See the CHANGELOG.txt file
for changes specific to DTLinux.
DTServer
Fix for PTP master announce stepsRemoved field
when the registry NTP Server Stratum value is non-zero.
Audit Server
Changed display in audit reports from using
scientific notation to decimal representation (only affects very
small values; for example using 0.000050 instead of 5e-5).
Changed mechanism for obtaining reference time
when using "Use this machine's list of time sources" and the
audit machine is a PTP slave, to use the current PTP master's IP,
offset, and stratum instead of querying the list of NTP or DT2
sources. If the audit machine doesn't happen to be a PTP slave, then
the normal use of listed sources operates as before. This change
affects the Audit Server's log file as well as Audit Result reports.
Manager and Monitor
Same change as detailed above for Audit Server in regards to reporting
the source of the reference time.
Control Panel Applet
On the Obtain the Time/Correction Limits page, the Reset to Defaults button
was not resetting the excess latency checkbox or associate value.
Fixed production of zero-length ptpMasters.txt when the CPL's focus is
set to a remote machine. This only affects generation of file(s) for
inclusion in sending a Problem Report from the Support page.
All Products
Microsemi-branded versions of all products, including DTLinux: Changed to
remove Microsemi logo and replace Microsemi name and contact information
to Microchip (Microsemi's parent company).
5.2.b.20240101 - Optional Upgrade
Two minor fixes in DTCheck; one enhancement to Audit Server.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
Audit Server
Changed interpretation of Audit Server's
email subject lines (found at HKEY_LOCAL_MACHINE\SOFTWARE\Greyware\Domain Time II Audit Server\Logs and Alerts\SMTP)
to allow substitution variables %date%> and
%machinename%>to be replaced by the current date
and reporting machine (respectively).
DTCheck
Fixed invalid character in the -variance
report output display.
Changed default Internet leap-seconds.list
source from IETF to IANA (IETF no longer supports the leap
seconds list).
5.2.b.20230302 - Optional Upgrade
Two minor changes to alerting and logging.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
Client/Server Server
Fixed sending out "bounds exceeded" SNMP trap
on first correction after startup when the checkbox for ignoring
startup is checked.
Changed messages about virtualization changes (for
example, live migration) from warning level to information level.
5.2.b.20221031 - Optional Upgrade
One important fix for Audit Server.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
Audit Server
Fix for Audit Server's Daily Drift CSV report mistakenly
interpreting DTLinux drift records as milliseconds instead of
nanoseconds.
Domain Time Server
Changed default for new installations of DTServer in slave mode (domain hierarchy) to
not use Windows RID-based authentication.
Drift Graphs
Changed text on drift graph display to say "N/A" instead of "unknown" when the
phase adjustment is either inapplicable to the type of graph, or the value is
zero.
5.2.b.20220714 - Optional Upgrade
Fixed a problem with formatting multiple recipients when sending email to GMail (Google
changed its header parsing rules). Enabled support for software RX timestamps on Win11
and Win2022 (Win10 and Win2019 already have support in place). Added Remote Scan feature
to DTServer, which can be used by Manager and Audit Server on large segregated networks.
Other minor enhancements.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
Manager
Added section to the Network Discovery dialog allowing you to
specify Remote Scan options. Remote Scan works by contacting Domain Time Servers
on other networks and having them perform a broadcast/multicast scan on Manager's
behalf. The remote Domain Time Server(s) must be running version 5.2.b.20220414 or
later, and must have Remote Scan enabled. Useful in complex networks where broadcast
and multicast queries cannot reach remote subnets. A Domain Time Server positioned
on the remote subnet can return a list of nodes visible to it.
Audit Server
Audit Server inherits the Remote Scan settings described above.
DTServer/DTClient
Increased number of retries obtaining domain/forest information
to account for lazy network startup in Win10/Win2019 and above.
Added Remote Scan (DTServer only) functionality. This allows
Manager and Audit Server to gather network information visible to the remote
DTServer. Functionality is disabled by default. To enable, use the Control Panel
applet's Security tab. Click the Commands... button and tick
the box for Remote Scan. This box will only appear on versions
of Domain Time Server 5.2.b.20220414 or later.
DTCheck
Changed -resetserial and -reload
to allow operation via authenticated UDP transaction on Windows machines (instead of stopping and
restarting the service). This capability is already built into DTLinux and DTClient/DTServer,
but dtcheck only used it on Linux nodes.
Added -remoteScan function (see Manager and DTServer above). This
function lets you test a remote Domain Time Server for compatibility, and shows the
information it would return if used by Manager/Audit Server.
Enhanced -interfaces command to display the NIC
internal clock frequency (when available).
Enhanced -stats2 command to display the type of
timestamping supported.
5.2.b.20220322 - Optional Upgrade
Minor fixes and enhancements.
Miscellaneous
Added Windows display version (the same as winver.exe shows)
to logs and startup banners, e.g., Windows 10 21H1 (display version)
instead of Windows 10 2009 (actual version number).
Fixed problem with dialog box upper-left small icon "sticking"
to most recently used icon.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
Manager
Added update of license files when upgrading a DTLinux client via
"push" update from Manager.
DTServer/DTClient Control Panel Applet
Added support for specifying syslog port number to override the default target port
514/udp. You may add :n, where n is the desired port number. For example: 10.1.1.1:777 (IPv4 literal),
[2600:1f18::1]:777 (IPv6 literal -- brackets are required), or mysyslogger.my.org:777 (DNS name). In all of
these examples, syslog output will be sent to port 777.
Added support for "Do not change audit group"
to the dropdown beside the "Always audit this machine" checkbox. Requires Audit Server 5.2.b.20220111
or later to work properly.
NTPCheck
Added -rtt switch to show originate and terminate timestamps,
and display total round-trip time. Ignored if -raw is not also specified. Ignored
if output is either -json or -csv.
DTCheck
Fixed typo in -help text.
Eliminated requirement for Remote Registry service for certain
operations targetting the local machine (specified by providing no target,
using the machine's NetBIOS name, using the IP 127.0.0.1, or the IP ::1).
Removed test routines for obsolete bc635/637 PCI clock cards.
SDK
Added atomic copy to GetPTPStats() to prevent rare
race condition.
Updated comments inside APITest.cpp to demonstrate how to get
the full path/filename of the loaded DLL, and how to convert hectonanoseconds to
either microseconds or milliseconds.
5.2.b.20210930 - Optional Upgrade
Minor fixes and enhancements.
DTLinux
See the CHANGELOG.txt file
for changes specific to DTLinux.
DTServer/DTClient
Customer request: Changed PTP Telecom subscription failure messages from
warning level to debug level as long as at least one of the provisioned masters is responding.
This is a cosmetic change, to keep from filling the log with warnings about Telecom masters
that are offline.
Control Panel applet
Fixed problem with screen lag on Win10 when moving the
Control Panel applet around the screen and system Performance Options ->
"Show window contents while dragging" is checked.
Fixed misidentification of Domain Time Client as Domain Time Server
when service registry key permissions are locked down too tightly.
5.2.b.20210630 - Optional Upgrade
Support for Windows 11 and Windows Server 2022.
Added support for "short" SHA secrets (SHA1 fewer than 40 hex chars, SHA256 fewer
than 64 hex chars, or SHA512 fewer than 128 hex chars). The new minimum length is
20 hex chars (10 bytes), although we recommend that you use the full length for
each SHA key type. Compatibility Note: If you create "short" SHA secrets
and export them to an older version of Domain Time, they won't be recognized as
the proper type. Upgrade all of your machines, both DTLinux and Windows, before
implementing short SHA secrets.
Added SecureZeroMemory (Windows) and equivalent function (DTLinux) to ensure that
symmetric key secrets are erased from memory after use.
Changed group policy handling of secrets to allow "short" SHA keys. To implement,
you must add a comment after the secret. For example, if you want an SHA1 secret
of 907386b0dd548acaed8b (shorter than the standard 40 hex chars required for SHA1),
you would enter it in the policy as "907386b0dd548acaed8b # SHA1"
so that Domain Time knows to treat it as SHA1. Compatibility Note: You must
upgrade any Windows machines using group policy for key distribution before creating
any short SHA group policy secrets, or using comments in the group policy settings.
Audit Server/Monitor Service
Fix for recent change in Microsoft's permissions for the Windows\Temp folder, where these two
services save their SMTP queue files. Upgrade will move the queue folder outside the Windows\Temp
hierarchy, and grant explicit read access to the email.log file in the new folder location.
You can make this change without upgrading by changing the location of the SMTP queue to a folder
on a local drive, and setting the permissions to FULL for SYSTEM and Administrators, and READ for
everyone else.
Manager
Added File -> Upgrade Remote Server & Manager menu item. This new dialog allows you
to upgrade Domain Time Server, Manager, management tools, services and DTLinux files on a remote
machine. This convenience function allows you to upgrade your main Management machine, and then push
that upgrade to any other Manager machines. In the past, you had to run Setup directly on each Manager
machine to upgrade.
Added check for tombstoned records when you change Active Directory enumeration from
tombstone to purge. If any tombstoned records exist when you make this change, Manager will offer to
delete the tombstoned records.
DTLinux
Several enhancements and fixes; also new security options.
See the CHANGELOG.txt file
for changes specific to DTLinux.
All Components
Switched to custom PRNG for determining the pseudo-random sequence ID field of DT2 commands.
Removed SSL/TLS test on check-for-update functions if the operating system is earlier than
Vista/2008r2. Older operating systems cannot meet the TLS requirements of our website.
Resized stats structure to include delta values of less than 1 ms. This is the output you see
when issuing dtcheck -stats from the command line. Older versions of both DTLinux and DTWindows will continue
reporting only milliseconds until you upgrade them. All other reporting mechanisms are already in tenths of a
microsecond (Windows) or nanoseconds (Linux).
DTClient
Fixed bug that could make DHCP lookups fail on some operating systems. Also made DHCP lookups more
robust by sending both DHCPDISCOVER and DHCPINFORM messages.
DTServer
Changed DT2 and NTP to support incoming requests signed
with SHA256 or SHA512 keys (as long as the keys exist in your keyring, and are trusted).
Domain Time (as a DT2 or NTP client) is still limited to MD5 and SHA1.
Control Panel applet
Disallowed selection of "Windows Auth" from the authentication drop-down if you have selected
DT2-HTTP as the protocol. The combination of DT2-HTTP and Windows authentication has never been supported.
Changed right-click pop-up menu so that it only appears if you right click on a blank area of
the left-side of the Control Panel applet. Formerly, the menu would pop up no matter where you right-clicked.
NTPCheck
Allowed NTPCheck to use SHA256 and SHA512 keys as well as MD5 and SHA1. To use any form of
authentication with NTPCheck, you must run NTPCheck from an elevated command prompt.
5.2.b.20210331 - Recommended Upgrade
DTLinux is now in production status. Several updates and enhancements to Manger to support
DTLinux remotely. Several enhancements to various components and a few minor fixes as detailed
below.
Implemented mitigation for a potential security vulnerability in the check-for-upgrade functions
of Manager and DTTray. This vulnerability requires DNS hijacking and redirection to a look-alike
website, where a fake download could be provided. Credit to GRIMM for alerting us to this potential.
Audit Server
Fix for raising a Real-Time Alert when the Raise Alert... checkbox is unticked.
Added StandBy-mode synchronization of Manager's DTLinux and Backup folders.
Added ability for email subject lines to contain the date/time. Write to techsupport
if you need this feature.
Manager
Added log rolling to Manager's log file; default monthly, keep 12 old logs. Some
customers had set the log max size to zero (unlimited) but had not cleared the log in years, resulting in
multi-GB log files. You may change the settings from Options -> Manager Log File Settings.
Added ability to remote-upgrade DTLinux installations. You must be running version
5.2.b.20210130 or later on both DTManager and DTLinux. Further, remote-upgrade is disabled by default
in the dtlinux.conf file. You must set dt2Security:managerUpgrade to true before Manager will be
allowed to push the upgrade.
Added code to close Notepad windows showing temp files when Manager closes.
Customer request: Added optional startup password for Manager. When set, you must
enter the password before Manager's GUI display appears. You may set, change, or clear the password
from Option -> Set Startup Password.
DTDrift
Changed wording on text rendering of a drift file to say "corrections" instead of
"deltas" in the Clock Corrections section. The Clock Corrections section summarizes corrections (clock deltas
of >= 1ms), so the former wording could be misleading.
DTLinux
Moved DTLinux from beta status to production as of 31 Jan 2021.
Increased startup wait-for-IP-addresses time on Win10/Win2019.
DTServer
Fixed bug in stats display that showed HTTP hits by servers and clients in wrong order.
Added ability for DTServer to function as a DTLinux update source (for use as a local cache
if your Linux machines don't have Internet access). This option requires installation of Manager to function.
Deprecated the Domain Role of "Slave Time Server." The option is still available, but admins
should migrate to Independent Time Server for DCs not holding the PDC-emulator role.
Fix for DT2-TCP not restarting on IP address change.
DTClient/DTServer
Changed meaning of "TAI-UTC Offset Locked" registry entry to only apply the TAI-UTC offset
when the PTP master is using the PTP timescale. If the master is using the ARBitrary scale, timestamps are
presumed to be in UTC already, so no offset from TAI is applicable.
Eliminated warning message in log about syntax errors or untrusted symmetric keys if the
timesource is disabled.
Changed max delay between samples to 1024 milliseconds. It was formerly 16,384 milliseconds.
Control Panel Applet
Added checkbox to DTServer's Serve the Time page, Serve DTLinux Updates. There is a link
below the checkbox to test. DT2 over HTTP must be enabled, and Manager must be installed on the same machine
in order for this function to work.
Added warning when unchecking a symmetric key (i.e., setting it to untrusted) if any
timesource, including PTP authentication, is currently using the key number. This is a yes/no dialog box;
if you select No, then the key will remain checked.
Changed the list of keys to use for each PTP message type so that only trusted keys are
displayed. If you have untrusted (or deleted) a key formerly in use for a PTP message, that message's key
will be set to None.
Added DTLinux-format file import/export of symmetric keys.
Added machine import/export from/to DTLinux as well as Windows machines.
5.2.b.20210103 - Optional Upgrade
Removed old programs (NT Alpha, domtimed, WFWG) from all distribution zips. These programs are more than
a decade past end-of support.
De-Internationalized day name and month name in the log files, audit reports, and various displays,
in favor of yyyy-mm-dd hh:mm:ss or English month and day name abbreviations (depending on the display),
for continuity when reading logs or reports created by machines in non-English languages.
Retained locale-specific format in several places on the Control Panel applet. Added locale-specific
format to the status bar of the log file viewer.
Introduced Domain Time II for Linux (dtlinux). This is a full-featured NTP/DT2/PTP client for x86_64
Linux distros (little-endian Intel or AMD only, running in 64-bit mode). DTLinux may be monitored and
audited by Domain Time II Audit Server, and remote-controlled by Domain Time II Manager. N.B. DTLinux
is still in beta status, but has been tested successfully on CentOS7, CentOS8, RHEL 8.3, Ubuntu 18,
Ubuntu 20, Fedora 33, Mint 20, OpenSUSE Tumbleweed, and OracleLinux 8.3. DTLinux is distributed in three packages: DEB
for Debian and Debian-derived systems, RPM for RHEL and other RPM-based systems, and a TGZ, which is
distro independent. Please visit DTLinux
for more information.
Manager
Fix for refresh of single items on the tree side of the Domains and Workgroups
list. If favorIP was set, the database information would be refreshed, but the display would show
a tombstoned record.
Added support for the beta DTLinux client. (For security
reasons, remote install/upgrade/remove is not available for Linux.) On Windows 10 or Server 2019,
support for the Microsoft SSH client (you must install SSH from the optional features list).
Support for DTLinux templates, as well as remote configuration, problem report generation, monitoring,
and auditing.
DTDrift
Changed handling of the "SourceStratum" column when using the
-convert -csv option. Prior versions always showed zero (meaning unknown)
in this column, unless the drift files being converted were ones created by Audit Server.
All drift files now contain the source stratum information if available, so DTDrift
will display meaningful information in this column.
Fixed width of first column when using -convert -csv
without the -localtime option.
DTLinux
Ended private beta. First public release. Domain Time II for Linux (dtlinux)
is documented here, and is
included in the Starter Kit and Manager download zips. You may also obtain a copy from
the direct download folder.
Note: Although DTLinux is now available to the public, it remains
in beta status. Please test it thoroughly in your test environment before deploying to
production machines.
Drift Graph
Changed textual output from a grapical drift display to include
parenthetical microseconds to help users parse the value in more useful terms.
Added data point resolution to textual output (either nanoseconds
or 0.1 microseconds, depending on the data source).
Added StdDev (standard deviation) to textual output.
Changed display when you click on a dot in the drift graph to display
n nanoseconds, n microseconds, n milliseconds, or fractional seconds
(whichever is smallest). This makes something like "+0.000000021 seconds" appear as
"+21 nanoseconds," which is easier to read.
DTCheck
Changed -ptpStats output to show nanoseconds when operating against
a machine that supports nanos instead of hectos. Also added a parenthetical number of
microseconds to help users parse the values in more useful terms.
Added support for -resetSerial, -resetTimings, -logFile, and -problemReport
for DTLinux nodes.
Added metadata to files created using -driftFiles
DTClient/DTServer
Fixed ambiguity in the standard PTP best-master-clock algorithm to
recognize that "better by topology" should be used in master selection as if it were
"better" by other reasons.
Suppressed error message "Unable to retrieve the time; error 5: No time samples available"
when you have deliberately removed all external time sources.
Control Panel Applet
Changed "NetBIOS Name" to "NetBIOS/DNS Name" on the stats page. This
is useful primarily when connecting to a remote machine by IP address. The former behavior
would display the IP address if the NetBIOS name could not be discovered. The new behavior
performs a DNS lookup and shows the FQDN if the NetBIOS name is not available.
Internationalized text on the About page.
Log file viewer
Removed "Show Line Numbers" from the log file viewer menu.
Internationalized "Last changed on" line in the status bar. Removed
internationalization for month and day names within the log contents.
PTPCheck
Widened main display to give more room for node names and deltas.
Changed delta and delay displays from hectonanoseconds (1e-7) to
nanoseconds (1e-9) on main display to accommodate DTLinux, which reports nanoseconds. Replies
from Windows machines will show all 9 digits, but the last two will always be 00,
because Windows can only report 7 significant digits. Changed details display to say
n nanoseconds, microseconds, milliseconds, or seconds, with appropriate number of
significant digits.
