "LastVariance" to show by how many milliseconds the audited machine corrected its clock (conforms with documentation). It was showing a truncated version of the delta at the moment of audit instead. Sub-millisecond correction data is only available from the text log or drift graph on each machine.
    • Changed trace-level log output of Real-Time Alert status changes to indicate all changes, not just changes to warning or error status. In earlier versions, one must use debug-level logging to infer upgrades in status rather than having them called out specifically.

  • DTMonitor
    • Fixed routine that purges old history data files. Also added immediate purge when CPL values for retention are changed.
    • Added up to 30 second delay before startup scan, so that the first scan after a reboot doesn't run until after the machine has a chance to set its clock. The amount of time depends on whether DTMon is able to determine that DTServer or DTClient is installed, and, if so, its synchronization status.
    • Added check for invalid stGlobal member of audit stamp reply from versions 1-4 (inclusive). These older versions of Domain Time can sometimes return either zeros or unconvertable values if audited during a timecheck.

  • DTManager
    • Added command-line option EXPORT filename to dtman.exe. This produces a rudimentary comma-separated-value output file containing the contents of Manager's database. For example, dtman export c:\machinelist.csv would write the contents of the database to the file c:\machinelist.csv. If the file already exists, it will be overwritten. The first line contains the field names: "Type", "Audited", "Domain", "Name", "IPAddress", "LastContactUTC", "RTStatus", "PTPStatus" and a CRLF. Each subsequent line will represent one entry from the database. All fields are enclosed in double quotation marks, and each line is terminated by a CRLF. The "Type" field will be one of DT2, NTP, PTP, W32, or UNK(nown). "Audited" will be either "Yes" or "No". The "RTStatus" field will be "None" if the machine is not reporting via Real-Time Alerts. The PTPStatus field will be blank if no PTPv2 information is available. The "LastContactUTC" field will be in yyyy-mm-dd hh:mm:ss format if contact has ever been established, otherwise it will be blank.
    • Updated XML-format output for compatibility with more versions of Microsoft Excel and OpenOffice. Added extra xmlns schemas, and corrected format of cells with string content. XML output now passes all XML Validity checks.

  • DTCheck
    • Updated to allow firewall options to work with Windows 10.

  • DTServer/DTClient
    • Changed NTP Client to recognize NTPv4 "Kiss of Death" packets. If a response from a server is valid, but claims stratum zero, then the server should not be used. Domain Time puts a message in the log.

  • DTServer
    • Changed NTP Server to send Stratum 16 (unsynchronized) as well as setting the leap indicator to 3 (unsynchronized) when the server has not yet synchronized.
    • Changed NTP Server to allow malformed NTPv1 requests for compatability with very old embedded systems.

5.2.b.20140707 - Optional Upgrade

Several enhancements and minor bug fixes. New features and behavior for Audit Server's Daily Reports and Standby Mode. Better handling of PTPv2 automatic settings. Improved distribtion of pseudo-random numbers throughout very small ranges (used to keep multiple machines busy synchronizing the time rather than their packet-sending activity).

  • DTAudit - Daily Reports
    • Fixed reported bug in LocalTime field (was displaying UTC, not local, time)
    • Added LocalTime# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added LastContact# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added InstallDate# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added UnixTime# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added LastSet# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added LastStartup# field (displays in yyyy-mm-dd hh:mm:ss format)
    • Added VarianceHNS field (displays unsigned variance as fractions of a second with 7 significant digits)
    • Added sVarianceHNS field (displays signed variance as fractions of a second with 7 significant digits)
    • Added PTPState field (displays "Listening" or "Slave" or "Master" etc)
    • Added PTPMaster field (if machine is a slave, displays the master's IP address if known)
    • Increased height of field selection dialog box to make it easier to find available fields

  • DTAudit - Standby Mode
    • Fixed unreported bug where the number of allowed standby replication failures was not being saved in the registry. Upon reboot, or upon exiting/reentering standby mode, it would reassume the default value of 5.

  • DTMonitor
    • Fixed bug introduced in the 5.2.b.20140523 release that caused Monitor to always report zero machines discovered on the network.
    • Added an option to have each excessive variance reported individually to the Event Viewer log. This option emulates version 4.1's behavior. A new checkbox on the DTMonitor Control Panel applet, Alerts tab, "Summary Event Only" is checked by default. Uncheck this box to obtain a warning (Event ID 1001) in the Event Viewer log for each machine whose variance exceeds the limit.

  • DTManager
    • Fixed "View..." menu item on the Daily Reports menu so that it provides an Open File box with a default of *.* instead of *.txt. In the 5.2.b.20131101 release, we made the daily report filename's extension configurable (so that users could name the file .csv instead of .txt, for example). The Open File dialog was never updated to display files named with any other extension, forcing the user to type *.*[Enter] in order to see the files.
    • Fixed bug introduced on 26 Dec 2013 that defaulted the UDP and ICMP receive timeout to 1 millisecond. The minimum allowed value is 2, and 55 is the default for a "fast" local LAN. When Manager loads, if it finds the receive timeout set to 1, it will change it to 55. If you want a lower value, you may adjust it down again.
    • Changed method of validation used to verify the domain/username/password used when changing Audit Server into Standby Mode. This change does not affect Audit Server itself, but only how Manager interprets the information when you are interacting with the dialog box. Audit Server normally operates under the LocalSystem account credentials, and it can therefore use the supplied credentials in a way that a foreground user cannot. The dialog now does its best to determine whether or not Audit Server will accept the credentials, rather than trying to use them the way Audit Server does as its test. This change only affects interactions between stand-alone workgroup machines and domain machines, or between domains where no transitive trust has been created.

  • Control Panel Applet
    • Changed the behavior after stopping/restarting the service using the "About" page of the Control Panel applet. Instead of waiting until the service has completely finished starting and is answering network requests, it now waits only until the service has started successfully without also waiting to refresh the statistics display (which may not be available for several seconds after the service starts).
    • Fixed server statistics display from DTTray.

  • Log File Viewer
    • Added some right-click options; fixed search so that the first find scrolls the found text into view; added F5 for refresh when not set to auto-refresh; showed keyboard shortcuts on menus and popups.

  • DTServer/DTClient
    • Fixed unreported bug in CIDR mask evaluation for IPv6 where all link-local addresses were matching the keyword "localhost" (only [::1] should match).
    • Rewrote IP enumeration routine and triggers for it, so that IPs are only reenumerated after all change notifications have been received (delay of up to 3 seconds after first IP change notification).
    • Changed getaddrinfo() inside local socket enumeration (prior to bind) to use "..localmachine" instead of "" (a zero-length null-terminated string) when querying with the AI_PASSIVE flag for non-XP machines.
    • Removed unneeded "Found IP ... in list of bindable addresses" debug-level messages during bind. If binding to all IPs, it doesn't matter. If binding to a specified list, each IP is already mentioned as either matching or not matching the specification.
    • Removed unneeded sockets enumeration log messages when re-enumerating as a result of a change notification; only the newly-added or just-removed IP addresses are mentioned.
    • Added port number to protocol name in debug-level "Stopping all listeners for..." messages.
    • Added UDP or TCP to debug-level socket creation messages.
    • Added internal flag to suppress outgoing Real-Time Alert messages during rebinding caused by IP change or a change in allowed listen addresses, only if Audit Server is running on the same machine (because the node is likely set to report to Audit Server, and won't be able to during the rebind operation).
    • Added ICMP check before using TCP for sending Real-Time Alerts; this helps identify whether the target is up more quickly than just connecting. (Note: It also means your Audit Server must be PINGable from each reporting machine if you are using TCP for Real-Time Alerts. If you are using UDP, Domain Time simply sends the report, waits for a reply, and calls it a timeout if no reply is seen.)
    • Moved sending of Real-Time Alerts into a work item, so that if connects (or failures to connect) take a long time, it will not interfere with normal responsiveness of the service to external signals).
    • Changed startup banner (the startup display in the text log that shows settings) to indicate if the admin has overridden the default number of IOCP handler threads.
    • Fixed automatic calculation of required IOCP handler threads to a minimum of two (instead of one) for DTServer, regardless of the number of processors. The minimum of one thread for DTClient remains unchanged, but the default is now two on multiprocessor machines.
    • Added check on DTServer that, when running as a master or slave, looks to see if the PDC-Emulator role has changed at each timecheck. In prior versions, the new PDC-Emulator would notice immediately, but the old one might believe it was still the PDC- Emulator until queried. Note that due to Active Directory propagation delay, a transferred PDC-Emulator role may not be seen by all slaves at the same time.
    • Fixed Status Monitor (default port 9911), which, due to a typographical error in the code, stopped working after version 20140303.

  • DTCheck
    • Changed behavior when no machine name is specified on the command line. Instead of using the machine's NetBIOS name as the default, DTCheck looks at the list of IPs on which the service (either DTClient or DTServer) is listening, and selects the first one in the list (normally This allows DTCheck to work when you have the service set to listen to only certain IP addresses. You may regain the original behavior by using the NetBIOS name on the command line.

  • NTPCheck
    • Increased the speed of -hammer2 test by several hundred-fold to stress-test a server more severely. When -hammer2 is used with the -noreply option, NTPCheck will send request packets as fast as possible on a single UDP socket. Use with caution.

  • PTPv2
    • Changed startup sequence so that PTPv2 isn't considered "running" until all PTPv2 listeners have finished initializing. This prevents a race condition where the PTPv2 "Event" port is up and an announce arrives and the timer is set, but the "General" port is still initializing, so the timer could expire too soon. This conditional is entirely theoretical, and has never been observed outside of deliberately causing it by artifically blocking the initialization process. However, saving the "running" state until both listeners are up cuts down on ignored debug messages if full PTPv2 debug-level logging is enabled, so addressing the theoretical flaw has a practical benefit.
    • Added retries if no reply from master on management PORT_DATA_SET request. Enhanced debug output from reply processing to show which settings were ignored (no change), accepted (automatic settings, and information from master differs from current settings), or rejected (differences, but not using automatic settings). Also updated PTPv2 Stats dialog to show error reason if unable to obtain the master's PortDS information.
    • Addressed subtle race condition in processing messages from two-step grandmasters. UDP packets are not guaranteed to arrive in order, but a Sync message must be processed before its corresponding Sync Follow-up message in order to produce a valid offset. Because two-step grandmasters send the Sync Follow-up message within microseconds of the Sync, it's possible for any given machine to receive them either simultaneously (on different threads), or out of order. This fix also addresses the Peer-to-Peer delay measurement mechanism if the peer sends a two-step reply.
    • Changed default PORT_DATA_SET method to use multicast instead of auto-detect. Added option on PTPv2 Advanced page of the Control Panel applet to control this behavior. The drop-down offers "auto," "unicast," and "multicast" for the send method. The former default was auto-detect. Clicking the Reset to Default button on the dialog will change the drop-down to multicast.

