Greyware Automation Products, Inc.
Greyware Automation Products, Inc.   
     Home    Products    Store    Downloads    Customer Service    Site Search    
Log in  or   Create an account now -- FREE!        
Domain Time II > v5 > Installation > Changelogs - v5.x

Pricing   Buy Now

30-Day Trial Version
Domain Time II
Version 5.x
Sample  Changelogs
Version 5.2 Changelog
Click the link to jump to the change details for that build

BuildRelease Type
5.2.b.20240425Current Version - Optional Upgrade
5.2.b.20240101Optional Upgrade
5.2.b.20230302Optional Upgrade
5.2.b.20221031Optional Upgrade
5.2.b.20220714Optional Upgrade
5.2.b.20220322Optional Upgrade
5.2.b.20210930Optional Upgrade
5.2.b.20210630Optional Upgrade
5.2.b.20210331Recommended Upgrade
5.2.b.20210103Optional Upgrade
5.2.b.20200930Optional Upgrade
5.2.b.20200630Optional Upgrade
5.2.b.20200331Optional Upgrade
5.2.b.20200101Optional Upgrade
5.2.b.20190922Optional Upgrade
5.2.b.20190701Recommended Upgrade
5.2.b.20190331Optional Upgrade
5.2.b.20190101Optional Upgrade
5.2.b.20181111Optional Upgrade
5.2.b.20180805Optional Upgrade
5.2.b.20180801Optional Upgrade
5.2.b.20180606Recommended Upgrade
5.2.b.20180303Recommended Upgrade
5.2.b.20180101Optional Upgrade
5.2.b.20171113Optional Upgrade
5.2.b.20170922Optional Upgrade
5.2.b.20170522Optional Upgrade
5.2.b.20170331Optional Upgrade
5.2.b.20170101Recommended Upgrade
Older 5.2 Releases2010-2016 Releases

Version 5.2 Changelog

5.2.b.20240425 Current Release - Optional Upgrade

Minor fixes and enhancements.

  • DTLinux
  • DTServer
    • Fix for PTP master announce stepsRemoved field when the registry NTP Server Stratum value is non-zero.

  • Audit Server
    • Changed display in audit reports from using scientific notation to decimal representation (only affects very small values; for example using 0.000050 instead of 5e-5).
    • Changed mechanism for obtaining reference time when using "Use this machine's list of time sources" and the audit machine is a PTP slave, to use the current PTP master's IP, offset, and stratum instead of querying the list of NTP or DT2 sources. If the audit machine doesn't happen to be a PTP slave, then the normal use of listed sources operates as before. This change affects the Audit Server's log file as well as Audit Result reports.

  • Manager and Monitor
    • Same change as detailed above for Audit Server in regards to reporting the source of the reference time.

  • Control Panel Applet
    • On the Obtain the Time/Correction Limits page, the Reset to Defaults button was not resetting the excess latency checkbox or associate value.
    • Fixed production of zero-length ptpMasters.txt when the CPL's focus is set to a remote machine. This only affects generation of file(s) for inclusion in sending a Problem Report from the Support page.

5.2.b.20240101 - Optional Upgrade

Two minor fixes in DTCheck; one enhancement to Audit Server.

  • DTLinux
  • Audit Server
    • Changed interpretation of Audit Server's email subject lines (found at HKEY_LOCAL_MACHINE\SOFTWARE\Greyware\Domain Time II Audit Server\Logs and Alerts\SMTP) to allow substitution variables %date% and %machinename% to be replaced by the current date and reporting machine (respectively).

  • DTCheck
    • Fixed invalid character in the -variance report output display.
    • Changed default Internet leap-seconds.list source from IETF to IANA (IETF no longer supports the leap seconds list).

5.2.b.20230302 - Optional Upgrade

Two minor changes to alerting and logging.

  • DTLinux
  • Client/Server Server
    • Fixed sending out "bounds exceeded" SNMP trap on first correction after startup when the checkbox for ignoring startup is checked.
    • Changed messages about virtualization changes (for example, live migration) from warning level to information level.

5.2.b.20221031 - Optional Upgrade

One important fix for Audit Server.

  • DTLinux
  • Audit Server
    • Fix for Audit Server's Daily Drift CSV report mistakenly interpreting DTLinux drift records as milliseconds instead of nanoseconds.

  • Domain Time Server
    • Changed default for new installations of DTServer in slave mode (domain hierarchy) to not use Windows RID-based authentication.

  • Drift Graphs
    • Changed text on drift graph display to say "N/A" instead of "unknown" when the phase adjustment is either inapplicable to the type of graph, or the value is zero.

5.2.b.20220714 - Optional Upgrade

Fixed a problem with formatting multiple recipients when sending email to GMail (Google changed its header parsing rules). Enabled support for software RX timestamps on Win11 and Win2022 (Win10 and Win2019 already have support in place). Added Remote Scan feature to DTServer, which can be used by Manager and Audit Server on large segregated networks. Other minor enhancements.

  • DTLinux
  • Manager
    • Added section to the Network Discovery dialog allowing you to specify Remote Scan options. Remote Scan works by contacting Domain Time Servers on other networks and having them perform a broadcast/multicast scan on Manager's behalf. The remote Domain Time Server(s) must be running version 5.2.b.20220414 or later, and must have Remote Scan enabled. Useful in complex networks where broadcast and multicast queries cannot reach remote subnets. A Domain Time Server positioned on the remote subnet can return a list of nodes visible to it.

  • Audit Server
    • Audit Server inherits the Remote Scan settings described above.

  • DTServer/DTClient
    • Increased number of retries obtaining domain/forest information to account for lazy network startup in Win10/Win2019 and above.
    • Added Remote Scan (DTServer only) functionality. This allows Manager and Audit Server to gather network information visible to the remote DTServer. Functionality is disabled by default. To enable, use the Control Panel applet's Security tab. Click the Commands... button and tick the box for Remote Scan. This box will only appear on versions of Domain Time Server 5.2.b.20220414 or later.

  • DTCheck
    • Changed -resetserial and -reload to allow operation via authenticated UDP transaction on Windows machines (instead of stopping and restarting the service). This capability is already built into DTLinux and DTClient/DTServer, but dtcheck only used it on Linux nodes.
    • Added -remoteScan function (see Manager and DTServer above). This function lets you test a remote Domain Time Server for compatibility, and shows the information it would return if used by Manager/Audit Server.
    • Enhanced -interfaces command to display the NIC internal clock frequency (when available).
    • Enhanced -stats2 command to display the type of timestamping supported.

5.2.b.20220322 - Optional Upgrade

Minor fixes and enhancements.

  • Miscellaneous
    • Added Windows display version (the same as winver.exe shows) to logs and startup banners, e.g., Windows 10 21H1 (display version) instead of Windows 10 2009 (actual version number).
    • Fixed problem with dialog box upper-left small icon "sticking" to most recently used icon.

  • DTLinux
  • Manager
    • Added update of license files when upgrading a DTLinux client via "push" update from Manager.

  • DTServer/DTClient Control Panel Applet
    • Added support for specifying syslog port number to override the default target port 514/udp. You may add :n, where n is the desired port number. For example: (IPv4 literal), [2600:1f18::1]:777 (IPv6 literal -- brackets are required), or (DNS name). In all of these examples, syslog output will be sent to port 777.
    • Added support for "Do not change audit group" to the dropdown beside the "Always audit this machine" checkbox. Requires Audit Server 5.2.b.20220111 or later to work properly.

  • NTPCheck
    • Added -rtt switch to show originate and terminate timestamps, and display total round-trip time. Ignored if -raw is not also specified. Ignored if output is either -json or -csv.

  • DTCheck
    • Fixed typo in -help text.
    • Eliminated requirement for Remote Registry service for certain operations targetting the local machine (specified by providing no target, using the machine's NetBIOS name, using the IP, or the IP ::1).
    • Removed test routines for obsolete bc635/637 PCI clock cards.

  • SDK
    • Added atomic copy to GetPTPStats() to prevent rare race condition.
    • Updated comments inside APITest.cpp to demonstrate how to get the full path/filename of the loaded DLL, and how to convert hectonanoseconds to either microseconds or milliseconds.

5.2.b.20210930 - Optional Upgrade

Minor fixes and enhancements.

  • DTLinux
  • DTServer/DTClient
    • Customer request: Changed PTP Telecom subscription failure messages from warning level to debug level as long as at least one of the provisioned masters is responding. This is a cosmetic change, to keep from filling the log with warnings about Telecom masters that are offline.

  • Control Panel applet
    • Fixed problem with screen lag on Win10 when moving the Control Panel applet around the screen and system Performance Options -> "Show window contents while dragging" is checked.
    • Fixed misidentification of Domain Time Client as Domain Time Server when service registry key permissions are locked down too tightly.

5.2.b.20210630 - Optional Upgrade

Support for Windows 11 and Windows Server 2022.

Added support for "short" SHA secrets (SHA1 fewer than 40 hex chars, SHA256 fewer than 64 hex chars, or SHA512 fewer than 128 hex chars). The new minimum length is 20 hex chars (10 bytes), although we recommend that you use the full length for each SHA key type. Compatibility Note: If you create "short" SHA secrets and export them to an older version of Domain Time, they won't be recognized as the proper type. Upgrade all of your machines, both DTLinux and Windows, before implementing short SHA secrets.

Added SecureZeroMemory (Windows) and equivalent function (DTLinux) to ensure that symmetric key secrets are erased from memory after use.

Changed group policy handling of secrets to allow "short" SHA keys. To implement, you must add a comment after the secret. For example, if you want an SHA1 secret of 907386b0dd548acaed8b (shorter than the standard 40 hex chars required for SHA1), you would enter it in the policy as "907386b0dd548acaed8b # SHA1" so that Domain Time knows to treat it as SHA1. Compatibility Note: You must upgrade any Windows machines using group policy for key distribution before creating any short SHA group policy secrets, or using comments in the group policy settings.

  • Audit Server/Monitor Service
    • Fix for recent change in Microsoft's permissions for the Windows\Temp folder, where these two services save their SMTP queue files. Upgrade will move the queue folder outside the Windows\Temp hierarchy, and grant explicit read access to the email.log file in the new folder location. You can make this change without upgrading by changing the location of the SMTP queue to a folder on a local drive, and setting the permissions to FULL for SYSTEM and Administrators, and READ for everyone else.

  • Manager
    • Added File -> Upgrade Remote Server & Manager menu item. This new dialog allows you to upgrade Domain Time Server, Manager, management tools, services and DTLinux files on a remote machine. This convenience function allows you to upgrade your main Management machine, and then push that upgrade to any other Manager machines. In the past, you had to run Setup directly on each Manager machine to upgrade.
    • Added check for tombstoned records when you change Active Directory enumeration from tombstone to purge. If any tombstoned records exist when you make this change, Manager will offer to delete the tombstoned records.

  • DTLinux
    • Several enhancements and fixes; also new security options. See the CHANGELOG.txt file for changes specific to DTLinux.

  • All Components
    • Switched to custom PRNG for determining the pseudo-random sequence ID field of DT2 commands.
    • Removed SSL/TLS test on check-for-update functions if the operating system is earlier than Vista/2008r2. Older operating systems cannot meet the TLS requirements of our website.
    • Resized stats structure to include delta values of less than 1 ms. This is the output you see when issuing dtcheck -stats from the command line. Older versions of both DTLinux and DTWindows will continue reporting only milliseconds until you upgrade them. All other reporting mechanisms are already in tenths of a microsecond (Windows) or nanoseconds (Linux).

  • DTClient
    • Fixed bug that could make DHCP lookups fail on some operating systems. Also made DHCP lookups more robust by sending both DHCPDISCOVER and DHCPINFORM messages.

  • DTServer
    • Changed DT2 and NTP to support incoming requests signed with SHA256 or SHA512 keys (as long as the keys exist in your keyring, and are trusted). Domain Time (as a DT2 or NTP client) is still limited to MD5 and SHA1.

  • Control Panel applet
    • Disallowed selection of "Windows Auth" from the authentication drop-down if you have selected DT2-HTTP as the protocol. The combination of DT2-HTTP and Windows authentication has never been supported.
    • Changed right-click pop-up menu so that it only appears if you right click on a blank area of the left-side of the Control Panel applet. Formerly, the menu would pop up no matter where you right-clicked.

  • NTPCheck
    • Allowed NTPCheck to use SHA256 and SHA512 keys as well as MD5 and SHA1. To use any form of authentication with NTPCheck, you must run NTPCheck from an elevated command prompt.

5.2.b.20210331 - Recommended Upgrade

DTLinux is now in production status. Several updates and enhancements to Manger to support DTLinux remotely. Several enhancements to various components and a few minor fixes as detailed below.

Implemented mitigation for a potential security vulnerability in the check-for-upgrade functions of Manager and DTTray. This vulnerability requires DNS hijacking and redirection to a look-alike website, where a fake download could be provided. Credit to GRIMM for alerting us to this potential.

  • Audit Server
    • Fix for raising a Real-Time Alert when the Raise Alert... checkbox is unticked.
    • Added StandBy-mode synchronization of Manager's DTLinux and Backup folders.
    • Added ability for email subject lines to contain the date/time. Write to techsupport if you need this feature.

  • Manager
    • Added log rolling to Manager's log file; default monthly, keep 12 old logs. Some customers had set the log max size to zero (unlimited) but had not cleared the log in years, resulting in multi-GB log files. You may change the settings from Options -> Manager Log File Settings.
    • Added ability to remote-upgrade DTLinux installations. You must be running version 5.2.b.20210130 or later on both DTManager and DTLinux. Further, remote-upgrade is disabled by default in the dtlinux.conf file. You must set dt2Security:managerUpgrade to true before Manager will be allowed to push the upgrade.
    • Added code to close Notepad windows showing temp files when Manager closes.
    • Customer request: Added optional startup password for Manager. When set, you must enter the password before Manager's GUI display appears. You may set, change, or clear the password from Option -> Set Startup Password.

  • DTDrift
    • Changed wording on text rendering of a drift file to say "corrections" instead of "deltas" in the Clock Corrections section. The Clock Corrections section summarizes corrections (clock deltas of >= 1ms), so the former wording could be misleading.

  • DTLinux
    • Moved DTLinux from beta status to production as of 31 Jan 2021.
    • Read the DTLinux changelog and the README file to see what's new. Updates to DTLinux do not necessarily coincide with updates to the Windows line of products.

  • All Services
    • Increased startup wait-for-IP-addresses time on Win10/Win2019.

  • DTServer
    • Fixed bug in stats display that showed HTTP hits by servers and clients in wrong order.
    • Added ability for DTServer to function as a DTLinux update source (for use as a local cache if your Linux machines don't have Internet access). This option requires installation of Manager to function.
    • Deprecated the Domain Role of "Slave Time Server." The option is still available, but admins should migrate to Independent Time Server for DCs not holding the PDC-emulator role.
    • Fix for DT2-TCP not restarting on IP address change.

  • DTClient/DTServer
    • Changed meaning of "TAI-UTC Offset Locked" registry entry to only apply the TAI-UTC offset when the PTP master is using the PTP timescale. If the master is using the ARBitrary scale, timestamps are presumed to be in UTC already, so no offset from TAI is applicable.
    • Eliminated warning message in log about syntax errors or untrusted symmetric keys if the timesource is disabled.
    • Changed max delay between samples to 1024 milliseconds. It was formerly 16,384 milliseconds.

  • Control Panel Applet
    • Added checkbox to DTServer's Serve the Time page, Serve DTLinux Updates. There is a link below the checkbox to test. DT2 over HTTP must be enabled, and Manager must be installed on the same machine in order for this function to work.
    • Added warning when unchecking a symmetric key (i.e., setting it to untrusted) if any timesource, including PTP authentication, is currently using the key number. This is a yes/no dialog box; if you select No, then the key will remain checked.
    • Changed the list of keys to use for each PTP message type so that only trusted keys are displayed. If you have untrusted (or deleted) a key formerly in use for a PTP message, that message's key will be set to None.
    • Added DTLinux-format file import/export of symmetric keys.
    • Added machine import/export from/to DTLinux as well as Windows machines.

5.2.b.20210103 - Optional Upgrade

Removed old programs (NT Alpha, domtimed, WFWG) from all distribution zips. These programs are more than a decade past end-of support.

De-Internationalized day name and month name in the log files, audit reports, and various displays, in favor of yyyy-mm-dd hh:mm:ss or English month and day name abbreviations (depending on the display), for continuity when reading logs or reports created by machines in non-English languages. Retained locale-specific format in several places on the Control Panel applet. Added locale-specific format to the status bar of the log file viewer.

Introduced Domain Time II for Linux (dtlinux). This is a full-featured NTP/DT2/PTP client for x86_64 Linux distros (little-endian Intel or AMD only, running in 64-bit mode). DTLinux may be monitored and audited by Domain Time II Audit Server, and remote-controlled by Domain Time II Manager. N.B. DTLinux is still in beta status, but has been tested successfully on CentOS7, CentOS8, RHEL 8.3, Ubuntu 18, Ubuntu 20, Fedora 33, Mint 20, OpenSUSE Tumbleweed, and OracleLinux 8.3. DTLinux is distributed in three packages: DEB for Debian and Debian-derived systems, RPM for RHEL and other RPM-based systems, and a TGZ, which is distro independent. Please visit DTLinux for more information.

  • Manager
    • Fix for refresh of single items on the tree side of the Domains and Workgroups list. If favorIP was set, the database information would be refreshed, but the display would show a tombstoned record.
    • Added support for the beta DTLinux client. (For security reasons, remote install/upgrade/remove is not available for Linux.) On Windows 10 or Server 2019, support for the Microsoft SSH client (you must install SSH from the optional features list). Support for DTLinux templates, as well as remote configuration, problem report generation, monitoring, and auditing.

  • DTDrift
    • Changed handling of the "SourceStratum" column when using the -convert -csv option. Prior versions always showed zero (meaning unknown) in this column, unless the drift files being converted were ones created by Audit Server. All drift files now contain the source stratum information if available, so DTDrift will display meaningful information in this column.
    • Fixed width of first column when using -convert -csv without the -localtime option.

  • DTLinux
    • Ended private beta. First public release. Domain Time II for Linux (dtlinux) is documented here, and is included in the Starter Kit and Manager download zips. You may also obtain a copy from the direct download folder.
    • Note: Although DTLinux is now available to the public, it remains in beta status. Please test it thoroughly in your test environment before deploying to production machines.

  • Drift Graph
    • Changed textual output from a grapical drift display to include parenthetical microseconds to help users parse the value in more useful terms.
    • Added data point resolution to textual output (either nanoseconds or 0.1 microseconds, depending on the data source).
    • Added StdDev (standard deviation) to textual output.
    • Changed display when you click on a dot in the drift graph to display n nanoseconds, n microseconds, n milliseconds, or fractional seconds (whichever is smallest). This makes something like "+0.000000021 seconds" appear as "+21 nanoseconds," which is easier to read.