5.2.b.20200930 - Optional Upgrade
Many improvements for isolated networks that want to use PTP only (i.e., no NTP or DT2 fallback or crosscheck
support). The Accept First PTP Timestamp option is now more robust, and, upon discovering a large divergence
during normal operations, you may choose to allow the machine to step the clock using only PTP sources. A PTP-only
configuration is sub-optimal, and our recommendation remains for you to make at least one NTP or DT2 time source
available for startup, fallback, and crosscheck.
Several small fixes and improvements. Upgrade if you are affected by any of the changes in the list.
Audit Server/Manager
Improved Manager's ability to manage time zones on remote machines using a different
national language edition of Windows (for example, managing a Japanese-language machine from a EN-US-language
machine, or vice versa).
Fixed bug in Audit Server that sometimes prevented Manager's Real-Time Alerts display
from showing current PTP status for machines. This problem only occurred when Real-Time Alerts were received
during an upgrade of the management tools.
DTServer
Changed the logic when using DTServer as a PTP master, but the admin has selected "Do not
set this machine's time," to allow PTP to send Announce messages using the values set by the admin. The former
behavior was to send Announces showing the time as degraded. This change helps in closed environments where
the admin wants all machines synchronized to the master, but has deliberately chosen to have the master itself
unsynchronized.
Improved calculation of residence time as expressed in the correction fields of Peer-to-Peer
delay responses.
DTClient/DTServer
Fix for setting time zone, either by push from Manager, or pull from DTServer by DTClient,
so that invalid entries generate an error instead of leaving the machine in a potentially inconsistent state.
Invalid entries are those whose Standard name doesn't match the registry key name, or those that exist on
the timezone source but not the consumer.
Changed log message about PTP with no backup sources from warning to status/info level
Changed log message about PTP running but no samples yet from warning to status/info level
Added logic to detect egregious PTP delay measurement results arising from use
of the canonical algorithms specified in IEEE 1588. This situation obtains primarily when the master and slave
differ significantly in frequency or time of day. If the actual measured round-trip time is less than the
algorithm-produced time, then the meanPathDelay will derive from the actual round-trip time.
Added registry DWORD setting Accept First PTP Sample Count to the Parameters
section. The default value is 3, and the range allowed is 1-15. Prior versions only examined the very first
PTP time sample when accepting the first PTP timestamp.
Changed behavior of Accept First PTP Timestamp to slew when within slewing bounds. This
function will step the clock if the delta is large, so continue to use it with care.
Changed behavior of Accept First PTP Timestamp to re-arm upon detection of resume-from-standby,
emerge-from-sleep, or a Clock Change Monitor trigger.
Exposed the Accept First PTP Timestamp option on the Control Panel applet, eliminating the need
for editing the registry manually. Note that you must either stop/start the service, or reboot the machine, in order
for the first PTP timestamp to be accepted.
Added support for resetting duplicate serial numbers by command from DTManager or DTCheck. This
avoids the need to stop/restart the service on the machine whose serial number needs to be reset.
Control Panel Applet
Fixed display glitch on Control Panel applet when moving entries up or down (reordering) in
a list of time sources. The resultant data was correct, but the display did not update the last field in the
list.
Fix to prevent dragging the Control Panel applet completely off-screen.
Added new entry, "Upon PTP large divergence," to list of conditions that allow stepping. This
is primarily useful for machines using only PTP without fallback NTP/DT2 time sources, and where the correction
needed is too large to accomplish by slewing. This option is disabled by default. NOTE: This setting does not
apply when using the Accept First PTP Timestamp option. Accept First PTP Timestamp will always step if
slewing is not possible.
5.2.b.20200630 - Optional Upgrade
Several minor changes, mostly at customer request. Upgrade if you are experiencing any of the bugs
described, or if you need the newer functionality.
Manager
Changed behavior of Manager's command-line IMPORT ADD function to set nodes to audited
whether or not they previously existed in the database. This conforms with the documentation, and makes
ADD the opposite of DROP (except that ADD will add nodes to the database if they don't already exist).
Added 0 (zero) to the list of audit groups that may be specified after the machine name/IP address
of Manager's command-line IMPORT ADD function. Formerly, only 1-8 were supported, corresponding to Audit
Group number 1-8. If you specify 0 instead of 1-8, then the node will be added but set to unaudited.
This is essentially the same as DROP, except that the node will be added to the database if it doesn't
already exist.
DTClient
Added IP address of responding DHCP server to debug mode log output, if DTClient is set
to use DHCP as one of its auto-discovery options.
Added REG_DWORD "DHCP Sample Count" to the Time Sources subkey. If DTClient is set to use
DHCP as one of its auto-discovery options, this value controls how many samples Domain Time should request
from each configured server. The valid range is 1-5. Changes to this registry setting take effect at the
next timecheck interval. You do not need to stop/start the service, or reload other parameters.
Added REG_DWORD "DHCP Sample Pause (ms)" to the Time Sources subkey. The valid range is
16-1024. This value controls how many milliseconds Domain Time pauses between samples of DHCP-discovered sources if
the DHCP Sample Count value is greater than 1. The default is 512.
Rearranged logic when DTClient is using DHCP as one of its auto-discovery options. As of
this version, if DHCP is selected, and the DHCP server responds with a list of one or more IPs, and if one
or more of those IPs provides a valid time sample when queried, DTClient will skip any non-DHCP discovered
time sources after that. If the use-last-known-good option is selected, DHCP-discovered servers will remain in the
last-known-good list, but used only if subsequent DHCP queries fail. If the DHCP-discovered sources fail, or
the DHCP server fails to provide a list, Domain Time will use the other configured discovery options as fallback
sources.
DTClient/DTServer
Improved performance when using the special Accept First PTP Timestamp registry setting. This option
should only be used in closed environments where PTP is the only possible source of time and the initial startup
delta takes an excessively long time to correct (i.e. if the motherboard CMOS clock is wrong). If no other time
sources are configured, PTP will step the clock to match the first incoming PTP sync timestamp. This
initial stepping will bring the clock into close enough sync for normal PTP operations to govern the clock.
It is no longer necessary to also untick the "Crosscheck with other sources" checkbox.
DTLockDn
Implemented workaround for dtlockdn /reset being unable to set registry key ownership
on Windows Server 2012r2 and Windows Server 2016. These two versions of the operating system have slightly
different requirements than earlier or later operating systems. If the workaround is invoked due to
2012r2/2016 restrictions, a warning message will appear in the output, and DTLockDn will continue if the
workaround is successful.
DTLockDn will no longer add read permissions for the well-known SIDs "Authenticated Users",
"Users", or "Everyone" if you have explicitly /revoked or set them to READ or FULL. Otherwise, DTLockDn will
add READ for Authenticated Users (if valid for your operating system), Users (if Authenticated Users is not
valid or already present) or Everyone (if neither Authenticated Users nor Users is present and valid).
Note that, on startup, Domain Time will always reset the permissions on the Keyring subkey so that access is
limited to SYSTEM and Administrators.
5.2.b.20200331 - Optional Upgrade
Several minor enhancements, including better performance using PTP with sync rates of less than one per second. You should
upgrade if your PTP master sends fewer than one sync packet per second.
Manager
Added dialog Options -> Network Options -> Name Resolution to let you choose how Manager
resolves names when connecting to remote Domain Time machines. By default, Manager and Audit Server first try the FQDN
(fully-qualified domain name), which is created by concatenating the Common Name (NetBIOS name) with the domain name.
You may change the name resolution method to either Common Name (NetBIOS name), or to DNS name.
Added option to specify an Audit Group number (1-8, inclusive) to Manager's command-line IMPORT function.
If no Audit Group is specified, Manager uses the default Audit Group for new nodes. For example, if your batch import file
contains Add NTP myntpappliance 3 then the NTP server called myntpappliance will be added to the NTP
list and placed in Audit Group 3.
Changed prompt on connection failure dialog from "Always use this name for locating this machine" to
"Always use this IP Address to locate this machine." The checkbox will be grayed-out if you enter anything but a valid
IPv4 or IPv6 address. This change reduces confusion by making the action of the dialog box match the internal workings
of Manager.
DTServer/DTClient
Fix for "TAI-UTC Offset Locked" registry variable not being recognized when acquiring a new master.
Improved synchronization performance when PTP master is sending packets less often than once a second.
Change PTP sync timeout to be twice the sync interval plus 1. This helps on networks that drop packets.
Increased depth of lookback buffer for UDP packet de-duplication. This helps on networks subject to UDP flooding.
DTCheck
Added -ptptest -showsequence subtest. This test watches for Announces
and Syncs from grandmasters and displays drops, repeats, and jumps in PTP message sequence numbers.
Fix for -swTimestamps returning faux error code when operating on remote machines.
5.2.b.20200101 - Optional Upgrade
Two minor fixes, several changes based on customer requests, enhanced PTP behavior with multiple Syncs per second.
Upgrade if you want the new functionality.
Audit Server
Changed validation range for PTP Monitor's Sync message intervals to allow for
more than one sync/second. This only affects the displayed values in Manager.
Manager
Changed default remote connection procedure to try the FQDN (if available) before
falling back to the NetBIOS name or IP address. Note that if you double-click a node's DNS Name, Manager
will try the DNS name first. Likewise, if you double-click a node's IP address, Manager will try the
IP address first. This change only affects how Manager behaves when you double-click a node's NetBIOS
name (the Common Name).
Allowed Manager's list display of node timezones to include non-English languages.
Added extra debug logging for errors/problems during LDAP machine enumeration. Also
added workaround code to retry LDAP queries that return "success" with zero entries. This situation only
occurs in very large domains with overburdened Domain Controllers.
Added registry parameter, "ICMP Required" (default true). You may set this to the English
word "False" to skip ICMP tests during connection. Some networks disallow ICMP echo requests. Note that setting
this to false may cause long timeouts or unexpected errors for machines that are offline or otherwise unreachable.
DTServer/DTClient
Changed critical section envelope when handling PTP delay measurement replies. This prevents
erroneous results when a boundary clock or grandmaster sends two replies to a single request.
Fixed typo in timezone display calculation that could produce UTC - offset instead
of UTC + offset. This error only affected the display of parenthetical UTC offset information shown
after the timezone name.
Fixed typo in PTP code that assigns significance values based on operating system level (only
affects not-yet-released versions of Windows).
Improved handling of more than one PTP sync per second.
Added NTP precision to startup log debug output.
Added checkbox to allow stepping the clock upon an IP change trigger. Unchecked by default.
Allowed Domain Time Server in the PTP multicast master role to send up to 64 sync packets/second.
This is solely for compatibility with SMTPE or 802.1AS slaves that mistakenly require a higher frequency of syncs.
In general, avoid setting the rate greater than one per second unless required by your slaves.
Changed Realtime Alert sending to use a queue and a low-priority persistent background thread.
This allows for multiple tries to send the data if the receiving server happens to be temporarily unavailable.
Added extra debugging (under "Uncategorized debug messages") to show retries and overall queue functioning.
DTCheck
Fix to allow -firewall:open and -firewall:close to work on Server 2019. This only affects DTCheck.
The code to automatically handle the firewall built into Server, Client, and Audit Server already works correctly.
5.2.b.20190922 - Optional Upgrade
One important fix for Audit Server's emails. Several minor fixes and additions, mostly at customer
request. Recommended upgrade if you are using Audit Server to send alerts or summaries by email; otherwise,
this release is an optional upgrade.
Manager
Added "Include milliseconds" checkbox on Daily CSV File Configuration dialog. If checked,
the timestamps written to the Daily Drift CSV file will include milliseconds. Note that millisecond data is not
available from collected DT2 or PTP drift records (.dt files), so the value shown will always be 000.
Also changed the Column Definitions dialog to show an example of the DateTime field according to current time and
choices selected (local/UTC, ISO8601/normal, with/without milliseconds). The former behavior only showed yyyy-mm-dd, etc.,
to indicate the format.
Changed right-click context menu for "Scan IPv4 Subnet..." to have consistent
behavior on Domain Time Nodes, NTP Nodes, and PTP Nodes.
PTP Monitor
Added PTP timescale and TAI-UTC offset (if known) to PTP Monitor's management message replies.
Also added real values for physical (MAC) address and IP address instead of placeholders. Corrected endian error
in PTP Monitor's report of the GM clockIdentity in response to the ParentDS query.
Audit Server
Changed date/time calculation for emailed audit summaries and alerts to avoid concurrency
problems. If you are using Audit Server to send email alerts or summaries, upgrading is highly recommended;
otherwise, this release is optional.
Added single quotation marks around font names containing spaces in emailed alerts and summaries.
Changed Daily Drift CSV file TimeSource field from "0000-0000-0000.0" to "Unknown" for
a PTP slave that either does not respond to the ParentDS management query, or is in the process of
becoming a slave and does not yet know its master's portIdentity.
Included PTP ports in the listening or faulty states in Audit log and the Daily Drift CSV
file as if they were slaves. A port that reports the listening or faulty state is clearly responding,
but just as clearly not providing meaningful synchronization status. Accordingly, the error messages
say explicitly if the port is in the listening or faulty state. A port in either of these two states
will eventually trigger the "if hasn't responded for n audits" alert trigger.
DTServer/DTClient
Changed startup's Network Wait to check for network adapter(s) in the "up" state.
If no Ethernet adapters are connected and no Wi-Fi is configured, there's no point waiting for IPv4
addresses other than loopback to appear. This change helps with air-gapped or otherwise disconnected
machines.
Changed reply to PTP management PortDS request to return stepsRemoved and offset
when PTP is enabled but not master or slave (e.g., in the faulty or listening states).
Change replies to PTP management requests that ask for timeSource, timeScale, or utcOffset
to provide valid values when PTP is enabled but not master or slave.
Added code to check for Windows 10, version 1903 or later, "Cellular Time" service. This
service obtains the time from a cell tower if you have a SIM card installed. If you have the Windows Time
drop-down set to NoSync or Disabled, Domain Time will also stop and disable the Cellular Time service.
Added code to disable Windows 10 Security Alert indicating that the Windows Time is not
running. The Windows Time service should (almost) never run when a third-party time service is controlling
the clock.
DTCheck
Added Firewire, Wi-Fi, ATM, and Tunnel type names to the -interfaces command's output.
Prior version only showed the interface type number for these types.
Miscellaneous
Customer request: Changed wording on drift graphs to say "aligned"
instead of "not corrected" when the delta was small enough to be fixed by frequency alignment
instead of stepping or slewing the time of day. The former wording could be interpreted to
mean that no action had been taken at all.
5.2.b.20190701 - Recommended Upgrade
Several ease-of-access additions to Manager. Improved symmetric key security on disk,
in the registry, and over the wire. One fix for Audit Server's Daily Drift CSV recording,
as well as more options for what to record, and more information in what's recorded.
Several customer requests fulfilled. Improved memory handling for DTClient/DTServer.
Deprecated several obsolete or unuseful registry settings and Control Panel options.
Several fixes for minor inconsistencies between settings in the CPL and actual behavior.
Additional support for PTP Authentication.
Important: If you are using a script to import Daily Drift CSV files into a SQL database,
you may need to adjust it to escape single quotation marks. See the last item under
Miscellaneous for details.
Manager
On startup, or if the DTServer keyring on the Manager machine changes while Manager
is running, Manager creates two special files called "Current Symmetric Keys.reg" in the Client and
Server Templates folders. NTFS security restricts these files to Administrators and SYSTEM only.
To change the information in these auto-generated templates, use the Control Panel applet for Domain
Time Server on the Manager machine and edit the keyring. (There are also "Compatible" versions of
these two files for use with older Domain Time machines that don't understand the syntax for
clearing a key's values before repopulating with information from the template. Manager will
automatically select the Compatible version when required.)
Added right-click option "Reset Keyring..." to the context menu in the Domain Time
Nodes list. If selected, Manager will update the keyring on the selected machines(s). The right-click
option will not be available for the Domain Time Server on the same machine as Manager, because it
is, by definition, already up to date.
Customer request: Added right-click option "Scan IPv4 Subnet..." to the context menus
on Domain Time Nodes and NTP Nodes. This option uses unicast to iterate all of the IPs in the IP/CIDR
mask you specify, to help add existing nodes that are not reachable by broadcast or multicast.
Customer request: Added checkbox to the Daily Drift CSV Configuration dialog labeled "Only
include error records." This makes the Daily Drift CSV an exception report (only errors, non-responding
nodes, or excessive deltas). Use this option with care if your industry requires compliance records
as well as exceptions.
Added Prev/Next buttons on the Configure Alerts dialog so you can scroll through all
Audit Groups without having to open each one separately. This makes it easier to compare or change
settings.
Customer request: Changed behavior when creating templates to include
the "Server Answer IP" REG_MULTI_SZ value (formerly prohibited from existing in templates because
this value may include machine-specific information). Entries in the Listen IP list that are commented
out (either with hashtag or semicolon as the first character), entries that specify a CIDR range,
or the entries "localhost" "127:0.0.1" and "::1" will all be exported to templates. IP literals,
either IPv4 or IPv6, and NetBIOS or DNS names will be excluded from the export.
Added loop detection during setup of Standby mode, so you can't have two Audit Servers
in Standby mode to each other, or one in Standby to itself. Also added warning for Standby chains
(Node A in Standby to node B, which is in Standby to node C). Multiple Standby servers are permitted,
but each should work from the same primary node rather than chaining.
Fix for right-click Refresh on the tree (left-hand) side of Manager's Domains and Workgroups
section when refreshing a single machine instead of a domain or workgroup. The former behavior displayed an
error message instead of refreshing the chosen item.
Fix for Manager not always setting the "Service Installed" registry value to True when a local
service (Audit Server, Monitor, or Update Server) is first installed.
Audit Server
Added wait for network startup immediately after reboot. New editions of Windows 10 and
Window Server 2019 both allow services to start before TCP/IP is initialized, even when the services have
a dependency on TCP/IP. Also added a delay before starting PTP Monitor after service restart. The delay gives the
network a chance to settle.
Added synchronization of Manager's template files when Audit Server is in Standby mode.
Changed text log defaults to Roll Daily, preserving 31 old logs. The former default was to
roll never with no maximum size, leading to a potentially huge log file. This change only affects new installs.
