********************************************************************** Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 5 (40-bit version) September 1999 ********************************************************************** Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. (c)1999 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, and Windows NT, Authenticode, Outlook, Visual Basic, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ====================================================================== HOW TO USE THIS DOCUMENT ====================================================================== This document provides information about Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5 (SP5), as well as answers to questions that you might have. To view Readme.txt in Notepad, maximize the Notepad window. For best viewing, click Edit, and then click Word Wrap. To print Readme.txt, open it in Notepad or another word processor, click the File menu, and then click Print. For best printing results, click Edit, click Set Font, type 9 in the Size box, and then click OK. For a current list of computer and hardware peripherals supported by Windows NT 4.0, see the Windows NT Hardware Compatibility List at: http://www.microsoft.com/hwtest/hcl/ ====================================================================== CONTENTS ====================================================================== 1.0 INTRODUCTION What Is Service Pack 5? List of Fixes in Service Pack 5 Downloading and Extracting the Service Pack 2.0 INSTALLATION INSTRUCTIONS FOR SERVICE PACK 5 Before You Install the Service Pack Service Pack Install Order Documentation Installing the Service Pack Service Pack Uninstall 3.0 USER NOTES Roaming User Profiles Do Not Unload Temp Directories Not Accessible After Applying SP4 Stop Errors Caused by Third-Party Printer Drivers Emergency Repair Disk Adding New Components Installing Symbol Files from the CD Hardware Compatibility with Windows NT 4.0 Compaq Alpha Notes Running Windows NT 4.0 Administrative Tools from a Remote Server CryptoAPI and Authenticode Uninstalling Internet Explorer COM Internet Services Event Log Service Year 2000 Updates Find Files or Folders by Date using Dates Prior to 1980 4.0 ADDITIONAL FIXES AND WORKAROUNDS Installing Windows NT 4.0 on a Windows 2000 Computer Dual Booting Between Versions of Windows NT 4.0 and Windows 2000 NTFS for Windows NT 4.0 Version 4 and NTFS for Windows 2000 Support Updating Audio Drivers Microsoft Proxy Server Client MDAC 2.0 Service Pack 1 Installing Internet Explorer 4 SP2 as a Non-Default Browser Installing Internet Explorer 5.0 Upgrading Internet Explorer 3.0 to Internet Explorer 5.0 Terminal Server Client Carrier Loss Detection 5.0 APPLICATION NOTES CheckIt Diagnostic Kit 4.0 by Touchstone Norton CrashGuard 2.0 for Windows NT Inoculan 4.0 Exceed Microsoft NetMeeting Security and Year 2000 Issues NuMega SoftICE Rational Visual Quantify Version 4 Microsoft IntelliPoint Microsoft Outlook 98 Microsoft Visual Studio 6.0 Internet Explorer 5.0 Internet Explorer 4.0 Microsoft Terminal Server Client 6.0 IF YOU DO NOT HAVE SERVICE PACK 4 New in Service Pack 4 ====================================================================== 1.0 INTRODUCTION ====================================================================== This release of Microsoft Windows NT 4.0 Terminal Server Edition Service Pack 5 (SP5) is easy to apply while Windows NT 4.0 is running. SP5 updates all files that are older than those included in this Windows NT Service Pack. Service Pack releases are cumulative, containing all previous Service Pack fixes and any new fixes created after Service Pack 4. IMPORTANT: We recommend that you stop running any critical services before you apply Windows NT Server 4.0, Terminal Server Edition SP5. For more preinstallation recommendations, see Section 2.1, "Before You Install the Service Pack," later in this document. IMPORTANT: This release of SP5 contains 40-bit encryption. This release is not supported for installation on an existing North American 128-bit installation of Windows NT 4.0. If you install SP5 on a computer with 128-bit encryption, system services might fail to start. If you using a computer manufactured in North America, you may have 128-bit encryption installed. To determine if 128-bit encryption is installed 1. On the desktop, double-click My Computer, click View, and then click Options. 2. On the View tab, click Show all files, and then click OK. 3. Click Start, point to Find, and then click Files or Folders. 4. Search for files named "Rsaenh.dll" on your local hard disks. 