  • DTCheck
    • Changed -ptpStats output to show nanoseconds when operating against a machine that supports nanos instead of hectos. Also added a parenthetical number of microseconds to help users parse the values in more useful terms.
    • Added support for -resetSerial, -resetTimings, -logFile, and -problemReport for DTLinux nodes.
    • Added metadata to files created using -driftFiles

  • DTClient/DTServer
    • Fixed ambiguity in the standard PTP best-master-clock algorithm to recognize that "better by topology" should be used in master selection as if it were "better" by other reasons.
    • Suppressed error message "Unable to retrieve the time; error 5: No time samples available" when you have deliberately removed all external time sources.

  • Control Panel Applet
    • Changed "NetBIOS Name" to "NetBIOS/DNS Name" on the stats page. This is useful primarily when connecting to a remote machine by IP address. The former behavior would display the IP address if the NetBIOS name could not be discovered. The new behavior performs a DNS lookup and shows the FQDN if the NetBIOS name is not available.
    • Internationalized text on the About page.

  • Log file viewer
    • Removed "Show Line Numbers" from the log file viewer menu.
    • Internationalized "Last changed on" line in the status bar. Removed internationalization for month and day names within the log contents.

  • PTPCheck
    • Widened main display to give more room for node names and deltas.
    • Changed delta and delay displays from hectonanoseconds (1e-7) to nanoseconds (1e-9) on main display to accommodate DTLinux, which reports nanoseconds. Replies from Windows machines will show all 9 digits, but the last two will always be 00, because Windows can only report 7 significant digits. Changed details display to say n nanoseconds, microseconds, milliseconds, or seconds, with appropriate number of significant digits.

5.2.b.20200930 - Optional Upgrade

Many improvements for isolated networks that want to use PTP only (i.e., no NTP or DT2 fallback or crosscheck support). The Accept First PTP Timestamp option is now more robust, and, upon discovering a large divergence during normal operations, you may choose to allow the machine to step the clock using only PTP sources. A PTP-only configuration is sub-optimal, and our recommendation remains for you to make at least one NTP or DT2 time source available for startup, fallback, and crosscheck. Several small fixes and improvements. Upgrade if you are affected by any of the changes in the list.

  • Audit Server/Manager
    • Improved Manager's ability to manage time zones on remote machines using a different national language edition of Windows (for example, managing a Japanese-language machine from a EN-US-language machine, or vice versa).
    • Fixed bug in Audit Server that sometimes prevented Manager's Real-Time Alerts display from showing current PTP status for machines. This problem only occurred when Real-Time Alerts were received during an upgrade of the management tools.

  • DTServer
    • Changed the logic when using DTServer as a PTP master, but the admin has selected "Do not set this machine's time," to allow PTP to send Announce messages using the values set by the admin. The former behavior was to send Announces showing the time as degraded. This change helps in closed environments where the admin wants all machines synchronized to the master, but has deliberately chosen to have the master itself unsynchronized.
    • Improved calculation of residence time as expressed in the correction fields of Peer-to-Peer delay responses.

  • DTClient/DTServer
    • Fix for setting time zone, either by push from Manager, or pull from DTServer by DTClient, so that invalid entries generate an error instead of leaving the machine in a potentially inconsistent state. Invalid entries are those whose Standard name doesn't match the registry key name, or those that exist on the timezone source but not the consumer.
    • Changed log message about PTP with no backup sources from warning to status/info level
    • Changed log message about PTP running but no samples yet from warning to status/info level
    • Added logic to detect egregious PTP delay measurement results arising from use of the canonical algorithms specified in IEEE 1588. This situation obtains primarily when the master and slave differ significantly in frequency or time of day. If the actual measured round-trip time is less than the algorithm-produced time, then the meanPathDelay will derive from the actual round-trip time.
    • Added registry DWORD setting Accept First PTP Sample Count to the Parameters section. The default value is 3, and the range allowed is 1-15. Prior versions only examined the very first PTP time sample when accepting the first PTP timestamp.
    • Changed behavior of Accept First PTP Timestamp to slew when within slewing bounds. This function will step the clock if the delta is large, so continue to use it with care.
    • Changed behavior of Accept First PTP Timestamp to re-arm upon detection of resume-from-standby, emerge-from-sleep, or a Clock Change Monitor trigger.
    • Exposed the Accept First PTP Timestamp option on the Control Panel applet, eliminating the need for editing the registry manually. Note that you must either stop/start the service, or reboot the machine, in order for the first PTP timestamp to be accepted.
    • Added support for resetting duplicate serial numbers by command from DTManager or DTCheck. This avoids the need to stop/restart the service on the machine whose serial number needs to be reset.

  • Control Panel Applet
    • Fixed display glitch on Control Panel applet when moving entries up or down (reordering) in a list of time sources. The resultant data was correct, but the display did not update the last field in the list.
    • Fix to prevent dragging the Control Panel applet completely off-screen.
    • Added new entry, "Upon PTP large divergence," to list of conditions that allow stepping. This is primarily useful for machines using only PTP without fallback NTP/DT2 time sources, and where the correction needed is too large to accomplish by slewing. This option is disabled by default. NOTE: This setting does not apply when using the Accept First PTP Timestamp option. Accept First PTP Timestamp will always step if slewing is not possible.

5.2.b.20200630 - Optional Upgrade

Several minor changes, mostly at customer request. Upgrade if you are experiencing any of the bugs described, or if you need the newer functionality.

  • Manager
    • Changed behavior of Manager's command-line IMPORT ADD function to set nodes to audited whether or not they previously existed in the database. This conforms with the documentation, and makes ADD the opposite of DROP (except that ADD will add nodes to the database if they don't already exist).
    • Added 0 (zero) to the list of audit groups that may be specified after the machine name/IP address of Manager's command-line IMPORT ADD function. Formerly, only 1-8 were supported, corresponding to Audit Group number 1-8. If you specify 0 instead of 1-8, then the node will be added but set to unaudited. This is essentially the same as DROP, except that the node will be added to the database if it doesn't already exist.

  • DTClient
    • Added IP address of responding DHCP server to debug mode log output, if DTClient is set to use DHCP as one of its auto-discovery options.
    • Added REG_DWORD "DHCP Sample Count" to the Time Sources subkey. If DTClient is set to use DHCP as one of its auto-discovery options, this value controls how many samples Domain Time should request from each configured server. The valid range is 1-5. Changes to this registry setting take effect at the next timecheck interval. You do not need to stop/start the service, or reload other parameters.
    • Added REG_DWORD "DHCP Sample Pause (ms)" to the Time Sources subkey. The valid range is 16-1024. This value controls how many milliseconds Domain Time pauses between samples of DHCP-discovered sources if the DHCP Sample Count value is greater than 1. The default is 512.
    • Rearranged logic when DTClient is using DHCP as one of its auto-discovery options. As of this version, if DHCP is selected, and the DHCP server responds with a list of one or more IPs, and if one or more of those IPs provides a valid time sample when queried, DTClient will skip any non-DHCP discovered time sources after that. If the use-last-known-good option is selected, DHCP-discovered servers will remain in the last-known-good list, but used only if subsequent DHCP queries fail. If the DHCP-discovered sources fail, or the DHCP server fails to provide a list, Domain Time will use the other configured discovery options as fallback sources.

  • DTClient/DTServer
    • Improved performance when using the special Accept First PTP Timestamp registry setting. This option should only be used in closed environments where PTP is the only possible source of time and the initial startup delta takes an excessively long time to correct (i.e. if the motherboard CMOS clock is wrong). If no other time sources are configured, PTP will step the clock to match the first incoming PTP sync timestamp. This initial stepping will bring the clock into close enough sync for normal PTP operations to govern the clock. It is no longer necessary to also untick the "Crosscheck with other sources" checkbox.

  • DTLockDn
    • Implemented workaround for dtlockdn /reset being unable to set registry key ownership on Windows Server 2012r2 and Windows Server 2016. These two versions of the operating system have slightly different requirements than earlier or later operating systems. If the workaround is invoked due to 2012r2/2016 restrictions, a warning message will appear in the output, and DTLockDn will continue if the workaround is successful.
    • DTLockDn will no longer add read permissions for the well-known SIDs "Authenticated Users", "Users", or "Everyone" if you have explicitly /revoked or set them to READ or FULL. Otherwise, DTLockDn will add READ for Authenticated Users (if valid for your operating system), Users (if Authenticated Users is not valid or already present) or Everyone (if neither Authenticated Users nor Users is present and valid).
    • Note that, on startup, Domain Time will always reset the permissions on the Keyring subkey so that access is limited to SYSTEM and Administrators.

5.2.b.20200331 - Optional Upgrade

Several minor enhancements, including better performance using PTP with sync rates of less than one per second. You should upgrade if your PTP master sends fewer than one sync packet per second.

  • Manager
    • Added dialog Options -> Network Options -> Name Resolution to let you choose how Manager resolves names when connecting to remote Domain Time machines. By default, Manager and Audit Server first try the FQDN (fully-qualified domain name), which is created by concatenating the Common Name (NetBIOS name) with the domain name. You may change the name resolution method to either Common Name (NetBIOS name), or to DNS name.
    • Added option to specify an Audit Group number (1-8, inclusive) to Manager's command-line IMPORT function. If no Audit Group is specified, Manager uses the default Audit Group for new nodes. For example, if your batch import file contains Add NTP myntpappliance 3 then the NTP server called myntpappliance will be added to the NTP list and placed in Audit Group 3.
    • Changed prompt on connection failure dialog from "Always use this name for locating this machine" to "Always use this IP Address to locate this machine." The checkbox will be grayed-out if you enter anything but a valid IPv4 or IPv6 address. This change reduces confusion by making the action of the dialog box match the internal workings of Manager.

  • DTServer/DTClient
    • Fix for "TAI-UTC Offset Locked" registry variable not being recognized when acquiring a new master.
    • Improved synchronization performance when PTP master is sending packets less often than once a second.
    • Change PTP sync timeout to be twice the sync interval plus 1. This helps on networks that drop packets.
    • Increased depth of lookback buffer for UDP packet de-duplication. This helps on networks subject to UDP flooding.

  • DTCheck
    • Added -ptptest -showsequence subtest. This test watches for Announces and Syncs from grandmasters and displays drops, repeats, and jumps in PTP message sequence numbers.
    • Fix for -swTimestamps returning faux error code when operating on remote machines.

5.2.b.20200101 - Optional Upgrade

Two minor fixes, several changes based on customer requests, enhanced PTP behavior with multiple Syncs per second. Upgrade if you want the new functionality.

  • Audit Server
    • Changed validation range for PTP Monitor's Sync message intervals to allow for more than one sync/second. This only affects the displayed values in Manager.

  • Manager
    • Changed default remote connection procedure to try the FQDN (if available) before falling back to the NetBIOS name or IP address. Note that if you double-click a node's DNS Name, Manager will try the DNS name first. Likewise, if you double-click a node's IP address, Manager will try the IP address first. This change only affects how Manager behaves when you double-click a node's NetBIOS name (the Common Name).
    • Allowed Manager's list display of node timezones to include non-English languages.
    • Added extra debug logging for errors/problems during LDAP machine enumeration. Also added workaround code to retry LDAP queries that return "success" with zero entries. This situation only occurs in very large domains with overburdened Domain Controllers.
    • Added registry parameter, "ICMP Required" (default true). You may set this to the English word "False" to skip ICMP tests during connection. Some networks disallow ICMP echo requests. Note that setting this to false may cause long timeouts or unexpected errors for machines that are offline or otherwise unreachable.

  • DTServer/DTClient
    • Changed critical section envelope when handling PTP delay measurement replies. This prevents erroneous results when a boundary clock or grandmaster sends two replies to a single request.
    • Fixed typo in timezone display calculation that could produce UTC - offset instead of UTC + offset. This error only affected the display of parenthetical UTC offset information shown after the timezone name.
    • Fixed typo in PTP code that assigns significance values based on operating system level (only affects not-yet-released versions of Windows).
    • Improved handling of more than one PTP sync per second.
    • Added NTP precision to startup log debug output.
    • Added checkbox to allow stepping the clock upon an IP change trigger. Unchecked by default.
    • Allowed Domain Time Server in the PTP multicast master role to send up to 64 sync packets/second. This is solely for compatibility with SMTPE or 802.1AS slaves that mistakenly require a higher frequency of syncs. In general, avoid setting the rate greater than one per second unless required by your slaves.
    • Changed Realtime Alert sending to use a queue and a low-priority persistent background thread. This allows for multiple tries to send the data if the receiving server happens to be temporarily unavailable. Added extra debugging (under "Uncategorized debug messages") to show retries and overall queue functioning.

  • DTCheck
      Fix to allow -firewall:open and -firewall:close to work on Server 2019. This only affects DTCheck. The code to automatically handle the firewall built into Server, Client, and Audit Server already works correctly.

5.2.b.20190922 - Optional Upgrade

One important fix for Audit Server's emails. Several minor fixes and additions, mostly at customer request. Recommended upgrade if you are using Audit Server to send alerts or summaries by email; otherwise, this release is an optional upgrade.

  • Manager
    • Added "Include milliseconds" checkbox on Daily CSV File Configuration dialog. If checked, the timestamps written to the Daily Drift CSV file will include milliseconds. Note that millisecond data is not available from collected DT2 or PTP drift records (.dt files), so the value shown will always be 000. Also changed the Column Definitions dialog to show an example of the DateTime field according to current time and choices selected (local/UTC, ISO8601/normal, with/without milliseconds). The former behavior only showed yyyy-mm-dd, etc., to indicate the format.
    • Changed right-click context menu for "Scan IPv4 Subnet..." to have consistent behavior on Domain Time Nodes, NTP Nodes, and PTP Nodes.

  • PTP Monitor
    • Added PTP timescale and TAI-UTC offset (if known) to PTP Monitor's management message replies. Also added real values for physical (MAC) address and IP address instead of placeholders. Corrected endian error in PTP Monitor's report of the GM clockIdentity in response to the ParentDS query.

  • Audit Server
    • Changed date/time calculation for emailed audit summaries and alerts to avoid concurrency problems. If you are using Audit Server to send email alerts or summaries, upgrading is highly recommended; otherwise, this release is optional.
    • Added single quotation marks around font names containing spaces in emailed alerts and summaries.
    • Changed Daily Drift CSV file TimeSource field from "0000-0000-0000.0" to "Unknown" for a PTP slave that either does not respond to the ParentDS management query, or is in the process of becoming a slave and does not yet know its master's portIdentity.
    • Included PTP ports in the listening or faulty states in Audit log and the Daily Drift CSV file as if they were slaves. A port that reports the listening or faulty state is clearly responding, but just as clearly not providing meaningful synchronization status. Accordingly, the error messages say explicitly if the port is in the listening or faulty state. A port in either of these two states will eventually trigger the "if hasn't responded for n audits" alert trigger.

  • DTServer/DTClient
    • Changed startup's Network Wait to check for network adapter(s) in the "up" state. If no Ethernet adapters are connected and no Wi-Fi is configured, there's no point waiting for IPv4 addresses other than loopback to appear. This change helps with air-gapped or otherwise disconnected machines.
    • Changed reply to PTP management PortDS request to return stepsRemoved and offset when PTP is enabled but not master or slave (e.g., in the faulty or listening states).
    • Change replies to PTP management requests that ask for timeSource, timeScale, or utcOffset to provide valid values when PTP is enabled but not master or slave.
    • Added code to check for Windows 10, version 1903 or later, "Cellular Time" service. This service obtains the time from a cell tower if you have a SIM card installed. If you have the Windows Time drop-down set to NoSync or Disabled, Domain Time will also stop and disable the Cellular Time service.
    • Added code to disable Windows 10 Security Alert indicating that the Windows Time is not running. The Windows Time service should (almost) never run when a third-party time service is controlling the clock.

  • DTCheck
    • Added Firewire, Wi-Fi, ATM, and Tunnel type names to the -interfaces command's output. Prior version only showed the interface type number for these types.

  • Miscellaneous
    • Customer request: Changed wording on drift graphs to say "aligned" instead of "not corrected" when the delta was small enough to be fixed by frequency alignment instead of stepping or slewing the time of day. The former wording could be interpreted to mean that no action had been taken at all.

5.2.b.20190701 - Recommended Upgrade

Several ease-of-access additions to Manager. Improved symmetric key security on disk, in the registry, and over the wire. One fix for Audit Server's Daily Drift CSV recording, as well as more options for what to record, and more information in what's recorded. Several customer requests fulfilled. Improved memory handling for DTClient/DTServer. Deprecated several obsolete or unuseful registry settings and Control Panel options. Several fixes for minor inconsistencies between settings in the CPL and actual behavior. Additional support for PTP Authentication.

Important: If you are using a script to import Daily Drift CSV files into a SQL database, you may need to adjust it to escape single quotation marks. See the last item under Miscellaneous for details.

  • Manager
    • On startup, or if the DTServer keyring on the Manager machine changes while Manager is running, Manager creates two special files called "Current Symmetric Keys.reg" in the Client and Server Templates folders. NTFS security restricts these files to Administrators and SYSTEM only. To change the information in these auto-generated templates, use the Control Panel applet for Domain Time Server on the Manager machine and edit the keyring. (There are also "Compatible" versions of these two files for use with older Domain Time machines that don't understand the syntax for clearing a key's values before repopulating with information from the template. Manager will automatically select the Compatible version when required.)
    • Added right-click option "Reset Keyring..." to the context menu in the Domain Time Nodes list. If selected, Manager will update the keyring on the selected machines(s). The right-click option will not be available for the Domain Time Server on the same machine as Manager, because it is, by definition, already up to date.
    • Customer request: Added right-click option "Scan IPv4 Subnet..." to the context menus on Domain Time Nodes and NTP Nodes. This option uses unicast to iterate all of the IPs in the IP/CIDR mask you specify, to help add existing nodes that are not reachable by broadcast or multicast.
    • Customer request: Added checkbox to the Daily Drift CSV Configuration dialog labeled "Only include error records." This makes the Daily Drift CSV an exception report (only errors, non-responding nodes, or excessive deltas). Use this option with care if your industry requires compliance records as well as exceptions.
    • Added Prev/Next buttons on the Configure Alerts dialog so you can scroll through all Audit Groups without having to open each one separately. This makes it easier to compare or change settings.
    • Customer request: Changed behavior when creating templates to include the "Server Answer IP" REG_MULTI_SZ value (formerly prohibited from existing in templates because this value may include machine-specific information). Entries in the Listen IP list that are commented out (either with hashtag or semicolon as the first character), entries that specify a CIDR range, or the entries "localhost" "127:0.0.1" and "::1" will all be exported to templates. IP literals, either IPv4 or IPv6, and NetBIOS or DNS names will be excluded from the export.
    • Added loop detection during setup of Standby mode, so you can't have two Audit Servers in Standby mode to each other, or one in Standby to itself. Also added warning for Standby chains (Node A in Standby to node B, which is in Standby to node C). Multiple Standby servers are permitted, but each should work from the same primary node rather than chaining.
    • Fix for right-click Refresh on the tree (left-hand) side of Manager's Domains and Workgroups section when refreshing a single machine instead of a domain or workgroup. The former behavior displayed an error message instead of refreshing the chosen item.
    • Fix for Manager not always setting the "Service Installed" registry value to True when a local service (Audit Server, Monitor, or Update Server) is first installed.