If you already have Audit Server installed, we recommend that you either set a maximum size, or change the
roll selection to Daily, Weekly, or Monthly.
Corrected flaw in Daily Drift CSV recording where deltas exceeding the Audit Group limit were
only being recorded as errors when the data source was from an audit. Normal DT2, PTP, and NTP drift records
were not being flagged when collected by the background collection process.
Added Audit Group name to error description in Daily Drift CSV files. The former behavior
was to report "Delta of -0.0001332 seconds exceeds alert limit of 100 microseconds", whereas now it will report
"Delta of -0.0001332 seconds exceeds 'Production' alert limit of 100 microseconds" -- note the insertion
of the Audit Group's name, surrounded by single quotation marks, whose limit was exceeded.
Added choice to make the Daily Drift CSV an exception report instead of containing all
records. See the Manager section above.
Corrected rare race condition which could lead NTP data collection into yielding error 13913
(Packet sequence number replay check failed) instead of 1901 (Clock not set on server).
Changed PTP Monitor's IPv6 enable/disable to dynamic. The former behavior required you to
disable/reenable PTP Monitor for changes to take effect.
Significantly enhanced PTP Monitor's ability to track measured grandmasters. A measured grandmaster
is one that doesn't report zero stepsRemoved from its source (always measured), or one with zero stepsRemoved when
you have "Measure all grandmasters to discover deltas" selected.
Added option "Exclude PTP grandmasters with zero stepsRemoved and zero deltas" from Daily Drift
CSV files. If you are not measuring grandmasters with zero stepsRemoved, all of the data points in the Daily Drift
CSV will have deltas of zero. Since one data point is created per Sync (or Sync/FollowUp pair), this can lead
to a significant size burden on the CSV files.
Changed collection of DT2 drift data and DT2 audit stamps to use (a) the fully-qualified
domain name if the node is domain joined; then (b) the NetBIOS name; then (c) the last-known IP address.
Also added an ICMP "ping" prior to trying to connect via TCP to retrieve drift data to any of the above.
This helps reduce long timeouts if a Domain Time node is truly offline.
DTServer/DTClient
Added handling of broken PTP masters where the E2E delay responses have zero in
the receiveTimestamp field.
Replaced log references to "PTP Security" with "PTP Authentication" to conform with
current draft of PTP v2.1.
Allow PTP IPv4 for port 127.0.0.1:321 even when Network Settings specify IPv6 only.
Changed time source lookup methodology. See first item in the Miscellaneous section below
for details.
DTServer: Disallow serving PTP via IPv6 multicast when Network Settings specify IPv4 only.
Added rejoin multicast groups when IP address list changes, even when bound to all IPs.
Added ability to require PTP successful authentication. If this option is selected, only
grandmasters that correctly sign Announces with a known SPP and symmetric key will qualify for the
Best-Master-Clock algorithm. Use this option with care, as it will disqualify all PTP v2.0 grandmasters
(including Boundary Clocks) and all PTP v2.1 that aren't sending correctly-signed Announces.
DTServer: Fix for DT2/NTP broadcast/multicast not sending on the tick.
Discontinued PTP duplicate node check using IPv6. New versions of Win10 and Windows Server 2019
will report TCP/IP is up and running before adding statically-provisioned or DHCP IPv6 addresses (only the FE80::x
address(es) will be present until anywhere up to a minute after IPv4 addresses are configured).
DTServer: Fix for not showing HTTP responses in the CPL's activity monitor.
Significantly improved memory handling by pre-creating I/O buffers and re-using them. This
provides increased performance for I/O operations, and reduces heap fragmentation.
Customer request: Changed error message to a warning when Domain Time is not able to finish
checking the firewall rules due to a pending service shutdown.
Changed check reason for first PTP data point to "Startup" in the PTP drift log. Also added
check reason "Power Resume" for the first check after resuming from hibernation. These changes make it easier
to understand the PTP drift log.
DTServer: Added clockClass 80 (QL-PRS, PTP timescale) and 86 (QL-ST2, ARB timescale) for use when
acting as a PTP Telecom master. Some Telecom slaves only recognize values in the ITU-I G.8265.1 or ITU-I G.8275.2 range.
You should continue to use clockClass 6 (Grandmaster, PTP timescale) or 13 (Grandmaster, ARB timescale) unless
you have a specific need to change.
When Manager pushes an update registry file to a remote machine, the receiving Domain Time node
normally renames it to DTUpdate.reg.yyyymmdd-hhmmss.txt and leaves it in the system32 folder for a history of
when updates occurred and what changes were made. As of this version, if the DTUpdate.reg file contains symmetric
key information, the renamed file will have the symmetric key contents redacted.
Deprecated the never-used separate listen IPs for DT2, NTP, and PTP. Domain Time uses only
the "Server Answer IP" value in the registry.
Deprecated the "RecvMsg Enabled" registry value; this has not been used since before Windows XP.
The value will be ignored if present. Domain Time always uses WSARecvMsg instead of WSARecvFrom.
Deprecated the "UDP Connection Reset Enabled" registry value. This setting was introduced in
2012, and there is no reason to ever turn it off. The value will be ignored if present.
Expanded debug info for Multicast/Broadcast client mode to include the packet type, source,
and authentication.
Changed debug details from "Network UDP pending receive counters" to "Network sockets
and pending receive counters." The counters include all pending I/O and the total number of currently-opened
sockets.
Changed Denial-of-Service protection to use a dynamically-sized array, and to include both
IPv4 and IPv6. Prior versions only supported DoS from IPv4 addresses.
Changed template import/export behavior to correspond to the changes described above in the
Manager section. Changed the pop-up explanation when selecting a list of IPs to explain how the values are
treated during export or import.
Changed security Alternate Profile to reload dynamically when the access masks/IPs are changed
in the CPL. The former behavior required a service restart for mask/IP changes to be recognized.
Customer request: Added ability to suppress creation of shortcuts in the All-Users startup
menu. This is controlled through a registry setting. For Client, the key is HKLM\Software\Greyware\Domain Time Client\Parameters,
for Server, the key is HKLM\Software\Greyware\Domain Time Server\Parameters. If you are editing
the installation template, locate the Parameters section and add a new entry if it doesn't already exist: "SuppressShortcuts"="True".
This will prevent the shortcuts from ever being created. If you want to remove the shortcuts from a previous
installation, edit the registry and add (or edit) the REG_SZ (String) value named SuppressShortcuts and
set its value to the English word True. When the service restarts, it will remove the shortcuts.
Control Panel applet
Fixed display on the PTP Status dialog that indicates smoothing options in effect.
Added time since last sync in the PTP Masters dialog (only shown if the sync interval has expired).
Added code to let the Refresh button on the Local Broadcast Sources dialog's Refresh signal Domain Time
Server or Domain Time Client to update its list immediately when controlling the local machine. Remote machines,
or previous versions of Domain Time may take anywhere from a few seconds to a full minute before the list is refreshed.
Added checkbox "Auto-extend ban if abuse continues while IP is banned" to the Denial of Service page.
Deprecated and removed checkboxes for Use smoothing for meanPathDelay,
Use smoothing for delta calculations, and Coalesce PTP samples separately.
These checkboxes should never be unchecked, so having them on the main PTP options dialog presented unnecessary confusion.
The corresponding registry values still exist. Upgrading will ensure that all three values are set to "True" but you
may change them afterward if you have a specific need.
Changed PTP checkbox for Reject unsigned Delay Responses to disabled if you are not signing
outgoing E2E or P2P delay requests. PTP v2.1 is ambiguous on whether or not a master should sign responses if
the corresponding request isn't signed. If you select a key to sign outgoing Delay/PDelay requests, the checkbox
for rejecting unsigned responses will be re-enabled.
Changed PTP checkbox for Prefer signed Announces to a group of radio buttons: Select best master
by quality, Prefer signed Announces, and Require signed Announces. Added a warning dialog if you choose anything
other than Select best master by quality.
Added "Time at Server" in UTC and in local time zone to the output of the source test dialog.
Added "Reset to Defaults" button to the Security Denial-of-Service page.
Added prompt text to the Unicast Time Source Configuration dialog to reflect the new
option of specifying either IPv4 or IPv6 (explained in the Miscellaneous section below).
Added support for comments after entries in the Listen IP list and in the
PTP best master list. Comments are defined as text following a hashtag or semicolon. (If the hashtag
or semicolon is the first character, the entire line is considered a comment.) For example, you may use
this syntax:
192.168.33.0/24 # main network
172.16.13.4 # backup server
Comments in the lists (other than commenting out an entire line) are not backward-compatible with previous
versions of Domain Time, so don't use them in templates until all of your machines have been upgraded.
Changed default IPv4/IPv6 multicast TTL/Hopcount from 4 to 8. This will only affect new
installs unless you click the Reset to Defaults button on the networking page.
DTCheck
Added time since last sync to the -ptpMasters output.
Changed output from -leapFile to show yyyy-mm-dd 23:59:60 for clarity.
Added [machine] -stats2 option to show statistics related to NDIS operations,
denial of service info, socket count and allocations, and general packet accounting. May be used with a DNS name or
IP to retrieve statistics from a remote machine. Domain Time nodes dated 2019-03-31 and earlier will reply with
error 50 (request not supported).
Added [machine] -blockList option to show list of IPs currently blocked by
Denial-of-Service protection. Use dtcheck -help to see the options.
Added Prefer Signed and Require Signed to -ptplist -keyset output.
Added [machine] -swTimestamps option (requires an elevated command prompt) to display
which network adapters, if any, are configured to use NDIS software timestamping. May be used with a DNS name or IP to
view/change settings on a remote machine. You may use -swTimestamps:Enable to enable software
timestamping on all eligible adapters, or -swTimestamps:Disable to disable software timestamping
on all eligible adapters. You must stop/restart the network adapters for changes to take effect. For finer-grained
control, you may use Microsoft's Powershell script from PowerShellGallery.
As of this release, only Windows 10 version 1803 or higher, or Windows Server 2019 support NDIS software timestamping.
Note: Eligible adapters are ifType IF_TYPE_ETHERNET_CSMACD (ethernetCsmacd, see
RFC 3635) only. Wi-Fi, Bluetooth, Kernel debug, WAN Miniport, and VPN
adapters, even if marked as IF_TYPE_ETHERNET_CSMACD, are not supported.
NTPCheck
Corrected display when the source's time differs by more than 68 years from the
clock on the machine issuing the test.
PTPCheck
Added Master Monitor. This dialog shows all current masters and their sync timestamps,
regardless of domain. Useful primarily for determining if more than one active master is on your network, and if
they are serving the correct time-of-day.
Expanded values from Meinberg's NetSync Monitor test.
Added Prefer Signed and Require Signed flags to 0xDEED (KeysetProperties) output.
Changed default for Multicast TTL and Boundary Hops from 4 to 8.
Allowed PTPCheck access to the keyring if running elevated. This permits validation of
PTP Authentication. When run without elevation, PTPCheck can only report Authentication
presence and parameters, not whether or not the keys actually match.
SDK
Updated sdk.doc to explain how Domain Time uses GetSystemTimePreciseAsFileTime() on
Win8/2012 and newer operating systems, corrected one documentation error, and added documentation of
the new SDK functions.
Added GetSDKDLLVersion() function to the SDK DLLs. This function will only exist in versions
5.2.b.20190401 or later.
Added GetPTPStats() function to the SDK DLLs. This function will only exist in versions
5.2.b.20190401 or later. Documentation for GetPTPStats() is included in dthres.h and in sdk.doc. If you
plan to use this new function, either make sure you have upgraded your SDK DLLs to the current version, or
load the DLLs dynamically and use GetProcAddress() to test for the presence of the function.
Added APITest program to SDK examples. The source code is heavily documented to demonstrate
how to load the SDK DLL dynamically and use the new GetSDKDLLVersion() and GetPTPStats() functions.
Miscellaneous
Changed lookup for NetBIOS and DNS names to first check for IPv4, and only use IPv6 if
the IPv4 lookup fails. (If you use an IP literal, Domain Time will use the protocol family associated with what
you entered, and the information in this section does not apply.) To force a NetBIOS name or DNS name to use
either IPv4 or IPv6, enter either Ipv4 or IPv6 anywhere in the comment field. For example,
if your source is specified as "ntp.conteso.com" without specifying either IPv4 or IPv6 in the comment field,
Domain Time will first try to resolve the name using IPv4. If that lookup fails, Domain Time will try to
resolve the name using IPv6. If, however, you put either IPv4 or IPv6 in the comment line, Domain Time
will look up ntp.conteso.com's IP address using only the family you specify.
Corrected import of .reg files containing REQ_QWORD values. Earlier version of Domain Time
may incorrectly interpret this kind of data, or throw an error. Added explicit exception handling to
explain this error if it occurs in future versions of Domain Time.
Added support for SHA512 keys (128-byte hex string, corresponding to a 64-byte key).
This option is reserved for future use. You should not create SHA512 keys. If an SHA512 key exists in
the keyring of an older version of Domain Time, it will be (mis)interpreted as a very long MD5 key.
Added more advanced encryption of symmetric key secrets using an abbreviated Diffie-Hellman
exchange as well as a checksum, used when Domain Time Server in the Slave role retrieves secrets from
Domain Time Server in the Master role. For best over-the-wire security, upgrade all of your Domain Time
Servers to this version. Older versions will use a weaker encryption method.
Tested year 2036 rollover for NTP timestamps, and year 2038 rollover for 32-bit Unix
timestamps. Verified that NTP will work with years 1900-2104, and that 32-bit Unix timestamps will work
correctly with years 1970-2106. Calculations using Domain Time (DT2) timestamps work correctly with
years 1601-30828, although the Windows SYSTEMTIME structure cannot accommodate years beyond 65535,
and, using any timestamp format, cannot represent years greater than 9999. Note that built-in sanity
checks will not normally accept a timestamp whose year is less than the build year of Domain Time, or
greater than 2036. This is to prevent accepting wildly-incorrect time from misconfigured sources.
If you need to run progression testing by accelerating the time beyond year 2036, contact techsupport
for instructions.
Changed default for programs using SMTP with TLS to ignore CERT_E_WRONG_USAGE errors
when checking the certificate chain, primarily for backward compatibility with Win7 and earlier versions
of the OS that cannot verify extended certificate chains reliably.
Fix for Meinberg NetSync Monitor extensions (MTIE request) returning the Valid member
set to false if all corrections within the MTIE window were within the machine's local timer resolution.
Changed PTP timeSource of 0x20 to display as "GNSS" instead of "GPS" to conform with
1588 v2.1 nomenclature. GNSS is a more generic term including GPS, GLONASS, Galileo, Beidou, and others
using satellite positioning/timing services.
Changed all mentions of Audit Group names in reports, alerts, and CSV files to include
single quotation marks around the names. Audit Group names allow embedded spaces, which can make automated
parsing difficult. For example: Trading Desks will now show up as
'Trading Desks'. Care should be taken if you are importing files into a SQL database,
since single quotation marks must be escaped in many SQL dialects.
5.2.b.20190331 - Optional Upgrade
Added preliminary support for PTP Authentication. Several other minor enhancements mostly
at customer request. One important fix for the SDK DLLs. Upgrade if you want the new functionality.
The PTP v2.1 specification is still in committee, and support for any v2.1 capabilities may
need to be updated in future editions of Domain Time. Please see the Domain Time PTP Authentication knowledgebase article
for a detailed discussion of how Domain Time implements the v2.1 specification.
Audit Server/Manager
Customer request: Added pop-up explanation when starting Manager if another instance of Manager is already
running in another session. Only one instance of Manager is allowed at a time.
Customer request: Allowed port number in SNMP target string. Examples:
snmp.conteso.com:1214 or [2002:410:1:1:2a0:69ff:fe01:b0f4]:2444.
If the port number is not specified, the default SNMP trap port of 162 will be used.
Customer request: Added "Omit non-responding machines from reports and alerts" checkbox
to the Configure Alerts dialog. This checkbox prevents offline machines from generating a warning in
Audit Results, Daily Reports, and log files, and is only enabled when the "An audited machine fails to
respond for ___ or more audits" checkbox is unticked.
Changed PTP Monitor's initial multicast sweep to request CurrentDS as well as PortDS.
This helps ensure, when using hybrid mode, that slave nodes incapable of unicast will show their current
offsets (see next item).
Added Multicast-Only mode for PTP Monitor sweep type. Previous versions let you
toggle between Hybrid and Unicast-Only. Hybrid mode is the default (initial messages sent by multicast,
follow-up messages sent by unicast). However, this functionality is controlled by PTP Monitor's general
settings, where you may choose to send follow-ups either by multicast or unicast. Hybrid mode has
therefore been renamed Normal Mode. Unicast-Only mode is for Telecom nodes, and is unchanged from
previous versions; all messages are sent by unicast. Multicast-Only is new. It will be grayed-out
if your general settings are to use multicast for all messages. If your general settings are set
to hybrid mode, then the Multicast-Only will be enabled, and, if selected, will cause PTP Monitor
to use multicast for all messages to the selected node. This is useful if most of your nodes will
respond to unicast, but a few of them will only respond to multicast. You may change just those
nodes to use multicast while still using hybrid mode for all other nodes.
Added Delay Type to the right-click context menu for a PTP master. This lets you explicitly
set either Peer-to-Peer or End-to-End for each master. If a master responds to management queries,
the delay type will automatically be correct. For masters that don't respond to management queries,
or who advertise an unexpected value, this lets you change types. Note that masters that DO respond
to management queries will always set the delay type back to whatever the master claims to be correct.
Fixed problem with Manager not saving the Domain List for Update Server if you never
click OK on the Domain List dialog.
Added column to PTP Monitor's display showing PTP Authentication (if any) attached
to incoming announces.
Added PTPCheck to right-click menu on the PTP Monitor page. This invokes PTPCheck
using the IP and domain for the selected item. Useful for testing whether or not a node responds
to PTP management messages.
Fix for case where LDAP credentials may fail to save/load properly if special
characters are part of the username or password.
Fix for Audit Server not recognizing change in DST until after the next-scheduled
audit runs.
Grayed-out audit group drop-down on the Add Node dialog when Audit Server isn't
installed.
Removed base64-encoded password from SMTP logs (it will show {password} instead).
Although the SMTP log folder is protected with NTFS permissions by default, an admin could inadvertently
make the folder readable by ordinary users.
DTMonitor
Several internal efficiency enhancements.