5. If the file exists in the System folder in your Windows NT folder, then you have 128-bit encryption support installed. If the file does not exist, you have 40-bit encryption. Installing the 40-bit version of SP5 on a previously existing 128-bit computer will not downgrade all of the encryption in the operating computer, so it is not necessarily change the exportability of the computer. ---------------------------------------------------------------------- What Is Service Pack 5? ---------------------------------------------------------------------- SP5 is a collection of current updates and enhancements to Windows NT Server 4.0, Terminal Server Edition since its release. SP5 is not a required upgrade. If you have deployed or are in the process of deploying a previous Service Pack, you probably need not change your plans. To accommodate customers in this situation, Microsoft provides software updates for critical issues to previous Service Packs. For example, you can continue to obtain year 2000 (Y2K) software updates if you are using SP4. SP5 content is focused on: * Demonstrated customer impact SP5 includes many of the recent updates to Windows NT Server 4.0, Terminal Server Edition. In addition, SP5 has undergone extensive Regression testing. The following is a list of the most frequently requested Windows NT Server 4.0, Terminal Server Edition updates that are included in SP5: - DHCP Server of SP4 Ignores Reservations - Duplicate SCSI Logical Unit (LUN) 0 When LargeLUNs Registry Key Enabled - Secondary WINS query delayed by 1500ms even when primary WINS returns 'na - Using SP4, RCP "host:foo ." fails whereas RCP "host:foo foo" - SP4 systems access the hard disks every five minutes, which interferes with Power Management. * Y2K fixes SP5 provides the latest fixes to known Year 2000 issues in Windows NT Server 4.0, Terminal Server Edition. For more information on SP5 and year 2000 issues, see Section 3.15, "Year 2000 Fixes." For the latest information on year 2000 and Windows NT Server 4.0, Terminal Server Edition, see the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at: http://www.microsoft.com/year2000/ Or, call the Microsoft Year 2000 Readiness Disclosure & Resource Center at 1-888-MSFT-Y2K. * Updates to SP4 issues, including: - Roaming user profiles do not unload - Third-party printer drivers causing blue screens - Reduced heap fragmentation issues which would lead to memory problems. - Eliminated memory fragmentation problem with Critical Sections. - Eliminated a system hang that could occur on multiprocessor systems with multiple memory maps. Eliminated hanging issues when SetSecurityInfo and SetNamedSecurityInfo calls were made during DLLInit time. - Enabled Desktop folders in Explorer windows to retain settings. - Eliminated issues where LPD would stop the printing of multiple copies. - Prevented DNS from converting host names to lowercase. - Prevented GetHostbyName from returning unbound IP RAS addresses. * Euro issues SP5 includes the existing updates for Windows NT 4.0 Euro support. For the most recent information about Windows NT 4.0 and the Euro, see the Microsoft Euro Web site at http://www.microsoft.com/euro/. * Security updates SP5 contains current updates for known Windows NT 4.0 security issues. For the most recent information about Windows NT security, see the Microsoft Security Advisor Web site at http://www.microsoft.com/security/. ---------------------------------------------------------------------- List of Fixes in Service Pack 5 ---------------------------------------------------------------------- To assist customers who are deciding whether to upgrade to SP5, Microsoft provides extensive documentation of the fixes and updates contained in SP5. This documentation gives customers the opportunity to analyze whether the SP5 contents justify the necessary test and deployment resources. This list of affected Service Pack files is available at http://support.microsoft.com/support/kb/articles/Q225/0/37.asp. ---------------------------------------------------------------------- Downloading and Extracting the Service Pack ---------------------------------------------------------------------- If you have downloaded this Service Pack from an FTP site or a Web site, you should read the release notes completely before you extract and install the Service Pack. For this release, these self-extracting program files are also located at the root of the CD. They are WTSAlpha.exe for Alpha processor type computers and WTSi386.exe for Intel processor type computers. After downloading the Service Pack, you'll have a compressed program file on your hard drive. To extract this file and begin the installation process, for example, type WTSi386.exe at the command prompt, or double-click the file in Windows NT Explorer. You can also extract the file into the current folder without launching the installation program by using the command prompt switch /x. (For example, at the command prompt, type WTSi386 /x) ====================================================================== 2.0 INSTALLATION INSTRUCTIONS FOR SERVICE PACK 5 ====================================================================== Carefully read the installation instructions before you install Service Pack 5, since they may have changed from previous Service Packs. ---------------------------------------------------------------------- Before You Install the Service Pack ---------------------------------------------------------------------- Log on to the Terminal Server as administrator and ensure that all other users have logged off before installing the Service Pack. Close all active debugging sessions before installing this Service Pack, otherwise, the Update program is unable to replace system files that are in use. If a file is in use when you install SP5, a dialog box appears prompting you to cancel the installation or skip the file copy. It's recommended you cancel the installation and then uninstall SP5. To do this, run Spuninst.exe, or click Start, point to Settings, click Control Panel, double-click Add/Remove Programs, and then click Uninstall Service Pack 5. Close all active sessions on the computer, and then run Update.exe again to install the Service Pack. Also, to maximize recovery of the computer in the event of installation failure, it's recommended that you do the following before installing SP5: 1. Update the system Emergency Repair Disk by using the Rdisk.exe command with the /s switch. 