  • Audit Server
    • Added wait for network startup immediately after reboot. New editions of Windows 10 and Window Server 2019 both allow services to start before TCP/IP is initialized, even when the services have a dependency on TCP/IP. Also added a delay before starting PTP Monitor after service restart. The delay gives the network a chance to settle.
    • Added synchronization of Manager's template files when Audit Server is in Standby mode.
    • Changed text log defaults to Roll Daily, preserving 31 old logs. The former default was to roll never with no maximum size, leading to a potentially huge log file. This change only affects new installs. If you already have Audit Server installed, we recommend that you either set a maximum size, or change the roll selection to Daily, Weekly, or Monthly.
    • Corrected flaw in Daily Drift CSV recording where deltas exceeding the Audit Group limit were only being recorded as errors when the data source was from an audit. Normal DT2, PTP, and NTP drift records were not being flagged when collected by the background collection process.
    • Added Audit Group name to error description in Daily Drift CSV files. The former behavior was to report "Delta of -0.0001332 seconds exceeds alert limit of 100 microseconds", whereas now it will report "Delta of -0.0001332 seconds exceeds 'Production' alert limit of 100 microseconds" -- note the insertion of the Audit Group's name, surrounded by single quotation marks, whose limit was exceeded.
    • Added choice to make the Daily Drift CSV an exception report instead of containing all records. See the Manager section above.
    • Corrected rare race condition which could lead NTP data collection into yielding error 13913 (Packet sequence number replay check failed) instead of 1901 (Clock not set on server).
    • Changed PTP Monitor's IPv6 enable/disable to dynamic. The former behavior required you to disable/reenable PTP Monitor for changes to take effect.
    • Significantly enhanced PTP Monitor's ability to track measured grandmasters. A measured grandmaster is one that doesn't report zero stepsRemoved from its source (always measured), or one with zero stepsRemoved when you have "Measure all grandmasters to discover deltas" selected.
    • Added option "Exclude PTP grandmasters with zero stepsRemoved and zero deltas" from Daily Drift CSV files. If you are not measuring grandmasters with zero stepsRemoved, all of the data points in the Daily Drift CSV will have deltas of zero. Since one data point is created per Sync (or Sync/FollowUp pair), this can lead to a significant size burden on the CSV files.
    • Changed collection of DT2 drift data and DT2 audit stamps to use (a) the fully-qualified domain name if the node is domain joined; then (b) the NetBIOS name; then (c) the last-known IP address. Also added an ICMP "ping" prior to trying to connect via TCP to retrieve drift data to any of the above. This helps reduce long timeouts if a Domain Time node is truly offline.

  • DTServer/DTClient
    • Added handling of broken PTP masters where the E2E delay responses have zero in the receiveTimestamp field.
    • Replaced log references to "PTP Security" with "PTP Authentication" to conform with current draft of PTP v2.1.
    • Allow PTP IPv4 for port even when Network Settings specify IPv6 only.
    • Changed time source lookup methodology. See first item in the Miscellaneous section below for details.
    • DTServer: Disallow serving PTP via IPv6 multicast when Network Settings specify IPv4 only.
    • Added rejoin multicast groups when IP address list changes, even when bound to all IPs.
    • Added ability to require PTP successful authentication. If this option is selected, only grandmasters that correctly sign Announces with a known SPP and symmetric key will qualify for the Best-Master-Clock algorithm. Use this option with care, as it will disqualify all PTP v2.0 grandmasters (including Boundary Clocks) and all PTP v2.1 that aren't sending correctly-signed Announces.
    • DTServer: Fix for DT2/NTP broadcast/multicast not sending on the tick.
    • Discontinued PTP duplicate node check using IPv6. New versions of Win10 and Windows Server 2019 will report TCP/IP is up and running before adding statically-provisioned or DHCP IPv6 addresses (only the FE80::x address(es) will be present until anywhere up to a minute after IPv4 addresses are configured).
    • DTServer: Fix for not showing HTTP responses in the CPL's activity monitor.
    • Significantly improved memory handling by pre-creating I/O buffers and re-using them. This provides increased performance for I/O operations, and reduces heap fragmentation.
    • Customer request: Changed error message to a warning when Domain Time is not able to finish checking the firewall rules due to a pending service shutdown.
    • Changed check reason for first PTP data point to "Startup" in the PTP drift log. Also added check reason "Power Resume" for the first check after resuming from hibernation. These changes make it easier to understand the PTP drift log.
    • DTServer: Added clockClass 80 (QL-PRS, PTP timescale) and 86 (QL-ST2, ARB timescale) for use when acting as a PTP Telecom master. Some Telecom slaves only recognize values in the ITU-I G.8265.1 or ITU-I G.8275.2 range. You should continue to use clockClass 6 (Grandmaster, PTP timescale) or 13 (Grandmaster, ARB timescale) unless you have a specific need to change.
    • When Manager pushes an update registry file to a remote machine, the receiving Domain Time node normally renames it to DTUpdate.reg.yyyymmdd-hhmmss.txt and leaves it in the system32 folder for a history of when updates occurred and what changes were made. As of this version, if the DTUpdate.reg file contains symmetric key information, the renamed file will have the symmetric key contents redacted.
    • Deprecated the never-used separate listen IPs for DT2, NTP, and PTP. Domain Time uses only the "Server Answer IP" value in the registry.
    • Deprecated the "RecvMsg Enabled" registry value; this has not been used since before Windows XP. The value will be ignored if present. Domain Time always uses WSARecvMsg instead of WSARecvFrom.
    • Deprecated the "UDP Connection Reset Enabled" registry value. This setting was introduced in 2012, and there is no reason to ever turn it off. The value will be ignored if present.
    • Expanded debug info for Multicast/Broadcast client mode to include the packet type, source, and authentication.
    • Changed debug details from "Network UDP pending receive counters" to "Network sockets and pending receive counters." The counters include all pending I/O and the total number of currently-opened sockets.
    • Changed Denial-of-Service protection to use a dynamically-sized array, and to include both IPv4 and IPv6. Prior versions only supported DoS from IPv4 addresses.
    • Changed template import/export behavior to correspond to the changes described above in the Manager section. Changed the pop-up explanation when selecting a list of IPs to explain how the values are treated during export or import.
    • Changed security Alternate Profile to reload dynamically when the access masks/IPs are changed in the CPL. The former behavior required a service restart for mask/IP changes to be recognized.
    • Customer request: Added ability to suppress creation of shortcuts in the All-Users startup menu. This is controlled through a registry setting. For Client, the key is HKLM\Software\Greyware\Domain Time Client\Parameters, for Server, the key is HKLM\Software\Greyware\Domain Time Server\Parameters. If you are editing the installation template, locate the Parameters section and add a new entry if it doesn't already exist: "SuppressShortcuts"="True". This will prevent the shortcuts from ever being created. If you want to remove the shortcuts from a previous installation, edit the registry and add (or edit) the REG_SZ (String) value named SuppressShortcuts and set its value to the English word True. When the service restarts, it will remove the shortcuts.

  • Control Panel applet
    • Fixed display on the PTP Status dialog that indicates smoothing options in effect.
    • Added time since last sync in the PTP Masters dialog (only shown if the sync interval has expired).
    • Added code to let the Refresh button on the Local Broadcast Sources dialog's Refresh signal Domain Time Server or Domain Time Client to update its list immediately when controlling the local machine. Remote machines, or previous versions of Domain Time may take anywhere from a few seconds to a full minute before the list is refreshed.
    • Added checkbox "Auto-extend ban if abuse continues while IP is banned" to the Denial of Service page.
    • Deprecated and removed checkboxes for Use smoothing for meanPathDelay, Use smoothing for delta calculations, and Coalesce PTP samples separately. These checkboxes should never be unchecked, so having them on the main PTP options dialog presented unnecessary confusion. The corresponding registry values still exist. Upgrading will ensure that all three values are set to "True" but you may change them afterward if you have a specific need.
    • Changed PTP checkbox for Reject unsigned Delay Responses to disabled if you are not signing outgoing E2E or P2P delay requests. PTP v2.1 is ambiguous on whether or not a master should sign responses if the corresponding request isn't signed. If you select a key to sign outgoing Delay/PDelay requests, the checkbox for rejecting unsigned responses will be re-enabled.
    • Changed PTP checkbox for Prefer signed Announces to a group of radio buttons: Select best master by quality, Prefer signed Announces, and Require signed Announces. Added a warning dialog if you choose anything other than Select best master by quality.
    • Added "Time at Server" in UTC and in local time zone to the output of the source test dialog.
    • Added "Reset to Defaults" button to the Security Denial-of-Service page.
    • Added prompt text to the Unicast Time Source Configuration dialog to reflect the new option of specifying either IPv4 or IPv6 (explained in the Miscellaneous section below).
    • Added support for comments after entries in the Listen IP list and in the PTP best master list. Comments are defined as text following a hashtag or semicolon. (If the hashtag or semicolon is the first character, the entire line is considered a comment.) For example, you may use this syntax:
         # main network
             # backup server
      Comments in the lists (other than commenting out an entire line) are not backward-compatible with previous versions of Domain Time, so don't use them in templates until all of your machines have been upgraded.
    • Changed default IPv4/IPv6 multicast TTL/Hopcount from 4 to 8. This will only affect new installs unless you click the Reset to Defaults button on the networking page.

  • DTCheck
    • Added time since last sync to the -ptpMasters output.
    • Changed output from -leapFile to show yyyy-mm-dd 23:59:60 for clarity.
    • Added [machine] -stats2 option to show statistics related to NDIS operations, denial of service info, socket count and allocations, and general packet accounting. May be used with a DNS name or IP to retrieve statistics from a remote machine. Domain Time nodes dated 2019-03-31 and earlier will reply with error 50 (request not supported).
    • Added [machine] -blockList option to show list of IPs currently blocked by Denial-of-Service protection. Use dtcheck -help to see the options.
    • Added Prefer Signed and Require Signed to -ptplist -keyset output.
    • Added [machine] -swTimestamps option (requires an elevated command prompt) to display which network adapters, if any, are configured to use NDIS software timestamping. May be used with a DNS name or IP to view/change settings on a remote machine. You may use -swTimestamps:Enable to enable software timestamping on all eligible adapters, or -swTimestamps:Disable to disable software timestamping on all eligible adapters. You must stop/restart the network adapters for changes to take effect. For finer-grained control, you may use Microsoft's Powershell script from PowerShellGallery. As of this release, only Windows 10 version 1803 or higher, or Windows Server 2019 support NDIS software timestamping. Note: Eligible adapters are ifType IF_TYPE_ETHERNET_CSMACD (ethernetCsmacd, see RFC 3635) only. Wi-Fi, Bluetooth, Kernel debug, WAN Miniport, and VPN adapters, even if marked as IF_TYPE_ETHERNET_CSMACD, are not supported.

  • NTPCheck
    • Corrected display when the source's time differs by more than 68 years from the clock on the machine issuing the test.

  • PTPCheck
    • Added Master Monitor. This dialog shows all current masters and their sync timestamps, regardless of domain. Useful primarily for determining if more than one active master is on your network, and if they are serving the correct time-of-day.
    • Expanded values from Meinberg's NetSync Monitor test.
    • Added Prefer Signed and Require Signed flags to 0xDEED (KeysetProperties) output.
    • Changed default for Multicast TTL and Boundary Hops from 4 to 8.
    • Allowed PTPCheck access to the keyring if running elevated. This permits validation of PTP Authentication. When run without elevation, PTPCheck can only report Authentication presence and parameters, not whether or not the keys actually match.

  • SDK
    • Updated sdk.doc to explain how Domain Time uses GetSystemTimePreciseAsFileTime() on Win8/2012 and newer operating systems, corrected one documentation error, and added documentation of the new SDK functions.
    • Added GetSDKDLLVersion() function to the SDK DLLs. This function will only exist in versions 5.2.b.20190401 or later.
    • Added GetPTPStats() function to the SDK DLLs. This function will only exist in versions 5.2.b.20190401 or later. Documentation for GetPTPStats() is included in dthres.h and in sdk.doc. If you plan to use this new function, either make sure you have upgraded your SDK DLLs to the current version, or load the DLLs dynamically and use GetProcAddress() to test for the presence of the function.
    • Added APITest program to SDK examples. The source code is heavily documented to demonstrate how to load the SDK DLL dynamically and use the new GetSDKDLLVersion() and GetPTPStats() functions.

  • Miscellaneous
    • Changed lookup for NetBIOS and DNS names to first check for IPv4, and only use IPv6 if the IPv4 lookup fails. (If you use an IP literal, Domain Time will use the protocol family associated with what you entered, and the information in this section does not apply.) To force a NetBIOS name or DNS name to use either IPv4 or IPv6, enter either Ipv4 or IPv6 anywhere in the comment field. For example, if your source is specified as "" without specifying either IPv4 or IPv6 in the comment field, Domain Time will first try to resolve the name using IPv4. If that lookup fails, Domain Time will try to resolve the name using IPv6. If, however, you put either IPv4 or IPv6 in the comment line, Domain Time will look up's IP address using only the family you specify.
    • Corrected import of .reg files containing REQ_QWORD values. Earlier version of Domain Time may incorrectly interpret this kind of data, or throw an error. Added explicit exception handling to explain this error if it occurs in future versions of Domain Time.
    • Added support for SHA512 keys (128-byte hex string, corresponding to a 64-byte key). This option is reserved for future use. You should not create SHA512 keys. If an SHA512 key exists in the keyring of an older version of Domain Time, it will be (mis)interpreted as a very long MD5 key.
    • Added more advanced encryption of symmetric key secrets using an abbreviated Diffie-Hellman exchange as well as a checksum, used when Domain Time Server in the Slave role retrieves secrets from Domain Time Server in the Master role. For best over-the-wire security, upgrade all of your Domain Time Servers to this version. Older versions will use a weaker encryption method.
    • Tested year 2036 rollover for NTP timestamps, and year 2038 rollover for 32-bit Unix timestamps. Verified that NTP will work with years 1900-2104, and that 32-bit Unix timestamps will work correctly with years 1970-2106. Calculations using Domain Time (DT2) timestamps work correctly with years 1601-30828, although the Windows SYSTEMTIME structure cannot accommodate years beyond 65535, and, using any timestamp format, cannot represent years greater than 9999. Note that built-in sanity checks will not normally accept a timestamp whose year is less than the build year of Domain Time, or greater than 2036. This is to prevent accepting wildly-incorrect time from misconfigured sources. If you need to run progression testing by accelerating the time beyond year 2036, contact techsupport for instructions.
    • Changed default for programs using SMTP with TLS to ignore CERT_E_WRONG_USAGE errors when checking the certificate chain, primarily for backward compatibility with Win7 and earlier versions of the OS that cannot verify extended certificate chains reliably.
    • Fix for Meinberg NetSync Monitor extensions (MTIE request) returning the Valid member set to false if all corrections within the MTIE window were within the machine's local timer resolution.
    • Changed PTP timeSource of 0x20 to display as "GNSS" instead of "GPS" to conform with 1588 v2.1 nomenclature. GNSS is a more generic term including GPS, GLONASS, Galileo, Beidou, and others using satellite positioning/timing services.
    • Changed all mentions of Audit Group names in reports, alerts, and CSV files to include single quotation marks around the names. Audit Group names allow embedded spaces, which can make automated parsing difficult. For example: Trading Desks will now show up as 'Trading Desks'. Care should be taken if you are importing files into a SQL database, since single quotation marks must be escaped in many SQL dialects.

5.2.b.20190331 - Optional Upgrade

Added preliminary support for PTP Authentication. Several other minor enhancements mostly at customer request. One important fix for the SDK DLLs. Upgrade if you want the new functionality.

The PTP v2.1 specification is still in committee, and support for any v2.1 capabilities may need to be updated in future editions of Domain Time. Please see the Domain Time PTP Authentication knowledgebase article for a detailed discussion of how Domain Time implements the v2.1 specification.

  • Audit Server/Manager
    • Customer request: Added pop-up explanation when starting Manager if another instance of Manager is already running in another session. Only one instance of Manager is allowed at a time.
    • Customer request: Allowed port number in SNMP target string. Examples: or [2002:410:1:1:2a0:69ff:fe01:b0f4]:2444. If the port number is not specified, the default SNMP trap port of 162 will be used.
    • Customer request: Added "Omit non-responding machines from reports and alerts" checkbox to the Configure Alerts dialog. This checkbox prevents offline machines from generating a warning in Audit Results, Daily Reports, and log files, and is only enabled when the "An audited machine fails to respond for ___ or more audits" checkbox is unticked.
    • Changed PTP Monitor's initial multicast sweep to request CurrentDS as well as PortDS. This helps ensure, when using hybrid mode, that slave nodes incapable of unicast will show their current offsets (see next item).
    • Added Multicast-Only mode for PTP Monitor sweep type. Previous versions let you toggle between Hybrid and Unicast-Only. Hybrid mode is the default (initial messages sent by multicast, follow-up messages sent by unicast). However, this functionality is controlled by PTP Monitor's general settings, where you may choose to send follow-ups either by multicast or unicast. Hybrid mode has therefore been renamed Normal Mode. Unicast-Only mode is for Telecom nodes, and is unchanged from previous versions; all messages are sent by unicast. Multicast-Only is new. It will be grayed-out if your general settings are to use multicast for all messages. If your general settings are set to hybrid mode, then the Multicast-Only will be enabled, and, if selected, will cause PTP Monitor to use multicast for all messages to the selected node. This is useful if most of your nodes will respond to unicast, but a few of them will only respond to multicast. You may change just those nodes to use multicast while still using hybrid mode for all other nodes.
    • Added Delay Type to the right-click context menu for a PTP master. This lets you explicitly set either Peer-to-Peer or End-to-End for each master. If a master responds to management queries, the delay type will automatically be correct. For masters that don't respond to management queries, or who advertise an unexpected value, this lets you change types. Note that masters that DO respond to management queries will always set the delay type back to whatever the master claims to be correct.
    • Fixed problem with Manager not saving the Domain List for Update Server if you never click OK on the Domain List dialog.
    • Added column to PTP Monitor's display showing PTP Authentication (if any) attached to incoming announces.
    • Added PTPCheck to right-click menu on the PTP Monitor page. This invokes PTPCheck using the IP and domain for the selected item. Useful for testing whether or not a node responds to PTP management messages.
    • Fix for case where LDAP credentials may fail to save/load properly if special characters are part of the username or password.
    • Fix for Audit Server not recognizing change in DST until after the next-scheduled audit runs.
    • Grayed-out audit group drop-down on the Add Node dialog when Audit Server isn't installed.
    • Removed base64-encoded password from SMTP logs (it will show {password} instead). Although the SMTP log folder is protected with NTFS permissions by default, an admin could inadvertently make the folder readable by ordinary users.