5.2.b.20140523 - Optional Upgrade

One minor bug fix in DTServer; one minor bug fix in DTAudit; several minor enhancements and changes throughout. Added code to DTClient and DTServer to support forthcoming enhancements to Manager. Important: Upgrade your management workstation before deploying upgrades to DTServer or DTClient. This will prevent backward-compatibility problems with Real-Time Alerts. Older version of Audit Server may misinterpret the PTPv2 "lost master" Real-Time Alert as an excessive delta. Our recommendation for those using Audit Server/Manager has always been to upgrade the management workstation first, then deploy upgrades to clients and servers.

  • All
    • Added DTHRes32.dll and DTHRes64.dll to all distro zips. They were formerly included in only the eval version, which contains all files, and in the SDK distro, which contains only SDK files (SDK license still required for use). Added support for updating copies in the main Manager folder during installation/upgrade of Management tools. Setup does not attempt to locate and update copies elsewhere.
    • Added signals between Audit Server, Manager, and Update Server to notify each other of database (cache) extension operations. This allows components to remap their shared view of the database immediately instead of waiting for the next audit/refresh/discovery cycle.

  • DTAudit
    • Updated Audit Viewer (dtreader.exe) to show NTP version used for NTP Servers on the summary page.
    • Updated Audit Viewer's details page: the entry "NTP Protocol Used" was changed to "NTP Time Software," and the value displayed is whatever shows in the "Time Software" column in Manager. This data is automatically collected if available, or may be overridden by the admin.
    • Added ability for Daily Reports to show %LastSet% and %UTC% variables for NTP Servers.
    • Fixed invalid date in Real-Time Alert emails. Email notifications are sent after all pending Real-Time Alerts are handled. Prior to this fix, if an admin had Manager open at the time of an alert, and acknowledged it before before the corresponding email was sent, the email would show an invalid date (normally midnight 01 Jan 1970, corrected for local time). This fix allows the date to persist after an alert is acknowledged.

  • DTManager
    • Added checkbox on the display Format Options dialog option to sort columns showing variance (deltas, latencies, or offsets) by absolute value rather than by signed value. If checked, and if sorting on one of these columns, the list will be sorted by magnitude. If unchecked, negative values come before positive values.

  • DTCheck
    • Modified -resettimings and other reset routines so that only -prepclone deletes the PTPv2 cached clockIdentity value. Removing the cached clockIdentity is very important for preparing to clone, but inappropriate for any other kind of reset.
    • Removed DNS lookup from replies to broadcast/multicast commands. Changed to displaying only the IP of the responder.

  • DTServer
    • Allowed symmetric key authentication to work with DT2-TCP as well as with DT2-UDP. Clients would send the auth information, but server rejected the packet size as being too big because it wasn't expecting the extra auth information. Bug reported by customer.
    • Undid change in 5.2.b.20140404 to discovery commands. The extra information is only used for debugging purposes on 5.1 forward, and older versions of Domain Time can't understand IPv6 addresses.
    • Changed log level for becoming a PTPv2 master from trace to info (to match becoming a slave).

  • Control Panel Applet
    • Added an "Advanced" button to the PTPv2 options dialog, and moved seldom-used items there. Also added options on the new advanced dialog to control handling of management messages and for manually setting the machine's clock identity.
    • Changed PTPv2 stats collection to reflect only packets applicable to the machine's current state. Announces for the current domain are always counted, but announces for other domains are not. Similarly, if multiple masters are online, only syncs from the chosen master increment the count of syncs.
    • Added new debug-level output option to show all incoming PTPv2 announce messages, even if they are ineligible for selection as master. You should use it in conjunction with the master selection process option, to see which announces are being ignored and which are considered master candidates. Added pop-up to remind users to switch back to trace or info level after debugging.
    • Added new counters to PTPv2 stats display.
    • Added right-click copy selection to clipboard on the log file viewer (Ctrl-C has always worked, but newer users may not know the historical keyboard shortcuts). Also added Ctrl-O as a keyboard shortcut to open the file in Notepad. Ctrl-F (find) unchanged.

5.2.b.20140404 - Recommended Upgrade

One important bug-fix (upgrade recommended: see below); several minor enhancements to the visual aspects of DTManager; one minor enhancement to Domain Time Server; several internal changes to PTPv2 handling and capabilities.

  • DTServer/DTClient
    • Important: Fixed unreported bug that could trigger a Denial of Service attack if a malicious or inadvertently malformed PTPv2 packet is received. Versions of Domain Time between 5.2.b.20121111 and 5.2.b.20140303 (inclusive) are vulnerable. Although we have no reports of this potential being exploited, you should upgrade vulnerable versions.
    • Added checkbox to the Control Panel applet's Security tab to expose whether or not remote time zone changes are allowed (formerly a registry-only setting).
    • Added thread and CPU counters to list of debug categories selected when you click the "most essential" preset.
    • Added debug category for dropped PTPv2 announce and sync packets. Occasional dropped packets are normal and do not interfere with PTPv2's operation. This category of debugging lets you see when an expected packet doesn't arrive on time, to help debug unexpected state transitions. These debug messages show how many expected packets in a row were dropped, up to the point where the lost-master state begins.
    • Added debug-level logging category for PTPv2 state changes; this includes internal logical changes, and also whether or not a notification was sent as a Real-Time Alert due to the state-change.

  • DTServer
    • Added IPv6 addresses to the list returned by the DT2 discovery commands. Also changed the order of returned IPv4 addresses so that the one most likely to be useful to the caller (based on the network class of the request's source address) is presented first. The former behavior was to present the machine's primary IP first.
    • Fixed unreported bug that prevented Manager from setting the time zone on DTServer if DTServer wasn't also allowed to provide time zone information to clients.

  • DTAudit
    • Added help command to DTAlert telnet-like protocol
    • Added support for remembering the PTPv2 state on each reporting machine; this information also appears in the debug-level text log file.

  • DTManager
    • Corrected problem deleting domains on the left-hand side (tree) using right-click followed by Remove Domain from Cache.
    • Added version string to uninstall information.
    • Fixed unreported bug that sometimes prevented Manager's status bar from being redrawn every time the main windows was dragged to resize.
    • Added column to Real-Time Alerts list showing current PTPv2 state. In order for this information to be fully-reliable, reporting machines need to be upgraded, too. If you upgrade Manager and Audit Server without also upgrading the reporting machines, Manager will display limited, possibly stale, information in the PTPv2 state column.
    • Fixed display of upcoming leap second deletion from "58" to "59" as the number of seconds in the last minute of the last hour of the last day of the month in which the leap second is to be subtracted. Since there has never been a leap second subtraction since the inception of leap seconds (they have all been additions), this was an invisible bug.
    • Changed the Interface Colors dialog so that changes are shown immediately when chosen, rather than after the Apply button is clicked.
    • Added two new interface color choices, used when displaying the Domain Time version. Now machines with older (or newer) versions of DT than Manager's version are visually identified as different. This makes selecting machines for upgrade easier.
    • Added "hand" cursor when hovering over the name or IP address of a machine to indicate visually that double-clicking will invoke the Control Panel applet (or other behavior if the machine isn't controllable).
    • Fixed lack of color and "hand" cursor in the Audited column of the Real-Time Alerts list. The Audited column has always been double-clickable (in all lists), but wasn't showing color in the Real-Time Alerts list.

  • DTCheck
    • Fixed unreported bug in output from -cmd="query timezone". DTCheck now reports whether or not the machine allows clients to match the server's time zone. The same bug prevented DTCheck from displaying the name of the server's time zone.

  • All
    • Widened internal calculations of Unix time from 32 to 64 bits to prevent January 2038 rollover. Also enforced interpretation of on-the-wire 32-bit representations to unsigned (extends rollover by 68 years). This change allows for test situations with the system clock set to 2038 or beyond; it has no effect on date/time calculations in other circumstances.

  • PTPv2
    • Added "Slave Packet Receipt Grace Period (milliseconds)" registry value, default 500. This value is added to the master's reported packet frequency (ANNOUNCE and SYNC/SYNC_FOLLOW_UP messages) to determine whether a subsequent packet is late.
    • Added support for CIDR masks as well as full IPs in the Best Master Clock list of acceptable servers. Admins may mix/match specific IPs and CIDR masks in IPv4 or IPv6. The use of hostnames in this list is allowed but strongly discouraged. "Localhost" or or ::1 should never appear in the list of possible masters.
    • Added support for COMMAND/ACKNOWLEDGE and SET/RESPONSE to the PTPv2 NULL_MANAGEMENT TLV. All other management TLVs only respond to GET commands, as before.
    • Changed meaning of "Slave PortDataSet Check Interval (seconds)" to allow a setting of 0xFFFFFFFF (decimal 4294967295) to mean the master's Port Data Set should only be requested once, when first calibrating a master before entering the slave state. The new range is therefore 0 through 0xFFFFFFFF, with zero meaning "never," 0xFFFFFFFF meaning "one-shot," and any other number meaning once when calibrating, then every x seconds thereafter. The default remains 3600 seconds, which means when first calibrating and then hourly thereafter. This is a registry setting not exposed via the Control Panel applet. You must either restart the service or issue dtcheck -reload for the service to recognize the change.
    • Started using registry value "TAI-UTC Offset Discovered (seconds)" to determine whether to send PTPv2 timestamps in proper ptpTimescale (that is, sending TAI and specifying a non-zero utcOffset), or in faked-up ptpTimescale (that is, sending the current UTC time-of-day including cumulative leap seconds, while saying the offset is valid but zero). If set to a non-zero value, proper ptpTimescale will be used. If zero, faked-up ptpTimescale will be used. At any time, if the node becomes a slave to a grandmaster using proper ptpTimescale, then the registry value will be updated to reflect the current cumulative leap seconds since the PTPv2 epoch. If the node then transitions to master, it will know the current offset and use it. If the node never synchronizes with a grandmaster that supplies proper ptpTimescale, the registry value will remain unchanged.
    • Added several PTPv2 management message handlers for seldom-used management TLVs.
    • Added the ability to send PTPv2 errorTLVs in response to invalid or unsupported management TLV requests. This ability is controlled by the registry setting "Management Error TLVs Enabled" and defaults to false (i.e., no error TLVs are returned), on the presumption that less traffic is always desirable. You may change this value to true if your PTPv2 management software expects or requires error responses in order to determine capabilities. You must restart the service or issue dtcheck -reload for the service to recognize the change.
    • PTPv2 operating in master mode now sets the leap flags according to its best knowledge. Typically, only GPS receivers, or time sources derived from them, know of pending leap seconds. If the machine synchronizes with a source that (ultimately) derives from a GPS receiver, then the leap flags will be correct.

5.2.b.20140303 - Optional Upgrade

Mostly internal enhancements, with one important fix, and several unreported bugs fixed. Some "best practices" upgrades that don't affect operation. Some cosmetic changes, mostly to the PTPv2 master settings on DTServer. Several PTPv2 "management message" fixes. Upgrade if you are experiencing any of the referenced problems, or if you need the new functionality.