2. Perform a full backup of the computer, including the registry files. 3. Disable any nonessential third-party drivers and services (that is, drivers and services that aren't required to boot the computer). 4. For non-MS drivers or services contact the original equipment manufacturer (OEM) for the updated versions of the file(s). NEC Versa 6050 or 6200 Series Notebook Computers ---------------------------------------------------------------------- Users of NEC Versa 6050 or 6200 Series notebook computers, with Windows NT version 4.0 preinstalled, should select "Yes" when SP5 Update.exe prompts you to replace the Hal.dll file. SystemSoft Card Wizard ---------------------------------------------------------------------- SystemSoft Card Wizard has not been tested with Terminal Server 4.0. If your computer contains SystemSoft Card Wizard version 2.x or earlier, you must obtain SystemSoft Card Wizard version 3.00.01 or greater before installing Windows NT Server 4.0, Terminal Server Edition Service Pack 5. Otherwise, your operating system may no longer function. For further details, see the SystemSoft Web site at http://www.systemsoft.com/. Advanced Power Management ---------------------------------------------------------------------- Advanced Power Management isn't supported by Windows NT Server 4.0, Terminal Server Edition. As a result, it's recommended that you remove Advanced Power Management features before installing SP5. Power Management Utilities ---------------------------------------------------------------------- Power Management Utilities may not work on Windows NT Server 4.0, Terminal Server Edition SP5. Contact the vendor of your Power Management Utilities for an updated version to work with Windows NT Server 4.0, Terminal Server Edition SP5. ---------------------------------------------------------------------- Service Pack Install Order Documentation ---------------------------------------------------------------------- IMPORTANT: If you are installing Service Packs for multiple Microsoft products, the order in which you install the Service Packs may have an effect on stability. You can view the documentation about the recommended installation order at http://www.microsoft.com/windows/servicepacks/ ---------------------------------------------------------------------- Installing the Service Pack ---------------------------------------------------------------------- To install the Service Pack from the CD 1. Log on to the Terminal Server as administrator and make sure that all other users have logged off. 2. Insert the Service Pack CD into your CD-ROM drive. 3. If a Web page opens in your browser after you insert the CD, click Windows NT Service Pack, and then click Install Service Pack. 4. When you're prompted to open the file Spsetup.bat or save it to disk, click Open, and then follow the instructions that appear. Note: To use the uninstall feature of SP5, you must create an Uninstall folder during the initial installation. 5. If a Web page doesn't automatically open when you insert the CD, open the command prompt window, and change the folder to the drive letter associated with the CD-ROM drive. 6. Change the folder to \I386\Update or \Alpha\Update (depending upon whether you have an x86 or Alpha CPU), and type UPDATE. 7. Follow the instructions that appear. If SP5 doesn't install from the CD after you click Install Service Pack 5 or your browser doesn't automatically display installation instructions when you insert the CD into your CD-ROM drive, start the SP5 installation process manually from the CD. For more information, see "To Install the Service Pack from the CD" earlier in this section. To install SP5 from a network drive 1. Run the command to connect to the network drive that has the SP5 files. 2. Change the drive letter to that of the network drive. 3. Change the folder to \I386\Update or \Alpha\Update (depending upon whether you have an x86 or Alpha CPU), and then type UPDATE. 4. Follow the instructions that appear. Note: It's recommended that you allow Setup to create an Uninstall folder the first time you install SP5. To install SP5 from the Internet Use a Web browser (such as Internet Explorer 3.02 or later) to visit http://www.microsoft.com/ntserver/terminalserver/downloads/recommended /tsesp5/default.asp. Click the Install Service Pack 5 option to install SP5 on your computer. This Web page automatically detects which files need to be updated and then copies the appropriate files to a temporary folder on your computer. It then installs only those files that are needed to update your computer. Note: If you use Web browsers other than Internet Explorer 3.02 or later, you may be unable to install SP5 by using this update method. You can still install SP5 by downloading the entire Service Pack from the Internet onto your computer