  • DTMonitor
    • Several internal efficiency enhancements.

  • DTReader (Audit Results Viewer)
    • Added Audit Group column to the main display.

  • DTCheck
    • Changed -leapfile to allow HTTPS or HTTP. The default leapfile source is now and is no longer retrievable by HTTP. Because IETF removed access by HTTP, versions of DTCheck prior to this will not be able to obtain the list.
    • Expanded the -ptpMasters output to show PTP Authentication (if present).
    • Added -keyset parmameter to -ptplist command. The output shows which KeyIds (not the keys themselves) in use by each responding Domain Time node.
    • Changed -monitorSTA output to only show changes in the system time adjustment, and to summarize observed changes/second when monitoring finishes.

  • DTAlert
    • Customer request: Added hh:mm:ss.mss format for time display of the on-screen clock.

  • DTServer/DTClient
    • Customer request: Allowed port number in SNMP target string. Examples: or [2002:410:1:1:2a0:69ff:fe01:b0f4]:2444. If the port number is not specified, the default SNMP trap port of 162 will be used.
    • Added support for SHA256 keys and a Security Parameter Pointer (SPP). These keys and the SPP are only used with PTP Authentication. In order for Authentication to work correctly, you must set the SPP either to zero (wildcard) or to match the grandmaster's, and also import the SHA256 keys corresponding to each message type.
    • Added support for rejecting unsigned (or incorrectly signed) messages when using a PTP v2.1 grandmaster that supports Authentication. Outgoing Authentication may optionally be attached to E2E Delay Requests or P2P Delay Requests.
    • Added new debug category "PTP Authentication details" which is useful for diagnosing problems with Authentication TLVs.
    • Fixed bug that could, in rare circumstances, cause PTP to use unicast for delay measurement transport when multicast was explicitly selected.
    • Changed default for running the multimedia timer at maximum resolution to false for operating systems Win8/2012 and newer. This change only affects new installations. You may regain the former behavior by setting "Critical Timing Period Adjust" to True in the registry.
    • Deprecated "Critical Timing Uses Kernel Interpolator" registry setting. The kernel interpolator is always used if present.

  • DTServer
    • Added support for appending Authentication TLVs to outgoing Announces, Syncs, E2E Delay Responses, and P2P Delay Responses.
    • Added support for being a two-step PTP master.
    • Added over-the-wire encryption for secrets exchange between Master and Slave during settings replication.

  • Control Panel applet
    • Added support for creating/editing SHA256 keys, and for choosing which SHA256 keys to use with PTP authentication.
    • Fixed inconsistency that could inadvertantly change check intervals when switching the focus of the Control Panel applet from machine to machine.
    • Removed "Continously Variable PTP" checkbox from Advanced timings. Beginning with this version, PTP phase adjustments are always continuously variable.

  • PTPCheck
    • Added compatibility for PTP v2.1 nodes that don't reply to v2.0 queries.
    • Added PTP version and PTP authentication information. Because PTPCheck does not have access to the secure keyring on the machine, it cannot authenticate the messages, but it can show the SPP and KeyId used to sign a v2.1 message.
    • Added 0xDEED "KeysetProperties" to list of management messages. Only Domain Time nodes will respond to this query. The output shows the KeyIds (not the keys themselves) in use by each responding Domain Time node.

  • SDK
    • Fix for GetDomainTimeAsFileTimeMonotonic() when running with kernel interpolation enabled (the default for Win8/2012 or newer). If you are using this function, you should replace your existing DLLs with the ones from this version.

  • Miscellaneous
    • Updated textual copyright notices to say 1995 through 2019.
    • Updated group policy template domtime.adm to include settings for PTP authentication processing.

5.2.b.20190101 - Optional Upgrade

Several minor enhancements, mostly customer requests. Upgrade if you want the new features.

  • DTDrift
    • Customer request: If run under non-admin credentials, no longer prompts for elevation when viewing the Raw Data text file.

  • DTReader
    • Customer request: If run under non-admin credentials, no longer prompts for elevation when viewing the Raw Data text file.

  • NTPCheck
    • Added "NDIS transit delay" to -raw output. This line will be present only if software timestamps are enabled for the interface used to process the NTPCheck command. If present, the line indicates the number of hectonanoseconds (10ths of a microsecond) the reply took to transit the NDIS layer of the network stack.

  • DTServer
    • Changed clock-change monitor behavior if (a) server is configured to serve the time without verifying its own clock first, and (b) clock-change monitor is also enabled. The prior behavior was to ignore the clock-change monitor checkbox on the CPL, and not start the monitor if no sources were configured (since the monitor won't be able to fix any changes made by other processes). The new behavior is to start the monitor anyway, to produce behavior that correlates with the CPL settings. If admins don't want errors or warnings in this situation, they can uncheck the clock-change monitor box on the CPL.

  • DTServer/DTClient
    • Added checkbox "Enable Trend Filter (recommended)" to PTP configuration dialog. The default value is checked. If unchecked, Domain Time will not include trend data in the clock steering mechanism. Uncheck this box only if your machine is extremely stable (i.e., normally has an average delta of only a few microseconds).

  • DTAlert
    • Customer request: Added right-click "Synchronize this node" to Alert Viewer's list of nodes if the mouse is over a node. Right-clicking on an empty area of the list still brings up the standard configuration menu.
    • Changed the Always-on-Top behavior to avoid switching focus to the clock display when the list of nodes is showing.

  • Misc
    • Updated copyright notices to reflect 2019.
    • Updated patent pending numbers to reflect new filing.
    • Deprecated the never-used GetDriftRecord DT2 command.
    • Eliminated unnecessary QueryPerformaceCounter() calls in some DT2 calculations.
    • Changed Driver Timestamps output in DTServer/DTClient text log to use the adapter's "friendly" name instead of its generic name. The friendly name will appear in quotation marks, followed by adapter name as shown in the device list.
    • Switched log file output routines to use RAII for critical sections.

5.2.b.20181111 - Optional Upgrade

Preliminary support for software timestamping (at the NDIS layer) on Windows 10 and Windows Server 2019 (see section below). Significantly enhanced PTP self-tuning on Domain Time Server and Domain Time Client. Several other small changes and fixes. Upgrade if you want the new features.

  • Software Timestamps (beta support only)
    • Enabled preliminary support for software timestamps on Windows 10 and Windows Server 2019. Software timestamps account for latencies within the NDIS portion of the network stack. Software timestamps must be enabled per adapter before Domain Time can take advantage of them. You may use dtcheck -interfaces or dtcheck -adapters to see which adapters have software timestamps enabled.

      Software timestamping at the NDIS level is not yet fully supported or documented by Microsoft, so support for this feature may change as the API changes. See SoftwareTimestamping for a Powershell script to enable/disable/query software timestamping. It remains unclear whether software timestamping will be included in the forthcoming update for Server 2016. Since this feature is not yet fully documented by Microsoft, Domain Time will not enable or disable software timestamping for you.

  • Audit Server/Manager
    • Preliminary support for software timestamps on Windows 10/Server 2019.
    • Changed delta calculations for Domain Time nodes that respond, but have not set their clocks (no sources defined, all failed, test mode enabled, etc.) to use the calculated delta. The former behavior used either zero or the last-known delta, forcing admins to also check the time-since-last-set value to know whether or not the delta was fresh.
    • Fix for Manager not displaying newly-added NTP Nodes if Audit Server is not installed.

  • DTServer/DTClient
    • Preliminary support for software timestamps on Windows 10/Server 2019.
    • Self-tuning enhancements for PTP continuously-variable clock steering.
    • Changed to ignore domain cascade triggers if PTP slave.
    • Changed handling of PTP time samples if the rate is greater than 1/second.
    • Customer request: Changed Accept First PTP Timestamp to disregard date entirely and step to match first received PTP timestamp. This option remains for highly-specialized environments, and its use is discouraged.

  • Control Panel applet
    • Added checkbox to the Advanced tab for controlling use of software timestamps. This checkbox will be grayed-out unless the operating system is Windows 10/Server 2019 or later. If you have configured software timestamps on an adapter, and this box is checked, then Domain Time will use them.
    • Customer request: Changed PTP Status label from "Raw Offset" to "Current Offset" to prevent confusion.

  • DTDrift
    • Fixed typo on drop-down scale of drift graphs.
    • Fix for drift graphs reporting incorrect average interval between data points when there is more than one data point per second.
    • Added 0.0000000 instead of "None" if the largest positive delta was zero.

5.2.b.20180805 - Optional Upgrade

Change for delta calculation when using DT2-UDP or DT2-TCP over high-latency connections. Version 5.2.b.20180801 introduced significantly increased precision of delta measurements on fast local networks, but neglected to compensate for networks with high latency. Upgrade if you are using DT2-UDP or DT2-TCP over Internet or WAN connections.

5.2.b.20180801 - Optional Upgrade

Support for Windows Server 2019. One major addition (allowing DTServer to become a Telecom master), and one major enhancement (allowing Audit Server to perform pre-audit syncs in parallel). One small fix for the textual summary of drift graphs. Several other minor enhancements or improvements. Upgrade if you are experiencing problems with the prior build, or if you want the new features.

  • All
    • Changed code-signing digest algorithm from SHA1 to SHA256. This is to conform with Microsoft's requirements for newer operating systems. XP and 2003 will not be able to validate the certificate, even though it is present and you may view the details.

  • DTServer
    • Customer request: Added support to allow becoming a Telecom master node. The Telecom Profile requires nodes to be either Telecom slaves or Telecom masters; alternating roles are not permitted. Therefore, the master configuration dialog will be unavailable if Domain Time is configured as a Telecom slave. Domain Time Server has a hard limit of 256 Telecom slaves. The maximum packet delivery rate is 128 packets/second.

  • DTServer/DTClient
    • Customer request: Changed second reply to Audit Sync command (sent only by Audit Server during pre-audit synchronization, or by the stand-alone dtsync.exe utility) to have a source port of 9909. The Audit Sync command, unless you have selected not to wait for it to complete, normally generates two replies to the originator's source port. The first reply, acknowledging the command, always has a source port of 9909. The second reply, which occurs after synchronization has completed, formerly used an ephemeral port as the source port. This has been changed so that both replies use 9909 as the source port.
    • Made telecom slave subscription requests work with PTP v2.1 domains 128-239 using SdoId 0x100.
    • Changed telecom slave delay requests to fire on the tick instead of ±25% of the interval. Some telecom masters don't send replies if the full interval hasn't yet expired.
    • Limited telecom slave subscription rate choices to workable numbers instead of the entire possible range. The telecom slave subscription dialog will still warn you about sub-optimal rate choices.
    • Made telecom slave subscription only request Announces until a best master is chosen.
    • Made telecom slave failure due to active denial of a subscription request a soft fail as long as another telecom master is provisioned and sending Announces.
    • Added small delay between receiving APM power resume event (waking from hibernation or sleep) and restarting the network. Win10 can send the resume signal several seconds before it actually finishes waking up.
    • Increased look-back size of PTP filtering engine for smoother performance.
    • Added lock-free mechanism for sending PTP messages. This helps reduce jitter.

  • Control Panel applet
    • Changed wording on DTClient's Advanced page from "Enable NTP broadcast listener" to "Enable NTP listener on port 123" for clarity.
    • Added Telecom Master option on DTServer's PTP Master configuration dialog.
    • Changed Test button behavior on various dialogs when the Control Panel applet is controlling a remote machine. This is because while the Control Panel applet is showing settings from the remote machine, it it executing on the local machine. Testing connections is therefore meaningless, since a name or IP that resolves on the local machine may or may not have the same behavior on a remote machine. The availability of the Test buttons caused confusion with admins who believed the test would execute remotely. As of this version, attempting to test remotely will display a message explaining the issue rather than running the test.

  • Manager
    • Appended "(deprecated)" to Manager's Pre-Audit Tasks dialog text "Wait for all synchronizations to complete." Pre-audit sync is a holdover from the days when networks needed to be synchronized only a few times per day. We recommend not using pre-audit sync, but have made some improvements (see below) in case you still need this function.

  • Audit Server
    • Rewrote pre-audit sync to handle large numbers of nodes in parallel, reducing the time required.

  • DTDrift
    • Fix for textal summary of a drift data file. Version 5.2.b.20180606 introduced summarized microseconds (instead of milliseconds), however, negative values were miscategorized. The individual delta data points are recorded correctly; only the summary classification was incorrect.
    • Changed lookups for driftptp.dt to use drift.dtex instead of driftptp.dtex. This only affects displays of IPv6 sources.

  • NTPCheck
    • Customer request: Modified SNTP request/reply compatibility.

  • DTCheck
    • Added -ptpslaves command. This command retrieves the current list of Telecom subscribers from a Domain Time Server in the PTP Telecom Master role.
    • Changed -ptptest output to show original source IP of forwarded packets.

  • PTPCheck
    • Added instance limiter, so that only one copy of PTPCheck may run (per logged-on user).

5.2.b.20180606 - Recommended Upgrade

Significant feature enhancements for DTClient/DTServer, and for Manager/Audit Server.

Introduced Audit Groups for Audit Server. Audit groups provide much finer control over how your nodes are audited, and how Real-Time Alerts are handled. When you first upgrade Manager, all of your currently audited nodes will be placed in audit group 1, labeled "Audited," and this will be the only group available until you also upgrade Audit Server.

Added support for the PTP Telecom Profile [00-19-A7-00-01-00] (slave-only) to DTServer/DTClient, and support for monitoring Telecom (or other nodes reachable only by unicast) to Manager/Audit Server. The Telecom Profile uses unicast negotiation with Telecom-capable grandmasters. The Telecom Profile does not use multicast.

Added preliminary support for the forthcoming PTP v2.1. PTPCheck (version management message), and PTPMasters (either from the Control Panel applet or from DTCheck) will show v2.0 vs v2.1, and the incoming SdoID will be displayed. The SdoId restricts which domain numbers are valid. Incoming v2.1 packets with invalid SdoId numbers, or with invalid combinations of SdoId and domain numbers, will be rejected. Support for other v2.1 features will be incorporated in future releases.

  • Audit Server
    • Added Audit Groups. Formerly, a node was either audited or not. Audit Server now keeps eight sets of rules, called Audit Groups. Each group has its own variables and actions. When you set a node to be audited, you also choose its audit group. This allows you to set separate tolerances for nodes with different alerting requirements. You may assign meaningful names to the audit groups. For example, you could name Group 1 "Trading," and make its tolerance 100 s, whereas Group 2 might be named "Workstations," and have a 10-second tolerance, etc. The names you choose will be used for display by Manager, as well as in alerts, logs, and summaries.
    • Added audit error email recipient(s) for each audit group. When an audit alert email is raised, the alert containing all errors will always be sent to the standard TO/CC/BCC recipient(s) in the general email setup. This new option lets you also send a copy to a comma-separated list of email recipient(s) interested in audit alerts for the each specific group, containing only the error from that group.
    • Added Real-Time email recipient(s) for each audit group, similar to the operation described for audit error emails.
    • Added node IP and node name to drift data (.dt) files. This information will show on the title bar when viewing a drift graph, and in the header of a .dt file converted to .txt.
    • Corrected PTP Monitor's behavior to prevent creating IPv6 sockets and joining IPv6 multicast groups when IPv6 is not enabled.
    • Finished changing references to "NTP Servers" to "NTP Nodes" (both singular and plural) to conform with earlier updates. If you are parsing log files, daily reports, or audit result text logs, you should change your scripts to look for "NTP Node" instead of "NTP Server." Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.
    • Changed threading model for several data collection routines to ensure more predictable performance across all supported operating systems.
    • Improved Audit Server's measurement of Domain Time nodes' deltas, provided the nodes are using PTP and have synchronized within the past two minutes. (This change also affects the deltas shown when looking at Domain Time nodes in Manager.)
    • Added --- Begin Audit Results --- and --- End Audit Results --- before and after listing audit results in Audit Server's log. This makes it easier to pick out the audit results from other messages.
    • Rationalized audit result line for each node in Audit Server's log so that all node types use the same format, enabling simpler automated log parsing.
    • Removed ± from Real-Time Alerts, Audit Alerts, and Audit Summaries. Although the ± character (0xB1) displays correctly in text log files, it does not necessarily transit email or syslog when systems are expecting only 7-bit data.
    • Changed Audit Server's Event Log Event ID 3005 (Real-time Alert generated when a node changes to error status) from a simple, "x machines had errors" to individual events for each machine.
    • Added ability for PTP Monitor to follow Telecom slaves (or any slave not reachable by multicast). Unicast-only nodes must support PTP management messages. You may test using PTPCheck to see if a node responds to unicast management messages.
    • PTP Monitor will automatically follow any Telecom masters, provided that Domain Time Server is set to use the Telecom profile. Provision Domain Time Server with the master(s) you want to monitor, and they will automatically appear in PTP Monitor's list.