  • All
    • Added full path names to dynamically-loaded operating system DLLs to follow best practices for security (no known vulnerabilities).
    • Centralized defines for _WIN32_WINNT, _WIN32_IE, and similar compile-time constants into single header file shared by all components to follow best practices (no known problems).
    • Fixed wording in .txt and .htm files in the distro zips that still referred to version 5.1.
    • Highly optimized debug-level logging to help prevent log activity from interfering with time-sensitive activities. However, our recommendation remains to avoid debug-level logging unless you are looking for the cause of a specific problem. Debug-level logging can lessen the syntonization of Domain Time with its source, and should always be turned off after you finish troubleshooting. This is especially true for PTPv2, which can generate an immense number of debug-level messages.

  • DTServer
    • Further fix for bug reported fixed in version 5.2.b.20131101 where server announce and sync intervals didn't match CPL settings. While the 5.2.b.20131101 fix ensured that announce and sync intervals matched when a machine assumed the PTPv2 master role, it did not address the possibility of an admin changing the settings while the machine was already a master. In this case, the machine would advertise the new intervals (thanks to the 5.2.b.20131101 fix), but use the old ones. Now the server will both begin using and advertising the new intervals immediately, without having to lose and reacquire master status.
    • Added ability for PTPv2 master to advertise itself as clockClass 13 (grandmaster quality with ARBitrary timescale). Changed wording on the Control Panel dropdown to show clockClass numbers and descriptions: "Primary" changed to "6 Grandmaster (PTP timescale)"; "13 Grandmaster (ARB timescale)" added; "Default" changed to "248 Default (low quality)"; and "Slave-Only" changed to "255 Slave-Only (unreliable)." Note that, by default, DTClient will not synchronize with a master advertising the ARBitrary timescale. Strict compliance with IEEE1588-2008 requires the PTP timescale. This option is provided for compatibility with other vendors' software.
    • Changed the default selection of clockClass for PTPv2 masters from 248 to 6.
    • See first entry in DTServer/DTClient below. If you have your server configured to step-only, and you have changed the default minimum correction limit to some value larger than the default 1ms, then your server may begin serving the time without correcting its clock. This is the proper behavior, since the server has checked with its sources and determined that its time is close enough to continue, but may produce unexpected results if you were counting on an initial step to occur regardless of the minimum correction limit. Our recommendation continues to be to use the default setting of 1ms for the minimum correction limit, and to use slewing rather than stepping.
    • Changed PTPv2 master message intervals to drop-downs to ensure admins don't enter values that aren't natural powers of two. While Domain Time can use any interval, the PTPv2 spec requires the intervals to be natural powers of two, and this information is transmitted along with outgoing PTPv2 announce and sync packets. A naive slave might not understand whether to round up or down if the value sent isn't a natural power of two.
    • Removed call to NetrLogonSetServiceBits on non-domain machines, regardless of registry overrides for whether or not the machine should be considered a reliable time provider. Calling this function from a workgroup member will always produce a meaningless error code.

  • Control Panel Applet
    • Fixed typo in dropdown display for PTPv2 IPv6 multicast address (said FF0x:1181 instead of FF0x:181).
    • Changed checkbox "Enumerate multicast interfaces during IPv4 bind" to "Enumerate multicast interfaces during IPv4/IPv6 bind"
    • Added "Network enumeration and bind success messages" to list of suppressable debug text log categories.
    • Changed wording on PTPv2 settings from "Refuse to synchronize with any master clock except those specified below" to "Only select best master clock from among those listed below."

  • DTServer/DTClient
    • Fixed unreported bug that caused the minimum correction limit (ms) to be ignored when stepping the clock. This only affects those who have changed the default minimum correction limit from 1ms to some larger number, and only when slewing was either disabled or not possible.
    • 5.2.b.20140101 introduced a small internal cache for IPv4 lookups; under some circumstances, a cache hit could fail to be be marked as IPv4, leading to "unknown" being reported in the Raw Data text expansion of a drift data file. This version ensures that the IP address is marked as IPv4, so it can be displayed properly.
    • Eliminated redundant resync triggered by service notification of clock change event after stepping the clock.
    • Added default listen IP suggestions when first selecting "Listen only on these addresses" (i.e., the list is blank). When operating on the local machine, the default is all networks/CIDR masks, plus localhost. When operating on a remote machine, the netmasks cannot be determined, so the hostname, IP address (if known) and localhost are used. These values are suggestions only; we presume that an admin who is setting specific listening addresses will know which ones are desired and which ones are not.
    • Added a new category of suppressable debug messages: "Network enumeration and bind success messages." This information is of great usefulness in diagnosing problems due to misconfigurations or network oddities, since it shows exactly what IPs and interfaces are found, bound, and used for each instance of each protocol, but is otherwise not needed.
    • Changed enumeration of multicast interfaces for individual binding to include IPv6 as well as IPv4 when specific IP address are not provided (i.e., "Listen on all IP addresses" is selected).
    • Added ability to detect IPv6 address changes and signal rebind/resync (same behavior as for IPv4).
    • Fixed unreported bug with PTPv2 management messages where the targetPortIdentity.portNumber was not being set correctly on replies.
    • Added missing members and corrected faulty packing on PTPv2 management GET replies to parent data set and port data set. Also changed the productDescription field in the clock description from "Greyware;5.1;" to "Greyware;Domain Time Server;" or "Greyware;Domain Time Client;" (each followed by the serial number of the unit). Management stations may use the productDescription field to determine whether or not the parent and port data sets will return the expected data in the correct formats. Note: Domain Time Server, when acting as a PTPv2 Master, may return 0 in the delayMechanism field of the port data set. This value indicates that Domain Time Server will respond to either E2E or P2P requests. If you want it to respond to only E2E or P2P and report that in the port data set, change the PTP Profile dropdown to something other than auto-detect. The dropdown affects behavior in both slave and master modes.
    • Allowed PTPv2 management messages from any source IP address (not just potential masters).
    • Fixed unreported bug when PTPv2 delay measurement was set to disabled being reported as "Unknown" instead of "Disabled" and sometimes flip-flopping statuses when losing and reacquiring a master.
    • Enhanced PTPv2 ability to change delay measurement types among auto, disabled, and E2E/P2P without having to lose and reacquire a master.
    • Changed statistics count of PTPv2 management messages received to include only those GET requests applicable to that particular machine. The former behavior counted all management messages seen on the network, including requests addressed to other machines, and replies.
    • The machine's PTPv2 clockIdentity is now saved in the registry and reused after first being calculated (normally from the MAC address of the primary adapter) as an 8-byte binary value called "ClockIdentity Cache." Since MAC addresses on virtual machines can change, or which NIC is considered primary may change when the stack is rebuilt (or depending on which cable is plugged in), or when a NIC is replaced, having the value saved keeps the clockIdentity static over time. To force Domain Time to rebuild a new clockIdentity, stop the service, delete the "ClockIdentity Cache" value, and restart the service.
    • Removed scope from IPv6 enumeration on startup bind when "localhost" was specified for a bindable address. DT first bound the unscoped address, then tried to bind each specific scoped address afterward. The subsequent binds produced error-level messages in the log, but did not affect IPv6 operations. The error message present in prior versions may be safely ignored if it refers to an IPv6 address with a scope.
    • Added code for slaves to send management requests for the master's Port Data Set when first calibrating and periodically thereafter. The requests are sent unicast. If a reply is received, DT records the master's preference for delay request timings and also the supported mechanisms for delay requests. This information is used to aid DT's normal method of probing for configuration information, and only operates if DT is set to fully-automatic profile and automatic delay request interval. The frequency at which port data set management requests are sent is controled by a registry setting, "Slave PortDataSet Check Interval (seconds)" which defaults to 3600 (once every hour). You may set the value to zero to disable management requests, or at any number between 1 second and 31536000 seconds (a year).
    • Added debug-level log message if a grandmaster responds to a Port Data Set management query. The message will show the grandmaster's actual packet frequency (reported as milliseconds between packets), as well as its preferred/supported delay measurement method. Domain Time continues to round up incoming PTPv2 packet intervals to a minimum of one second for timeout purposes, but the debug-level message allows you to see if the master is sending sync packets more often than once per second.
    • Added internal IPv4 cache to group of things reset when you use either the Control Panel applet or DTCheck -resetstats to reset the statistics.
    • Added per-server variance history (dthistory.dat) to group of things reset when you use either the Control Panel applet or DTCheck -resetstats to reset the statistics.
    • Changed per-server variance history (dthistory.dat) to collect stats per-server/per-protocol instead of just per-server.
    • Changed per-server variance history to include only one PTPv2 sample if PTPv2 sample coalescing is enabled.

5.2.b.20140101 - Optional Upgrade

Many enhancements and customer-requested features. A few cosmetic changes. Two important fixes for Domain Time Server related to performance in high-volume networks. Upgrade if you are experiencing any of the referenced problems, or if you need the new functionality.

  • All
    • Optimized lookups for protocol names. No behavior changes.
    • Added more debug and error logging for LDAP and NetBIOS enumeration in Manager, Audit Server, and Update Server. Helpful for verifying enumeration success or determining causes of failures.

  • DTAudit
    • Added warning in Audit Server log when Real-Time Alert arrives from a machine whose serial number is a duplicate of another machine. The Real-Time Alert data is not applied to the database.
    • Fixed unreported bug with collection of Real-Time Alerts until x minutes had passed to send the alerts in a group. The setting for grouping alerts specified minutes, but the code was calculating seconds.
    • Added advanced Real-Time Alert option to auto-acknowledge resolved problems (status yellow) items after a user-configurable number of minutes have passed.
    • Added logging of PTPv2 slave status to audit server's information-level summary of audited machines. Also added PTPv2 slave status to debug-level logging for incoming Real-Time Alert details.
    • Added ability for Audit Server to treat incoming Real-Time Alerts showing a PTPv2 slave machine has entered the "lost master" state (that is, had been a slave, but is currently not seeing sync or announce messages) as either warnings or errors. These are not audit warnings or errors, they are Real-Time Alert events. The default behavior is to ignore the condition. If you choose to treat the lost master state as a warning, it will change the Manager flag color to yellow, and auto-reset to green once the slave has reacquired a master. It will not send email or SNMP traps. If you choose to treat the lost master state as an error, it will be treated like any other Real-Time Alert error: It will change the flag color to red, it will generate email and SNMP traps, and it will require acknowledgement. Be very careful with treating the lost master state as an error. You can easily flood your network with notices when someone reboots the grandmaster or a switch.