DTReader (Audit Results Viewer)
Added Audit Group column to the main display.
DTCheck
Changed -leapfile to allow HTTPS or HTTP. The default leapfile source is now
https://www.ietf.org/timezones/data/leap-seconds.list and is no longer retrievable by HTTP. Because
IETF removed access by HTTP, versions of DTCheck prior to this will not be able to obtain the list.
Expanded the -ptpMasters output to show PTP Authentication (if present).
Added -keyset parmameter to -ptplist command. The output shows which KeyIds
(not the keys themselves) in use by each responding Domain Time node.
Changed -monitorSTA output to only show changes in the system time adjustment,
and to summarize observed changes/second when monitoring finishes.
DTAlert
Customer request: Added hh:mm:ss.mss format for time display of the on-screen clock.
DTServer/DTClient
Customer request: Allowed port number in SNMP target string. Examples:
snmp.conteso.com:1214 or [2002:410:1:1:2a0:69ff:fe01:b0f4]:2444.
If the port number is not specified, the default SNMP trap port of 162 will be used.
Added support for SHA256 keys and a Security Parameter Pointer (SPP).
These keys and the SPP are only used with PTP Authentication. In order for Authentication
to work correctly, you must set the SPP either to zero (wildcard) or to match the grandmaster's, and also import the
SHA256 keys corresponding to each message type.
Added support for rejecting unsigned (or incorrectly signed) messages
when using a PTP v2.1 grandmaster that supports Authentication. Outgoing Authentication
may optionally be attached to E2E Delay Requests or P2P Delay Requests.
Added new debug category "PTP Authentication details" which is useful
for diagnosing problems with Authentication TLVs.
Fixed bug that could, in rare circumstances, cause PTP to use unicast for
delay measurement transport when multicast was explicitly selected.
Changed default for running the multimedia timer at maximum resolution to
false for operating systems Win8/2012 and newer. This change only affects new installations.
You may regain the former behavior by setting "Critical Timing Period Adjust" to True in the
registry.
Deprecated "Critical Timing Uses Kernel Interpolator" registry setting. The
kernel interpolator is always used if present.
DTServer
Added support for appending Authentication TLVs to outgoing
Announces, Syncs, E2E Delay Responses, and P2P Delay Responses.
Added support for being a two-step PTP master.
Added over-the-wire encryption for secrets exchange between Master and Slave
during settings replication.
Control Panel applet
Added support for creating/editing SHA256 keys, and for choosing which SHA256
keys to use with PTP authentication.
Fixed inconsistency that could inadvertantly change check intervals when
switching the focus of the Control Panel applet from machine to machine.
Removed "Continously Variable PTP" checkbox from Advanced timings. Beginning
with this version, PTP phase adjustments are always continuously variable.
PTPCheck
Added compatibility for PTP v2.1 nodes that don't reply to v2.0 queries.
Added PTP version and PTP authentication information. Because PTPCheck does not
have access to the secure keyring on the machine, it cannot authenticate the messages,
but it can show the SPP and KeyId used to sign a v2.1 message.
Added 0xDEED "KeysetProperties" to list of management messages. Only
Domain Time nodes will respond to this query. The output shows the KeyIds (not the keys
themselves) in use by each responding Domain Time node.
SDK
Fix for GetDomainTimeAsFileTimeMonotonic() when running with kernel
interpolation enabled (the default for Win8/2012 or newer). If you are using this
function, you should replace your existing DLLs with the ones from this version.
Miscellaneous
Updated textual copyright notices to say 1995 through 2019.
Updated group policy template domtime.adm to include settings for
PTP authentication processing.
5.2.b.20190101 - Optional Upgrade
Several minor enhancements, mostly customer requests. Upgrade if you want the new features.
DTDrift
Customer request: If run under non-admin credentials, no longer prompts for elevation
when viewing the Raw Data text file.
DTReader
Customer request: If run under non-admin credentials, no longer prompts for elevation
when viewing the Raw Data text file.
NTPCheck
Added "NDIS transit delay" to -raw output. This line will be present only
if software timestamps are enabled for the interface used to process the NTPCheck command.
If present, the line indicates the number of hectonanoseconds (10ths of a microsecond) the
reply took to transit the NDIS layer of the network stack.
DTServer
Changed clock-change monitor behavior if (a) server is configured to serve the
time without verifying its own clock first, and (b) clock-change monitor is also enabled. The prior
behavior was to ignore the clock-change monitor checkbox on the CPL, and not start the monitor
if no sources were configured (since the monitor won't be able to fix any changes made by other
processes). The new behavior is to start the monitor anyway, to produce behavior that correlates
with the CPL settings. If admins don't want errors or warnings in this situation, they can uncheck
the clock-change monitor box on the CPL.
DTServer/DTClient
Added checkbox "Enable Trend Filter (recommended)" to PTP configuration dialog.
The default value is checked. If unchecked, Domain Time will not include trend data in the clock
steering mechanism. Uncheck this box only if your machine is extremely stable (i.e., normally has
an average delta of only a few microseconds).
DTAlert
Customer request: Added right-click "Synchronize this node" to Alert Viewer's list
of nodes if the mouse is over a node. Right-clicking on an empty area of the list still brings up
the standard configuration menu.
Changed the Always-on-Top behavior to avoid switching focus to the clock display
when the list of nodes is showing.
Misc
Updated copyright notices to reflect 2019.
Updated patent pending numbers to reflect new filing.
Deprecated the never-used GetDriftRecord DT2 command.
Eliminated unnecessary QueryPerformaceCounter() calls in some DT2 calculations.
Changed Driver Timestamps output in DTServer/DTClient text log to use the adapter's "friendly" name
instead of its generic name. The friendly name will appear in quotation marks, followed by adapter name as shown
in the device list.
Switched log file output routines to use RAII for critical sections.
5.2.b.20181111 - Optional Upgrade
Preliminary support for software timestamping (at the NDIS layer) on Windows 10 and
Windows Server 2019 (see section below). Significantly enhanced PTP self-tuning on
Domain Time Server and Domain Time Client. Several other small changes and fixes.
Upgrade if you want the new features.
Software Timestamps (beta support only)
Enabled preliminary support for software timestamps on Windows 10
and Windows Server 2019. Software timestamps account for latencies
within the NDIS portion of the network stack. Software timestamps must be enabled
per adapter before Domain Time can take advantage of them. You may use
dtcheck -interfaces or dtcheck -adapters
to see which adapters have software timestamps enabled.
Software timestamping at the NDIS level is not yet fully supported or documented by
Microsoft, so support for this feature may change as the API changes. See
SoftwareTimestamping
for a Powershell script to enable/disable/query software timestamping. It remains unclear whether software
timestamping will be included in the forthcoming update for Server 2016. Since this feature is not yet
fully documented by Microsoft, Domain Time will not enable or disable software timestamping for you.
Audit Server/Manager
Preliminary support for software timestamps on Windows 10/Server 2019.
Changed delta calculations for Domain Time nodes that respond, but have not
set their clocks (no sources defined, all failed, test mode enabled, etc.) to use the calculated
delta. The former behavior used either zero or the last-known delta, forcing admins to also check
the time-since-last-set value to know whether or not the delta was fresh.
Fix for Manager not displaying newly-added NTP Nodes if Audit Server is not
installed.
DTServer/DTClient
Preliminary support for software timestamps on Windows 10/Server 2019.
Self-tuning enhancements for PTP continuously-variable clock steering.
Changed to ignore domain cascade triggers if PTP slave.
Changed handling of PTP time samples if the rate is greater than 1/second.
Customer request: Changed Accept First PTP Timestamp to
disregard date entirely and step to match first received PTP timestamp. This option remains for
highly-specialized environments, and its use is discouraged.
Control Panel applet
Added checkbox to the Advanced tab for controlling use of software
timestamps. This checkbox will be grayed-out unless the operating system is Windows 10/Server 2019 or
later. If you have configured software timestamps on an adapter, and this box is
checked, then Domain Time will use them.
Customer request: Changed PTP Status label from "Raw Offset" to "Current Offset"
to prevent confusion.
DTDrift
Fixed typo on drop-down scale of drift graphs.
Fix for drift graphs reporting incorrect average interval between data points
when there is more than one data point per second.
Added 0.0000000 instead of "None" if the largest positive
delta was zero.
5.2.b.20180805 - Optional Upgrade
Change for delta calculation when using DT2-UDP or DT2-TCP over high-latency connections. Version
5.2.b.20180801 introduced significantly increased precision of delta measurements on fast local
networks, but neglected to compensate for networks with high latency. Upgrade if you are using
DT2-UDP or DT2-TCP over Internet or WAN connections.
5.2.b.20180801 - Optional Upgrade
Support for Windows Server 2019. One major addition (allowing DTServer to become a Telecom master),
and one major enhancement (allowing Audit Server to perform pre-audit syncs in parallel). One small
fix for the textual summary of drift graphs. Several other minor enhancements or improvements.
Upgrade if you are experiencing problems with the prior build, or if you want the new features.
All
Changed code-signing digest algorithm from SHA1 to SHA256. This is to
conform with Microsoft's requirements for newer operating systems. XP and 2003 will
not be able to validate the certificate, even though it is present and you may view
the details.
DTServer
Customer request: Added support to allow becoming a Telecom master node. The Telecom
Profile requires nodes to be either Telecom slaves or Telecom masters; alternating roles are not permitted.
Therefore, the master configuration dialog will be unavailable if Domain Time is configured as a Telecom
slave. Domain Time Server has a hard limit of 256 Telecom slaves. The maximum packet delivery rate is
128 packets/second.
DTServer/DTClient
Customer request: Changed second reply to Audit Sync command (sent only by Audit Server during pre-audit
synchronization, or by the stand-alone dtsync.exe utility) to have a source port of 9909. The Audit Sync
command, unless you have selected not to wait for it to complete, normally generates two replies to the
originator's source port. The first reply, acknowledging the command, always has a source port of 9909.
The second reply, which occurs after synchronization has completed, formerly used an ephemeral port as
the source port. This has been changed so that both replies use 9909 as the source port.
Made telecom slave subscription requests work with PTP v2.1 domains 128-239 using SdoId 0x100.
Changed telecom slave delay requests to fire on the tick instead of ±25% of the interval.
Some telecom masters don't send replies if the full interval hasn't yet expired.
Limited telecom slave subscription rate choices to workable numbers instead of the entire possible range.
The telecom slave subscription dialog will still warn you about sub-optimal rate choices.
Made telecom slave subscription only request Announces until a best master is chosen.
Made telecom slave failure due to active denial of a subscription request a soft fail as
long as another telecom master is provisioned and sending Announces.
Added small delay between receiving APM power resume event (waking from hibernation or sleep)
and restarting the network. Win10 can send the resume signal several seconds before it actually finishes waking up.
Increased look-back size of PTP filtering engine for smoother performance.
Added lock-free mechanism for sending PTP messages. This helps reduce jitter.
Control Panel applet
Changed wording on DTClient's Advanced page from "Enable NTP broadcast listener" to
"Enable NTP listener on port 123" for clarity.
Added Telecom Master option on DTServer's PTP Master configuration dialog.
Changed Test button behavior on various dialogs when the Control Panel applet is controlling
a remote machine. This is because while the Control Panel applet is showing settings from the remote
machine, it it executing on the local machine. Testing connections is therefore meaningless, since a
name or IP that resolves on the local machine may or may not have the same behavior on a remote machine.
The availability of the Test buttons caused confusion with admins who believed the test would execute
remotely. As of this version, attempting to test remotely will display a message explaining the issue
rather than running the test.
Manager
Appended "(deprecated)" to Manager's Pre-Audit Tasks dialog text "Wait for all synchronizations to complete."
Pre-audit sync is a holdover from the days when networks needed to be synchronized only a few times per day. We recommend
not using pre-audit sync, but have made some improvements (see below) in case you still need this function.
Audit Server
Rewrote pre-audit sync to handle large numbers of nodes in parallel, reducing the time required.
DTDrift
Fix for textal summary of a drift data file. Version 5.2.b.20180606 introduced summarized
microseconds (instead of milliseconds), however, negative values were miscategorized. The individual delta
data points are recorded correctly; only the summary classification was incorrect.
Changed lookups for driftptp.dt to use drift.dtex instead of driftptp.dtex. This only affects
displays of IPv6 sources.
Added -ptpslaves command. This command retrieves the current
list of Telecom subscribers from a Domain Time Server in the PTP Telecom Master role.
Changed -ptptest output to show original source IP of forwarded packets.
PTPCheck
Added instance limiter, so that only one copy of PTPCheck may run (per logged-on user).
5.2.b.20180606 - Recommended Upgrade
Significant feature enhancements for DTClient/DTServer, and for Manager/Audit Server.
Introduced Audit Groups
for Audit Server. Audit groups provide much finer control over how your nodes are audited,
and how Real-Time Alerts are handled. When you first upgrade Manager, all of your currently audited nodes will be
placed in audit group 1, labeled "Audited," and this will be the only group available until you also upgrade Audit
Server.
Added support for the PTP Telecom Profile
[00-19-A7-00-01-00] (slave-only) to DTServer/DTClient, and support for
monitoring Telecom (or other nodes reachable only by unicast) to Manager/Audit Server. The Telecom Profile uses unicast
negotiation with Telecom-capable grandmasters. The Telecom Profile does not use multicast.
Added preliminary support for the forthcoming PTP v2.1. PTPCheck (version management message), and PTPMasters (either
from the Control Panel applet or from DTCheck) will show v2.0 vs v2.1, and the incoming SdoID will be displayed. The SdoId
restricts which domain numbers are valid. Incoming v2.1 packets with invalid SdoId numbers, or with invalid combinations
of SdoId and domain numbers, will be rejected. Support for other v2.1 features will be incorporated in future releases.
Audit Server
Added Audit Groups. Formerly, a node was either audited or not. Audit Server now
keeps eight sets of rules, called Audit Groups. Each group has its own variables and actions. When you
set a node to be audited, you also choose its audit group. This allows you to set separate tolerances
for nodes with different alerting requirements. You may assign meaningful names to the audit groups.
For example, you could name Group 1 "Trading," and make its tolerance 100 µs, whereas Group 2 might
be named "Workstations," and have a 10-second tolerance, etc. The names you choose will be used
for display by Manager, as well as in alerts, logs, and summaries.
Added audit error email recipient(s) for each audit group. When an audit alert email is raised,
the alert containing all errors will always be sent to the standard TO/CC/BCC recipient(s) in the general
email setup. This new option lets you also send a copy to a comma-separated list of email recipient(s)
interested in audit alerts for the each specific group, containing only the error from that group.
Added Real-Time email recipient(s) for each audit group, similar to the operation described
for audit error emails.
Added node IP and node name to drift data (.dt) files. This information will show on
the title bar when viewing a drift graph, and in the header of a .dt file converted to .txt.
Corrected PTP Monitor's behavior to prevent creating IPv6 sockets and joining
IPv6 multicast groups when IPv6 is not enabled.
Finished changing references to "NTP Servers" to "NTP Nodes" (both singular and plural)
to conform with earlier updates. If you are parsing log files, daily reports, or audit result text logs,
you should change your scripts to look for "NTP Node" instead of "NTP Server."
Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.
Changed threading model for several data collection routines to ensure more
predictable performance across all supported operating systems.
Improved Audit Server's measurement of Domain Time nodes' deltas, provided the
nodes are using PTP and have synchronized within the past two minutes. (This change also affects the
deltas shown when looking at Domain Time nodes in Manager.)
Added --- Begin Audit Results --- and --- End Audit Results --- before
and after listing audit results in Audit Server's log. This makes it easier to pick out the audit results
from other messages.
Rationalized audit result line for each node in Audit Server's log so that all node types
use the same format, enabling simpler automated log parsing.
Removed ± from Real-Time Alerts, Audit Alerts, and Audit Summaries. Although the
± character (0xB1) displays correctly in text log files, it does not necessarily transit email or
syslog when systems are expecting only 7-bit data.
Changed Audit Server's Event Log Event ID 3005 (Real-time Alert generated when a node
changes to error status) from a simple, "x machines had errors" to individual events for each machine.
Added ability for PTP Monitor to follow Telecom slaves (or any slave not reachable by multicast).
Unicast-only nodes must support PTP management messages. You may test using PTPCheck to see if a node
responds to unicast management messages.
PTP Monitor will automatically follow any Telecom masters, provided that Domain Time Server
is set to use the Telecom profile. Provision Domain Time Server with the master(s) you want to monitor, and
they will automatically appear in PTP Monitor's list.
Manager
Changed name of Audit Server menu item "Alerts" to "Alerts and Audit Groups."
Changed the column name "Audited" to "Audit Group," to reflect that the options
are no longer just Yes/No, but Unaudited or one of the eight possible audit groups.
Changed double-click on the Audit Group column from a Yes/No toggle to cycle through
unaudited and the audit groups. Changed right-click on items to allow you to choose the audit
group by name.
Added Audit List item to Manager's tree display. When selected, the list side
will show you all currently audited nodes. You may sort by audit group, IP address, Location, or
Node Name. The Location column indicates from which list the audited node derives. For example,
a PTP node will show its location as PTP Nodes, and an NTP node will show NTP Nodes. Right-clicking
on empty space in the list will allow you to go directly to Pre- and Post-Audit Tasks, to Alerts
and Audit Groups configuration, or to Audit List Management.
Added Transport column to the PTP Monitor list. Transport here refers to the
method of monitoring: Unicast-Only (e.g., Telecom slaves), or Hybrid (discovery by multicast,
and follow-ups either by multicast or unicast).
Added Node Name and IP Address columns to the Synchronization Logs list. Note:
These two columns are updated only when new drift data is collected by Audit Server, so there may
be a lag between when you rename a node and when the new name shows up in the Synchronization Logs
list.
Added help link and icon to PTP configuration dialog to help explain PTP domain
selection options.
Added Backup/Restore of Audit List and Audit Group settings to the File menu. Backing up the
audit list not only backs up the audited state for each node, but all of the audit group settings,
including settings for unaudited nodes. When you restore the audit list, you restore all of the
settings as well as the audited state for each node.
Changed Real-Time Alert wording on Manager's configuration dialog from "Do not
count the first correction after startup as excessive, regardless of magnitude" to "Do not count
startup corrections as excessive, regardless of magnitude." Changed Audit Server's processing to
allow more than one "startup" correction, based on how long since the reporting machine has booted.