  • Manager
    • Changed name of Audit Server menu item "Alerts" to "Alerts and Audit Groups."
    • Changed the column name "Audited" to "Audit Group," to reflect that the options are no longer just Yes/No, but Unaudited or one of the eight possible audit groups.
    • Changed double-click on the Audit Group column from a Yes/No toggle to cycle through unaudited and the audit groups. Changed right-click on items to allow you to choose the audit group by name.
    • Added Audit List item to Manager's tree display. When selected, the list side will show you all currently audited nodes. You may sort by audit group, IP address, Location, or Node Name. The Location column indicates from which list the audited node derives. For example, a PTP node will show its location as PTP Nodes, and an NTP node will show NTP Nodes. Right-clicking on empty space in the list will allow you to go directly to Pre- and Post-Audit Tasks, to Alerts and Audit Groups configuration, or to Audit List Management.
    • Added Transport column to the PTP Monitor list. Transport here refers to the method of monitoring: Unicast-Only (e.g., Telecom slaves), or Hybrid (discovery by multicast, and follow-ups either by multicast or unicast).
    • Added Node Name and IP Address columns to the Synchronization Logs list. Note: These two columns are updated only when new drift data is collected by Audit Server, so there may be a lag between when you rename a node and when the new name shows up in the Synchronization Logs list.
    • Added help link and icon to PTP configuration dialog to help explain PTP domain selection options.
    • Added Backup/Restore of Audit List and Audit Group settings to the File menu. Backing up the audit list not only backs up the audited state for each node, but all of the audit group settings, including settings for unaudited nodes. When you restore the audit list, you restore all of the settings as well as the audited state for each node.
    • Changed Real-Time Alert wording on Manager's configuration dialog from "Do not count the first correction after startup as excessive, regardless of magnitude" to "Do not count startup corrections as excessive, regardless of magnitude." Changed Audit Server's processing to allow more than one "startup" correction, based on how long since the reporting machine has booted. This allows time for a recently-booted machine to settle, acquire a PTP master, adjust its timing, etc., before a Real-Time alert from the machine will trigger an email or red flag in Manager's display.
    • Added PTP nodes to Manager's Batch Add function (see Batch Add for details). Batch add for PTP nodes is limited to unicast-only slaves. You may use either an IP address or a DNS name as the identifier, optionally followed by a colon and a PTP domain number. For example, ADD PTP would add the PTP slave at, using domain 3. If you leave the colon and domain number off, Manager will attempt to discover the domain. If you specify a domain number that isn't one of the ones being monitored by PTP Monitor, the node won't be added. If the node already exists in the database but with a different domain number, the domain number will be updated to the one you specify.
    • Changed references to "NTP Servers" to "NTP Nodes" to conform with earlier updates. Be sure to upgrade both Manager and Audit Server to obtain consistent identification of NTP nodes.

  • Control Panel applet
    • Changed label on PTP statistics page from "Delay Mechanism" to "PTP Profile" for clarity. The value following the label is a combination of the selected profile and the delay mechanism used with it.
    • Added Telecom Options dialog for setting variables for use with the Telecom Profile. In general, the default settings are correct and should not be changed unless required by your Telecom-capable grandmaster.
    • Added "PTP Telecom unicast negotiation details" debug category to the Debug Details dialog.
    • Change PTP Domain input box to accept 0-239. The former behavior was to limit the domain to 0-127. PTP v2.1 can use domains 128-239. If you choose a domain number in the range of 128-239, Domain Time will mark its outgoing packets as PTP v2.1 using SdoId 0x100.

  • DTServer/DTClient
    • Significantly improved PTP slave tracking on Win8/2012 or higher operating systems.
    • Added support for Telecom Profile [00-19-A7-00-01-00], sometimes referred to as the Telecom 2008 Profile. This profile requires a Telecom-capable grandmaster, and you must provision the slave with a list of (up to sixteen) grandmaster IP addresses and domain numbers. Use Ipv4:domainNumber or [IPv6]:domainNumber in the list of acceptable masters. If you omit the domainNumber, the current default domain will be used. Note that an IPv6 address, if used with a domain number, requires the square brackets as shown above. You must know the domain number used by your grandmaster. Domain Time supports the Telecom Profile using Layer 3 (UDP) only.

      The Telecom Profile does not use multicast. The slave negotiates unicast Announces, Syncs, and Delay Response messages with the master (much like a DHCP lease). The delay measurement is End-to-End only. By default, Announces are every other second, while Syncs and Delay are once per second. You may change these values, as well as the lease duration period, from the Control Panel applet. Keep in mind that not all masters support all possible values. You should leave the auto-negotiation checkbox checked, so that Domain Time can negotiate values that both Domain Time and your Telecom master(s) support. Domain Time is heavily optimized for performance at one Sync per second.

      The Telecom Profile uses an alternate Best Master Clock algorithm, as defined by ITU-T G.8265.1. This algorithm selects the best master based on the master's QL (clockClass), the master's priority 2 value, and finally the local priority. Local priority is based on the order in which you provision the list of masters, with the first in the list having the highest priority.

      Domain Time will continue to respond to multicast requests while using the Telecom Profile (if the underlying network permits it), but will not recognize multicast Announces or Syncs. When using the Telecom Profile, Domain Time Server can only be a slave, never a master.

    • Fixed target port for unicast E2E delay responses when DTServer is acting as a PTP master. Previous versions did not always send replies to port 320.
    • Changed default firewall handling to enabled.
    • Enabled multicast loopback for the DT2-UDP service.
    • Changed both E2E and P2P unicast delay responses to use ephemeral source ports for lock-free operations.
    • Improved algorithm to determine if QueryPerformanceCounter is based on the TSC.
    • Changed default transport for Real-Time Alerts (status reports) from TCP to UDP. Our recommendation is to use UDP unless your network experiences problems with dropped packets. TCP is more reliable, but is more "expensive" in connection building and tear-down. TCP also requires ICMP (ping) between the reporting machine and Audit Server, and many networks have ICMP blocked.
    • Fixed startup PTP duplicate node detection to send IPv6 discovery packets only if the network settings include IPv6. Previous versions sent both IPV4 and IPv6 discovery packets even if IPv4-only was selected.
    • Fixed race condition on Windows 10 resume from standby that could prevent PTP from resuming properly.
    • Fixed problem with rejoining multicast groups on Windows 10 after resume from sleep.
    • Added a one-time popup to the Control Panel applet when first enabling PTP as a time source. If the current timings or network settings are not optimized for PTP, the popup offers to fix them for you.
    • Fix for multiple copies of firewall rules on Windows 10.
    • Customer request: Added ability for the SNMP bounds trap ("If the delta exceeds...") to be configured in either microseconds or milliseconds. The minimum bounds alert for milliseconds is 1 (default 1000, or 1 second); the minimum bounds alert value for microseconds is 100 (default 55000, or 55 milliseconds). The Domain Time II group policy for SNMP only supports milliseconds, so if the SNMP group policy is defined, only millisecond bounds limits are allowed.

  • DTAlert
    • Made Last Status column sort by magnitude rather than value. Since this column may not always have numeric values, numerics and textual information are given different weights, so that each type of information will sort together with the same sort.

  • DTDrift
    • Added display of node name and IP address (especially useful when looking at PTP drift files collected by PTP Monitor, where the filename is normally just the PTP portIdentity).
    • Added three new categories under the Clock Discipline category: Under 100 s, 100-499 s, and 500-999 s. Previously, the smallest category was Under 1 ms. Each category now also displays the number of data points within that category's range.

  • DTReader
    • Updated to handle Audit Groups and to refer to an "NTP Server" as an "NTP Node" to conform with displays by Manager and in log files.

  • PTPCheck
    • Harmonized references to Meinberg NetSync Monitor.
    • Added help link and icon to PTPCheck main dialog to help explain PTP domain selection options.
    • Added option to specify a domain number on the unicast test line. For example, will add domain number 3 to the domain list (if not already present), and will test with packets sent only to domain 3. If you don't specify a domain number, PTPCheck will test on all domains in the domain list.
    • Added command-line option to specify an IP address[:domain]. If you specify an IP address on the command line, PTPCheck will treat it as if you had manually entered it as the unicast test address and clicked the Unicast Test button.
    • Enhanced the output of the 0x200C - Version discovery command to include whether the response was marked PTP v2.1 or not. The SdoId is also displayed.

5.2.b.20180303 - Recommended Upgrade

One important enhancement for Audit Server: Added Daily Drift CSV files as the preferred alternative to expanding .dt files to .txt files. Auto-conversion of .dt files into individaul .txt equivalents is still supported, but has limitations, and has been officially deprecated.

Daily Drift CSV files use exactly the same format for each record, regardless of source, and, as the name suggests, collect only one days' worth of data from all of your audited machines per file, making extraction and retention strategies simpler. Daily Drift files roll at either midnight local time or at midnight UTC (your choice). If you are currently using .txt file conversion and then parsing the .txt logs, we strongly encourage you to change to Daily Drift files instead.

Several minor enhancements and fixes, including addition of support for Meinberg's NetSync Monitor messaging. Upgrade to obtain the new functionality.

  • Control Panel applet
    • Changed background color handling of the PTP Status dialog so that display is consistent across all operating system versions.

  • DTServer/DTClient
    • Changed PTP master selection algorithm to discard potential masters with the wrong domain number after the admin has unchecked the Dynamic Domain checkbox. This change means that Domain Time will not attempt to calibrate an unqualified master before going directly to the listening state.
    • Made log file viewer built into the CPL a bit smarter about finding logs other than the main one (if user has changed the main log name or location).
    • Customer Request: Added increment to reported Root Dispersion in NTP reply when the time source is not PTP. The root dispersion is reset at each timeset interval, and increments slowly (best guess at the machine's drift) until the next timeset event.
    • Added "PortNumber Cache" to PTPv2 subkey. The default value is 1, and should only be changed if directed by tech support. Valid values are 1-9999 (decimal).
    • Changed label on PTP Masters dialog from "Help" to "Explain & Fix" because many customers were not aware that the Help button can usually offer an automatic solution as well as explain problems.
    • Added support for Meinberg NetSync Monitor TLV messaging (revision 5). The default is for support to be enabled. This can be disabled on the PTP configuration/advanced dialog. PTPCheck (see below) has been enhanced to test for Meinberg NetSync extensions.
    • Customer request: Changed latency display in summary/aggregate log line from milliseconds to hectonanoseconds; i.e., the same format used in trace output for indivdual samples.
    • Customer request: Added support during command-line install/upgrade to specify a template to use instead of the default dtserver.reg (Server) or dtclient.reg (Client). The template file must be of the proper type (i.e., if installing/upgrading server, the template must be a server template), and must be in the same folder with all the original installation files. The added command-line parameter is -template=template_file_name.reg. For example, to install Client remotely to machine Bar, the command would be dtclient \\Bar -install -template=mytemplate.reg, or to upgrade the local machine, the command would be dtclient -upgrade -template:mytemplate.reg. This new functionality does not change the behavior of -upgrade. An upgrade preserves all current settings unless you also pass the -reset parameter.
    • Added support for -reset when using the command line to upgrade a remote machine. This flag used to be supported only for upgrading the local machine.

  • Manager/Audit Server
    • Audit: Changed behavior of Real-Time Alert "If a Domain Time machine reports that it has lost contact with its master" so that if "Ignore it" is selected, no alerts, warnings, or errors are generated. If "Treat it as a warning" is selected, the Real-Time Alert display will change to warning, but no alerts or errors are generated.
    • Audit: Changed audit event timer to avoid conflict with audit maintenance timer.
    • Audit: Changed behavior of background Ephemera Collection to cancel if Audit starts while collection is still running.
    • Manager: Added "Auto-generate a textual version of the audit results" checkbox to the Audit Tasks dialog (default unchecked). If checked, Audit Server will auto-convert the binary .dtad audit results to a .txt version after each audit. If a .txt version exists, Manager will offer to open the .txt version directly in Notepad as well as offering to open the binary file using the Audit Viewer program. The .txt version of an audit result is what you would see if you opened the file using Audit Viewer program and selected "View All Details of Audit in Text format" from Audit Viewer's menu.
    • Manager: Added node under Audit Server for display of Daily Reports. Formerly, the only way to view Daily Reports was to choose Audit Server/Daily Reports/View from the main menu.
    • Manager: Sorted display of multiple audit schedules by time of day.
    • Manager: Added configurable number of records to convert to text (if text file conversion is enabled).
    • Manager: Changed Open Containing Folder behavior to open the folder and select the right-clicked file. If no file is selected, or if Open Containing Folder is selected from the tree side, the folder is opened with no file pre-selected.
    • Customer request: Added hostname to IP lookup for NTP DROP and NTP DEL statements in DTManager's IMPORT batch command. The former behavior required using an IP literal for dropping or deleting an NTP node. Note: Use this new option with care. A hostname may resolve to more than one IP address. NTP DROP or NTP DEL will operate on the all matching IP addresses, which may not be the intended behavior.
    • Changed PTP Monitor's drift records to show the Check Reason column as "PTPSlave" for slaves and "PTPMaster" for masters (drift records are only collected for audited slaves or masters). The former behavior was to show "Veracity Check" for both types of nodes. The new behavior allows you to distinguish masters from slaves (or changing roles) when looking only at the drift records. (Note: PTP Monitor will not change existing drift records; this change only affects records generated after upgrading.)
    • Fix for non-Domain Time PTP slaves reporting their source stratum as their own stratum instead of the source's stratum (only in Audit Results binary .dtad and expanded .txt versions).
    • Fix for Manager sometimes displaying garbage in the DNS Name column when viewing the Domain Time Nodes list.
    • Fix for PTP masters that don't support PTP management messages from being recorded as offline in audit results. As long as the master continues sending Syncs and Announces, it is online and its delta can be calculated.
    • Customer request: Added checkbox on the Audit Tasks dialog to control whether emailed audit summaries include the error list inline or as an attachment.
    • Added "PTPPortIdentity" token to list of fields available for the daily report. This field will show as "N/A" for all non-PTP nodes. Also changed the output of the Show Example button on the Daily Reports dialog to show an example whether Daily Reports are enabled or not.
    • Fix for dtdrift.exe not being updated in the system32 folder when upgrade is performed via DTPatch vs the installation files.
    • Manager: Fix for Ctrl-F (Find) not working correctly if no row was selected in the list. Removed "No more matches" message if subsequent find locates the same item again.
    • Audit: Deprecated auto-conversion of .dt binary files to text files.
    • Audit: Added Daily Drift .csv file as preferred alternative to auto-conversion to .txt files. Daily Drift .csv files are named yyyy-mm-dd.csv, using either local time or UTC, and will roll at either local midnight or UTC midnight, based on your choice of local time or UTC. The UTC field will be either Y or N to indicate if the DateTime field is UTC. The DateTime field format may be either plain "yyyy-mm-dd hh:mm:ss" or ISO 8601 format. If using ISO 8601 together with local time, the format is "yyyy-mm-ddThh:mm:ss±HH:MM"; otherwise the format is "yyyy-mm-ddThh:mm:ssZ" to indicate "Zulu" time (UTC). Note: Records in a Daily Drift .csv file are not necessarily in ascending DateTime field order, and there may be more than one record with the same DateTime field from the same node. Records are appended as the data is collected, which may mean a few hundred records from one source, then more from a second source, etc. If collation is important for your import procedure, you should sort the data first. A Daily Drift file is held open during its 24-hour collection period, but marked FILE_SHARE_READ, so the file (or portions of it) can be copied while open. Use the RowID column in your dbms import procedure to know whether or not a record is new. RowIDs start with 1 and increment by 1 for each row. Daily Drift files are flushed to disk approximately once every two minutes, and immediately after an audit completes. If you have chosen to show Daily Drift files on Manager's Synchronization Logs page, you may right-click anywhere on the list and choose to flush the Daily Drift queue on command. The Daily Drift CSV columns are fully documented in Manager's Daily Drift configuration dialog.
    • Manager: Changed column of Synchronization Logs display from Count (number of records) to Size (number of bytes).
    • Manager: Added Daily Drift .csv files to list shown on Synchronization Logs page (if selected; see below).
    • Manager: Colorized Synchronization Logs list for easier identification of log types.
    • Manager: Added Display Options... right-click menu to the tree side of the Synchronization Logs list to control which kinds of Synchronization Logs are shown in the list. The status line shows the total number of files, the number being shown, and the total byte count for all files (whether shown or not).

  • LMCheck
    • Changed to require run as administrator to accommodate changes in default permissions granted by Win10 and Win2016. The former behavior was to run as invoker, which fails to enumerate the network correctly unless elevated.

  • NTPCheck
    • Added -localtime switch. If specified, timestamps are expressed in the machine's current timezone, otherwise in UTC.
    • Customer request: Added -csv and -json (mutually exclusive) to command line parms. These switches may be combined with any other switches to control the format of the output. If either -csv or -json is specified, normal headers and progress messages are suppressed (but errors will still print). If -csv is specified, the first line will begin with a hashtag (#) and contain the columm header names. If -json is specifed, only the JSON output is provided. Per ISO 8601, the datetime format for both -csv and -json output is either yyyy-mm-ddThh:mm:ss.mssZ (zulu time), or yyyy-mm-ddThh:mm:ss.mss±HH:MM (if -localtime is specified). The JSON output includes the timezone name.
    • Customer request: Added -micros and -hectos switches. These switches control the output precision. By default, only milliseconds are shown (10-3 seconds). If -micros is specified, then the output precision is microseconds (10-6 seconds); if -hectos is specified, the output precision is in hectonanoseconds (tenths of a microsecond, or 10-7 seconds).

  • DTDrift
    • Added -chop command-line parm. It must be followed by the full path to a .dt file, or use the wildcard path\*.dt (much the same as for -convert). While -convert will read a .dt file and create the corresponding text version, -chop will split the .dt file into chunks named foo_Part001.dt, foo_Part002.dt, etc.
    • Added -repair command-line parm. It must be followed by the full path to a .dt file, or use the wildcard path\*.dt. The -repair switch examines the file(s) for invalid entries and removes them. Note: This is a prophylactic function; no .dt file has ever become corrupted.
    • Added -csv command-line parm. This switch is only valid with -convert, and may optionally be combined with -noheader. The switches must be followed by the full path to a .dt file, or use the wildcard path\*.dt. Example: dtdrift -convert -csv -noheader "d:\drift files\*.dt" or dtdrift -convert -csv c:\myfile.dt. The .csv file(s) will be created in the same folder as the .dt file(s).

  • PTPCheck
    • Added "effective NTP stratum" to all places where PTP's stepsRemoved value is provided. The stepsRemoved value is zero-based, while NTP strata are one-based, with a cap at 15. This addition helps administrators more accustomed to dealing with NTP nodes than with PTP nodes.
    • Expanded the 0x0001 ClockDescription to include all fields sent by the responding node. Several fields in the ClockDescription response are optional, meaningless, or redundant. By expanding the output to show all fields, you can see if a node is sending full, correct information.
    • Added right-click menu option Meinberg NetSync Monitor Test. This option sends a special unicast End-to-End delay request to the selected node with NetSync Monitor TLVs attached. If the node is NetSync Monitor-capable, it will respond with a special End-to-End delay response with NetSync Monitor TLVs attached, plus a follow-up unicast Sync (and Sync Follow-up if the target is a two-step clock). If the node responds, the Delay Response data will show you how many TLVs were attached, and the number of bytes, plus the Sync message(s).

5.2.b.20180101 - Optional Upgrade

Added Authenticode signing to all executables. Several minor fixes and enhancements, mostly for consistency in displays or behavior. Several PTP improvements. One fix for Windows Time compatibility. Added ability for DTDrift to convert binary to text from the command line. Update if you experience any of the problems described, or if you'd like the new behavior.