  • DTManager
    • Added option to restrict Active Directory (AD) domain computer lists to only those machines whose AD Organizational Unit (OU) matches a user-supplied list of OUs. All machines are still displayed if the Show Hidden Machines option is enabled; otherwise, only those from the desired OUs will display. A related option allows showing machines whose OU is blank (mostly workgroup or other non-AD machines). The new options are located on the Computer Enumeration dialog along with other AD settings.
    • Added option to remove computers from Manager's cache when they are removed from Active Directory. By default, Manager retains old AD computer information in case a machine is being removed from/readded to the domain, or still has Domain Time installed even if never readded to the domain. This retention is called tombstoning. You may now choose between tombstoning or purging.
    • Changed network broadcast/multicast scan timeout defaults to "fast lan" settings.
    • Fixed unreported problem preventing audio notifications for Real-Time Alerts unless the full path name was specified (the defaults provided only a filename).
    • Added browse and test buttons to the audio alerts sound-selection dialog box.
    • Added "Remove from this list" right-click menu item for machine(s) in the Real-Time Alerts list. Useful for decomissioned machines or machines you can't otherwise configure to stop sending Real-Time Alerts. Note that this option does not try to contact or configure the selected machine(s). It simply removes them from the list. If the removed machine(s) begin sending Real-Time Alerts again, they will add themselves back to the list automatically.
    • Added support for INSert key to Computer list and NTP Server list.
    • Added support for DELete key to Computer list, NTP Server list, and Real-Time Alerts list (only if Manager's overall option to allow using the DELete key is enabled). Also added the equivalent right-click menu item for each type of list.
    • Added console output when Manager is started from a command prompt with command-line parms. The output is identical to the output in the dtman.log file. This allows users running interactively to see the results without having to find and open the log file or capture the return code.

  • DTTray
    • Fixed unreported bug that prevented timeset chimes from playing.
    • Changed default of registry setting "Clock Chime Uses System Volume" from TRUE to FALSE. On operating systems newer than Vista, this allows DTTray to have its own volume control in the audio mixer. (This setting has existed since version 05 Nov 2012.)
    • Added registy setting "Clock Chime Force Volume (percent)" to force DTTray's volume to the specified percentage of the overall system volume. The default is zero, which means the audio mixer controls the volume as expected. Either the operating system must be older than Vista or the "Clock Chime Uses System Volume" must be FALSE for this setting to have any effect. DTTray volume affects both timeset chimes and time-of-day chimes.

  • DTCheck
    • Default PTPv2 socket bind for DTClient, DTServer, and DTCheck changed to non-exclusive to allow DTCheck -ptptest to operate simultaneously with DTClient or DTServer.
    • Changed DTCheck -ptptest display to remove duplicate packets. You may use DTCheck -ptptest -showdupes to see all packets.
    • Added optional parameter -nolookup to DTCheck -variance. If -nolookup is specified, DTCheck's output will only show the IP numbers and not attempt DNS look-ups for each responding machine's IP.
    • Add summary display of discovered nodes (masters and slaves) to -ptptest output; includes the clockIdentity and IP address.
    • Added DTCheck -eventmonitor to test global named events (see the appendix in SDK.doc file) and to demonstrate how an external program can be kept aware of Domain Time status without looping or performing busy waits.
    • Added four options to -firewall:open. By default, -firewall:open opens the firewall in the private network, and, if your machine is a domain member, in the domain network. The three new options allow you specify which networks to open. You may add -public, -private, or -domain (any combination, in any order) after -firewall:open, and DTCheck will only open the network(s) you specify. DTCheck will silently ignore a request to open a domain network if your machine is not a domain member. You may also use -firewall:open -all to open all possible networks without specifying them by name. Note that -firewall:close does not pay attention to these additional options. It removes the rules entirely, as before.
    • Added more error checking for the -reset command, to detect attempts to use it with -tcp on versions prior to 5.2.b.20140101, and also to make error conditions clearer to the user.

  • DTServer
    • Eliminated erroneous DNS lookup during servicing of DT2 filetime request. This could, under certain limited circumstances, make Domain Time Server take too long to respond to subsequent requests, giving the appearance of no longer serving the time. This is an important fix for customers experiencing the problem, but otherwise the effect is only cosmetic.
    • Added debug counters for available server threads.
    • Reverted support for WSARecvMsg to enabled by default on XP and 2003. Support for WSARecvMsg on systems earlier than Vista had been disabled since 17 Jan 2012.
    • Added "Master offsetScaledLogVariance" to the registry; range 0x0000 - 0xFFFF; default 0x7060. Former versions of Domain Time Server used a hard-coded value of 0xFFFF. The offsetScaledLogVariance value is part of the best-master-clock decision (lower values beat higher values). See IEEE 1588-2008 section 7.6.3 for details. The formula is UInteger16((2^8*log2(sigma^2))+0x8000). Since a software clock has no way to calculate sigma accurately, the default value is an estimate based on the expected performance of a modern Intel-based microcomputer system. The value is not adjusted during runtime to account for hysteresis. Change this registry setting only if you have a very specific reason to do so.
    • Changed the design for passing received Real-Time Alert data to Audit Server. The new design favors sending replies immediately to clients rather than waiting until after passing the alert to Audit Server. Reports are now queued in batches and fed to Audit Server in a separate timer thread, the frequency of which varies automatically based on traffic and queue load. Prior versions used a queue only when Audit Server was actually performing an audit, which led to unacceptable delays in replying to the clients under high volume if interprocess communication was slow (usually for disk reasons). This is an important fix for those customers experiencing this particular problem.

  • DTServer/DTClient
    • Fixed unreported bug that could cause listening on IPv6 when IPv4-only was configured.
    • Added small DNS lookup cache for frequently resolved IPs; also added validity check for names passed to DNS to skip lookups if, by RFC, they won't ever resolve. These changes speed up certain internal routines that depend on transforming a name to an IP, or converting a dotted-quad IPv4 string to its 32-bit binary representation.
    • Changed default PTPv2 socket bind to non-exclusive to allow DTCheck -ptptest or other PTP listeners to operate simultaneously with DTClient or DTServer. You may change this to the former behavior (exclusive use) by checking the box on the Network tab of the Control Panel applet.
    • Distinguished between PTPv2 Steering (continuously-variable phase adjustments) and PVPv2 Sampling (continuously-variable phase disabled) in the log file.
    • Added trace-level log output indicating how many PTPv2 samples were collected when not using the PTPv2 coalesce option. Formerly, the log only showed how many samples when they were coalesced into one for comparison with other time sources.
    • Added options for debug level output to suppress various classes of activity.
    • Added option to disable NTP control-mode queries; registry only. In Parameters, changing "NTP Query Disabled" from False to True will prevent Domain Time Client (if listening for NTP broadcasts) or Domain Time Server (if either listening for NTP broadcasts or serving NTP time) from responding to control-mode queries.
    • Added display of "lost master" status for PTPv2 slave. When a machine is a slave, but loses its master because announce or sync packets are not seen, it enters the lost-master state and records the UTC time-of-day that the master was lost. This information is visible from both dtcheck -ptpstats and from the PTPv2 statistics display of the control panel applet. Both functions work on remote machines as well as the local machine. Resetting the statistics, becoming a master, reaquiring the master, or selecting a new master, will clear the lost-master state. Having lost a master is not necessarily an error, since PTP's best master clock algorithm is designed to select from among multiple potential masters in just such events.
    • Fixed problem with control panel applet sometimes prompting to save changes before switching focus to a different machine even if no changes had been made.
    • Added automatic timecheck when a PTPv2 slave enters the "lost master" state.
    • Added automatic Real-Time Alert update when a machine becomes a PTPv2 slave, enters the "lost master" state, or becomes a PTPv2 master.
    • Updated SDK.doc file to correct typos, extend list of supported operating systems, and add an appendix about global named events.
    • Replaced duplicate UDP packet detection mechanism with a FIFO queue with stale packet detection. The old queue was circular, and aging was controlled solely by the size of the queue. The new mechanism is faster and uses less memory.
    • Moved code to increment counters for incoming UDP and TCP bytes to the IOCP threads instead of being handled by each protocol. This lets the counters include bytes received but not acted on by a protocol (duplicate, wrong sequence, malformed, etc.).
    • Added global counter of rejected duplicate UDP packets (primarily multicast or broadcast packets on multi-homed machines, where one copy is received on each interface). This counter is visible from the statistics display in Manager or the Control Panel applet About page along with other counters.
    • Added memory load, working set size, and handle count to debug-level output after each timecheck.
    • Added support for stats reset via TCP, same as UDP.

5.2.b.20131101 - Optional Upgrade

Several bug fixes and enhancements related to PTP. A few minor upgrades to other components. Upograde if you are experiencing any of the referenced problems, or if you need the new functionality.

  • All
    • Added labels for Windows 8.1 and Windows Server 2012 R2.

  • DTAudit
    • Added ability to change Daily Report filename extension. Formerly, it was hardcoded to be .txt. The default remains .txt, but customers using spreadsheets may want to change it to .csv to make importing easier.
    • Added ability to ignore large corrections reported by Real-Time Alerts if the correction was the first one after the reporting machine has booted (within 30 seconds of restart).

  • DTManager
    • Corrected spelling of SNMP on one of the menu items (was SNNP).
    • Corrected fallacious return code 1 when dtman audit trigger specified at the command line.

  • DTCheck
    • Added -stats command. DTCheck with no parameters ran the stats command; adding -stats is mostly for documentation or those who like to be explicit.
    • Added -tcp parameter. If specified, DT2 commands will use TCP instead of UDP. Note: Some DT2 commands are UDP-only, some are TCP-only; most work with either. Use this flag to force DTCheck to choose TCP over UDP when possible.
    • Added -trainingstart (experimental) which may be used either by itself or after -resettimings.
    • Added -trainingstop (experimental) to stop advanced training; may not be used in conjunction with other commands.
    • Added -lockphase, -unlockphase, -lockinterphase, and -unlockinterphase commands (experimental).

  • DTServer
    • Fixed bug in PTPv2 server announce and sync intervals not matching CPL settings.

  • DTServer/DTClient
    • Changed return code from error to success when some, but not all, samples requested from a particular source are valid. Previous behavior discarded the source entirely if not all sample attempts were successful.
    • Added "Continuously Variable Dynamic Base" (default true) to the PTPv2 section of the registry. If set to false, then PTPv2 continuously-variable interphase decisions will be based on the machine's default clock rate.
    • Changed correction calculation to accommodate either a dynamic or a fixed base; increased coherence for unstable clocks when switching among PTP and NTP time sources.
    • Added extra debug log output for PTP.
    • When sending a real time alert, Client and Server both include a bit flag to indicate if this is the first correction after a reboot (within 30 seconds of machine startup). Audit Server can then choose whether or not to ignore large corrections after a reboot.
    • Added optional PTPv2 latency cap, disabled by default. If enabled, measured latencies greater than the value specified (in hectonanoseconds), will be reported as the value of the cap. This setting is useful on networks that are unreliable or subjected to load spikes. The default is 5000 hectonanoseconds (one-half a millisecond).
    • Fixed bug in PTPv2 delay calculation using End-to-End with a two-step master clock that puts unexpected values in the sync message's originTimestamp field.
    • Added code to handle unicast delay measurement with more than one potential PTPv2 master online.