This allows time for a recently-booted machine to settle, acquire a PTP master, adjust its timing,
etc., before a Real-Time alert from the machine will trigger an email or red flag in Manager's
display.
Added PTP nodes to Manager's Batch Add function (see
Batch Add
for details). Batch add for PTP nodes is limited to unicast-only slaves. You may use either an IP address or
a DNS name as the identifier, optionally followed by a colon and a PTP domain number. For example,
ADD PTP 192.168.1.200:3 would add the PTP slave at 192.168.1.200, using domain 3.
If you leave the colon and domain number off, Manager will attempt to discover the domain. If you specify a domain number
that isn't one of the ones being monitored by PTP Monitor, the node won't be added. If the node already
exists in the database but with a different domain number, the domain number will be updated to the one you specify.
Changed references to "NTP Servers" to "NTP Nodes" to conform with earlier updates.
Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.
Control Panel applet
Changed label on PTP statistics page from "Delay Mechanism" to "PTP Profile" for
clarity. The value following the label is a combination of the selected profile and the delay
mechanism used with it.
Added Telecom Options dialog for setting variables for use with the Telecom Profile.
In general, the default settings are correct and should not be changed unless required by your
Telecom-capable grandmaster.
Added "PTP Telecom unicast negotiation details" debug category to the Debug Details
dialog.
Change PTP Domain input box to accept 0-239. The former behavior was to limit the
domain to 0-127. PTP v2.1 can use domains 128-239. If you choose a domain number in the range of 128-239,
Domain Time will mark its outgoing packets as PTP v2.1 using SdoId 0x100.
DTServer/DTClient
Significantly improved PTP slave tracking on Win8/2012 or higher operating systems.
Added support for Telecom Profile [00-19-A7-00-01-00], sometimes referred to
as the Telecom 2008 Profile. This profile requires a Telecom-capable grandmaster, and you must
provision the slave with a list of (up to sixteen) grandmaster IP addresses and domain numbers.
Use Ipv4:domainNumber or [IPv6]:domainNumber in the list of acceptable masters.
If you omit the domainNumber, the current default domain will be used. Note that an IPv6 address,
if used with a domain number, requires the square brackets as shown above. You must know the
domain number used by your grandmaster. Domain Time supports the Telecom Profile using
Layer 3 (UDP) only.
The Telecom Profile does not use multicast. The slave negotiates unicast
Announces, Syncs, and Delay Response messages with the master (much like a DHCP lease). The
delay measurement is End-to-End only. By default, Announces are every other second, while
Syncs and Delay are once per second. You may change these values, as well as the lease duration period,
from the Control Panel applet. Keep in mind that not all masters support all possible values. You
should leave the auto-negotiation checkbox checked, so that Domain Time can negotiate values that
both Domain Time and your Telecom master(s) support. Domain Time is heavily optimized for performance at
one Sync per second.
The Telecom Profile uses an alternate Best Master Clock algorithm, as defined by ITU-T G.8265.1.
This algorithm selects the best master based on the master's QL (clockClass), the master's priority 2
value, and finally the local priority. Local priority is based on the order in which you provision the
list of masters, with the first in the list having the highest priority.
Domain Time will continue to respond to multicast requests while using the Telecom Profile (if
the underlying network permits it), but will not recognize multicast Announces or Syncs. When
using the Telecom Profile, Domain Time Server can only be a slave, never a master.
Fixed target port for unicast E2E delay responses when DTServer is acting
as a PTP master. Previous versions did not always send replies to port 320.
Changed default firewall handling to enabled.
Enabled multicast loopback for the DT2-UDP service.
Changed both E2E and P2P unicast delay responses to use ephemeral source ports
for lock-free operations.
Improved algorithm to determine if QueryPerformanceCounter is based on the TSC.
Changed default transport for Real-Time Alerts (status reports) from TCP to
UDP. Our recommendation is to use UDP unless your network experiences problems with dropped
packets. TCP is more reliable, but is more "expensive" in connection building and tear-down.
TCP also requires ICMP (ping) between the reporting machine and Audit Server, and many networks
have ICMP blocked.
Fixed startup PTP duplicate node detection to send IPv6 discovery packets only if
the network settings include IPv6. Previous versions sent both IPV4 and IPv6 discovery packets even
if IPv4-only was selected.
Fixed race condition on Windows 10 resume from standby that could prevent
PTP from resuming properly.
Fixed problem with rejoining multicast groups on Windows 10 after resume from sleep.
Added a one-time popup to the Control Panel applet when first enabling PTP as
a time source. If the current timings or network settings are not optimized for PTP, the popup offers to
fix them for you.
Fix for multiple copies of firewall rules on Windows 10.
Customer request: Added ability for the SNMP bounds trap ("If the delta exceeds...")
to be configured in either microseconds or milliseconds. The minimum bounds alert for milliseconds is 1 (default 1000, or 1 second);
the minimum bounds alert value for microseconds is 100 (default 55000, or 55 milliseconds). The Domain Time II group policy
for SNMP only supports milliseconds, so if the SNMP group policy is defined, only millisecond bounds
limits are allowed.
DTAlert
Made Last Status column sort by magnitude rather than value. Since this column may not
always have numeric values, numerics and textual information are given different weights, so that each type
of information will sort together with the same sort.
DTDrift
Added display of node name and IP address (especially useful when looking at
PTP drift files collected by PTP Monitor, where the filename is normally just the PTP portIdentity).
Added three new categories under the Clock Discipline category: Under 100 µs,
100-499 µs, and 500-999 µs. Previously, the smallest category was Under 1 ms.
Each category now also displays the number of data points within that category's range.
DTReader
Updated to handle Audit Groups and to refer to an "NTP Server" as an "NTP Node"
to conform with displays by Manager and in log files.
PTPCheck
Harmonized references to Meinberg NetSync Monitor.
Added help link and icon to PTPCheck main dialog to help explain PTP domain
selection options.
Added option to specify a domain number on the unicast test line. For example,
192.168.100.100:3 will add domain number 3 to the domain list (if not already present), and
will test 192.168.100.100 with packets sent only to domain 3. If you don't specify a domain number,
PTPCheck will test 192.168.100.100 on all domains in the domain list.
Added command-line option to specify an IP address[:domain]. If you specify
an IP address on the command line, PTPCheck will treat it as if you had manually entered it as
the unicast test address and clicked the Unicast Test button.
Enhanced the output of the 0x200C - Version discovery command to include whether
the response was marked PTP v2.1 or not. The SdoId is also displayed.
5.2.b.20180303 - Recommended Upgrade
One important enhancement for Audit Server: Added Daily Drift CSV files as the
preferred alternative to expanding .dt files to .txt files. Auto-conversion of .dt files
into individaul .txt equivalents is still supported, but has limitations, and has been
officially deprecated.
Daily Drift CSV files use exactly the same format for each record, regardless of source, and, as
the name suggests, collect only one days' worth of data from all of your audited machines per file, making
extraction and retention strategies simpler. Daily Drift files roll at either midnight local time or at midnight
UTC (your choice). If you are currently using .txt file conversion and then parsing the .txt logs, we strongly
encourage you to change to Daily Drift files instead.
Several minor enhancements and fixes, including addition of support for Meinberg's NetSync Monitor messaging.
Upgrade to obtain the new functionality.
Control Panel applet
Changed background color handling of the PTP Status dialog so
that display is consistent across all operating system versions.
DTServer/DTClient
Changed PTP master selection algorithm to discard potential
masters with the wrong domain number after the admin has unchecked the Dynamic Domain checkbox.
This change means that Domain Time will not attempt to calibrate an unqualified master before
going directly to the listening state.
Made log file viewer built into the CPL a bit smarter about finding logs other
than the main one (if user has changed the main log name or location).
Customer Request: Added increment to reported Root Dispersion in NTP reply when
the time source is not PTP. The root dispersion is reset at each timeset interval, and increments
slowly (best guess at the machine's drift) until the next timeset event.
Added "PortNumber Cache" to PTPv2 subkey. The default value is 1, and should
only be changed if directed by tech support. Valid values are 1-9999 (decimal).
Changed label on PTP Masters dialog from "Help" to "Explain & Fix" because many
customers were not aware that the Help button can usually offer an automatic solution as well as
explain problems.
Added support for Meinberg NetSync Monitor TLV messaging (revision 5). The default
is for support to be enabled. This can be disabled on the PTP configuration/advanced dialog. PTPCheck
(see below) has been enhanced to test for Meinberg NetSync extensions.
Customer request: Changed latency display in summary/aggregate log line from
milliseconds to hectonanoseconds; i.e., the same format used in trace output for indivdual samples.
Customer request: Added support during command-line install/upgrade to specify
a template to use instead of the default dtserver.reg (Server) or dtclient.reg (Client). The
template file must be of the proper type (i.e., if installing/upgrading server, the template must
be a server template), and must be in the same folder with all the original installation files.
The added command-line parameter is -template=template_file_name.reg. For example, to
install Client remotely to machine Bar, the command would be dtclient \\Bar -install -template=mytemplate.reg,
or to upgrade the local machine, the command would be dtclient -upgrade -template:mytemplate.reg. This
new functionality does not change the behavior of -upgrade. An upgrade preserves all current settings
unless you also pass the -reset parameter.
Added support for -reset when using the command line to upgrade a remote
machine. This flag used to be supported only for upgrading the local machine.
Manager/Audit Server
Audit: Changed behavior of Real-Time Alert "If a Domain Time machine
reports that it has lost contact with its master" so that if "Ignore it" is selected, no alerts, warnings, or
errors are generated. If "Treat it as a warning" is selected, the Real-Time Alert display will change to
warning, but no alerts or errors are generated.
Audit: Changed audit event timer to avoid conflict with audit maintenance timer.
Audit: Changed behavior of background Ephemera Collection to cancel if Audit starts
while collection is still running.
Manager: Added "Auto-generate a textual version of the audit results" checkbox to
the Audit Tasks dialog (default unchecked). If checked, Audit Server will auto-convert the binary
.dtad audit results to a .txt version after each audit. If a .txt version exists, Manager will offer
to open the .txt version directly in Notepad as well as offering to open the binary file using the Audit Viewer
program. The .txt version of an audit result is what you would see if you opened the file using Audit
Viewer program and selected "View All Details of Audit in Text format" from Audit Viewer's menu.
Manager: Added node under Audit Server for display of Daily Reports. Formerly, the
only way to view Daily Reports was to choose Audit Server/Daily Reports/View from the main menu.
Manager: Sorted display of multiple audit schedules by time of day.
Manager: Added configurable number of records to convert to text (if text file conversion
is enabled).
Manager: Changed Open Containing Folder behavior to open the folder and select the
right-clicked file. If no file is selected, or if Open Containing Folder is selected from the
tree side, the folder is opened with no file pre-selected.
Customer request: Added hostname to IP lookup for NTP DROP and NTP DEL statements
in DTManager's IMPORT batch command. The former behavior required using an IP literal for dropping or
deleting an NTP node. Note: Use this new option with care. A hostname may resolve to more than
one IP address. NTP DROP or NTP DEL will operate on the all matching IP addresses, which may
not be the intended behavior.
Changed PTP Monitor's drift records to show the Check Reason column as "PTPSlave" for
slaves and "PTPMaster" for masters (drift records are only collected for audited slaves or masters).
The former behavior was to show "Veracity Check" for both types of nodes. The new behavior allows
you to distinguish masters from slaves (or changing roles) when looking only at the drift records.
(Note: PTP Monitor will not change existing drift records; this change only affects records generated
after upgrading.)
Fix for non-Domain Time PTP slaves reporting their source stratum as their own
stratum instead of the source's stratum (only in Audit Results binary .dtad and expanded .txt versions).
Fix for Manager sometimes displaying garbage in the DNS Name column when viewing
the Domain Time Nodes list.
Fix for PTP masters that don't support PTP management messages from being recorded
as offline in audit results. As long as the master continues sending Syncs and Announces, it is online
and its delta can be calculated.
Customer request: Added checkbox on the Audit Tasks dialog to control whether
emailed audit summaries include the error list inline or as an attachment.
Added "PTPPortIdentity" token to list of fields available for the daily report.
This field will show as "N/A" for all non-PTP nodes. Also changed the output of the Show Example
button on the Daily Reports dialog to show an example whether Daily Reports are enabled or not.
Fix for dtdrift.exe not being updated in the system32 folder when upgrade is
performed via DTPatch vs the installation files.
Manager: Fix for Ctrl-F (Find) not working correctly if no row was selected in the list.
Removed "No more matches" message if subsequent find locates the same item again.
Audit: Deprecated auto-conversion of .dt binary files to text files.
Audit: Added Daily Drift .csv file as preferred alternative to auto-conversion to
.txt files. Daily Drift .csv files are named yyyy-mm-dd.csv, using either local time or
UTC, and will roll at either local midnight or UTC midnight, based on your choice of local time or UTC.
The UTC field will be either Y or N to indicate if the DateTime field is UTC.
The DateTime field format may be either plain "yyyy-mm-dd hh:mm:ss" or ISO 8601 format. If using ISO 8601
together with local time, the format is "yyyy-mm-ddThh:mm:ss±HH:MM"; otherwise the format is
"yyyy-mm-ddThh:mm:ssZ" to indicate "Zulu" time (UTC). Note: Records in a Daily Drift .csv file
are not necessarily in ascending DateTime field order, and there may be more than one record with the
same DateTime field from the same node. Records are appended as the data is collected, which may mean a
few hundred records from one source, then more from a second source, etc. If collation is important for
your import procedure, you should sort the data first. A Daily Drift file is held open during its 24-hour
collection period, but marked FILE_SHARE_READ, so the file (or portions of it) can be copied while open.
Use the RowID column in your dbms import procedure to know whether or not a record is new. RowIDs start
with 1 and increment by 1 for each row. Daily Drift files are flushed to disk approximately once every
two minutes, and immediately after an audit completes. If you have chosen to show Daily Drift files on Manager's
Synchronization Logs page, you may right-click anywhere on the list and choose to flush the Daily
Drift queue on command. The Daily Drift CSV columns are fully documented in Manager's Daily Drift
configuration dialog.
Manager: Changed column of Synchronization Logs display from Count (number of records)
to Size (number of bytes).
Manager: Added Daily Drift .csv files to list shown on Synchronization Logs page (if selected; see below).
Manager: Colorized Synchronization Logs list for easier identification of log types.
Manager: Added Display Options... right-click menu to the tree side of the
Synchronization Logs list to control which kinds of Synchronization Logs are shown in the
list. The status line shows the total number of files, the number being shown, and the total byte count
for all files (whether shown or not).
LMCheck
Changed to require run as administrator to accommodate changes in default permissions
granted by Win10 and Win2016. The former behavior was to run as invoker, which fails to enumerate the
network correctly unless elevated.
NTPCheck
Added -localtime switch. If specified, timestamps are expressed in
the machine's current timezone, otherwise in UTC.
Customer request: Added -csv and -json (mutually exclusive) to
command line parms. These switches may be combined with any other switches to control the format of the
output. If either -csv or -json is specified, normal headers and progress messages are suppressed (but
errors will still print). If -csv is specified, the first line will begin with a hashtag (#) and contain the columm header
names. If -json is specifed, only the JSON output is provided.
Per ISO 8601, the datetime format for both -csv and -json output is either yyyy-mm-ddThh:mm:ss.mssZ (zulu time),
or yyyy-mm-ddThh:mm:ss.mss±HH:MM (if -localtime is specified). The JSON output includes the timezone name.
Customer request: Added -micros and -hectos switches.
These switches control the output precision. By default, only milliseconds are shown (10-3 seconds).
If -micros is specified, then the output precision is microseconds (10-6 seconds); if -hectos is specified,
the output precision is in hectonanoseconds (tenths of a microsecond, or 10-7 seconds).
DTDrift
Added -chop command-line parm. It must be followed by the full
path to a .dt file, or use the wildcard path\*.dt (much the same as for -convert). While -convert will
read a .dt file and create the corresponding text version, -chop will split the .dt file into chunks
named foo_Part001.dt, foo_Part002.dt, etc.
Added -repair command-line parm. It must be followed by the full
path to a .dt file, or use the wildcard path\*.dt. The -repair switch examines the file(s) for invalid
entries and removes them. Note: This is a prophylactic function; no .dt file has ever become corrupted.
Added -csv command-line parm. This switch is only valid with
-convert, and may optionally be combined with -noheader. The
switches must be followed by the full path to a .dt file, or use the wildcard path\*.dt. Example:
dtdrift -convert -csv -noheader "d:\drift files\*.dt" or dtdrift -convert -csv c:\myfile.dt.
The .csv file(s) will be created in the same folder as the .dt file(s).
PTPCheck
Added "effective NTP stratum" to all places where PTP's stepsRemoved value is provided.
The stepsRemoved value is zero-based, while NTP strata are one-based, with a cap at 15. This addition
helps administrators more accustomed to dealing with NTP nodes than with PTP nodes.
Expanded the 0x0001 ClockDescription to include all fields sent by the responding node.
Several fields in the ClockDescription response are optional, meaningless, or redundant. By expanding the
output to show all fields, you can see if a node is sending full, correct information.
Added right-click menu option Meinberg NetSync Monitor Test. This option sends a special unicast
End-to-End delay request to the selected node with NetSync Monitor TLVs attached. If the node is NetSync Monitor-capable,
it will respond with a special End-to-End delay response with NetSync Monitor TLVs attached, plus a follow-up
unicast Sync (and Sync Follow-up if the target is a two-step clock). If the node responds, the Delay Response
data will show you how many TLVs were attached, and the number of bytes, plus the Sync message(s).
5.2.b.20180101 - Optional Upgrade
Added Authenticode signing to all executables. Several minor fixes and enhancements, mostly for
consistency in displays or behavior. Several PTP improvements. One fix for Windows Time compatibility.
Added ability for DTDrift to convert binary to text from the command line. Update if you experience
any of the problems described, or if you'd like the new behavior.
Control Panel applet
Added domain number to the "Allow this machine to become a PTP Master server" line of
the Master Configuration dialog (DTServer only). Also added profile type(s) and delay measurement
transport type(s) that will be supported. These values are drawn from the main PTP configuration page,
and presented on the Master Configuration dialog to help admins understand what values will take effect
if the node becomes a master. See DTServer below.
Fixed several small inconsistencies in PTP variables between the Control Panel
applet and DTServer/DTClient. This helps ensure that admins can't use the CPL to set values that
the service will override.