  • Control Panel applet
    • Added domain number to the "Allow this machine to become a PTP Master server" line of the Master Configuration dialog (DTServer only). Also added profile type(s) and delay measurement transport type(s) that will be supported. These values are drawn from the main PTP configuration page, and presented on the Master Configuration dialog to help admins understand what values will take effect if the node becomes a master. See DTServer below.
    • Fixed several small inconsistencies in PTP variables between the Control Panel applet and DTServer/DTClient. This helps ensure that admins can't use the CPL to set values that the service will override.
    • Added validity check on the list of acceptable masters on the main PTP configuration dialog.
    • Changed the effects of the Reset to Defaults button on the Broadcasts and Multicasts tab to set the multicast IPv4 TTL and IPv6 Hop Count to 4, to conform with the change in defaults introduced in 5.2.b.20171113.

  • DTServer/DTClient
    • Allowed PTP management error responses to queries sent to all domains.
    • Added support for 0xDEEE "AllowedMasterList" PTP management message query.
    • Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL used by other multicasts. This is to conform with IEEE 1588-2008 requirements.
    • Removed spurious warning about not being able to determine a PTP master's delay mechanism when using Peer-to-Peer without auto-detect enabled. The warning was a side-effect of believing the auto-detect mechanism had failed when in fact it was never invoked.
    • Increase speed and reliability of profile and delay auto-detect routines.
    • Inlined a few critical PTP-related computations, and also changed them to use bit-shifting instead of multiplication/division or exponentiation.
    • DTServer: Enforced profile type and delay measurement transport type when functioning as a PTP master as well as when functioning as a PTP slave. Our recommendation continues to be to use Auto-Detect unless you have a very good reason to change.
      • Auto-Detect: Both End-to-End and Peer-to-Peer supported, either unicast or multicast
      • End-to-End Default Profile: Only End-to-End supported, either unicast or multicast
      • End-To-End Enterprise Profile: Only End-to-End supported, only unicast
      • Peer-To-Peer Default Profile: Only Peer-to-Peer, either unicast or multicast
      • Disable Link Delay Measurement: No delay requests generated by slaves, or responded to by masters
    • DTServer: Changed default value (for new installations, or when the Reset to Defaults button is clicked) of radio button introduced in 5.2.b.20171113 on the PTP Master configuration dialog to have the reply to a CurrentDS management query tell the truth. This only affects the response to a CurrentDS query when DTServer is acting as a PTP master.
    • Added checkbox on PTP advanced properties labeled "Reply to source port of unicast requests instead of port 320." IEEE 1588-2008 is ambiguous about whether replies to management messages should be sent to the PTP "General" port 320, or to the requesting node's source port. The informal convention among manufacturers is to direct all management responses to port 320, whether the request was unicast or multicast. This checkbox tells Domain Time whether to follow the informal convention for unicast requests (i.e., send the reply to the requestor's IP address, port 320), or whether to follow the convention used by most other protocols (i.e., send the reply to the requestor's IP addess and source port). Most PTP programs resolve the ambiguity by sending requests from port 320, thus ensuring that no matter which convention is followed, replies will return to port 320. Some programs, however, use ephemeral ports for unicast management queries. Check this box only if you experience interoperability problems with third-party programs that send management requests using ephemeral source ports.
    • Changed the delay request timer to be pseudo-randomized so that delay requests are not sent exactly on the tick. The range is 75% to 125% of the nominal delay request interval. For example, if the delay request interval is set to once every two seconds, delay requests will be sent no more often than every 1.5 seconds, and no less often than every 2.5 seconds, with the mean over time coinciding with 2 seconds. Decoupling the delay requests from the PPS timer helps reduce the concurrency of delay requests from multiple machines hitting the network (and therefore the grandmaster) at the same time on each tick of the protocol.
    • Changed evaluation of NTP reply when coming from Windows Time on a Windows DC version 2012r2 or above, and when the domain/forest level is 2012r2 or above. Microsoft changed the behavior of the Windows Time reply to include a value in the Key Identifier field. Prior versions of MS-SNTP required the reply's Key Identifier field to be zero in the 68-byte version of an NTP reply. Per [MS-SNTP] clients must now ignore the Key Identifier field. (In practice the value now filling the field is the requesting client's RID.)
    • Improved detection of duplicate PTP portIdentities on the network.
    • Improved detection of VM resume from saved state, and added extra debug output in the in the Clock Sync Status Notices category.
    • Changed PTP to the listening state upon power resume or VM resume from saved state.
    • Extended text log lazy write to include syslog. If checked, syslog messages will be saved and sent at each flush interval.
    • Added checkbox "Send each PTP data point to syslog (trace or debug level only)" to the syslog configuration page. If checked, and if the syslog level is set to either trace or debug, then each PTP data point will be sent to syslog. The format is "PTP sample offset ±0.0000000, mpd 0.0000000, source ipaddress" where 0.0000000 is that sample's delta and the current meanPathDelay. Syslog log collectors may parse for trace-level messages beginning with "PTP sample offset" to categorize these messages. Caution: Enabling this output can create a large number of syslog messages. This option was added for those using syslog to collect compliance data.
    • Added support for permissions changes on Win10 regarding querying services.

  • Manager/Audit Server
    • DTAudit: Added Stand-By replication for Archives subfolder(s) under Synchronization Logs main folder.
    • DTAudit: Added Stand-By replication for Real-Time Alerts history folder.
    • DTAudit: Fix for initial Stand-By replication not starting on schedule.
    • DTAudit: PTP node status change notices in the Audit Server text log file are now info or warning level instead of trace. If info level, the level column label will be "Status:" instead of "Info:" to help with log-parsing. Notices referring to PTP master changes (online, upgrade, degrade, or leap change) will begin with "PTP Master," while other messages will begin with "PTP Node," in each case followed by the portIdentity and IP address. Note that a master going offline, or transitioning to slave, will generate a warning. A PTP master coming online or changing its timeQuality will generate a status notice.
    • Manager: Added two checkboxes to the Manager interface dialog to control auto-closing of DTReader (Audit Viewer) and DTDrift (drift graph viewer) when Manager exits. In prior versions, Manager did not attempt to close instances of DTReader or DTDrift. Manager now closes them at exit. To regain the former behavior, uncheck the box(es).
    • Manager: Added checkbox "Send info-level syslog message about each slave after sweeps" to the PTP Monitor configuration dialog. If checked, data pertaining to each tracked PTP slave is sent (info-level) to syslog after each sweep. You must have Audit Server's syslog level set to Info for these messages to be sent.
    • Manager: Added "Open Containing Folder" for Real-Time Alert history folder.
    • Manager: Added drift files from archives subfolders to list of Synchronization Logs.
    • Manager: Added Real-Time Alert history folder to Advanced/Data Folders dialog. Changed file data relocation to be recursive (because drift files may now have Archives subfolders). Changed behavior to stop Audit Server briefly while files are being relocated.
    • Manager: Added F5/Refresh for PTP Nodes on Stand-By (shows most recently-replicated data). Also disabled F5/Refresh and PTP node display on Stand-By when the primary node's PTP Monitor is turned off.
    • Manager: Changed "Domain Time II Machines" and "NTP Servers" to "Domain Time Nodes" and "NTP Nodes" respectively. This change only affects displays on Manager, and was introduced at the request of several customers who found the former labels confusing.
    • Customer request: Added confirmation notice when disabling an Audit Server alert type by unchecking the menu item.
    • Customer request: Added syslog output from Audit Server. You may set up to eight IPv4 or IPv6 addresses, and choose either RFC 3164 or RFC 5424 format.
    • Manager: Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Manager: Added a pair of radio buttons to the PTP Monitor configuration dialog so you may choose to accept a grandmaster at face value if it claims zero stepsRemoved from a primary time source such as GPS/GNSS. If "Assume Grandmasters with stepsRemoved of 0 have zero deltas" is selected, each master's delta will not be measured against the local clock, and will show as 0 s. This is the correct behavior according to IEEE1588-2008 Table 13. The other option, "Measure all Grandmasters to discover deltas (estimate 150s)," tells PTP Monitor to observe the Sync/Follow-up messages and estimate each master's delta by comparing it against the local clock, accounting for measured E2E or P2P latency. The computation of the master's delta is only an estimate because PTP Monitor only observes packets and does not attempt to syntonize or synchronize with any particular master. It may be following multiple masters in several domains simultaneously. Previous versions of Domain Time Audit Server always attempted to measure the deltas, leading to some confusion among admins who expected a grandmaster to be at least as accurate as a slave and did not realize that master deltas were estimates. The new default is to assume grandmasters are telling the truth, provided they report stepsRemoved as zero. You may regain the former behavior by choosing the second radio button. Note that masters that claim stepsRemoved of non-zero are always measured against the local clock, yielding estimated deltas.
    • Added support for permissions changes on Win10 regarding querying services.

  • Synchronization Logs (drift graphs)
    • Added ability to show sub-seconds when displaying the average interval between samples. This is useful when your PTP grandmaster is sending more than one sync packet per second and you are looking at the PTP graph. Values greater than a few seconds will be shown as days, hours, minutes, and whole number of seconds.

  • DTCheck
    • Added -allowedmasters as an optional parameter to -ptplist. If -allowedmasters is specified, DTCheck sends management message 0xDEEE instead of 0xDEEF. 0xDEEE returns the list of acceptable masters.
    • Added option to filter results of -ptplist or -ptplist -allowedmasters. Use -ptplist IpAddress or -ptplist hostname to limit output to just that one node. IpAddress may either be a dotted-quad IPv4, or fully-formed IPv6 address.
    • Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Added -resetClockId command. Use this if you have cloned your Domain Time installation and discover duplicate PTP nodes. PTP requires that each node has a unique portIdentity; the clockIdentity portion is normally created from the NIC's MAC address, but if you clone an installation without using -prepclone, the clockIdentity will be duplicated.
    • Added support for permissions changes on Win10 regarding querying services.

  • PTPCheck
    • Changed list displayed by Discovery Management Messages dialog to be sorted by management messageId.
    • Added 0xDEEE "AllowedMasterList" to the list of management messages that can be sent. The return value is "Any" if no restrictions are in place, or the list of IPs/CIDR masks/names considered acceptable masters.
    • Added "NanoServer" or "ServerCore" to platform type display as appropriate.
    • Changed all Peer-to-Peer multicasts to have a TTL of 1, regardless of TTL used for other types of message. This is to conform with IEEE 1588-2008 requirements.

  • NTPCheck
    • Added auto-elevation for functions that need to access the symmetric secrets keyring. For example, NTPCheck " key windows" or NTPCheck "myserver key 1". If the user does not have sufficient priveleges to access the keyring, the program will relaunch itself in elevated mode (prompting for an admin username/password if required). The program already did this for NTPCheck -ad.

  • DTAlert

    • Changed default permissions on Domain Time II Alert Parameters registry key so that settings are saved when run by a non-administrator.

  • DTDrift
    • Added command line parm -convert [-localtime] filespec. -localtime is optional. If not supplied, UTC will be used. filespec may be either a fully-qualified path and filename, or a path with *.dt (no other file extensions are supported). If the path or filename has spaces, you must enclose it in quotation marks. For example, dtdrift -convert "C:\Program Files\Domain Time II\Synchronization Logs\*.dt" will convert each .dt file in the named folder to its .txt equivalent. The original .dt file is not altered.

  • Miscellaneous
    • Changed synchronization log (drift graph) window to have a title bar with an icon and system menu. The former appearance was a "toolbar" window containing only a caption.
    • Fix for inconsistent setting of the hasAllowedMasterList bit in reply to PTP management messages 0xDEEF (DomainTimeProperties) and 0x201B (AcceptableMasterTableEnabled). In addition, version 5.2.b.20171113 interprets this bit incorrectly in DTCheck -ptplist and in PTPCheck's details display. Version 5.2.b.20171113's output should be considered meaningless for this particular bit. Upgrade to obtain consistent behavior in both setting the bit and in interpreting it.
    • See also addition of 0xDEEE PTP management message described in DTCheck and PTPCheck sections.
    • Changed display in places that show log2 values as 2^n, where n may range from -128 to +127 (typically -7 to +7). The former behavior was to display n as 0xNN (two hex digits), which was fine for positive values, but became confusing for negative values. In most places where a log2 value is displayed, the millisecond interval (or text saying pkts/sec) is also shown beside it. log2 values are used by NTP and by PTP, and the values usually represent a frequency in seconds. 2^0 is 1 second, or 1000 ms; 2^1 is 2 seconds, or 2000 ms; and 2^-1 is half a second, or 500 ms, and so forth.
    • Changed various numeric displays and their parenthetical meanings to be the same in all places.
    • Added "Patent Pending No. 62-597170" notice to various dialogs and text displays. This software algorithm applies to DTServer, DTClient, Audit Server, PTP Monitor, DTCheck, and PTPCheck, and may include other products in the future.

5.2.b.20171113 - Optional Upgrade

One important fix for an error introduced in 5.2.b.20170922. If you are using Domain Time II Monitor (DTMonitor) and you downloaded between Sep 22nd and Sep 27th 2017, you should upgrade to obtain this fix. Otherwise, this release is optional; upgrade if you want the new features.

Many minor changes, enhancements, and customer requests. Introduction of PTPCheck, a new utility program.

  • DTMonitor
    • Fixed invalid memory access in DTMonitor's Control Panel applet. (Only affects version 5.2.b.20170922 downloaded between Sep 22nd and Sep 27th 2017.)

  • All
    • Changed "us" to "" or "s" in logs, reports, and dialogs where possible. is the lower-case Latin Mu character, representing microseconds.

  • PTPCheck
    • New GUI-based utility program to scan/test PTP nodes for management message handling. It is a single stand-alone executable, so it may be copied to various machines on your network in order to compare views.
    • PTPCheck is installed to the system32 folder along with DTCheck and NTPCheck during installation/upgrade of either DTClient or DTServer.
    • PTPCheck is installed to the Manager folder when management tools are installed/upgraded.

  • Control Panel applet
    • Added new page, PTP Masters, accessible from the PTP Stats page. The PTP Masters page shows the same information available from DTCheck -ptpmasters, but in a graphical format. The new PTP Masters page shows all current and former masters seen by the selected node, whether being followed or not. A help button is available to explain why a particular master is not being followed. In many cases, the Help dialog will not only explain why a master isn't being followed, but offer to automatically adjust settings to allow the master.

  • DTServer/DTClient
    • Customer request: changed text-log-only trace messages (primarily the summaries of which servers among a group are selected as time sources) to be forwarded to trace-level syslog output. Sources used to correct the clock will be listed as Source *sourcename whereas sources not used will be listed as Source -sourcename; reject reason.
    • Other warning messages regarding PTP status (such as running but not yet synchronized) are now also forwarded to syslog. The former behavior was to send these messages only to the text log.
    • Added ability to use either IPv4 or IPv6 for syslog targets. The former behavior was limited to IPv4 only. If you use a DNS name instead of an address literal, IPv4 will be favored over IPv6. For example, if you use localhost as the target on a dual stack machine, the resolver will provide both and ::1 as valid IP addresses corresponding to the localhost. Domain Time will choose the IPv4 version. To force IPv6, use an IPv6 literal or a DNS name that only resolves to an IPv6 address.
    • Added support for RFC 5424 syslog format (UDP only). The TLS option for RFC 5424 is not supported. Prior versions of Domain Time supported only RFC 3154. Syslog messages are sent from an ephemeral port to the target port 514/udp.
    • Customer request: Added "Time Sample Errors as Warnings" (REG_SZ, default "False") to the Parameters subkey.
    • Changed default IPv4 TTL and IPv6 Hop Count from 1 to 4.
    • Changed registry security settings for symmetric keys to restrict access to SYSTEM and the Administrators group.
    • When acting as PTP Master with a clockClass of 6 (Primary), DTServer now marks the TAI-UTC offset valid only if it knows the TAI-UTC offset from prior contact with a primary source. If the TAI-UTC offset if not known, DTServer clockClass 6 behaves like DTServer clockClass 248 (default) - serving UTC timestamps marked as the ptpTimescale, with a utcOffset of zero. The net effect of this change is to make DTServer's Announce messages unambiguous, mostly for the benefit of protocol analyzers, If the clockClass is 13 or 255, DTServer's timestamps will be UTC, timeScale ARBitrary, with a utcOffset of zero. The drop-down on the PTP Master configuration page has been updated to clarify which timeScale is used with which clockClass.
    • Cosmetic fix for dynamic domain statistics display updating incorrectly when admin changes the default domain using the Control Panel applet, but the selected master does not change as a result (i.e., the previously discovered best master in a non-default domain remains the best master.)
    • Added two radio buttons to the PTP Master configuration dialog. The default choice is compliance with IEEE1588-2008 Table 13 ("Updates for state decision codes M1 and M2"), which requires all fields of the currentDS be set to zero. The second radio button allows Domain Time to tell the truth about these values. The standard presumes that any clock that becomes a master is necessarily connected directly to a primary time source (GPS/GNSS, atomic clock, etc.), and will always have stepsRemoved, offsetFromMaster, and meanPathDelay of zero. This is obviously not always the case. For example, a master relying on an NTP stratum 2 device is one step removed from a primary source, and it will have an offset and a delay that are meaningful. Even if its source is an NTP stratum 1 (zero stepsRemoved from a primary time source), it will still have a meaningful offset and delay. The choice (whether to follow the standard and lie, or ignore the standard and tell the truth) only affects the reply to the CURRENT_DATA_SET management query; it does not affect clock operation or the BMC algorithm.

  • DTCheck
    • Change simple syslog listener (DTCheck -syslog) to listen for both IPv4 and IPv6 on port 514 using a single dual-stack socket. On XP/2003, dual-stack sockets are not supported, so if you have IPv6 installed, only IPv6 messages will be seen; if you don't have IPv6 installed, only IPv4 messages will be seen.
    • Added -yes to DTCheck's -leapfile command. If specified, DTCheck will update Domain Time Client or Server with the current TAI-UTC offset derived from the leap-seconds.list file. Without the -y, DTCheck will only report the information.
    • Added -ptplist command. This command only works with Domain Time machines version 5.2.b.20171111 or later. It sends two multicast 0xDEEF management queries (one IPv4, one IPv6), using an ephemeral source port directed to the IPv4/IPv6 PTP multicast addresses, with a target port of 320. Replies will have a source port of 320, and a target port of whatever ephemeral port the operating system has assigned. Your firewalls must allow this traffic in order for -ptplist to work. The outgoing TTL is fixed at 64, and the boundary hop count is fixed at 8. All Domain Time nodes within reach of the queries will respond, regardless of PTP domain number or portIdentity. Non-Domain Time nodes will not reply. The text output from this command is a list of all visible PTP nodes running Domain Time 20171111 or later, along with useful information about their configuration, current status, and so forth. The list format designed to be parseable.
    • Added -ipv4 and -ipv6 switches for use with either -ptplist or -syslog. The default is to use listen for both IPv4 and IPv6 packets. If you specify -ipv4, only IPv4 packets will be displayed. If you specify -ipv6, only IPv6 packets will be displayed. If you specify neither (or both), then both IPv4 and IPv6 packets will be displayed.