5.2.b.20130405 - Optional Upgrade

Minor enhancements, primarily for PTPv2 multicast reception. Upgrade if you need the new functionality.

  • DTMan
    • Changed format of Last Protcol column to use abbreviated protocol names instead of full RFC identifiers.

  • DTServer/DTClient
    • Exposed the option to enumerate multicast interfaces and bind to each separately. This was formerly a registry-only setting. You MAY need to restart the Domain Time service (or reboot the machine) for changes to take effect, but Domain Time usually accommodates the change immediately without a restart.
    • Added Clock Runaway Protection registry setting (default true). If a clock is not stable enough to determine its own frequency compared to the server's frequency, it may continually adjust its own rate trying to match the server's without any notable success. In these edge cases, it is better to detect the situation and reset the timings to the defaults rather than let the clock continue to search for a better rate. If detected, a warning message in the log will state, "Possible runaway condition detected," and the clock timings will be reset. This problem mostly affects virtual machine guests and machines relying on unstable internet time sources.
    • Changed the method of enumerating IP addresses per interface to account for rare situations where getaddrinfo() does not include all of the information available by querying each adapter. If there is a discrepancy, debug or trace messages in the log show which IPs exist and are bindable but were not included in the getaddrinfo() array. This situation arises mostly in multi-homed machines with disjoint networks, and only affects which IPs are bound for listening.
    • Added check for changes in the AnswerIP array as well as changes to the Enumerate Multicast Interfaces setting. If changes are detected, Domain Time will try to rebind all the listener sockets on the fly.
    • Added check for changes in the VM status (only applies to virtual machine guests). This check will produce a warning message and parameter reload if the VM status changes between machine reboots. This can occur after live or shared-nothing migrations from one VM host to another. The check for changes happens at each scheduled timecheck.

5.2.b.20130222 - Optional Upgrade

Internal changes, one minor bug fix, several enhancements based on customer requests. Upgrade if you need the new functionality.

  • DTCheck
    • Enhanced color-coded text output to make finding results easier.

  • DTServer
    • Added code to purge old master information when a slave server becomes master or independent. This ensures that if the machine role is changed back to slave, then a full replication from the current master occurs.
    • Added "Rebind on IP Change" registry setting for server to force the same kind of rebinding of IP addresses and interfaces that client does when the CPL's "Initiate sync if IP address is added dynamically" checkbox is checked. Server's Control Panel applet now includes a checkbox exactly like Client's.

  • DTServer/DTClient
    • Changed names of internal variables to conform to our naming standards. No functionality changes related to this.
    • Added "Server Answer IP Override DT2", "Server Answer IP Override NTP", and "Server Answer IP Override PTP" to the registry. Each is a REG_MULTI_SZ (Strings) value. If non-empty, this value must list, one per line, networks or individual IPs to which the corresponding protocol should bind, using CIDR notation. For example, the entry would bind to through An entry of ::1/128 would bind to the IPv6 loopback address. Multiple networks can be specified, one per line. If these values are present and non-empty, they override the "Server Answer IP" list for the corresponding protocol. Unlike the "Server Answer IP" list, the override lists are included in template imports and exports. Since they will typically be used only to list networks rather than specific IPs, this allows administrators to segregate traffic on multihomed machines without worrying about each individual machine's IP address.
    • Upgraded the behavior of the list specified by "Server Answer IP" in the registry to support entries specifying CIDR notation as well as individual hostnames or IP addresses.

5.2.b.20121111 - Optional Upgrade

Rollup of OEM features and minor bug fixes. Upgrade if you are experiencing any of the problems mentioned, or if you need the new functionality.

  • All Components
    • Replaced all sprintf_s, strcat_s, and similar CRT "secure" string manipulators with custom routines.
    • Added support for calling Windows 8 Server "Windows Server 2012" or "Win2012."
    • Added support for recognizing clock-type appliances using the DT2 protocol.

  • Server
    • Added last-known listen port for DT2-HTTP, so we can restart the listener (without restarting the service) if the admin changes the listen port.
    • Reversed optimization introduced in 20120206 that skipped checking for DC role change except at service startup. Since the PDC Emulator role can migrate without restarting the affected servers, Domain Time cannot assume that the role is unchanged between boots.

  • Client
    • Added fallback search-on-failure (if box is checked) for cases where the admin has chosen to use a list of servers and either has an empty list or has uncheck all of the items in the list. Normal search-on-failure auto-discovery rules apply (even though no listed servers failed).
    • Added rebind for mulitcast listener(s) when IP address list changes.

  • Server & Client
    • Added ClockIdentity Uses NetBIOS to the PTPv2 parameters section of the registry. If not present or false (the default), PTPv2 will use the MAC address or UUID according to the IEEE1588 specification. If present and true, PTPv2 will form a fake ClockIdentity made up from the machine's NetBIOS name.
    • Added outgoing packet tracing for multicasts and broadcasts.
    • Enhanced PTPv2 trace messages to show when a grandmaster clock changes its clock quality or other parameters.
    • Changed pend counter log output from trace level to debug; eliminated redundant "not performing alignments" debug messages.
    • Changed pending leap minimum to 45 days after the last leap was applied. Added "would have been scheduled" to pending leaps when leaping disabled.
    • Improved stability of interphase on machines that cannot lock to one second per second within required tolerances.

  • Audit Server
    • Added code to skip creation of Daily Report file on disk if Daily Reports are not enabled.
    • Corrected deltas between NTP reference source when the audit machine's own time was off (this change also affects Manager).

  • Manager
    • Added Open Containing Folder... menu item to Daily Reports menu.
    • Added Open Containing Folder... menu item to Synchronization Logs menu.

  • Monitor Service
    • Fixed bug in quoted-printable email format on Daily Report from DT Monitor.

  • DTCheck
    • Added -syslog option. This is a very simple IPv4-only syslog listener that prints incoming messages to the console. It is useful primarily for testing the syslog functionality built into Domain Time's logging.
    • Added [server] -leapcheck option to DTCheck. For use against DTServer only (DTClient will not respond). Report whether the DT2 protocol supports leap flags (version 5.2.b20110501 or later), and the status of the current leap second on [server].

5.2.b.20120215 - Optional Upgrade

    Minor bug fixes, changed wording on prompts and reports, added features to command-line programs. Upgrade if you are experiencing any of the problems mentioned, or if you want the new functionality.
  • All Components
    • Recompiled with /dynamicbase and /nxcompat switches (not all executables had these switches set)
    • Added additional debug information and SEH tracing

  • DTServer
    • Fixed bug in slave signalling introduced in 5.2.b.20110601 that could cause DTServer to attempt to contact slaves using the slave's last-known ephemeral port rather than port 9909.

  • DTServer and DTClient
    • Fixed (rare) exception in broadcast time reception when freeing duplicates.
    • Changed "Service Notify Time Change" trace message to debug.
    • Added warning/prompt to Control Panel applet when an admin unchecks the "Adjust this machine's overall clock rate to minimize future corrections" checkbox. Under normal circumstances, this checkbox should remain checked. The warning alerts admins to the potential consequences if Domain Time is not allowed to manage the system clock rate.
    • Changed wording on CPL checkbox to "Analyze time samples from all servers and choose the best" (now the same for both client and server).
    • Changed drift record "raw detail" text output labels to clarify the values in each section.

  • DTCheck
    • Added /ptptest (experimental).

  • NTPCheck
    • Added -ad (may be combined with -raw and/or -windowsauth). This switch tells NTPCheck to enumerate the DCs in the default domain of the machine where NTPCheck is run, and test each one for the flag indicating whether or not it is a time server. It then proceeds to verify which server is returned when DsGetDcName is called with various flags pertaining to time servers. It then enumerates machines using NetServerEnum, and checks the flags again, and gets the time from each marked time server.

5.2.b.20120206 - Optional Upgrade

Minor bug fixes for unusual circumstances; several enhancements per customer request. Upgrade if you are experiencing the problems or want the new functionality.

  • Server
    Added save of slave mode registry entry on startup by the service if not already present. The CPL and service calculated the default setting differently based on whether the machine was a BDC. In earlier versions, the registry value didn't exist until the CPL changed the mode from slave to indie or vice versa.

  • Server and Client
    • Added "UDP Dynamic Counters Enabled" (default false) and "UDP Connection Reset Enabled" (default true) to the registry to give users control over how Domain Time handles ICMP errors related to UDP. These settings coincide with internal changes to how Domain Time manages the pool of pending UDP receives in the face of 10052 and 10054 errors. The new behavior is enabled by default, and these settings should be changed only on advice of tech support.
    • Resolved exception when Group Policy is used to add additional servers after Group Policy has already been applied with fewer servers.
    • Clarified error message when an invalid configuration template (.reg file) is pushed out from Manager -- for example, using a client template on server or vice versa.
    • Added "Time Change Event Monitor" to the text logging options to help identify the user and process responsible for system clock changes not made by Domain Time. See the Server/Client Logs and Status documentation for details.
    • Fixed bug in Control Panel applet on the dialog box displayed when a conflict over port 123/udp (NTP) is discovered. The dialog did not display the Yes/No buttons correctly.

  • Manager
    • When removing Domain Time (client or server) from a remote machine, Manager attempts to restore saved W32Time (Windows Time) service information. In previous versions, Manager restored the information, but (if set to auto-start), the W32Time service failed to start until after a reboot. Manager now configures the W32Time service so that an immediate restart of W32Time is possible.
    • Added new checkbox to the batch operations dialog, "Prompt for other correctable errors" (default true). The primary correctable error, other than credentials needed, is failed mapping of host name to IP address or response indicating the machine doesn't use the IP address provided. If this box is unchecked, then Manager will not stop the batch to prompt for new information; the error will be recorded as if the user had clicked the cancel button on the popup.

  • Services
    Normalized startup logs so all services (not just DTClient and DTServer) keep their startup logs in the same folder as the main service log. Since the default for both used to be the system32 folder, they ended up in the same place. However, some customers are aware of the "Service Log Filename" registry value in the Parameters key, and use it to direct the main service log elsewhere. This change ensures that the startup log stays with the main log.

  • DTTray
    Added registry setting called "Allow Multiple Instances" (default not present). If present and true, the system tray applet will allow multiple instances of itself to run, limited to one per terminal session. In addition, the service will attempt to start one instance in each terminal session when it starts. Useful only on Terminal Server or similar.

  • DTCheck
    Changed dtcheck /firewall:open so that it omits Profile=Domain if the machine is not a domain member. On Vista, the firewall control panel applet can't display rules that specify both Profile=Domain and Profile=Private if the machine is not a domain member. On other operating systems, the profile either doesn't matter (XP and 2003), or works even when the computer has not joined a domain.