Added validity check on the list of acceptable masters on the main PTP configuration
dialog.
Changed the effects of the Reset to Defaults button on the Broadcasts and Multicasts
tab to set the multicast IPv4 TTL and IPv6 Hop Count to 4, to conform with the change in defaults introduced in
5.2.b.20171113.
DTServer/DTClient
Allowed PTP management error responses to queries sent to all domains.
Added support for 0xDEEE "AllowedMasterList" PTP management message query.
Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL
used by other multicasts. This is to conform with IEEE 1588-2008 requirements.
Removed spurious warning about not being able to determine a PTP master's
delay mechanism when using Peer-to-Peer without auto-detect enabled. The warning was a side-effect
of believing the auto-detect mechanism had failed when in fact it was never invoked.
Increase speed and reliability of profile and delay auto-detect routines.
Inlined a few critical PTP-related computations, and also changed them to
use bit-shifting instead of multiplication/division or exponentiation.
DTServer: Enforced profile type and delay measurement transport type when functioning
as a PTP master as well as when functioning as a PTP slave. Our recommendation continues to be to use Auto-Detect unless
you have a very good reason to change.
Auto-Detect: Both End-to-End and Peer-to-Peer supported, either unicast or multicast
End-to-End Default Profile: Only End-to-End supported, either unicast or multicast
End-To-End Enterprise Profile: Only End-to-End supported, only unicast
Peer-To-Peer Default Profile: Only Peer-to-Peer, either unicast or multicast
Disable Link Delay Measurement: No delay requests generated by slaves, or responded to by masters
DTServer: Changed default value (for new installations, or when the Reset to Defaults
button is clicked) of radio button introduced in 5.2.b.20171113 on the PTP Master configuration dialog to
have the reply to a CurrentDS management query tell the truth. This only affects the response to
a CurrentDS query when DTServer is acting as a PTP master.
Added checkbox on PTP advanced properties labeled "Reply to source port of unicast requests instead of port 320."
IEEE 1588-2008 is ambiguous about whether replies to management messages should be sent to the PTP "General" port 320, or
to the requesting node's source port. The informal convention among manufacturers is to direct all management responses
to port 320, whether the request was unicast or multicast. This checkbox tells Domain Time whether to follow the informal
convention for unicast requests (i.e., send the reply to the requestor's IP address, port 320), or whether to follow the
convention used by most other protocols (i.e., send the reply to the requestor's IP addess and source port). Most PTP programs
resolve the ambiguity by sending requests from port 320, thus ensuring that no matter which convention is followed, replies
will return to port 320. Some programs, however, use ephemeral ports for unicast management
queries. Check this box only if you experience interoperability problems with third-party programs that send management
requests using ephemeral source ports.
Changed the delay request timer to be pseudo-randomized so that delay requests are
not sent exactly on the tick. The range is 75% to 125% of the nominal delay request interval. For example,
if the delay request interval is set to once every two seconds, delay requests will be sent no more often than
every 1.5 seconds, and no less often than every 2.5 seconds, with the mean over time coinciding with 2 seconds.
Decoupling the delay requests from the PPS timer helps reduce the concurrency of delay requests
from multiple machines hitting the network (and therefore the grandmaster) at the same time on
each tick of the protocol.
Changed evaluation of NTP reply when coming from Windows Time on a Windows DC version 2012r2 or above,
and when the domain/forest level is 2012r2 or above. Microsoft changed the behavior of the Windows Time
reply to include a value in the Key Identifier field. Prior versions of MS-SNTP required the reply's Key Identifier
field to be zero in the 68-byte version of an NTP reply.
Per [MS-SNTP]
clients must now ignore the Key Identifier field. (In practice the value now filling the field is the
requesting client's RID.)
Improved detection of duplicate PTP portIdentities on the network.
Improved detection of VM resume from saved state, and added extra debug output in the
in the Clock Sync Status Notices category.
Changed PTP to the listening state upon power resume or VM resume from saved state.
Extended text log lazy write to include syslog. If checked, syslog messages will be
saved and sent at each flush interval.
Added checkbox "Send each PTP data point to syslog (trace or debug level only)" to the
syslog configuration page. If checked, and if the syslog level is set to either trace or debug, then each
PTP data point will be sent to syslog. The format is "PTP sample offset ±0.0000000, mpd 0.0000000, source ipaddress"
where 0.0000000 is that sample's delta and the current meanPathDelay. Syslog log collectors may parse for
trace-level messages beginning with "PTP sample offset" to categorize these messages. Caution: Enabling this
output can create a large number of syslog messages. This option was added for those using syslog to collect
compliance data.
Added support for permissions changes on Win10 regarding querying services.
Manager/Audit Server
DTAudit: Added Stand-By replication for Archives subfolder(s) under Synchronization Logs main folder.
DTAudit: Added Stand-By replication for Real-Time Alerts history folder.
DTAudit: Fix for initial Stand-By replication not starting on schedule.
DTAudit: PTP node status change notices in the Audit Server text log file are now info or warning
level instead of trace. If info level, the level column label will be "Status:" instead of "Info:" to help with
log-parsing. Notices referring to PTP master changes (online, upgrade, degrade, or leap change) will begin with "PTP Master,"
while other messages will begin with "PTP Node," in each case followed by the portIdentity and IP address. Note that a master
going offline, or transitioning to slave, will generate a warning. A PTP master coming online or changing its timeQuality
will generate a status notice.
Manager: Added two checkboxes to the Manager interface dialog to control auto-closing of
DTReader (Audit Viewer) and DTDrift (drift graph viewer) when Manager exits. In prior versions, Manager did not
attempt to close instances of DTReader or DTDrift. Manager now closes them at exit. To regain the former behavior,
uncheck the box(es).
Manager: Added checkbox "Send info-level syslog message about each slave after sweeps" to the PTP
Monitor configuration dialog. If checked, data pertaining to each tracked PTP slave is sent (info-level) to syslog
after each sweep. You must have Audit Server's syslog level set to Info for these messages to be sent.
Manager: Added "Open Containing Folder" for Real-Time Alert history folder.
Manager: Added drift files from archives subfolders to list of Synchronization Logs.
Manager: Added Real-Time Alert history folder to Advanced/Data Folders dialog. Changed file data
relocation to be recursive (because drift files may now have Archives subfolders). Changed behavior to stop Audit
Server briefly while files are being relocated.
Manager: Added F5/Refresh for PTP Nodes on Stand-By (shows most recently-replicated data). Also
disabled F5/Refresh and PTP node display on Stand-By when the primary node's PTP Monitor is turned off.
Manager: Changed "Domain Time II Machines" and "NTP Servers" to "Domain Time Nodes" and
"NTP Nodes" respectively. This change only affects displays on Manager, and was introduced at the request of
several customers who found the former labels confusing.
Customer request: Added confirmation notice when disabling an Audit Server alert type
by unchecking the menu item.
Customer request: Added syslog output from Audit Server. You may set up to eight IPv4 or
IPv6 addresses, and choose either RFC 3164 or RFC 5424 format.
Manager: Added "NanoServer" or "ServerCore" to platform type display as appropriate.
Manager: Added a pair of radio buttons to the PTP Monitor configuration dialog so you may choose
to accept a grandmaster at face value if it claims zero stepsRemoved from a primary time source such
as GPS/GNSS. If "Assume Grandmasters with stepsRemoved of 0 have zero deltas" is selected, each master's
delta will not be measured against the local clock, and will show as 0 µs. This is the correct behavior
according to IEEE1588-2008 Table 13. The other option, "Measure all Grandmasters to discover deltas
(estimate ±150µs)," tells PTP Monitor to observe the Sync/Follow-up messages and estimate
each master's delta by comparing it against the local clock, accounting for measured E2E or P2P latency.
The computation of the master's delta is only an estimate because PTP Monitor only observes packets and
does not attempt to syntonize or synchronize with any particular master. It may be following multiple
masters in several domains simultaneously. Previous versions of Domain Time Audit Server always attempted to measure the
deltas, leading to some confusion among admins who expected a grandmaster to be at least as accurate as a
slave and did not realize that master deltas were estimates. The new default is to assume grandmasters are
telling the truth, provided they report stepsRemoved as zero. You may regain the former behavior by choosing
the second radio button. Note that masters that claim stepsRemoved of non-zero are always measured against
the local clock, yielding estimated deltas.
Added support for permissions changes on Win10 regarding querying services.
Synchronization Logs (drift graphs)
Added ability to show sub-seconds when displaying the average interval between samples.
This is useful when your PTP grandmaster is sending more than one sync packet per second and you are looking
at the PTP graph. Values greater than a few seconds will be shown as days, hours, minutes, and whole number of
seconds.
DTCheck
Added -allowedmasters as an optional parameter to -ptplist.
If -allowedmasters is specified, DTCheck sends management message 0xDEEE instead of 0xDEEF. 0xDEEE returns the
list of acceptable masters.
Added option to filter results of -ptplist or -ptplist -allowedmasters. Use -ptplist
IpAddress or -ptplist hostname to limit output to just that one node. IpAddress may either be
a dotted-quad IPv4, or fully-formed IPv6 address.
Added "NanoServer" or "ServerCore" to platform type display as appropriate.
Added -resetClockId command. Use this if you have cloned your Domain Time
installation and discover duplicate PTP nodes. PTP requires that each node has a unique portIdentity; the clockIdentity
portion is normally created from the NIC's MAC address, but if you clone an installation without using -prepclone, the
clockIdentity will be duplicated.
Added support for permissions changes on Win10 regarding querying services.
PTPCheck
Changed list displayed by Discovery Management Messages dialog to be sorted
by management messageId.
Added 0xDEEE "AllowedMasterList" to the list of management messages that can be sent.
The return value is "Any" if no restrictions are in place, or the list of IPs/CIDR masks/names considered
acceptable masters.
Added "NanoServer" or "ServerCore" to platform type display as appropriate.
Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL used
for other types of message. This is to conform with IEEE 1588-2008 requirements.
NTPCheck
Added auto-elevation for functions that need to access the symmetric secrets keyring. For
example, NTPCheck "mydc.example.com key windows" or NTPCheck "myserver key 1".
If the user does not have sufficient priveleges to access the keyring, the program will relaunch itself in
elevated mode (prompting for an admin username/password if required). The program already did this for
NTPCheck -ad.
DTAlert
Changed default permissions on Domain Time II Alert Parameters registry key so that
settings are saved when run by a non-administrator.
DTDrift
Added command line parm -convert [-localtime] filespec.
-localtime is optional. If not supplied, UTC will be used.
filespec may be either a fully-qualified path and filename, or a path with *.dt (no other
file extensions are supported). If the path or filename has spaces, you must enclose it in
quotation marks. For example, dtdrift -convert "C:\Program Files\Domain Time II\Synchronization Logs\*.dt"
will convert each .dt file in the named folder to its .txt equivalent. The original .dt file is not
altered.
Miscellaneous
Changed synchronization log (drift graph) window to have a title bar with an icon and
system menu. The former appearance was a "toolbar" window containing only a caption.
Fix for inconsistent setting of the hasAllowedMasterList bit in reply to PTP management
messages 0xDEEF (DomainTimeProperties) and 0x201B (AcceptableMasterTableEnabled). In addition, version
5.2.b.20171113 interprets this bit incorrectly in DTCheck -ptplist and in PTPCheck's details display.
Version 5.2.b.20171113's output should be considered meaningless for this particular bit. Upgrade to
obtain consistent behavior in both setting the bit and in interpreting it.
See also addition of 0xDEEE PTP management message described in DTCheck and PTPCheck sections.
Changed display in places that show log2 values as 2^n, where n may range from
-128 to +127 (typically -7 to +7). The former behavior was to display n as 0xNN (two hex digits),
which was fine for positive values, but became confusing for negative values. In most places where a log2
value is displayed, the millisecond interval (or text saying pkts/sec) is also shown beside it. log2 values
are used by NTP and by PTP, and the values usually represent a frequency in seconds. 2^0 is 1 second, or 1000 ms;
2^1 is 2 seconds, or 2000 ms; and 2^-1 is half a second, or 500 ms, and so forth.
Changed various numeric displays and their parenthetical meanings to be the
same in all places.
Added "Patent Pending No. 62-597170" notice to various dialogs and text displays.
This software algorithm applies to DTServer, DTClient, Audit Server, PTP Monitor, DTCheck, and
PTPCheck, and may include other products in the future.
5.2.b.20171113 - Optional Upgrade
One important fix for an error introduced in 5.2.b.20170922. If you are using Domain Time II Monitor (DTMonitor) and
you downloaded between Sep 22nd and Sep 27th 2017, you should upgrade to obtain this fix. Otherwise, this release
is optional; upgrade if you want the new features.
Many minor changes, enhancements, and customer requests. Introduction of PTPCheck, a new utility program.
DTMonitor
Fixed invalid memory access in DTMonitor's Control Panel applet. (Only affects version
5.2.b.20170922 downloaded between Sep 22nd and Sep 27th 2017.)
All
Changed "us" to "µ" or "µs" in logs, reports, and dialogs where possible. µ is
the lower-case Latin Mu character, representing microseconds.
PTPCheck
New GUI-based utility program to scan/test PTP nodes for management message
handling. It is a single stand-alone executable, so it may be copied to various machines on
your network in order to compare views.
PTPCheck is installed to the system32 folder along with DTCheck and NTPCheck
during installation/upgrade of either DTClient or DTServer.
PTPCheck is installed to the Manager folder when management tools are installed/upgraded.
Control Panel applet
Added new page, PTP Masters, accessible from the PTP Stats page. The PTP
Masters page shows the same information available from DTCheck -ptpmasters,
but in a graphical format. The new PTP Masters page shows all current and former masters seen
by the selected node, whether being followed or not. A help button is available to explain why
a particular master is not being followed. In many cases, the Help dialog will not only explain
why a master isn't being followed, but offer to automatically adjust settings to allow the master.
DTServer/DTClient
Customer request: changed text-log-only trace messages (primarily the summaries of which
servers among a group are selected as time sources) to be forwarded to trace-level syslog output. Sources used
to correct the clock will be listed as Source *sourcename whereas sources not used will be listed as
Source -sourcename; reject reason.
Other warning messages regarding PTP status (such as running but not yet synchronized) are now
also forwarded to syslog. The former behavior was to send these messages only to the text log.
Added ability to use either IPv4 or IPv6 for syslog targets. The former behavior was limited to
IPv4 only. If you use a DNS name instead of an address literal, IPv4 will be favored over IPv6. For example,
if you use localhost as the target on a dual stack machine, the resolver will provide both 127.0.0.1
and ::1 as valid IP addresses corresponding to the localhost. Domain Time will choose the IPv4 version. To
force IPv6, use an IPv6 literal or a DNS name that only resolves to an IPv6 address.
Added support for RFC 5424
syslog format (UDP only). The TLS option for RFC 5424 is not supported. Prior versions of Domain Time
supported only RFC 3154. Syslog
messages are sent from an ephemeral port to the target port 514/udp.
Customer request: Added "Time Sample Errors as Warnings" (REG_SZ, default "False") to the
Parameters subkey.
Changed default IPv4 TTL and IPv6 Hop Count from 1 to 4.
Changed registry security settings for symmetric keys to restrict access to SYSTEM and
the Administrators group.
When acting as PTP Master with a clockClass of 6 (Primary), DTServer now marks the TAI-UTC
offset valid only if it knows the TAI-UTC offset from prior contact with a primary source. If the TAI-UTC offset
if not known, DTServer clockClass 6 behaves like DTServer clockClass 248 (default) - serving UTC timestamps
marked as the ptpTimescale, with a utcOffset of zero. The net effect of this change is to make DTServer's
Announce messages unambiguous, mostly for the benefit of protocol analyzers, If the clockClass is 13 or 255,
DTServer's timestamps will be UTC, timeScale ARBitrary, with a utcOffset of zero. The drop-down on the PTP
Master configuration page has been updated to clarify which timeScale is used with which clockClass.
Cosmetic fix for dynamic domain statistics display updating incorrectly when admin changes
the default domain using the Control Panel applet, but the selected master does not change as a result (i.e.,
the previously discovered best master in a non-default domain remains the best master.)
Added two radio buttons to the PTP Master configuration dialog. The default choice is
compliance with IEEE1588-2008 Table 13 ("Updates for state decision codes M1 and M2"), which requires all
fields of the currentDS be set to zero. The second radio button allows Domain Time to tell the truth
about these values. The standard presumes that any clock that becomes a master is necessarily
connected directly to a primary time source (GPS/GNSS, atomic clock, etc.), and will always have stepsRemoved,
offsetFromMaster, and meanPathDelay of zero. This is obviously not always the case. For example, a master
relying on an NTP stratum 2 device is one step removed from a primary source, and it will have an
offset and a delay that are meaningful. Even if its source is an NTP stratum 1 (zero stepsRemoved from
a primary time source), it will still have a meaningful offset and delay. The choice (whether to follow the
standard and lie, or ignore the standard and tell the truth) only affects the reply to the CURRENT_DATA_SET
management query; it does not affect clock operation or the BMC algorithm.
DTCheck
Change simple syslog listener (DTCheck -syslog) to listen for both
IPv4 and IPv6 on port 514 using a single dual-stack socket. On XP/2003, dual-stack sockets are not supported,
so if you have IPv6 installed, only IPv6 messages will be seen; if you don't have IPv6 installed, only
IPv4 messages will be seen.
Added -yes to DTCheck's -leapfile command.
If specified, DTCheck will update Domain Time Client or Server with the current TAI-UTC offset derived
from the leap-seconds.list file. Without the -y, DTCheck will only report the information.
Added -ptplist command. This command only works with Domain Time
machines version 5.2.b.20171111 or later. It sends two multicast 0xDEEF management queries (one IPv4,
one IPv6), using an ephemeral source port directed to the IPv4/IPv6 PTP multicast addresses, with a
target port of 320. Replies will have a source port of 320, and a target port of whatever ephemeral
port the operating system has assigned. Your firewalls must allow this traffic in order for -ptplist to
work. The outgoing TTL is fixed at 64, and the boundary hop count is fixed at 8. All Domain Time nodes
within reach of the queries will respond, regardless of PTP domain number or portIdentity. Non-Domain Time
nodes will not reply. The text output from this command is a list of all visible PTP nodes running
Domain Time 20171111 or later, along with useful information about their configuration, current status,
and so forth. The list format designed to be parseable.