  • DTTray
    • Added PTPCheck to the Management Tools submenu (only shown if management tools are installed).

  • Manager/Audit Server
    • Allowed PTP Monitor to display management error messages (trace level).
    • Added PTPCheck to the Utilities menu.
    • Fix for PTP Monitor drift files occasionally having data point timestamps of zero.
    • Change for IPv4 broadcast discovery. Symptom: If you had IPv4 Broadcast Discovery enabled on Manager's Network Discovery dialog, and had selected the Primary subnet only radio button, but had changed the default broadcast address from to a different broadcast address, Manager and Audit Server would continue to use This was reflected in the log. As of this version, Manager and Audit Server will use the specified broadcast address instead of the default.
    • Change for NTPQ behavior when scanning list of known NTP servers. NTPQ will only be solicited upon first adding an NTP server, or when a specific server is refreshed from Manager's list. NTPQ will be skipped for Audit scans, startup scans, and refresh of the entire list. (NTPQ can provide additional information about an NTP Server, e.g., its operating system and processor. Most organizations have disabled NTPQ due to security flaws in ntpd's handling of control messages. The queries sent by Manager and Audit Server cannot result in amplification attacks or other security violations.)
    • Exposed number of minutes between background drift collection on Synchronization Log dialog. This was formerly a registry-only setting.
    • Added ability to collect NTP drift stats more frequently than the normal collection interval. If background drift collection is enabled, you may now choose to collect NTP stats at the same interval as DT2 and PTP, or at a much shorter interval.
    • Changed Firmware column of PTP Monitor to reflect x86 or x64 accurately. Under certain circumstances, an x86 machine could be reported as x64, even though the Hardware column correctly says Win32.

  • Synchronization Logs (drift graphs)
    • Changed the max number of records kept by Audit Server to 604800, enough for one data point per second for one full week (just over 12MB of binary data). If you have disabled the size limit for drift files, a file that grows larger than the maximum will be moved into an "Archives/yyyymmdd" subfolder, and then the file restarted. A warning message will appear in Audit Server's text log. If the file cannot be archived, an error message will appear in the text log and the older data will be lost.
    • The graphical viewer for drift graphs will no longer open files larger than 604800 records.
    • Audit Server will no longer attempt to create textual versions of drift files with more than 64K records (approximately 6MB). A warning message will appear in Audit Server's log.
    • Customer request: Added new bracket to the Clock Discipline breakout in the textual version of all drift graphs, range 10-49 ms.

  • PTP Enterprise Profile
    • Internet Draft "PTP Enterprise Profile" has assigned an IETF profile ID of [00-00-5E-00-01-00] to the still-developing Enterprise profile. Domain Time uses this profile number in response to management requests, and in dialogs. For clarity, Domain Time refers to this profile as "End-to-End Enterprise Profile."

5.2.b.20170922 - - Optional Upgrade

Added SHA1 hash support for symmetric key authentication. Fixed a few inconsequential bugs. Added several customer requests for additional capabilities. Added several other enhancements. Upgrade if you experience any of the problems described, or if you want the new functionality.

  • All
    • Added support for SHA1 symmetric keys as well as MD5. This is primarily for FIPS 140-2 conformance. SHA1 keys are always exactly forty hex characters (0-9 and A-F) long, producing a 20-byte binary key. MD5 keys are ASCII text; different implementations of the NTP daemon have allowed different maximum key lengths. In general, an MD5 key should be composed only from 7-bit ASCII-printable text, excluding space, tab, and the # character. MD5 keys should be at least 8 characters long, and should not exceed 20 characters. Some versions of NTP daemons allow lengths of 32, while others have a maximum of 8 or 16. You will need to choose MD5 keys that are interoperable with all of your various devices and daemons.

      SHA1 keys work with NTP, DT2-UDP, DT2-TCP, and DT2-HTTP, including NTP broadcast and DT2-UDP broadcast. Domain Time Servers or Clients must be upgraded before they will recognize SHA1 entries as SHA1. Older versions of Domain Time will treat an SHA1 hash like a very long MD5 key (which won't verify). Added "SHA1" or "MD5" to all logs (where possible) to indicate the type of key used.

  • DTClean
    • Customer request: Added /yes option to perform silent clean. The graphical interface still shows, but the buttons are clicked automatically.

  • Manager/Audit Server
    • Customer request: Added option to send PTP Monitor E2E or P2P delay requests by multicast instead of unicast (to help with hardware devices that don't support hybrid mode).
    • Customer request: Added option to send PTP Monitor follow-up messages by multicast instead of unicast. Use this option only if your PTP nodes cannot reply to a unicast request. The default behavior of PTP Monitor is to "sweep" the networking using mulitcast, then send individual follow-up messages to each node using unicast. Using multicast for follow-ups may significantly increase network traffic.
    • Corrected long-standing misbehavior on Manager after installing to or upgrading a remote machine. The prior behavior was to check that the remote machine's service had started and would reply to a DT2 query, but discard the contents of the reply. The new behavior is to use the contents of the reply to update the Domain Time II Machines list with the returned information (version, operating system, status, etc). This may lead to newly installed or upgraded machines showing "NoSync" in the Alarm column. This is the correct status immediately after starting the service, because the machine, although up and responding, has not yet synchronized its clock. Use F5 (or right-click and select Refresh) after installing/upgrading. This change allows you to determine if a machine can or cannot obtain the time. A machine that persists in the "NoSync" state after a few seconds likely is having trouble.
    • Added checkbox labeled "Log messages if Audit Server's log is in trace or debug mode" to the PTP Monitor configuration dialog. If checked, and if Audit Server's log is set to either trace or debug, Audit Server will log (trace level) all incoming and outgoing management message activity.
    • Customer request: Added checkbox "Show Non-Responding DT2 Machines" to Manager's View menu. If checked, the Domain Time II Machines list will show both the results of the current scan and any known DT2 machines in the cache. Machines from the cache that didn't respond to scan will show "Unknown" in the Alarm column. Menus and DEL key handling updated to allow removal of machines from the Domain Time II Machines list. Deleting from the Domain Time II Machines list is the same as selecting "Remove from Cache" from the Domains and Workgroups list.
    • Changed the NTP list to show "Unknown" in the Alarm column if a machine does not respond to scan (to match the behavior of DT2 machines). The NTP list always shows all NTP servers, whether they respond to a scan or not. This change helps call your attention to machines that are not currently responding.
    • Deprecated "ReferenceProtocol" and "ReferenceServer" parameters from the Daily Report. These are holdovers from version 4.1 and are not particularly meaningful. The full reference time, including all of the sources, protocols, offsets, and strata used for an audit are listed at the top of the Daily Report (in the comments) and in the main Audit log file as part of the audit summary. Since the reference time applies to all machines audited, and may consist of multiple sources and protocols, it does not have a separate per-machine meaning.
    • Fix for symmetric key keyring not being pre-loaded for the Reference Time dialog if prior selection was "Use this machine's clock."
    • On the Help menu, added item for Version History, which opens a browser window to the complete product history for Domain Time.
    • Fix for trace-level output from Audit Server regarding received PTP messages: Source and target portIdentities/IPs were switched in the log output. This did not affect the program logic, but made the trace log difficult to interpret.
    • Changed behavior of Manager's startup scan (Options/Network Options/Scan Options) to honor the checkbox for "If a known NTP server does not respond to startup scan, try to contact it directly." The former behavior was to ignore this flag on startup, but honor it if you pressed F5 (or right-clicked and selected Refresh) while examining the NTP Servers list. This may mean a longer startup time for Manager if your NTP machines cannot all be queried by broadcast/multicast. You may uncheck the box to regain original startup speed. Added a new checkbox to the same dialog, "If a known NTP server does not respond to F5/Refresh, try to contact it directly," which controls the behavior of NTP followups when viewing the NTP list. You may still right-click/Refresh an individual NTP machine to update just that one machine's status. Note that these changes do not affect Audit Server, which always sends follow-ups to unresponding machines.

  • DTServer/DTClient
    • Changed trace and debug logging to make it easier to identify rejected broadcast/multicast NTP packets.
    • Changed wording from "the server is not known" to "not on list of configured sources" when ignoring an NTP or DT2 broadcast source.
    • Fixed case where a broadcast source was listed more than once with differing protocols (for example, trusted for NTP only, and the same IP also trusted for DT2-UDP only). Symptom: If NTP was listed first, but a DT2 broadcast packet arrived (or vice versa), the packet would be rejected for not matching the listed protocol.
    • Changed saved list of recent broadcast servers to discard any more than a month old. This list is only used by the Control Panel applet when helping an admin choose from among recently-seen broadcasters.
    • Changed wording on CPL when entering an MD5 key from "The password secret is longer than supported by all ntpd implementations" to "The password secret is too long for many older ntpd implementations." The former wording suggested that no ntpd implementation would accept a long password, whereas the message was meant to warn that not all will. The reference implementation of NTPv3 limits the length to eight characters, whereas NTPv4 extends the length to 16 ( Domain Time itself has never had an upper limit, and, in the wild, admins often use secrets with lengths of 20 or greater.
    • Added VM Guest detection for running as a VM under Amazon's AWS-EC2 hypervisor.
    • Customer request: Added Accept First PTP Timestamp (REG_SZ, default False) to Parameters key. If set to True and if the first PTP timestamp received is unacceptable (outside allowed range), then the clock will be STEPPED to match the first PTP timestamp received. Use of this setting is highly discouraged; it is there solely for isolated systems without reliable CMOS clocks on the motherboard.
    • Customer request: Added Min Success Interval (seconds) to the Parameters key. This is a REG_DWORD value. The default is 5. You should not change it.
    • Customer request: Domain Time no longer counts the first correction after service startup in the cumulative drift counter. The first correction is often large, and not representative of the overall performance of the machine over time.
    • Customer request: Server and Client now support multiple syslog targets. You may list up to eight IPv4 addresses on the syslog server line. Separate targets with a space. For maximum backward compatibility with older versions of Domain Time, avoid using a DNS name if you list more than one target. If all of your machines have been upgraded, then you may use either DNS names or IPv4 addresses.
    • Fix for DT2-HTTP reporting "unauthenticated" regardless of whether a symmetric key or Windows authentication was used. This problem only affected the log output, not whether authentication was used.
    • Added buffer size check when a Domain Time Server in master mode replicates settings to its slaves. The buffer cannot overflow, and therefore cannot be exploited, but adding the size check ensures that responses larger than the allowed buffer are not truncated mid-entry.
    • PTP: Added compensatory control for when a Domain Time Server is set to become a PTP master, but PTP's "No Master Detect Timeout" is set to a number of seconds lower than required for the first time check to complete (e.g., 2 seconds). Symptom: DTServer would remain in the PTP Listening state until a sync trigger was applied. The default No Master Detect Timeout is 8 seconds, but admins who want a quicker convergence often change it to 4. Domain Time allows the timeout to be any value between 2 and 3600 (inclusive).
    • Added number of days remaining to the startup banner on eval copies.

  • Control Panel applet
    • Added Browse... buttons to import/export dialogs for symmetric keys, time sources, and broadcast souces.
    • Changed symmetric keys dialog to show SHA1 vs MD5 password types.
    • Changed symmetric keys dialog list to sort in numeric order for the key number column, and in text order for the other columns.
    • Changed maximum symmetric key number ("keyid") from 65535 to 65534 to comply with ntpd version 4.2.x. Some implementations of NTP, including prior versions of ntpd, use a range of 1 to 65535 (inclusive). Since the keyid is a 32-bit unsigned integer, there is no technical reason it could not be a much larger number.
    • Changed symmetric keys dialog broadcast key dropdown to sort numerically instead of alphabetically.
    • Added choice of line terminators (LF or CRLF) to key export dialog. The former behavior was to create the file using only LFs, on the assumption that exporting a file was primarily so it could be imported into a Linux machine. This is still the default, but you may now choose CRLF if desired. Note that key file import is not affected by the type of line termination. It has always been able to handle either CRLF or plain LF line terminators.
    • Changed key import routine to recognise both SHA1 and MD5 key types. The former behavior was to ignore any key type not marked MD5.
    • On the Correction Limits page, removed Minimum Correction ("Deltas smaller than ___ milliseconds will not cause a correction....) because any value other than the default value of 1 has been deprecated for over a decade. The presence of the setting and its wording suggested that deltas of less than 1 millisecond could not be corrected, whereas it really only applies to situations where slewing is disabled. Stepping the clock has an OS-dependent uncertainty, so Domain Time will not step a correction of less than 1 millisecond. Removed the same setting from the recommendations page on Domain Time Server operating in Master mode.
    • On the Support page, changed Online Documentation Index link to go to the overall Domain Time index page instead of the client or server index page.
    • On the Support Page, added link to Version History, which opens a browser window to the complete product history for Domain Time.
    • On the server test results dialog, restored the green/red/yellow indicator at the bottom-left corner. The code for displaying the indicator had been inadvertently commented out.
    • On the PTP Master configuration dialog, added prompts to ensure the admin chooses legitimate timeout and priority values.

  • Miscellaneous
    • Some 15-year+ old routines inexplicably thought that because there were 60 seconds in a minute, and 60 minutes in an hour, there must also be 60 hours in a day. We have educated these routines. The error only affected a few displays, not any timing calculation or function.

  • DTCheck
    • Added -leapfile command. This fetches and parses the default leap-seconds.list file from If you want to use a different source, use -leapfile:http://location. Only HTTP is supported. The file, if successfully fetched, is placed in the system32 folder. If the file in system32 does not exist, or is older than the version on the server, it will be updated. If the file in system32 is the same as or newer than the version on the server, the file in system32 will not be updated. In either case, the output shows the last leap second and its TAI-UTC offset, as well as the next leap second to come (if one has been scheduled). Domain Time does not use the leap-seconds.list file. This command is present only to let you check the current TAI-UTC offset and any scheduled leap seconds. Since it writes to the system32 folder, you must run DTCheck with admin privileges for this command.

5.2.b.20170522 - Optional Upgrade

One important fix for Manager. Several minor improvements elsewhere. NOTE: If you upgrade the Management Tools, you should also upgrade Audit Server. Mismatched versions may produce unwanted results (see description of changes below).

  • Real-Time Alerts
    • Widened the precision of remembered deltas from milliseconds (10^-3) to hectonanoseconds (10^-7, or tenths of a microsecond). The information was already being sent to Audit Server in hectonanoseconds, and displayed to that precision in the log files, but was being truncated to milliseconds in Audit Server's database and in emailed Real-Time Alert messages. The truncation was a holdover from 2009 (version 5.1), when all reports were limited to milliseconds. This change allows you to see sub-millisecond deltas that are being sent by Client or Server without having to examine the log file.

      Also changed the threshold scale for raising alerts from milliseconds to microseconds. The threshold is kept internally as microseconds, and expressed in alert emails or logs as ±s.nnnnn second(s) when practical. For example, if your threshold is 1.5 seconds, the program will display "±1.5 seconds"; for 15 milliseconds, the program will display "±0.015 seconds"; for 100 microseconds, it will display "±100 microseconds," and so forth. Changed Manager to allow you to express the threshold as seconds, milliseconds, or microseconds.

      Note: If you upgrade Audit Server but do not upgrade Manager and Alert Viewer, Manager and Alert Viewer will display incorrect values in the delta column. The display will be correct if you upgrade Manager and Alert Viewer without also upgrading Audit Server, but a mismatch between Audit Server and Manager is not supported. Alert Viewer, which can connect to multiple Audit Servers, will display the precision supported by each of its servers (as long as you upgrade Alert Viewer).

  • Stratum Reporting
    • Changed drift graph stratum to display the source's stratum rather than the machine's stratum. This change affects NTP and PTP graphs; DT2 graphs already displayed the source's stratum. This change is for consistency among protocols, and only affects graphs displayed in Manager or by the stand-alone DTDrift program.
    • Changed Audit Viewer's reporting of strata to match what's shown in the drift graph. Audit Viewer already reported the correct stratum on the summary dialog page, but did not use each source's stratum in either the details dialog or the textual report.

  • Email
    • Fixed quoted-printable encoding to prevent inserting a soft CRLF between the CR and LF of a hard CRLF. Symptoms: None known; this fix is to ensure strict compliance with RFC2821 and RFC2045.
    • Added workaround for non-conformant SMTP smarthosts. Symptom: Email session would terminate with a timeout after sending the email data but before seeing a 235 from the smarthost. These non-conformant servers are expecting an extra CRLF at the end of data.
    • Changed charset from US-ASCII to Windows-1252 to support 8-bit characters.

  • Manager
    • Widened display of real-time alert deltas as noted above under Real-Time Alerts.
    • Changed display of strata as noted above in Stratum Reporting.
    • Changed real-time alert threshold from milliseconds to your choice of seconds, milliseconds, or microseconds, as noted above.
    • Added checkbox to Real-Time Alert configuration dialog to allow choice of whether to raise alerts for all machines or only audited machines.
    • Fix for Manager freezing when NTP list is emptied. Symptom: Manager would pop up a blank message box (no text or buttons), and wait for you to click on the non-existent button to continue. The problem only exists in versions 5.2.b.20170101 and 5.2.b.20170331.
    • Added optimization for computer name enumeration in AD forests. If enumeration fails due to global catalogue errors, you may disable this optimization by changing the registry value Optimize Computer Enumeration to False in Manager's Parameters subkey.
    • Added History... to right-click menu for items in the real-time alert list. Also added F6 accelerator key to perform the same function.
    • Added real-time alert history settings to Real-Time Alert configuration dialog.
    • Added Email Setup... to Audit Server menu for convenience (the same dialog is available from locations where you enable or disable email).
    • Added "Time Traceable" and "Frequency Traceable" fields in detail view of PTP nodes. For masters, this is their own traceability status. Time traceability propagates to slaves, but frequency traceability for slave is implementation-dependent and may not be meaningful.
    • Colorized PTP node detail display to match other protocol detail displays.
    • Changed default for View - Show Grid Lines to false (only affects new installs).

  • Real-Time Alert Viewer
    • Fixed the audio alert to honor the state of the checkmark on the pop-up menu. Symptoms: Sounds were continuing to play when the checkmark was unchecked.
    • Widened display of real-time alert deltas as noted above.