    To reapply the rules created by a previous dtcheck /firewall:open, first use dtcheck /firewall:close then reissue dtcheck /firewall:open (using the latest version of dtcheck). This will remove and then rewrite the firewall rules.

5.2.b.20120117 - Optional Upgrade

First version to support Windows 8 and Windows Server 8 pre-release. Many unrelated enhancements, including several added at customer request. Several minor bug fixes. Upgrade if you want the new functionality.

  • Setup
    • Setup now removes folders created during configuration if they are empty afterward (this includes the empty start menu link for Domain Time II if Manager isn't installed)
    • Setup now restarts DTAlert and DTMan if it closes them during Management Tools upgrade
    • Fixed typo in license.txt

  • Audit Server
    • Added lookup by IP if NetBIOS name fails with 11001 (host not found) when collecting drift records
    • Fixed exception when backup mode enabled and primary is offline at the moment replication begins
    • Added thread priority to background ephemera and drift collection (only in the registry, default -2)
    • Added exclusivity to network listen bind

  • Client
    • Changed upgrade from 4.1 Thin Client to use auto-discovery instead of blank list of servers
    • Fixed parse error on auto-discovered domain servers
    • Changed to ignore cascades and advisories during advanced training

  • Server
    • Changed the max IOCP threads from 8 to 4 to keep from starting unnecessary threads

  • Client & Server
    • Enhanced error handling for IOCP enqueing and network stack insufficiency on busy servers
    • Added spin button to Timings page on the CPL; fixed so typing or spinning enables the Apply button
    • Disabled use of WSARecvMsg on XP and 2003 machines
    • Services can now create a minidump in the system32 folder if they encounter unrecoverable errors. The CPL's problem report automatically includes any dump from a Domain Time component.
    • Added check for invalid/missing path returned by OS for the temp directory
    • Added lazy-write capabilities to text log file. Disabled by default
    • Added error code in trace output on "Could not obtain domain/forest" warning
    • Rearranged interpolator sequence to account for performance counter latency more accurately
    • Added "Unknown" instead of blank if domain information is not available on CPL pages
    • Changed default server list (we still recommend that customers choose their own servers)
    • Changed shutdown routine to call SetSystemTimeAdjustment() whether or not CMOS flushing is enabled (prior behavior only called SSTA if flush was enabled)
    • Changed default minimum interphase significance from 1100 to 1250 hns
    • Changed UDP per-socket send buffer size to 64K
    • Exposed PTPv2 XP-Class multiplier in registry for continuously variable interphase; was hard-coded at 7, now defaults to 5
    • Added PTPv2 options to allow rejecting a server if its claimed time source, clock quality, or clock class is insufficient
    • Added PTPv2 sync packet receipt timeout grace period (grace period doubled if machine is virtual)
    • Added PTPv2 "crosscheck" settings; if enabled and delta exceeds the specified number of milliseconds, other defined sources will be consulted (as if the "Analyze time samples..." checkbox were checked)
    • Changed default for setting processor affinity to false if the CPU reports an invariant TSC or if the machine is a Hyper-V guest. This determination is made on first startup, and the decision is recorded in the service's Parameters key. Users may override the decision by changing the "Critical Timing Processor Limit" to either True or False (stop the service, change the value, and restart the service)
    • Added code to ensure that the clock rate is set to expected values when PTPv2 continuously variable phase adjustment is discontinued unexpectedly (loss of signal). Problem only detected in the lab
    • Removed log warning about inconsistent leap seconds when a 4.x (or any pre-5.2.b.20110601) server fails to provide leap second information using the DT2 protocol, but a later-version server does. Versions prior to 5.2.b.20110601 do not have leap second information in the DT2 protocol packet, and Domain Time was interpreting "I don't know" as being a conflict with "I know, and the answer is no leap second pending." Servers that do not provide leap second notifications are now ignored when checking for conflicts
    • Changed advanced training to allow admin to specify number of cycles and the interval between. Prior versions always used 7 seconds between tests, and called for 45-75 tests (depending on version). Defaults are now 45 tests with 30 seconds between. This gives a much more accurate estimate of the machine's overall rate if interphase is active. The old 7-second interval was not long enough to allow interphases to occur
    • Added support for SERVICE_CONTROL_PARAMCHANGE message (if received, causes a reload of parameters from the registry)
    • Added support for SERVICE_CONTROL_TIMECHANGE on Win7 and up (if received, treated same as a WM_TIMECHANGE broadcast)
    • Added "IPv4 Source Address" and "IPv6 Source Address" to registry. If present and non-blank, client or server will attempt to bind to the specified IP address for requests
    • Added support for Windows 8 and Windows Server 8 (pre-release/beta) on x86 and x64 platforms. ARM platforms will not be supported. Not for production use.

  • DTHres
    • Rearranged interpolator sequence to account for performance counter latency more accurately
    • Added GetDomainTimeAsFileTimeMonotonic() (see dthres.h for details)

  • DTCheck
      Public Use
      • Added /firewall:open and /firewall:close (opens and closes time-related incoming ports in the Windows firewall)
      • Added /reload to reload parms from registry (triggers SERVICE_CONTROL_PARAMCHANGE if available, else stops and restarts the service)

      Diagnostic Use (do not use these options unless directed to do so by support engineers)
      • Added /t3, /t4, /qpc, and /qpc2 timing tests
      • Added /bc635[:reps] [/out:filename] (test of 1pps Symmetricom bus card)
      • Added /sps (seconds-per-second) test (measures passage of time by comparing different counters)
      • Added /mstest (test that produces output useful for comparing phase rates)

  • Manager
    • Fixed save of template upgrade checkboxes during Manager shutdown
    • Added warnings to log file when template options changed by admin
    • Fixed toggle of grid lines
    • Added command-line parms to trigger an audit, an ephemera collection, or a synchronization (drift) collection. Syntax:
      • dtman trigger audit (triggers an immediate audit)
      • dtman trigger ephemera (triggers an immediate ephemera collection)
      • dtman trigger drift (triggers an immediate drift collection)

  • DTTray
    • Added code to re-display the system tray icon if dttray.exe finishes loading before the operating system finishes initializing the taskbar notification area
    • Added exclusivity to network listen bind

5.2.b.20110831 - Optional Upgrade

This release addresses mostly internal changes, but fixes a few problems. Upgrade if you are experiencing the problems or want the new functionality.

  • Server
    Fixed problem with upgrade from 4.1 where the single time source was set to derive from the domain hierarchy rather than a specified server.

    Removed wording "not recommended" from PTP Master configuration page. The wording was intended to warn users that software-based PTP was not as reliable or precise as hardware-based, but some users took it to mean that the option wasn't supported.

  • Client
    Added checkbox to the auto-discovery dialog to control whether or not to use domain authentication against servers discovered using the domain hierarchy (default false). Previous versions did not allow the admin to choose, and always used domain authentication.

  • Server & Client
    Added code to specify IPv4 interface numbers while enabling multicast reception when listening on all IP addresses. The code formerly let the operating system choose the default interface, which could cause problems on specific types of multihomed systems with disparate networks. The new behavior iterates through the interfaces and specifically enables multicast reception on any Ethernet, PPP, wireless, firewire, or tunnel interface. The new behavior is not enabled by default. Change the registry value "Enumerate Interfaces for Multicast" in the Parameters subkey to TRUE and restart the service to obtain the new behavior.

    Reversed 20110601 change to default state of Windows Time. If the machine is a cluster, or if the machine is a DC running DTClient, Windows Time will default to NoSync. Otherwise, Windows Time will default to Disabled. This change only affects the default applied to new installations if no setting is specified in the template.

    Exposed internal variables controlling PTPv2 continuously-variable phase adjust. These should be changed only on instructions from tech support.

    Changed algorithms for domain hierarchy discovery for both named domain sources and auto-config using the domain hierarchy. All forms of domain discovery now use the same internal procedures.

    Added trace-level log output for IP addresses discovered when the IP address list changes dynamically.

    Changed Alt-F (Find) on Log File Viewer to Alt-D to allow Alt-F (File) menu to work.

  • DTCheck
    Added four new command-line switches:
    • DTCheck /resetTimings -- stops the service and resets all current and historical timing variables to defaults; restarts the service unless /noRestart is also specified
    • DTCheck /resetSerial -- stops the service and resets the serial number; restarts the service unless /noRestart is also specified
    • DTCheck /noRestart -- prevents the service from being restarted after /resetTimings or /resetSerial
    • DTCheck /prepClone -- same as issuing /resetTimings /resetSerial /noRestart; useful for ensuring an image is ready for cloning

  • DTAlert
    Added right-click menu item to launch Manager.

5.2.b.20110601 - Optional Upgrade

This release addresses mostly internal changes, but fixes a few problems. Upgrade if you are experiencing the problems or want the new functionality.

  • Server
    Changed the internal format of the system32\dtslaves.dat file to include a version marker at the beginning of the file and each slave's serial number as well as its IP address. This change will help prevent duplicate notices when the master signals its list of slaves. Also changed trace/info messages to display the slave's serial number.

  • Client
    Changed the default when installed on a DC or cluster server to set the Windows Time service mode to NoSync rather than Disabled. This relieves administrators from having to configure Windows Time afterward, or remember to use the NoSync template from Manager.

  • Server & Client
    Added leap-second flag and server revision numbers to standard DT2 reply messages. Client may optionally use this information to reflect the server's knowledge of an upcoming leap second. The server can only know about an upcoming leap seconds if it gets its own time via PTP or NTP, but remembers the information. This change allows the server to warn clients ahead of time as if they were using PTP or NTP directly.

    Added code to allow the service to start the system tray notification icon using the logged-on user's security context. This change means that upgrades or installs when someone is logged on will have the icon reappear without having to start it manually or log off/back on.

    Added serial number to DTSTATS packet; used by CPL when displaying stats from a remote machine, or by DTCHECK when displaying stats either locally or remotely.

    Added trace messages to SNMP module to confirm successful sends (errors were already noted).

  • Control Panel Applets
    Changed manifest to specify "asInvoker" instead of "requireAdministrator." Each CPL either detects and validates admin privileges, or starts a program marked with requireAdministrator. On Windows 7 if a control panel applet is marked to require admin privileges, the operating system does not prompt for elevation or give any indication that the applet cannot run if the user isn't already an admin. Non-admins can get the elevation prompt by using SHIFT-RIGHT-CLICK on the CPL icon.

  • System Tray Notification Icon
    Replaced the Activity Monitor visual indications for Domain Time I with PTPv2. The Domain Time I protocol is deprecated, although still supported fully for existing Win95/ME machines.

    Changed registry permissions so that the unelevated system tray icon could manage its settings directly. (The permissions are reset by the main service at each startup.)

    Added Vista/Win7 UAC shield icon to pop-up menu items where appopriate.

