3.1.1 Abstract Data Model

  • Article

This section describes a conceptual model of possible data organization that an implementation maintains to participate in this protocol. The described organization is provided to facilitate the explanation of how the protocol behaves. This document does not mandate that implementations adhere to this model as long as their external behavior is consistent with that described in this document.

IsLastIncomingResponseAuthenticated: A Boolean value that tracks whether the last incoming response was authenticated successfully.

Trusted Domain: A null-terminated Unicode string that represents the name of a trusted domain in which a secure connection can be established between the client and server.

Key Selector: This element is the index into the crypto-checksums that the client is currently requesting for use in authenticating responses. The crypto-checksums are computed by the Netlogon message protection method using the cryptographic keys. This element is an unsigned integer and its value MUST be either 0 or 1.

RID: An unsigned, 32-bit integer that specifies the RID that uniquely identifies a trusted account whose passwords are used for establishing the secure connection in the trusted domain.

ExtendedAuthenticatorSupported: A Boolean value that tracks whether the domain controller (DC) selected as a time source supports the ExtendedAuthenticator message format (see sections 2.2.3 and 2.2.4).

LargePhaseOffset: An unsigned 32-bit integer that specifies the time variation from the computer's clock (phase offset) that is required for a time sample to be considered a spike. Time samples that have time variations larger than the LargePhaseOffset value are considered spikes.

This element, expressed in 100-nanosecond (ns) units, is exposed through the Windows registry via the following registry value.

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Name

LargePhaseOffset

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol as specified in [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

HoldPeriod: An unsigned 32-bit integer that specifies how many time samples larger than the LargePhaseOffset the client is required to receive in a series before subsequent time samples are accepted.

This element is exposed through the Windows registry via the following registry value:

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Name

HoldPeriod

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol as specified in [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

HoldCount: An unsigned 32-bit integer that tracks the number of previous samples received in a series that have been considered to be a spike.

SpikeWatchPeriod: An unsigned 32-bit integer that specifies the amount of time that suspicious time samples are received from a time source before subsequent time samples are accepted.

This element, which is expressed in seconds, is exposed through the Windows registry via the following registry value:

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

Name

SpikeWatchPeriod

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol as specified in [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

TimeSourceType: A null-terminated Unicode string that controls how the client locates a time source. The value MUST be one of the following.

Value

Meaning

"NoSync"

No time source is used.

"NTP"

Locate a time source by using the time source defined in the NtpServer element.

"NT5DS"

Locate a time source by using Netlogon as defined in section 3.1.3.

"AllSync"

Locate a time source by using NetLogon as defined in section 3.1.3 or by using the time source defined in the NtpServer element.

This element is exposed through the Windows registry via the following registry value. The value is stored as a string exactly as shown in the Value column in the table above. For more information about the Windows registry, see [MSWINREG].

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Name

Type

Type

REG_SZ (string)

This element is shared with the server role of the W32Time Remote Protocol [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

NtpServer: A null-terminated Unicode string that controls the time sources used if the TimeSourceType element is configured to use a defined time source. Each time source MUST be in the following form.

 <Time Source>[,<Bitwise Flag>]

The "Time Source" MUST be in the form of a fully qualified domain name (FQDN) or an IP address.

The "Bitwise Flag", if included, MUST be a bitwise OR of zero or more of the following flags.

Value

Meaning

SpecialInterval

0x01

The value of the SpecialPollInterval element is used as the polling interval for this time source.

UseAsFallbackOnly

0x02

Use this time source only when all other time sources have failed. No preference is given among fallback time sources when multiple time sources are configured with this option.

SymmetricActive

0x04

Use the symmetric active mode when communicating with this time source.

Client

0x08

Use the client mode when communicating with this time source.

Multiple time sources are delineated by a space. For two time sources, the following form would be used.

 <Time Source #1>[,<Bitwise Flags #1>] <Time Source #2>[,<Bitwise Flags #2>]

Note that "Bitwise Flags #1" is applied to "Time Source #1", and "Bitwise Flags #2" is applied to "Time Source #2". Each time source that is listed MUST be unique. There are no uniqueness constraints on how many times a given "Bitwise Flag" can appear in a list of time sources. If the bitwise flags are not provided for a time source, the bitwise flags for that time source are considered to be set to 0x0.

If both SymmetricActive and Client flags are set for a time source, Client mode is used to communicate with that time source.

If neither SymmetricActive nor Client flags are set for a time source and the client itself is a time source, SymmetricActive mode is used to communicate with the time source.

If neither SymmetricActive nor Client flags are set for a time source and the client itself is not a time source, Client mode is used to communicate with that time source.

The NtpServer element is exposed through the Windows registry via the following registry value.<7>

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

Name

NtpServer

Type

REG_SZ (string)

This element is shared with the server role of the W32Time Remote Protocol [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

SpecialPollInterval: An unsigned, 32-bit integer that specifies the number of seconds to use as a polling interval. The applicability of the SpecialPollInterval element depends on certain conditions that are created by the TimeSourceType and NtpServer elements, as described earlier in this section and in section 3.1.3.

This element is exposed through the Windows registry via the following registry value.

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Name

SpecialPollInterval

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

ResolvePeerBackoffMinutes: An unsigned integer that indicates the initial time interval, in minutes, to wait after a failure before starting a new time source selection process.

This element is exposed through the Windows registry via the following registry value.

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Name

ResolvePeerBackoffMinutes

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

ResolvePeerBackoffMaxTimes: An unsigned integer that indicates the maximum number of times to double the wait-time interval when repeated attempts to select a time source fail.

This element is exposed through the Windows registry via the following registry value.

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Name

ResolvePeerBackoffMaxTimes

Type

REG_DWORD

This element is shared with the server role of the W32Time Remote Protocol [MS-W32T].

This element can be set by using the Remote Registry Protocol [MS-RRP].

AnnounceFlags: Shared with the server role in this document (section 3.2.1).

CrossSiteSyncFlags: An unsigned, 32-bit integer that specifies whether cross-site time synchronization is allowed.

The value of the key MUST be equal to one of the following values.

Value

Meaning

"None"

0x00000000

Cross-site time synchronization is not allowed.

"PdcOnly"

0x00000001

Cross-site time synchronization is allowed if the machine is a primary domain controller (PDC).

"All"

0x00000002

Cross-site time synchronization is allowed.

This element is exposed through the Windows registry via the following registry value.

Attribute

Value

Key Location

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient

Name

CrossSiteSyncFlags

Type

REG_DWORD

This element can be set by using the Remote Registry Protocol [MS-RRP].