  • Audit Server
    • Widened display of real-time alert deltas as noted above.
    • Added abiltity to customize the subject line in email alerts and summaries (only for this version or newer). To change, edit the HKLM\Software\Greyware\Domain Time II Audit Server\Logs and Alerts\SMTP key and change any of the Email Subject... values. Changes take effect upon service restart.
    • Ignoring excessive deltas upon receipt of a Status Report (Real-Time Alert) from a machine that has just resumed from standby is now treated as if the machine had just booted.
    • Changed wording on alert dialog from "after boot" to "after startup" to reflect the above change.
    • Added ability to skip raising an alert for unaudited machines.
    • Added code to skip updating Status Report delta when a Status Report is only a notification of PTP status change. Symptom: The "Last Status" column in Manager would change to zero for approximately five seconds after a PTP master was lost or gained.
    • Changed "PTPv2" to just "PTP" in audit debug logs.
    • Added real-time alert history folder and logfiles for each reporting machine.
    • Changed real-time alert logging to show deltas on machines that are in the PTP-lost-master state.

  • PTP Monitor
    • Changed display for masters who are zero "stepsRemoved" from a primary source to show an effective NTP stratum of 1 instead of 0.

  • DTServer/DTClient
    • Added ability to track number of seconds since a resume-from-standby event. This data is sent in Status Reports (Real-Time Alerts) so that Audit Server can decide whether or not to ignore excessive startup deltas. A recent resume from standby also counts as a "startup" event for the purposes of overriding the min/max correction allowed. This change allows laptops or similar devices that use sleep or hybernate to resume synchronization and avoid being flagged as out of tolerance when they resume operation.
    • Increased IOCP worker thread count to help prevent starvation of UDP service requests while TCP teardown is occupying a worker.
    • DTServer: Changed error message to "Access Denied" when DT2-HTTP is disabled for the type of access requested. Also streamlined HTTP request processing to reduce transaction duration.
    • Added secondary audit server value to the domtime.adm GPO. To obtain this functionality, you need to update the GPO with the new domtime.adm file, and set the value secondary audit server value using your normal policy editor. You must also update any DTClient or DTServer set to use the policy (previous versions will ignore the new value).
    • Corrected auditdata command response to include all time sources (up to eight) if multiple sources were used to steer the clock. If multiple samples from the same source are used, only the first sample from that server is included. Previous versions did not always show the individual source data.
    • Added source's stratum (if known) to the auditdata command response. This value is displayed by DTCheck or the Audit Viewer.
    • Added caller's IP/port and listening IP/port to debug-level messages for TCP hang-ups due to inactivity or error.
    • Improved overall socket server shutdown time for very busy DTServers with many concurrent TCP connections.

  • DTUpdate
    • Fixed logic error in the Domain Time II Update Server service which allowed installation to newly-discovered machines when the Administrator had selected only upgrades, not new installations.

  • DTCheck
    • Added each source's stratum (if known) to the output of dtcheck -cmd=auditdata when multiple sources were used by the queried machine.
    • Changed -ptpmasters output for two-step clocks to add count of missing Sync Follow-ups. An occasional Sync without its Follow-up is not an error, but a sufficient number in a row can lead a slave to abandon a master.
    • Changed -ptpmasters output for one-step clocks to omit showing zero Sync Follow-ups received.

  • DTDrift
    • Changed display of strata as noted above in Stratum Reporting.

  • DTTray
    • Reduced redundant registry reads.

  • DTLockdn & DTClean
    • Fixed code that disabled filesystem redirection and then failed to re-enabled it. This affects only 32-bit versions of the programs when running on 64-bit operating systems. Symptoms: None. In all cases, the programs perform correctly. This change is for consistency's sake, in case the programs are ever rewritten to operate recursively.

5.2.b.20170331 - Optional Upgrade

This version adds new features to Audit Server, especially for large networks where an audit can take a significant amount of time to complete. Added a fix for sleep problems on Windows 10 machines. Updated Denial-of-Service (DoS) protection algorithm. Several other minor enhancements and features at customer request. Upgrade if you are affected by any of the problems fixed, or if you want the new functionality.

  • All
    • Fixed problem with weekly text log rollover. Symptom: Log would roll at the first Sunday, then never again, unless you switched to monthly or daily, then back to weekly.

  • Manager
    • Changed wording on Audit Server/Alerts/Configure page to say "anomalous test results" instead of "anomalous scan results" because the double-check occurs for both NTP and DT2 sources after obtaining a result, whether it was obtained from either a scan or a directed query.
    • Added Cancel Audit menu option to cancel a running audit.
    • Disabled critical timing processor lock on machines with invariant TSCs.
    • Added checkbox to Audit Server/Audit Tasks dialog: "Scan the network before contacting individual machines" (default checked). If checked, Audit Server will use Manager's scan settings to collect data by multicast/broadcast before attempting to check with each machine. If unchecked, Audit Server will skip the initial scan.
    • Added checkbox to Audit Server/Audit Tasks dialog: "Use multicast to locate DT2 machines that may have changed IPs or names" (default checked). This checkbox exposes an existing registry setting that controls how Audit Server locates machines that may have changed NetBIOS names or IP addresses since the last audit.
    • Added version mismatch warning to the Conflicts and Problems display. If Audit Server is installed and is not the same version as Manager, a notice will appear advising you to upgrade the incorrect component.

  • Real-Time Alert Viewer
    • Added ability to play sounds when the overall status changes to red or yellow. You may turn this functionality on or off by checking/unchecking the right-click menu item titled, "Audio Alert Enabled." To change the .wav files played for each type of alert, edit the registry: HKEY_LOCAL_MACHINE\Software\Greyware\Domain Time II Alert\Parameters, and change the "Realtime Alert Sound Error" and "Realtime Alert Sound Warning" values to whatever you want. The full file path and name must be provided.

  • Audit Server
    • Added method for Manager to signal that a currently-running audit should be cancelled.
    • Added dynamic scan timeout value based on size of the recordset being audited.
    • Split unicast follow-ups to non-responding audited machines into multiple threads.
    • Disabled critical timing processor lock on machines with invariant TSCs.
    • Added ability to skip initial audit scan and do only unicast queries.
    • Split auto-acknowledge of Real-Time Alerts into a separate task; this change prevents auto-acknowledgement from being starved for CPU on busy Audit Servers.
    • PTP Monitor Logging
      • Added trace-level log event if a PTP master upgrades or downgrades its time quality.
      • Added trace-level log event if a PTP master changes its leap status flags.

  • Audit Viewer
    • Added DNS name, if known, on display and reports of NTP servers. Prior behavior was to say either "N/A" or the IP address in the name field.

  • DTServer/DTClient
    • Added work-around for Windows 10 machines with sleep function enabled. Symptom of problem: When sleep mode exits, the main thread may not resume. This is due to the Windows 10 kernel not sending matching pairs of APM up/down events to the service handler.
    • Added trace-level log messages for APM signals.
    • Changed default interpolator behavior to avoid unneeded cycles when using the kernel interpolator (Windows 8 or above).
    • Changed Denial-of-Service (DoS) behavior to not restart DoS timer with hits from poisoned sources during the rehabilitation window. The former behavior required n second to pass without any hits from a poisoned source before absolution would be granted. The new behavior grants absolution n seconds after the first excess. This makes the DoS protection more of a rate limiter than a block.

  • PTP Master Mode
    • Corrected inconsistency between announced and queried time quality, so that queries via management messages are dynamic using the same algorithm used for announces when Domain Time Server is operating as a PTP master.

5.2.b.20170101 - Recommended Upgrade

Introduced PTP Monitor, a component of Audit Server integrated with Manager. Several minor bug fixes; many performance enhancements. Added support for the "PTP Enterprise Profile." Added preliminary support for PTPv3 (subject to modification as the specification evolves).

  • All
    • Changed log file and dialog mentions of "variance" to "delta" where the value being referenced is a simple ±Δ (delta). The term "variance" is now used only it its strict mathematical sense (squared deviation from a set's mean). The former use of "variance" to mean "delta" was a holdover from when variances were exposed directly.
    • Changed most messages and prompts to say PTP instead of PTPv2. Messages specific to v2 (IEEE 1588-2008) as opposed to v3 (forthcoming) will have v2 or v3 appended when v3 is released and supported. Since much of v3 will be interoperable with v2 in terms of message types and formats, the version number is important only when a difference must be distinguished for debugging purposes. Certain instances of PTPv2 will be retained for backward compatibility (such as the names of keys and values in the registry).
    • Changed PTP node portIdentity textual representations to use a period instead of a colon to separate the clockIdentity from the portNumber. (There is no standard for textual representations of portIdentities. An 80-bit hex string is difficult for humans to read, so we split the clockIdentity into three portions using dashes, and separate the portNumber from the rest using a period.)

  • Manager
    • Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
    • Changed internal audit delta value for alerts from milliseconds to microseconds. Manager shows a radio button to allow selection of seconds, milliseconds, or microseconds. The value will be converted to microseconds when the dialog is closed. Internal time is still kept in hectonanoseconds (tenths of a microsecond).
    • Added check for wsnmp32.dll before allowing install to or upgrade of a remote machine. All versions of Windows from XP up have this DLL installed, execpt for Windws Server 2016 Nano Server, where it is optional. The admin must install SNMP trap support on Nano Server before installing Domain Time.
    • Changed default display precision for deltas and latencies from milliseconds to microseconds. This value is still adjustable from the Options/Appearance/Format Options/Significant digits dropdown. Several customers were unaware that the number of significant digits displayed was adjustable, and thought that Manager was only able to measure to the millisecond.
    • Changed the default sort order for deltas to use absolute value (magnitude). This may be changed on the same dialog box as the number of significant digits.
    • Added multicast interface enumeration to scanner functions used by Audit Server, Manager, and Monitor.
    • Added tooltips over list column headers to make it easier to read a column header's label without widening the column (with additional information for columns with obscure or potentially-confusing labels).
    • Added right-click item "Details" on lists to switch to the corresponding tree node's details view.
    • Added "Leap" column to Domain Time II Machines list.
    • Added "(UTC±HH:MM)" after timezone name in Domain Time II Machines details view.
    • Fixed slow redraw when deleting Audit Results or Synchronization Logs. Also fixed count of items shown on the status bar to reflect remaining items after deletion.
    • Fix for scan receive timeout resetting to 1500 on Manager's Options/Network Options/Network Discovery page. This value affects both Manager and Audit Server. Also applied fix to ensure that values entered are within the minimum and maximums allowed.
    • Fixed Alarm column on the Domain Time II Machine's list to reflect "NoSync" if a Domain Time machine has not been able to set its clock since startup. This information is already available via Audit Server's Real-Time Alerts and reports, but was not shown in the machine's list.
    • Added "PortIdentity" column to command-line DTMan EXPORT column, showing blank if the entry is not a PTP node, else showing the node's PortIdentity. For PTP nodes that are slaves, the existing PTPStatus column will show the master's IP address if available, else it will show the master's PortIdentity.
    • Fix for long Manager startup time when database size is large.
    • Improved Manager's exclusion of unwanted Organizational Units (OUs) to include both AD enumeration and tree/list display. The former behavior was to include all machines in the database, and excluded unwanted ones from the display.
    • Added number of elements and memory used by each of the major indices to the System Information page.
    • Added secondary sort by common name (DNS name for NTP servers) when sorting by other columns, so that machines in the same group are listed alphabetically within that group.
    • Changed display name for domtimed Domain Time II role from "Full Client" to "Linux Client" to make them sort separately from Windows clients.

  • Audit Server
    • Introduced PTP Monitor, a component of Audit Server that works in conjunction with Manager.
    • Fix for scan receive timeout resetting to 1500 in error.
    • Added info-level timing information for each phase of an audit. This helps identify which phase (if any) is consuming too much time for users with a very large number of machines being audited.
    • Added "lazy" write to the text log output (same mechanism as available for DTClient/DTServer). This helps improve accuracy of time-sensitive operations that must log their output.

  • Audit Viewer
    • Added "Delta" column.
    • Added NTP stratum (or equivalent) to display of a machine's time source. Strata only apply to NTP servers, but an effective stratum may be determined in most situations. In cases where there is no equivalent, or the information is missing, the stratum is not displayed.
    • Added UTC±HH:MM where applicable.
    • Added support for PTP Nodes (as opposed to Domain Time machines using PTP to obtain the time). Note that you may audit by more than one protocol (NTP, DT2, or PTP, or any combination); each shows up as a separate entry in the audit list.
    • Added support for showing last correction in sub-milliseconds (if provided by DTClient or DTServer; previous versions reported deltas to the hectonanosecond, but corrections only in milliseconds).

  • DTServer/DTClient
    • Added dynamic reset of outgoing socket TTL (IPv4) and hop count (IPv6) when changed on the Control Panel applet (former versions required a service restart).
    • Added links in all users start menu, similar to those created by installing management tools.
    • Fix for negative delta not firing SNMP trap for bounds exceeded.
    • Added shared memory section for PTP statistics (used by DTCheck and the Control Panel applet).
    • Added ability to keep NTP4-style loopstats and peerstats files, including symlinks to the current file, plus several other internal changes for ntpq and nptd-compatibility. Please see ntpd Compatibility for details.
    • Increased the maximum number of drift records kept by each machine. This provides a longer span of history; this is particularly important for PTP drift, which can accumulate one or more points per second.
    • Added socket drain for TCP connections after sending FIN but before closing socket. This helps prevent spurious connection reset errors on the peer.
    • Added non-zero values roughly equivalent to ntpd's concepts of root delay and root dispersion to NTP reply packets (DTServer only). Note that Domain Time does not keep internal statistics in the same fashion as ntpd, so there are no exact equivalents.
    • Added poll value to nearest power of two to NTP reply packets; this value was formerly fixed at the default interval, whereas now it reflects the anticipated number of seconds between time checks. Note that Domain Time does not calculate or maintain polling intervals in the same fashion as ntpd, so the poll interval reported is approximate. In particular, the state machine itself has a value, but not individual time sources. Domain Time is not restricted to ntpd's minimum, maximum, or power-of-two intervals, but reports as if it were for ntpd compatibility.
    • Changed precision value in NTP reply packets (DTServer only) from -23 to -22. 2^-23 (0.000000119 seconds) is the nearest approximation of Domain Time's actual granularity, but 2^-22 (0.000000238 seconds) is closer to the standard deviation representing Domain Time's best-case ability to measure the clock.
    • Changed default value for "Enumerate multicast interfaces..." and "Initiate rebind and resync..." to true.
    • Fixed log message format error after applying leap-second. The bug was introduced in version 5.2.b.20160922, and only affected machines running at trace-level or debug-level text log output.
    • Changed "Service Notify Time Change" log messages from debug level to trace level.
    • Added PTP grandmaster's offsetScaledLogVariance (oslv) to log lines that display the master's general attributes. This value is a four-digit hex number.
    • Added error-level output to log if PTP calibration fails due to invalid timestamps from the grandmaster. This information is also available in debug mode if the PTP packet rejection category is enabled, and will fire with every rejected packet. The new error-level information does not fire with each Sync packet, and does not require debug mode.

  • Control Panel applet
    • Further simplified and clarified the wording for Delay Transport on the Control Panel applet's PTP configuration dialog.
    • Added checkbox and configuration link for PTP to DTServer's "Serve the Time" page. This is a shortcut to the same PTP configuration dialogs on the "Obtain the Time" page, but put on the Serve the Time page for convenience. Unlike other protocols, PTP will be either a slave or a master depending on the overall network conditions.
    • Added checkboxes on the Logs and Status page for enabling NTP4 loopstats and peerstats. Added display of the NTP Stats folder. This display will be "N/A" for earlier versions of Domain Time, and "Not set yet" if you haven't enabled loopstats or peerstats. The folder path, if not set manually, is determined the first time Domain Time collects loopstats or peerstats. Close and reopen the Control Panel applet in order to see the path after first enabling loopstats or peerstats.
    • Removed Refresh and Autorefresh control from PTP Stats display when operating on the local machine using shared memory. The title bar includes either "shared memory" or "network" for your reference.
    • Added dropdown selection for "End-to-End Enterprise Profile" on the PTP configuration page. See PTP Profiles for details.

  • PTP
    • Added support for slaves choosing a master from among multiple domains, whether or not the Enterprise Profile is selected. This is controlled by a checkbox labeled "Dynamic (allow any domain when slave)" on the PTP Options page. On the PTP Status page, older versions will display "Domain Number" and the domain number. Newer versions will display either "Dynamic Domain" and the domain number currently in use, or "Operating Domain" and the domain number chosen on the Options page. See Dynamic Domain on the PTP Profiles page.
    • Shortened or eliminated the delay time for recalibration when switching from one master to another if multiple masters are advertising simultaneously (for example, when a master in domain 0 and another in domain 1, are both visible to the slave, and the slave has Dynamic Domain available, it will have already pre-qualified both masters, and be able to switch without reentering the listening state when the master it has chosen goes offline).
    • Added support for management GET of the PTP fault log.
    • Added support for management COMMAND to clear the PTP fault log.
    • Increased incoming buffer size to accommodate receipt of large fault log packets.
    • Changed reply to management requests sent to all domains (0xFF) to indicate the clock's true operating domain instead of copying the incoming request's domain. Note that management requests addressed to all domains are not part of the PTPv2 specification (although they will likely be part of v3); this functionality is included in Domain Time in emulation of PTP's "all clock identities" and "all clock ports" concepts. Domain Time does not send these requests, but will respond appropriately if so queried. Prior versions responded from domain 0xFF, as required by a strict interpretation of PTPv2.

  • DTCheck
    • Added prompt before -test and other options that may affect the clock, requiring confirmation before beginning the procedure. Added -yes parameter to skip the confirmation.
    • Added -driftfiles parameter to fetch drift files. If no machine name or IP address is specified, the local machine is targeted. The files are placed in the current directory. Example: dtcheck -driftfiles

  • NTPCheck
    • Added display of precision, poll, root delay, and root dispersion to -raw output. Note that sources providing a zero for root delay or root dispersion is valid but undefined; the value is either omitted (typical with appliances and previous version of Domain Time) or too small to represent in the fixed-point field provided. NTPCheck will display root delay and root dispersion, but only convert to seconds and fractions of a second if non-zero values are provided.

  • Setup
    • Added automatic backup of audit server database during upgrade.

Next Proceed to the Older v5.2 history page


Next Proceed to the Planning page
Back Back to the Requirements page

My Account  |   Contact Us  |   Privacy Policy  |   Printer-Friendly Version
Copyright © 1995-2024 Greyware Automation Products, Inc.  All Rights Reserved
All Trademarks mentioned are the properties of their respective owners.