5.2.b.20110309 - Optional Upgrade

This release corrects one problem, and adds two new features. Upgrade if you are experiencing the problem or want the new functionality.

  • All Components
    Corrected a parsing error in IPv6 literal addresses. Domain Time was erroneously considering an IPv6 literal address without a double-colon to be an IPv4 address. Resultant communications would fail, and the address would be saved in truncated form. IPv6 literals that contained a double-colon, or DNS/hostnames that resolved to an IPv6 address, were not affected by this bug.

  • Client & Server
    Added a max latency test (default of 500 ms). If enabled and set to a non-zero value, client or server will reject any sample obtained via NTP or DT2 where the latency from obtaining the sample exceeds the amount specified. This setting applies to all samples taken, and is not overridden by trigger exceptions (except for the first timecheck after startup). We recommend using this feature only in situations where the admin has a reasonable expectation of performance against a local source, and can therefore choose the correct value.

  • Client
    Added logging for successful and unsuccessful timezone changes when attempting to match a server's timezone. Also added error checking so if the SetTimeZoneInformation() system call fails, we don't signal a resync. An undocumented change to this routine is now officially documented: The timezone cannot be changed via the match-server's-timezone mechanism more often than once a minute. This is to help prevent loops when the operating system selects a matching timezone with a different name. For example, if you ask for Guadalajara time, the operating system may choose to use Central US instead. The two timezones are (currently) identical except for the name, and older operating systems that don't have a specific definition for Guadalajara will choose Central US instead. This is not considered an error by the operating system, but could lead to Domain Time trying to change the timezone to no purpose.

5.2.b.20110224 - Optional Upgrade

This release provides several enhancements and fixes minor bugs. It also incorporates a number of customer requests for new or slightly changed functionality. Upgrade if you are experiencing any of the problems mentioned, or if you want the new functionality.

  • Client & Server
    • Fixed problem with slaves sometimes reverting to saved settings instead of using master's timings.
    • Added domtimeMachineName to all SNMP trap definitions that didn't already include the field. Updated domtime.mib to reflect the change. Customers using SNMP traps should import the new MIB and adjust their scripts or triggered events as necessary.
    • Added NTP Client Max Stratum (DWORD) to registry; default is 15. NTP clients will not accept time from a server with a stratum higher than this number. (The NTP default is to use 16 or higher to mean unsynchronized.)
    • Corrected logic error that persisted a failure code across multiple samples for a single time source, which caused subsequent samples to fail without being attempted.
    • Corrected error in domtime.adm file. The meaning of fixed interval and variable interval were reversed. Anyone affected by this change will need to re-import the domtime.adm policy into the domain policies and select the correct setting for either fixed or variable interval.
    • Added flush to dtaudit.eph file to compensate for operating system's lazy cache flush, and updated Domain Time's internal cache to maintain coherency.
    • Added teardown/rebuild of UDP socket between multiple requests to a server to eliminate the possibility of stale responses being seen as current.
    • Added exclusion to prevent PDC set to use the domain hierarchy from using itself as a time source.
    • Corrected domain hierarchy detection code to work better with DCs.
    • Added radio buttons to Real-Time Alerts page to force machine to be included or excluded from the audit list of the server to which the Real-Time Alert is sent. This check will be performed by the Audit Server upon receipt of the alert.
    • Added detection of recent boot for first several timechecks, to compensate for those cases (mostly fast machines with SSDs and motherboard NICs) where the network reports ready and the OS allows services dependent on TCP/IP to run, but where the network really isn't up yet. For example, sometimes everything reports ready before the IP address(es) or gateway(s) has(have) been bound to the adapter(s). If the machine has recently booted, and the timecheck error is no-timesources-available, then client and server will check again in a few seconds.
  • Manager
    • Added Find to help in searching large lists.
    • Added IP address column to realtime alert display page.
    • Added additional support for cases where no file lock is present but the service executable file is locked anyway. The lock is usually held by the WMI service via an unexposed internal operating system function. The new support detects this condition, and replaces the file by renaming it, copying the new file, and then deleting the old copy.
    • Taught Manager to recognize rServiceLogFileName registry entries for itself, Audit Server, and Update Server. The services themselves already honor rServiceLogFileName by virtue of using the service framework, but now Manager can find the logs if they've been relocated. Not exposed in Manager's interface.
    • Added option to reset last-contact time and failure count when manually setting a machine to be audited.
  • Audit Server
    • Enhanced ephemera record search by xcast to help locate DHCP machines that are alive but have changed IPs since their last synchronization. Useful primarily for large installations where DNS and NetBIOS name resolution lag DHCP assignments.
    • Excluded rServiceLogFilename registry entry from backup replication. The standby machine's log location is independent of the primary's.

5.2.b.20101113 - First release of Version 5.2. Recommended Upgrade

Version 5.2 introduces some significant additions to functionality of the 5.x series, several enhancements to views and reports, and a few minor bug fixes.

  • Client & Server
    New Features:
    • Introduction of support for IEEE 1588-2008 Precision Time Protocol (PTPv2).
      • Added support for IEEE 1588-2008 Precision Time Protocol (PTPv2) as a time source (slave mode).
      • Added support for PTPv2 master mode (DTServer only).
    • Added secondary target for real-time alerts; choice of failover or send-to-both.
    • Fixed problem with clients not being able to set timezones to match an independent server.
    • Fixed text log roll problem that could sometimes truncate old log files incorrectly.
    • The control panel applet and several of its pop-ups now remember their screen position between invocations.
    • Added warning message in text log and event viewer when timezone changes (for example, CDT to CST). In the event viewer, the event ID is 3008, and the textual portion explains what changed.
    • Changed the default minimum success interval (for fixed intervals) to 5 seconds (was 15).
    • Changed the default minimum error retry interval to 5 seconds.
    • Made target-seeking interval calculations more aggressive when target is less than 6ms.
    • Increased TCP accept backlog on DTServer to accommodate large Audit Server installations with frequent real-time alert updates.
    • Significantly enhanced interphase calculations to smooth outliers and avoid insignificant changes for a more stable clock.
    • Added "Server Threads" registry parm (default 0) to allow specifying the number of threads: Min of 1, max of 8. Zero means let the server choose.
    • Changed the "All samples are non-conformant" warning message to an info message.
    • Exposed choice of slew methods (choices are default, compatible, and microsleep; default recommended except if tech support determines a machine has a specific hardware problem that a different slew method would alleviate). The slew methods aren't new, but are exposed in the control panel applet for the first time.
    • Changed the startup log file to use the same folder as the main log (if the main log is not in system32).
    • During install on a DC, the Windows Time announce/reliable flag is set, in case the admin decides to run Windows Time in NoSync mode.
    • Added error dialogs so that if the support page's zip and email functions fail, the user will know immediately.
    • Added support for WSARecvMsg; the "RecvMsg Enabled" registry parameter (default True) can be used to turn it off. When WSARecvMsg is enabled, Domain Time will use it rather than recvfrom in server threads, to distinguish among unicast, multicast, and broadcast incoming packets. Enabling WSARecvMsg also enables use of SO_TIMESTAMP, SO_TIMESTAMPNS, or SO_TIMESTAMPING if the operating system and network drivers support these options. No Windows platform currently supports SO_TIMESTAMP.
  • Manager/Audit Server
    New Features:
    • Added Standby Mode to turn an Audit Server into a "hot spare" (called the secondary) for another Audit Server (called the primary). When operating as a secondary, Audit Server periodically collects logs and settings from the primary, but takes no other action. If the primary goes offline, the secondary can be released from Standby Mode, either automatically or manually, and assume the duties of the primary using all the most recent information.
      • Added Standby Mode status display to the Manager's Audit Server information page.
      • Added Audit Server/Standby Mode menu item to configure Standby Mode.
    • Added File/Backup Database menu item to backup the audit list.
      • Added command-line operation dtman backup filename to backup the audit list to the specified file.
      • Added File/Restore Database menu item to restore the audit list.
      • Added command-line operation dtman restore filename to restore the audit list from the specified file.
      • Documented command-line operation dtman import filename to add/drop machines to/from the audit list.
    • Fixed bug where deleting synchronization reports removed them from the list but not from disk.
    • Added display of currently-selected template(s) to the multi operation dialog.
    • Added support for managing multiple real-time alert targets on remote machines.
    • Now remembers selected items when switching between views and after some operations.
  • Drift Graph Display
    • Changed the center line to gray (was green) to help distinguish it visually from the other horizontal lines.
    • Introduced support for driftptp.dt files (used to show PTPv2 status).
    • Fixed problem with scroll bar thumb positioning when viewing very large drift files.
    • Changed internal calculation to show at least 1 second when the actual interval is less than 1 second.
    • Added checkbox on the control panel applet's Advanced tab to truncate drift data at millisecond precision. As of this version, the drift file records data in hectonanoseconds (0.0000001 seconds) unless you check the box on the control panel applet.
    • Changed number of displayed points on the drift graph from 64 to 96.
    • Added new scales for display of submicrosecond variances.
  • DTCheck
    • Added /ptpstats command-line parameter to show IEEE 1588 status.
    • Added /adapters command-line parameter to show network adapter information.
    • Added /cpuid command-line parameter to show type and features of the installed CPU.

Version 5.1 Changelog

5.1.b.20100731 - Optional Upgrade

Changes to Monitor and Manager only. Upgrade if you are experiencing any of the problems mentioned below.

  • Manager
    • The format string for Audit Server's daily report was not being saved if it exceeded 255 characters in length. The length limit is actually 1024 characters. The GUI has been upgraded to accept and save the correct length.
    • Remote upgrade of Client or Server on some machines could occasionally fail if WMI (wmiprvse.exe) was holding the executable open. Manager now detects this condition and stops/restarts WMI during remote upgrades.
  • Monitor
    • Added checkbox to control panel applet to allow choice of whether email alerts should be tagged as high-priority. Prior to this change, all email alerts were always marked high-priority.

5.1.b.20100604 - Optional Upgrade

Several small bug fixes and enhancements. Upgrade if you are experiencing any of the problems mentioned below.

  • Setup
    • Client-only and server-only distribution zips indicated management tools could be installed. Installation failed if attempted because the tools were not present. Setup now only offers tools if present in the distribution.
  • Manager
    • Removing Manager now also removes Monitor
    • Removed superfluous comma in Add/Remove Programs uninstall information
    • Settings pushed out using Reset Config now take effect immediately instead of after the next sync
  • Client & Server
    • Added resolved IP addresses to log output when time sources are specified by name
    • Added extra registry permissions check to CPL when invoked by Manager against a remote machine to give more sensible error message when access is denied
  • Audit Server
    • Fixed access violation in pre-audit sync report (only affected x86 versions)
    • Fixed report error that occasionally overstated the number of non-responders after an audit
  • Miscellaneous
    • Added check for possible invalid return from Microsoft Security API call to DTLockDn on some editions of Windows 7 (precautionary change only)
    • Added icons for Alt-Tab display and for 32x32 in task bar (only affected Monitor's CPL in the taskbar)

5.1.b.20100331 - Optional Upgrade

Minor new features, minor bug fixes, OEM changes, one new program, enhanced support for non-compliant NTP servers. Upgrade in order to use the new features, or if you are experiencing any of the problems.