Added -ipv4 and -ipv6 switches for use with
either -ptplist or -syslog. The default is to use listen for
both IPv4 and IPv6 packets. If you specify -ipv4, only IPv4 packets will be displayed. If you specify -ipv6,
only IPv6 packets will be displayed. If you specify neither (or both), then both IPv4 and IPv6 packets
will be displayed.
DTTray
Added PTPCheck to the Management Tools submenu (only shown if management tools are installed).
Manager/Audit Server
Allowed PTP Monitor to display management error messages (trace level).
Added PTPCheck to the Utilities menu.
Fix for PTP Monitor drift files occasionally having data point timestamps of zero.
Change for IPv4 broadcast discovery. Symptom: If you had IPv4 Broadcast Discovery enabled on
Manager's Network Discovery dialog, and had selected the Primary subnet only radio button, but had changed the
default broadcast address from 255.255.255.255 to a different broadcast address, Manager and Audit Server would
continue to use 255.255.255.255. This was reflected in the log. As of this version, Manager and Audit Server
will use the specified broadcast address instead of the default.
Change for NTPQ behavior when scanning list of known NTP servers. NTPQ will only be solicited
upon first adding an NTP server, or when a specific server is refreshed from Manager's list. NTPQ will be skipped
for Audit scans, startup scans, and refresh of the entire list. (NTPQ can provide additional information about
an NTP Server, e.g., its operating system and processor. Most organizations have disabled NTPQ due to security flaws
in ntpd's handling of control messages. The queries sent by Manager and Audit Server cannot result in amplification
attacks or other security violations.)
Exposed number of minutes between background drift collection on Synchronization Log dialog.
This was formerly a registry-only setting.
Added ability to collect NTP drift stats more frequently than the normal collection interval.
If background drift collection is enabled, you may now choose to collect NTP stats at the same interval as DT2
and PTP, or at a much shorter interval.
Changed Firmware column of PTP Monitor to reflect x86 or x64 accurately. Under certain circumstances,
an x86 machine could be reported as x64, even though the Hardware column correctly says Win32.
Synchronization Logs (drift graphs)
Changed the max number of records kept by Audit Server to 604800, enough for one
data point per second for one full week (just over 12MB of binary data). If you have disabled the
size limit for drift files, a file that grows larger than the maximum will be moved into an
"Archives/yyyymmdd" subfolder, and then the file restarted. A warning message will appear in Audit
Server's text log. If the file cannot be archived, an error message will appear in the text log and
the older data will be lost.
The graphical viewer for drift graphs will no longer open files larger than
604800 records.
Audit Server will no longer attempt to create textual versions of drift files
with more than 64K records (approximately 6MB). A warning message will appear in Audit Server's log.
Customer request: Added new bracket to the Clock Discipline breakout in the textual
version of all drift graphs, range 10-49 ms.
PTP Enterprise Profile
Internet Draft "PTP Enterprise Profile" has assigned an IETF profile ID of [00-00-5E-00-01-00] to the
still-developing Enterprise profile. Domain Time uses this profile number in response to management requests,
and in dialogs. For clarity, Domain Time refers to this profile as "End-to-End Enterprise Profile."
5.2.b.20170922 - - Optional Upgrade
Added SHA1 hash support for symmetric key authentication. Fixed a few inconsequential bugs. Added several customer requests
for additional capabilities. Added several other enhancements. Upgrade if you experience any of the problems described, or
if you want the new functionality.
All
Added support for SHA1 symmetric keys as well as MD5. This is primarily for FIPS 140-2 conformance.
SHA1 keys are always exactly forty hex characters (0-9 and A-F) long, producing a 20-byte binary key. MD5 keys are
ASCII text; different implementations of the NTP daemon have allowed different maximum key lengths. In general, an
MD5 key should be composed only from 7-bit ASCII-printable text, excluding space, tab, and the # character. MD5 keys
should be at least 8 characters long, and should not exceed 20 characters. Some versions of NTP daemons allow lengths
of 32, while others have a maximum of 8 or 16. You will need to choose MD5 keys that are interoperable with all of
your various devices and daemons.
SHA1 keys work with NTP, DT2-UDP, DT2-TCP, and DT2-HTTP, including NTP broadcast and DT2-UDP broadcast. Domain Time Servers
or Clients must be upgraded before they will recognize SHA1 entries as SHA1. Older versions of Domain Time will treat an
SHA1 hash like a very long MD5 key (which won't verify). Added "SHA1" or "MD5" to all logs (where possible) to indicate
the type of key used.
DTClean
Customer request: Added /yes option to perform silent clean. The graphical interface
still shows, but the buttons are clicked automatically.
Manager/Audit Server
Customer request: Added option to send PTP Monitor E2E or P2P delay requests by multicast instead of unicast (to
help with hardware devices that don't support hybrid mode).
Customer request: Added option to send PTP Monitor follow-up messages by multicast instead of unicast. Use
this option only if your PTP nodes cannot reply to a unicast request. The default behavior of PTP Monitor is to "sweep" the
networking using mulitcast, then send individual follow-up messages to each node using unicast. Using multicast for follow-ups
may significantly increase network traffic.
Corrected long-standing misbehavior on Manager after installing to or upgrading a remote machine. The prior
behavior was to check that the remote machine's service had started and would reply to a DT2 query, but discard the contents of
the reply. The new behavior is to use the contents of the reply to update the Domain Time II Machines list with the
returned information (version, operating system, status, etc). This may lead to newly installed or upgraded machines showing
"NoSync" in the Alarm column. This is the correct status immediately after starting the service, because the machine, although up
and responding, has not yet synchronized its clock. Use F5 (or right-click and select Refresh) after installing/upgrading. This
change allows you to determine if a machine can or cannot obtain the time. A machine that persists in the "NoSync" state after
a few seconds likely is having trouble.
Added checkbox labeled "Log messages if Audit Server's log is in trace or debug mode" to
the PTP Monitor configuration dialog. If checked, and if Audit Server's log is set to either trace or
debug, Audit Server will log (trace level) all incoming and outgoing management message activity.
Customer request: Added checkbox "Show Non-Responding DT2 Machines" to Manager's View menu. If checked, the
Domain Time II Machines list will show both the results of the current scan and any known DT2 machines
in the cache. Machines from the cache that didn't respond to scan will show "Unknown" in the Alarm
column. Menus and DEL key handling updated to allow removal of machines from the Domain Time II
Machines list. Deleting from the Domain Time II Machines list is the same as selecting "Remove from Cache"
from the Domains and Workgroups list.
Changed the NTP list to show "Unknown" in the Alarm column if a machine does not respond to scan (to match the behavior
of DT2 machines). The NTP list always shows all NTP servers, whether they respond to a scan or not. This change
helps call your attention to machines that are not currently responding.
Deprecated "ReferenceProtocol" and "ReferenceServer" parameters from the Daily Report.
These are holdovers from version 4.1 and are not particularly meaningful. The full reference time, including
all of the sources, protocols, offsets, and strata used for an audit are listed at the top of the Daily Report
(in the comments) and in the main Audit log file as part of the audit summary. Since the reference time applies
to all machines audited, and may consist of multiple sources and protocols, it does not have a separate per-machine
meaning.
Fix for symmetric key keyring not being pre-loaded for the Reference Time dialog if prior selection was "Use this machine's clock."
On the Help menu, added item for Version History, which opens a browser window to the complete product
history for Domain Time.
Fix for trace-level output from Audit Server regarding received PTP messages: Source and target portIdentities/IPs
were switched in the log output. This did not affect the program logic, but made the trace log difficult to interpret.
Changed behavior of Manager's startup scan (Options/Network Options/Scan Options) to honor the checkbox
for "If a known NTP server does not respond to startup scan, try to contact it directly." The former behavior was to ignore this
flag on startup, but honor it if you pressed F5 (or right-clicked and selected Refresh) while examining the NTP Servers
list. This may mean a longer startup time for Manager if your NTP machines cannot all be queried by broadcast/multicast.
You may uncheck the box to regain original startup speed. Added a new checkbox to the same dialog, "If a known NTP server
does not respond to F5/Refresh, try to contact it directly," which controls the behavior of NTP followups when viewing
the NTP list. You may still right-click/Refresh an individual NTP machine to update just that one machine's status. Note
that these changes do not affect Audit Server, which always sends follow-ups to unresponding machines.
DTServer/DTClient
Changed trace and debug logging to make it easier to identify rejected broadcast/multicast
NTP packets.
Changed wording from "the server is not known" to "not on list of configured sources"
when ignoring an NTP or DT2 broadcast source.
Fixed case where a broadcast source was listed more than once with differing protocols
(for example, 172.16.30.30 trusted for NTP only, and the same IP also trusted for DT2-UDP only). Symptom: If NTP
was listed first, but a DT2 broadcast packet arrived (or vice versa), the packet would be rejected for not
matching the listed protocol.
Changed saved list of recent broadcast servers to discard any more than a month old. This list is
only used by the Control Panel applet when helping an admin choose from among recently-seen broadcasters.
Changed wording on CPL when entering an MD5 key from "The password secret is longer than
supported by all ntpd implementations" to "The password secret is too long for many older ntpd implementations."
The former wording suggested that no ntpd implementation would accept a long password, whereas the message
was meant to warn that not all will. The reference implementation of NTPv3 limits the length to eight characters,
whereas NTPv4 extends the length to 16 (http://doc.ntp.org/4.2.2/keygen.html).
Domain Time itself has never had an upper limit, and, in the wild, admins often use secrets with lengths of 20 or greater.
Added VM Guest detection for running as a VM under Amazon's AWS-EC2 hypervisor.
Customer request: Added Accept First PTP Timestamp (REG_SZ, default False) to Parameters
key. If set to True and if the first PTP timestamp received is unacceptable (outside allowed range), then the clock will be
STEPPED to match the first PTP timestamp received. Use of this setting is highly discouraged; it is there
solely for isolated systems without reliable CMOS clocks on the motherboard.
Customer request: Added Min Success Interval (seconds) to the Parameters key. This is a REG_DWORD
value. The default is 5. You should not change it.
Customer request: Domain Time no longer counts the first correction after service startup in
the cumulative drift counter. The first correction is often large, and not representative of the overall performance
of the machine over time.
Customer request: Server and Client now support multiple syslog targets. You may list up to eight
IPv4 addresses on the syslog server line. Separate targets with a space. For maximum backward compatibility
with older versions of Domain Time, avoid using a DNS name if you list more than one target. If all of
your machines have been upgraded, then you may use either DNS names or IPv4 addresses.
Fix for DT2-HTTP reporting "unauthenticated" regardless of whether a symmetric key or Windows
authentication was used. This problem only affected the log output, not whether authentication was used.
Added buffer size check when a Domain Time Server in master mode replicates settings to its slaves.
The buffer cannot overflow, and therefore cannot be exploited, but adding the size check ensures that responses
larger than the allowed buffer are not truncated mid-entry.
PTP: Added compensatory control for when a Domain Time Server is set to become a PTP master, but
PTP's "No Master Detect Timeout" is set to a number of seconds lower than required for the first time check to complete (e.g.,
2 seconds). Symptom: DTServer would remain in the PTP Listening state until a sync trigger was applied.
The default No Master Detect Timeout is 8 seconds, but admins who want a quicker convergence often change it to 4. Domain Time
allows the timeout to be any value between 2 and 3600 (inclusive).
Added number of days remaining to the startup banner on eval copies.
Control Panel applet
Added Browse... buttons to import/export dialogs for symmetric keys, time sources, and broadcast souces.
Changed symmetric keys dialog to show SHA1 vs MD5 password types.
Changed symmetric keys dialog list to sort in numeric order for the
key number column, and in text order for the other columns.
Changed maximum symmetric key number ("keyid") from 65535 to 65534 to comply with ntpd version 4.2.x.
Some implementations of NTP, including prior versions of ntpd, use a range of 1 to 65535 (inclusive). Since the keyid is
a 32-bit unsigned integer, there is no technical reason it could not be a much larger number.
Changed symmetric keys dialog broadcast key dropdown to sort numerically instead of alphabetically.
Added choice of line terminators (LF or CRLF) to key export dialog.
The former behavior was to create the file using only LFs, on the assumption that
exporting a file was primarily so it could be imported into a Linux machine. This is
still the default, but you may now choose CRLF if desired. Note that key file import
is not affected by the type of line termination. It has always been able to handle
either CRLF or plain LF line terminators.
Changed key import routine to recognise both SHA1 and MD5 key types.
The former behavior was to ignore any key type not marked MD5.
On the Correction Limits page, removed Minimum Correction ("Deltas smaller than ___ milliseconds will not
cause a correction....) because any value other than the default value of 1 has been deprecated
for over a decade. The presence of the setting and its wording suggested that deltas of
less than 1 millisecond could not be corrected, whereas it really only applies to situations where
slewing is disabled. Stepping the clock has an OS-dependent uncertainty, so Domain Time will not
step a correction of less than 1 millisecond. Removed the same setting from the recommendations
page on Domain Time Server operating in Master mode.
On the Support page, changed Online Documentation Index link to go to the overall Domain Time index page
instead of the client or server index page.
On the Support Page, added link to Version History, which opens a browser window to the complete product
history for Domain Time.
On the server test results dialog, restored the green/red/yellow indicator at the bottom-left corner.
The code for displaying the indicator had been inadvertently commented out.
On the PTP Master configuration dialog, added prompts to ensure the admin chooses legitimate
timeout and priority values.
Miscellaneous
Some 15-year+ old routines inexplicably thought that because there were 60 seconds in a minute,
and 60 minutes in an hour, there must also be 60 hours in a day. We have educated these routines. The error only
affected a few displays, not any timing calculation or function.
DTCheck
Added -leapfile command. This fetches and parses the default leap-seconds.list
file from http://www.ietf.org/timezones/data/leap-seconds.list. If you want to use a different source, use
-leapfile:http://location. Only HTTP is supported. The file, if successfully fetched, is placed
in the system32 folder. If the file in system32 does not exist, or is older than the version on the server, it will be
updated. If the file in system32 is the same as or newer than the version on the server, the file in system32 will not
be updated. In either case, the output shows the last leap second and its TAI-UTC offset, as well as the next leap
second to come (if one has been scheduled). Domain Time does not use the leap-seconds.list file. This command is present
only to let you check the current TAI-UTC offset and any scheduled leap seconds. Since it writes to the system32 folder,
you must run DTCheck with admin privileges for this command.
5.2.b.20170522 - Optional Upgrade
One important fix for Manager. Several minor improvements elsewhere. NOTE: If you
upgrade the Management Tools, you should also upgrade Audit Server. Mismatched
versions may produce unwanted results (see description of changes below).
Real-Time Alerts
Widened the precision of remembered deltas from milliseconds (10^-3) to hectonanoseconds (10^-7,
or tenths of a microsecond). The information was already being sent to Audit Server in hectonanoseconds, and displayed
to that precision in the log files, but was being truncated to milliseconds in Audit Server's database and in emailed
Real-Time Alert messages. The truncation was a holdover from 2009 (version 5.1), when all reports were limited to
milliseconds. This change allows you to see sub-millisecond deltas that are being sent by Client or Server without
having to examine the log file.
Also changed the threshold scale for raising alerts from milliseconds to microseconds. The threshold is kept internally
as microseconds, and expressed in alert emails or logs as ±s.nnnnn second(s) when practical. For example, if your threshold is
1.5 seconds, the program will display "±1.5 seconds"; for 15 milliseconds, the program will display "±0.015 seconds";
for 100 microseconds, it will display "±100 microseconds," and so forth. Changed Manager to allow you to express the threshold
as seconds, milliseconds, or microseconds.
Note: If you upgrade Audit Server but do not upgrade Manager and Alert Viewer, Manager and Alert
Viewer will display incorrect values in the delta column. The display will be correct if you upgrade Manager and Alert Viewer
without also upgrading Audit Server, but a mismatch between Audit Server and Manager is not supported. Alert Viewer,
which can connect to multiple Audit Servers, will display the precision supported by each of its servers (as long as
you upgrade Alert Viewer).
Stratum Reporting
Changed drift graph stratum to display the source's stratum rather than the machine's stratum.
This change affects NTP and PTP graphs; DT2 graphs already displayed the source's stratum. This change is for
consistency among protocols, and only affects graphs displayed in Manager or by the stand-alone DTDrift program.
Changed Audit Viewer's reporting of strata to match what's shown in the drift graph. Audit Viewer
already reported the correct stratum on the summary dialog page, but did not use each source's stratum in either
the details dialog or the textual report.
Email
Fixed quoted-printable encoding to prevent inserting a soft CRLF between the CR and LF
of a hard CRLF. Symptoms: None known; this fix is to ensure strict compliance with RFC2821 and RFC2045.
Added workaround for non-conformant SMTP smarthosts. Symptom: Email session would
terminate with a timeout after sending the email data but before seeing a 235 from the smarthost. These
non-conformant servers are expecting an extra CRLF at the end of data.
Changed charset from US-ASCII to Windows-1252 to support 8-bit characters.
Manager
Widened display of real-time alert deltas as noted above under Real-Time Alerts.
Changed display of strata as noted above in Stratum Reporting.
Changed real-time alert threshold from milliseconds to your choice of seconds, milliseconds,
or microseconds, as noted above.
Added checkbox to Real-Time Alert configuration dialog to allow choice of whether to raise
alerts for all machines or only audited machines.
Fix for Manager freezing when NTP list is emptied. Symptom: Manager would pop up a blank
message box (no text or buttons), and wait for you to click on the non-existent button to continue. The
problem only exists in versions 5.2.b.20170101 and 5.2.b.20170331.
Added optimization for computer name enumeration in AD forests. If enumeration fails
due to global catalogue errors, you may disable this optimization by changing the registry value
Optimize Computer Enumeration to False in Manager's Parameters subkey.
Added History... to right-click menu for items in the real-time alert list. Also added
F6 accelerator key to perform the same function.
Added real-time alert history settings to Real-Time Alert configuration dialog.
Added Email Setup... to Audit Server menu for convenience (the same dialog is available
from locations where you enable or disable email).
Added "Time Traceable" and "Frequency Traceable" fields in detail view of PTP nodes.
For masters, this is their own traceability status. Time traceability propagates to slaves, but frequency
traceability for slave is implementation-dependent and may not be meaningful.