  • Client & Server
    • Fixed problem on control panel applet with list of sources going missing if saved twice (apply then close or apply then change page)
    • Changed initial focus on log viewer window; made relaunch do a restore if viewer was minimized instead of closed
    • Changed minimum broadcast/multicast interval range to allow every 3 seconds (lower limit was 15 seconds)
    • Used ws2_32 header workaround for missing getaddrinfo (allows "not supported" on Win2000 instead of DLL failure)
    • Added more debug information to client discovery process
    • Added rebind process in case port 9909 tcp or udp can't bind on rapid restart of service
    • Added hypervisor and 2k8 guest detection on Windows 2008r2
    • Reworked interphase algorithms to increase range of corrections available
    • Added KNIGHT vs KNAVE detection and messages (debug info only)
    • Reworked DT2 transaction handler to prevent IPv6 host not found error after IPv4 failure
    • Corrected bug that prevented incoming signed DT2 broadcast/multicast from being recognized as signed
  • Manager and Audit Server
    • Zeroed ntp request packet's unused bits for Solaris compatibility
    • Added IP addresses to regular log file lines
    • Added additional ntp packet debug-only output
    • Added code to detect non-compliant and/or clock-not-set ntp servers so the alert status is preserved in audit summary
    • Added command prompt to the Utilities menu on Manager (opens in the Manager folder for easier access to Manager's command-line utilities)
    • Added workaround for MS update to CoInitializeEx that prevented some browse-for-folder operations and hyperlink clicks to fail (this is the only difference between 5.1.b.20100330 and 5.1.b.20100331)
  • DT Lockdown (dtlockdn.exe)
    • Added new program, DT Lockdown, to control service object security, executable security, and auditing.
    • DT Lockdown is an advanced command-line administrative tool. Please see documentation before using.
  • Miscellaneous
    • Fixed internal version marking on Client (was "DTServer" intead of "DTClient") - only present for MS reports or properties view; not used by our programs
    • Removed unused dtlogo.jpg from resources of Client
    • Fixed typo in log message - "event" spelled "evnet"
    • Added support to control panel applet for running while locked down with read-only permissions

5.1.b.20100330 - See above

One fix added to the 5.1.b.20100330 release; renumbered as 5.1.b.20100331 (see above).

5.1.b.20100114 - Optional upgrade

Additional minor bug-fixes and enhancements (Manager); fixed compatibility problem with Pentium II/III processors (all items). Upgrade in order to use the new features, or if you are experiencing any of the problems.

  • All components
    • Recompiled to remove dependency on SSE2. This change only affects machines with older x86 processors (primarily Pentium II or Pentium III, or older AMD processors, but specifically any Intel or AMD processor without full support for SSE2 SIMD extensions). On these processors, Domain Time components would either not run at all, or run but immediately give an exception and terminate. The clock timing algorithm was dependent on floating point support provided by SSE2. To accomodate older processors as well as modern ones, we moved the calculations to x87 FPU. Users with modern CPUs should see no difference in behavior, while users with older CPUs should see the programs working as intended. File sizes are slightly increased for x86 versions.
  • DTAlert
    • Fixed problem with clock window sometimes disappearing on startup
  • Manager
    • Fixed problem with template choice (for server installations/upgrades) not recognizing reversion to defaults
    • Made background image (watermark) visibility optional
    • Made left-hand pane sizeable (added gripper to move the split between right and left sides).
    • Added tag on status bar when showing synchronization status
    • Aligned status bar center section to move with sizeable pane
    • Persisted pane size
    • Fixed typo that said "1 networks" when only one network was detected (removed the "s")
  • Client & Server
    • Fixed problem with fresh installs using defaults instead of template settings for timings
  • DTClean
    • Taught how to stop Manager and DTAlert if running, so they can be removed without reboot
    • Added missing registry keys in list of keys to remove during cleanup
  • Audit Server
    • Changed default for Real-Time Alert listener to enabled

5.1.b.20100105 - Optional upgrade

Minor bug-fixes to Manager; minor enhancements throughout. Upgrade in order to use the new features, or if you are experiencing any of the minor bugs.

  • Server will no longer report 169.254.x.x IPv4 addresses in response to discovery requests
  • Client and Server will now recognize 169.254.x.x IPv4 addresses as "self" and not use them as time sources
  • Fixed command buffer truncation in DTCheck's discover command (truncation produced chopped-off IP address display)
  • Client auto-discovery now uses address from which discovery response came in addition to server's claimed address (to account for multiple routes)
  • Multiple cosmetic changes to DTAlert
  • Added DTAlert to DTTray menu options
  • Grouped DTTray menu options by category to make finding things easier
  • Added ability to download chime packs directly from DTTray
  • Removed Audit Server and Update Server from DTTray (in 5.1, these options launch Manager instead of separate control panel applets)
  • Manager license report refresh now performs a Verify to update licensing information
  • Fixed bug in 20091215 where closing the DTMonitor CPL would also close Manager
  • Fixed bug with Manager's custom templates not being applied to remote machines until after manual sync trigger
  • Fixed bug with Manager's custom templates occasionally not being found even when present
  • Fixed misspelling in registry parameter name on Manager ("soune warning" changed to "sound warning")

5.1.b.20091215 - Optional upgrade

This release includes some minor bug-fixes, but is composed mostly of enhancements and features that didn't make it into the first public release by the deadline. Upgrade in order to use the new features, or if you are experiencing any of the minor bugs.

  • Added DTAlert (Real-time Alert Viewer) program. DTAlert is an extension for Audit Server and Manager, allowing Manager's real-time alert display to be echoed to other machines. DTAlert can gather data from multiple Audit Servers and let you see your entire network's status alert status at a glance. DTAlert is a stand-alone program that requires only TCP connectivity to your Audit Server machines.
  • Added support for sending real-time alerts from individual machines to Audit Server via UDP as well as TCP.
  • Added "All Computers" view to Manager as an alternative to showing each computer within its domain hierarchy.
  • Audit Server can now optionally double-check (requery) machines that provide anomalous variance data during the scan phase. Scanning is inherently less precise than direct query, and by double-checking unexpected values, Audit Server can help eliminate false alerts and ensure the overall data collected is as accurate as possible.
  • Added optional sounds to Manager's display of real-time alerts.
  • Added ability for Manager to configure real-time alert reporting on individual machines or groups of machines.
  • Added expiration dates, registered status, and installation dates of various tools to Manager's license report. Because this information is only accessible by connecting to a remote machine, the information is updated only when Manager installs or upgrades the machine, or when Manager opens the machine's control panel. The information is not updated during Manager's verify function or during normal scans of the network.
  • Added automatic detection and correction of failures when the Remote Registry service is enabled but not running. If RPC control is available, admin permissions are verified, and the machine is otherwise reachable, Manager will now start the Remote Registry service (as long as it isn't disabled) and retry failing operations.
  • Fixed problem where Manager or other tools did not show up in license report after fresh install.
  • Fixed problem where removal of Manager did not clean up associated registry keys.
  • Fixed problem in Audit Server where alert emails for real-time alerts could be sent even if email alerts were disabled.
  • Fixed problem with Windows authentication on Windows 7 and 2008-R2 machines validating against a domain controller. Microsoft added a new DLL (logoncli.dll) to these operating systems, and moved some functions into this DLL from their traditional place in netapi32.dll, resulting in the inability of Client to authenticate requests if automatic discovery and negotiation was enabled.
  • Fixed problem where some menu items in Manager were unavailable (grayed out) incorrectly. This problem only appeared if Audit Server was not installed.
  • Added support to the patch programs for Manager's cross-platform files. The original patch programs only updated files in the same moiety, which meant the new Manager could be fully upgraded only by running its setup program.
  • Fixed problem with unnecessary registry values being created by several of Manager's tools. Only values which are actually needed are now created.

5.1.b.20091201 - First public release - (mandatory upgrade for beta-testers and pre-release users)

  • Removed requirement for Audit Server and Update Server to run as administrative users
  • Integrated Update Server into Manager
  • Finalized message format for real-time alerts (note: incompatible with beta versions)
  • Added test and auto-configure to real-time alerts
  • Added import/export of time sources on the main CPL
  • Added binary backup/restore to the import/export page of the main CPL
  • Added sample templates and additional help for templates
  • Changed evaluation period calculation to round up to the next whole day
  • Reworked several dialogs for clarity
  • A proper setup program is now included with all distributions
  • Added new manifest to setup program for Windows 7 compatibility
  • Updated dtclean to account for new/changed filenames

5.1.b.20091111 - Pre-release of Version 5.1 (partners and beta-testers only)

Version 5.1 represents a complete rewrite of all components, bringing together all existing enhancements, OEM features, customer requests, and new technology.

  • Full IPv6 support
  • Support for Windows XP, 2003, 2008, 2008R2, and Window 7, both x86 and x64
  • Manager can now install, upgrade, or control x86 or x64 computers, regardless of its own bittedness
  • Update Server can now now install or upgrade x86 or x64 computers, regardless of its own bittedness
  • Added IPv4 and IPv6 multicast support
  • Added SNMP reporting to individual clients or servers, and to Audit Server
  • Added syslog reporting to individual clients or servers
  • Control of Audit Server is now integrated directly into Manager
  • Remove dependency on MS Networking browse list; Active Directory enumeration uses LDAP
  • Full symmetric key authentication support for NTP or DT2
  • Server can provide Windows-authenticated NTP timestamps for computers running Windows Time in the NT5DS mode
  • Increased reporting and timesetting abilities to sub-milliseconds
  • Remove limit on number of servers
  • Added ability to sample each server multiple times
  • Significantly improved statistical analysis when choosing time servers
  • Added support for Windows Group Policies
  • Made DCHP server discovery more useful by repurposing option 004 to search for DT2 servers only
  • Added anticipatory leap second scheduling
  • Significantly improved phase adjustment detection and correction
  • Added interphase adjustments (to handle when the system's optimal clock rate falls between integral phase adjustments)
  • Significantly improved performance on VMs and Hyper-V
  • Increased customer control over slewing and stepping options
  • Complete revamp of all user interfaces
  • Added import/export of settings to control panel applet
  • Added high-precision API so third-party programs can benefit from Domain Time's interpolated time-of-day (see SDK documentation)
  • Added real-time reporting to Audit Server from clients or servers, with a real-time display in Manager


Next Proceed to the Planning page
Back Back to the Requirements page

Domain Time II Software distributed by Microsemi, Inc.
Documentation copyright © 1995-2019 Greyware Automation Products, Inc.
All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.