Colorized PTP node detail display to match other protocol detail displays.
Changed default for View - Show Grid Lines to false (only affects new installs).
Real-Time Alert Viewer
Fixed the audio alert to honor the state of the checkmark on the pop-up menu. Symptoms: Sounds
were continuing to play when the checkmark was unchecked.
Widened display of real-time alert deltas as noted above.
Audit Server
Widened display of real-time alert deltas as noted above.
Added abiltity to customize the subject line in email alerts and summaries (only for this
version or newer). To change, edit the HKLM\Software\Greyware\Domain Time II Audit Server\Logs and Alerts\SMTP
key and change any of the Email Subject... values. Changes take effect upon service restart.
Ignoring excessive deltas upon receipt of a Status Report (Real-Time Alert) from a
machine that has just resumed from standby is now treated as if the machine had just booted.
Changed wording on alert dialog from "after boot" to "after startup" to reflect the above change.
Added ability to skip raising an alert for unaudited machines.
Added code to skip updating Status Report delta when a Status Report is only a notification of
PTP status change. Symptom: The "Last Status" column in Manager would change to zero for approximately five
seconds after a PTP master was lost or gained.
Changed "PTPv2" to just "PTP" in audit debug logs.
Added real-time alert history folder and logfiles for each reporting machine.
Changed real-time alert logging to show deltas on machines that are in the PTP-lost-master state.
PTP Monitor
Changed display for masters who are zero "stepsRemoved" from a primary
source to show an effective NTP stratum of 1 instead of 0.
DTServer/DTClient
Added ability to track number of seconds since a resume-from-standby event.
This data is sent in Status Reports (Real-Time Alerts) so that Audit Server can decide whether or not to
ignore excessive startup deltas. A recent resume from standby also counts as a "startup" event for
the purposes of overriding the min/max correction allowed. This change allows laptops or similar
devices that use sleep or hybernate to resume synchronization and avoid being flagged as out of
tolerance when they resume operation.
Increased IOCP worker thread count to help prevent starvation of UDP service requests
while TCP teardown is occupying a worker.
DTServer: Changed error message to "Access Denied" when DT2-HTTP is disabled for the
type of access requested. Also streamlined HTTP request processing to reduce transaction duration.
Added secondary audit server value to the domtime.adm GPO. To obtain this functionality,
you need to update the GPO with the new domtime.adm file, and set the value secondary audit server value
using your normal policy editor. You must also update any DTClient or DTServer set to use the policy (previous
versions will ignore the new value).
Corrected auditdata command response to include all time sources (up to eight) if
multiple sources were used to steer the clock. If multiple samples from the same source are
used, only the first sample from that server is included. Previous versions did not always show the
individual source data.
Added source's stratum (if known) to the auditdata command response. This value
is displayed by DTCheck or the Audit Viewer.
Added caller's IP/port and listening IP/port to debug-level messages for TCP hang-ups due to
inactivity or error.
Improved overall socket server shutdown time for very busy DTServers with many
concurrent TCP connections.
DTUpdate
Fixed logic error in the Domain Time II Update Server service which allowed installation
to newly-discovered machines when the Administrator had selected only upgrades, not new installations.
DTCheck
Added each source's stratum (if known) to the output of dtcheck -cmd=auditdata when multiple
sources were used by the queried machine.
Changed -ptpmasters output for two-step clocks to add count of missing Sync Follow-ups.
An occasional Sync without its Follow-up is not an error, but a sufficient number in a row can lead a
slave to abandon a master.
Changed -ptpmasters output for one-step clocks to omit showing zero Sync Follow-ups received.
DTDrift
Changed display of strata as noted above in Stratum Reporting.
DTTray
Reduced redundant registry reads.
DTLockdn & DTClean
Fixed code that disabled filesystem redirection and then failed to re-enabled it. This
affects only 32-bit versions of the programs when running on 64-bit operating systems. Symptoms: None.
In all cases, the programs perform correctly. This change is for consistency's sake, in case the programs
are ever rewritten to operate recursively.
5.2.b.20170331 - Optional Upgrade
This version adds new features to Audit Server, especially for large networks where an audit can
take a significant amount of time to complete. Added a fix for sleep problems on Windows 10
machines. Updated Denial-of-Service (DoS) protection algorithm. Several other minor enhancements
and features at customer request. Upgrade if you are affected by any of the problems fixed, or if
you want the new functionality.
All
Fixed problem with weekly text log rollover. Symptom: Log would roll at the first Sunday, then never again, unless
you switched to monthly or daily, then back to weekly.
Manager
Changed wording on Audit Server/Alerts/Configure page to say "anomalous test results"
instead of "anomalous scan results" because the double-check occurs for both NTP and DT2 sources after
obtaining a result, whether it was obtained from either a scan or a directed query.
Added Cancel Audit menu option to cancel a running audit.
Disabled critical timing processor lock on machines with invariant TSCs.
Added checkbox to Audit Server/Audit Tasks dialog: "Scan the network before contacting individual machines" (default checked).
If checked, Audit Server will use Manager's scan settings to collect data by multicast/broadcast before attempting to check with each
machine. If unchecked, Audit Server will skip the initial scan.
Added checkbox to Audit Server/Audit Tasks dialog: "Use multicast to locate DT2 machines that may have changed IPs or names" (default checked).
This checkbox exposes an existing registry setting that controls how Audit Server locates machines that may have changed NetBIOS names or IP addresses
since the last audit.
Added version mismatch warning to the Conflicts and Problems display. If Audit Server is installed and is not the same version
as Manager, a notice will appear advising you to upgrade the incorrect component.
Real-Time Alert Viewer
Added ability to play sounds when the overall status changes to red or yellow. You may turn this functionality on or
off by checking/unchecking the right-click menu item titled, "Audio Alert Enabled." To change the .wav files played for each
type of alert, edit the registry: HKEY_LOCAL_MACHINE\Software\Greyware\Domain Time II Alert\Parameters, and change
the "Realtime Alert Sound Error" and "Realtime Alert Sound Warning" values to whatever you want. The full file path and name
must be provided.
Audit Server
Added method for Manager to signal that a currently-running audit should be cancelled.
Added dynamic scan timeout value based on size of the recordset being audited.
Split unicast follow-ups to non-responding audited machines into multiple threads.
Disabled critical timing processor lock on machines with invariant TSCs.
Added ability to skip initial audit scan and do only unicast queries.
Split auto-acknowledge of Real-Time Alerts into a separate task; this change
prevents auto-acknowledgement from being starved for CPU on busy Audit Servers.
PTP Monitor Logging
Added trace-level log event if a PTP master upgrades or downgrades its time quality.
Added trace-level log event if a PTP master changes its leap status flags.
Audit Viewer
Added DNS name, if known, on display and reports of NTP servers. Prior behavior was to
say either "N/A" or the IP address in the name field.
DTServer/DTClient
Added work-around for Windows 10 machines with sleep function enabled. Symptom of problem: When sleep mode exits,
the main thread may not resume. This is due to the Windows 10 kernel not sending matching pairs of APM up/down
events to the service handler.
Added trace-level log messages for APM signals.
Changed default interpolator behavior to avoid unneeded cycles when using the kernel interpolator (Windows 8 or above).
Changed Denial-of-Service (DoS) behavior to not restart DoS timer with hits from poisoned sources during the rehabilitation window.
The former behavior required n second to pass without any hits from a poisoned source before absolution would be
granted. The new behavior grants absolution n seconds after the first excess. This makes the DoS protection more
of a rate limiter than a block.
PTP Master Mode
Corrected inconsistency between announced and queried time quality, so that queries via
management messages are dynamic using the same algorithm used for announces when Domain
Time Server is operating as a PTP master.
5.2.b.20170101 - Recommended Upgrade
Introduced PTP Monitor, a component
of Audit Server integrated with Manager. Several minor bug fixes; many performance
enhancements. Added support for the "PTP Enterprise Profile." Added preliminary support for PTPv3
(subject to modification as the specification evolves).
All
Changed log file and dialog mentions of "variance" to "delta" where the
value being referenced is a simple ±Δ (delta). The term "variance" is now used only it its
strict mathematical sense (squared deviation from a set's mean). The former use of "variance" to
mean "delta" was a holdover from when variances were exposed directly.
Changed most messages and prompts to say PTP instead of PTPv2. Messages
specific to v2 (IEEE 1588-2008) as opposed to v3 (forthcoming) will have v2 or v3 appended
when v3 is released and supported. Since much of v3 will be interoperable with v2 in terms of message
types and formats, the version number is important only when a difference must be distinguished for
debugging purposes. Certain instances of PTPv2 will be retained for backward compatibility (such
as the names of keys and values in the registry).
Changed PTP node portIdentity textual representations to use a period instead of a colon
to separate the clockIdentity from the portNumber. (There is no standard for textual representations of
portIdentities. An 80-bit hex string is difficult for humans to read, so we split the clockIdentity into
three portions using dashes, and separate the portNumber from the rest using a period.)
Manager
Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
Changed internal audit delta value for alerts from milliseconds to microseconds.
Manager shows a radio button to allow selection of seconds, milliseconds, or microseconds. The
value will be converted to microseconds when the dialog is closed. Internal time is still kept
in hectonanoseconds (tenths of a microsecond).
Added check for wsnmp32.dll before allowing install to or upgrade of a remote
machine. All versions of Windows from XP up have this DLL installed, execpt for Windws Server 2016 Nano Server, where it
is optional. The admin must install SNMP trap support on Nano Server before installing Domain Time.
Changed default display precision for deltas and latencies from milliseconds to microseconds.
This value is still adjustable from the Options/Appearance/Format Options/Significant digits dropdown.
Several customers were unaware that the number of significant digits displayed was adjustable, and thought
that Manager was only able to measure to the millisecond.
Changed the default sort order for deltas to use absolute value (magnitude). This may
be changed on the same dialog box as the number of significant digits.
Added multicast interface enumeration to scanner functions used by Audit Server, Manager,
and Monitor.
Added tooltips over list column headers to make it easier to read a column header's
label without widening the column (with additional information for columns with obscure or potentially-confusing
labels).
Added right-click item "Details" on lists to switch to the corresponding tree node's details view.
Added "Leap" column to Domain Time II Machines list.
Added "(UTC±HH:MM)" after timezone name in Domain Time II Machines details view.
Fixed slow redraw when deleting Audit Results or Synchronization Logs. Also fixed count of
items shown on the status bar to reflect remaining items after deletion.
Fix for scan receive timeout resetting to 1500 on Manager's Options/Network Options/Network Discovery
page. This value affects both Manager and Audit Server. Also applied fix to ensure that values entered are within
the minimum and maximums allowed.
Fixed Alarm column on the Domain Time II Machine's list to reflect "NoSync" if a Domain Time
machine has not been able to set its clock since startup. This information is already available via Audit Server's
Real-Time Alerts and reports, but was not shown in the machine's list.
Added "PortIdentity" column to command-line DTMan EXPORT column, showing blank if the
entry is not a PTP node, else showing the node's PortIdentity. For PTP nodes that are slaves, the existing
PTPStatus column will show the master's IP address if available, else it will show the master's PortIdentity.
Fix for long Manager startup time when database size is large.
Improved Manager's exclusion of unwanted Organizational Units (OUs) to include both AD
enumeration and tree/list display. The former behavior was to include all machines in the database, and
excluded unwanted ones from the display.
Added number of elements and memory used by each of the major indices to the System Information page.
Added secondary sort by common name (DNS name for NTP servers) when sorting by other columns, so that
machines in the same group are listed alphabetically within that group.
Changed display name for domtimed Domain Time II role from "Full Client" to "Linux Client" to make
them sort separately from Windows clients.
Audit Server
Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
Fix for scan receive timeout resetting to 1500 in error.
Added info-level timing information for each phase of an audit. This helps identify which phase (if any)
is consuming too much time for users with a very large number of machines being audited.
Added "lazy" write to the text log output (same mechanism as available for DTClient/DTServer). This helps
improve accuracy of time-sensitive operations that must log their output.
Audit Viewer
Added "Delta" column.
Added NTP stratum (or equivalent) to display of a machine's time source.
Strata only apply to NTP servers, but an effective stratum may be determined in most situations. In cases where there
is no equivalent, or the information is missing, the stratum is not displayed.
Added UTC±HH:MM where applicable.
Added support for PTP Nodes (as opposed to Domain Time machines using PTP to obtain the time).
Note that you may audit by more than one protocol (NTP, DT2, or PTP, or any combination); each shows up as a
separate entry in the audit list.
Added support for showing last correction in sub-milliseconds (if provided by DTClient or DTServer;
previous versions reported deltas to the hectonanosecond, but corrections only in milliseconds).
DTServer/DTClient
Added dynamic reset of outgoing socket TTL (IPv4) and hop count (IPv6) when changed
on the Control Panel applet (former versions required a service restart).
Added links in all users start menu, similar to those created by
installing management tools.
Fix for negative delta not firing SNMP trap for bounds exceeded.
Added shared memory section for PTP statistics (used by DTCheck and the Control Panel applet).
Added ability to keep NTP4-style loopstats and peerstats files, including symlinks
to the current file, plus several other internal changes for ntpq and nptd-compatibility. Please see
ntpd Compatibility
for details.
Increased the maximum number of drift records kept by each machine. This provides a
longer span of history; this is particularly important for PTP drift, which can accumulate one or more points
per second.
Added socket drain for TCP connections after sending FIN but before closing socket. This
helps prevent spurious connection reset errors on the peer.
Added non-zero values roughly equivalent to ntpd's concepts of root delay and root dispersion
to NTP reply packets (DTServer only). Note that Domain Time does not keep internal statistics in the same fashion as ntpd, so there are
no exact equivalents.
Added poll value to nearest power of two to NTP reply packets; this value was formerly fixed
at the default interval, whereas now it reflects the anticipated number of seconds between time checks. Note that Domain
Time does not calculate or maintain polling intervals in the same fashion as ntpd, so the poll interval reported
is approximate. In particular, the state machine itself has a value, but not individual time sources. Domain Time
is not restricted to ntpd's minimum, maximum, or power-of-two intervals, but reports as if it were for ntpd compatibility.
Changed precision value in NTP reply packets (DTServer only) from -23 to -22. 2^-23 (0.000000119 seconds)
is the nearest approximation of Domain Time's actual granularity, but 2^-22 (0.000000238 seconds) is closer to the
standard deviation representing Domain Time's best-case ability to measure the clock.
Changed default value for "Enumerate multicast interfaces..." and "Initiate rebind and resync..." to
true.
Fixed log message format error after applying leap-second. The bug was
introduced in version 5.2.b.20160922, and only affected machines running at trace-level or debug-level
text log output.
Changed "Service Notify Time Change" log messages from debug level to trace level.
Added PTP grandmaster's offsetScaledLogVariance (oslv) to log lines that display the master's
general attributes. This value is a four-digit hex number.
Added error-level output to log if PTP calibration fails due to invalid timestamps from the
grandmaster. This information is also available in debug mode if the PTP packet rejection category is enabled,
and will fire with every rejected packet. The new error-level information does not fire with each Sync packet,
and does not require debug mode.
Control Panel applet
Further simplified and clarified the wording for Delay Transport on the Control Panel
applet's PTP configuration dialog.
Added checkbox and configuration link for PTP to DTServer's "Serve the Time"
page. This is a shortcut to the same PTP configuration dialogs on the "Obtain the Time" page,
but put on the Serve the Time page for convenience. Unlike other protocols, PTP will be either a slave
or a master depending on the overall network conditions.
Added checkboxes on the Logs and Status page for enabling NTP4 loopstats and peerstats. Added
display of the NTP Stats folder. This display will be "N/A" for earlier versions of Domain Time, and "Not set yet"
if you haven't enabled loopstats or peerstats. The folder path, if not set manually, is determined the first
time Domain Time collects loopstats or peerstats. Close and reopen the Control Panel applet in order to see
the path after first enabling loopstats or peerstats.
Removed Refresh and Autorefresh control from PTP Stats display when operating on the local
machine using shared memory. The title bar includes either "shared memory" or "network" for your reference.
Added dropdown selection for "End-to-End Enterprise Profile" on the PTP configuration page.
See PTP Profiles for details.
PTP
Added support for slaves choosing a master from among multiple domains, whether or not
the Enterprise Profile is selected. This is controlled by a checkbox labeled "Dynamic (allow any domain when slave)"
on the PTP Options page. On the PTP Status page, older versions will display "Domain Number" and the domain number. Newer versions
will display either "Dynamic Domain" and the domain number currently in use, or "Operating Domain" and
the domain number chosen on the Options page. See Dynamic Domain on the PTP Profiles page.
Shortened or eliminated the delay time for recalibration when switching from one master to
another if multiple masters are advertising simultaneously (for example, when a master in domain 0 and another
in domain 1, are both visible to the slave, and the slave has Dynamic Domain available, it will have already
pre-qualified both masters, and be able to switch without reentering the listening state when the master it
has chosen goes offline).
Added support for management GET of the PTP fault log.
Added support for management COMMAND to clear the PTP fault log.
Increased incoming buffer size to accommodate receipt of large fault log packets.
Changed reply to management requests sent to all domains (0xFF) to indicate the clock's true operating domain
instead of copying the incoming request's domain. Note that management requests addressed to all domains are not part of the
PTPv2 specification (although they will likely be part of v3); this functionality is included in Domain Time in emulation of
PTP's "all clock identities" and "all clock ports" concepts. Domain Time does not send these requests, but will respond
appropriately if so queried. Prior versions responded from domain 0xFF, as required by a strict interpretation of PTPv2.
DTCheck
Added prompt before -test and other options that may affect the clock,
requiring confirmation before beginning the procedure. Added -yes parameter to skip the confirmation.
Added -driftfiles parameter to fetch drift files. If no machine name or IP address is specified,
the local machine is targeted. The files are placed in the current directory. Example: dtcheck 10.1.2.3 -driftfiles
NTPCheck
Added display of precision, poll, root delay, and root dispersion to -raw output. Note that
sources providing a zero for root delay or root dispersion is valid but undefined; the value is either omitted
(typical with appliances and previous version of Domain Time) or too small to represent in the fixed-point
field provided. NTPCheck will display root delay and root dispersion, but only convert to seconds and fractions
of a second if non-zero values are provided.
Setup
Added automatic backup of audit server database during upgrade.
Proceed to the Older v5.2 history page
Back to the Requirements page