and running Update.exe locally. You can use installation switches with Update.exe. The following syntax help is available by typing update /?: UPDATE [-u] [-f] [-n] [-o] [-z] [-q] -u Unattended mode -f Force other programs to close at shutdown -n Do not back up files for uninstall -o Overwrite OEM files without prompting -z Do not reboot when installation is complete -q Quiet mode - no user interaction ---------------------------------------------------------------------- Service Pack Uninstall ---------------------------------------------------------------------- This Service Pack contains an uninstall feature that you can use to restore your computer to its previous state. To enable the uninstall option, run Update.exe. A hidden subfolder in your Windows NT folder named $NtServicePackUninstall$ is created. This requires at least 120 megabytes (MB) of free space on the drive on which Windows NT is installed, 60 MB for the uninstall folder, and 60 MB for the Service Pack-updated system files. To uninstall SP5, in Control Panel, double-click the Add/Remove Programs. Select Windows NT Server 4.0, Terminal Server Edition Service Pack 5, and click Add/Remove. If this option isn't available, run Spuninst.exe from the \%systemroot%\$NtServicePackUninstall$ \spuninst\ folder. Note: If you install any programs or services that require SP5 or have fixes contained in SP5, uninstalling SP5 could adversely affect those programs. To uninstall SP5, the drive letter for the boot drive must be the same one used when you installed SP5. If you change the drive letter for the boot drive, you can't uninstall SP5. Uninstalling SP5 won't uninstall new versions of CryptoAPI and SChannel. IMPORTANT: If you plan to install a previous Service Pack after uninstalling SP5, take note of the following important precaution. SP5 modifies the Security Account Manager (SAM) database and the Security database so that older versions of the Samsrv.dll, Samlib.dll, Lsasrv.dll, Services.exe, Msv1_0.dll, and Winlogon.exe files no longer recognize the database structure. Therefore, the uninstall process doesn't restore these files when uninstalling SP5. If you install a prior Service Pack (for example, SP4) after uninstalling SP5, click "No" on the "Confirm File Replace" dialog boxes that prompt you to overwrite Samsrv.dll and Winlogon.exe. If you overwrite the newer files with these older versions, you'll be unable to log on to the computer. Note: If you're reinstalling SP5 after installing new software or hardware, you must choose to create a new Uninstall folder. To retain your ability to return to a bootable configuration, copy the current Uninstall folder to a safe location before running the SP5 installation program. ====================================================================== USER NOTES ====================================================================== This section covers information that is specific to Service Pack 5. ---------------------------------------------------------------------- Roaming User Profiles Do Not Unload ---------------------------------------------------------------------- Terminal Server clients often discover that they have lost configuration settings (such as Outlook settings, icons on the desktop, and so forth) when they log on to a computer running Windows NT Server 4.0, Terminal Server Edition. This problem occurs because the registry key containing the user's SID is not unloaded when the user logs off and is therefore not being updated correctly. A process (Csrss.exe) has a handle to the key open, thereby preventing WINLOGON from unloading the key. The logged-on user's profile is held in the user's SID key under the HKEY_USER registry hive. This registry key is not unloaded when the user logs off. The user profile is not being updated correctly because of this. The following change can also be made to correct the problem: When a user logs off, CSRSS (Winsrv.dll) issues a shutdown notification to all the processes running for this user. A change was made such that CSRSS waits 10 seconds for all the processes to close before allowing WINLOGON to unload the User profile from the registry. This wait interval can be configured using the following the new registry key. To modify this interval: WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD). 1. Start Registry Editor (Regedt32.exe). 2. Go to the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control 3. On the Edit menu, click Add Value, and add the following registry value: Value Name: ProcessTerminateTimeout Data Type: REG_SZ Value: [Time] Where [Time] is in milliseconds (Default: 10000, 10 Sec) (Infinite: -1) (None: 0) 4. Quit Registry Editor. 5. Restart the server to allow the change to take effect. Microsoft does not recommend modifying this value, except in very rare circumstances where it may need to be tuned. For more information, go to the Microsoft Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q234606 ---------------------------------------------------------------------- Temp Directory Not Accessible After Applying SP4 ---------------------------------------------------------------------- After you apply Windows NT Server 4.0, Terminal Server Edition Service Pack 4 (SP4), error messages similar to the following may be displayed: temp directory not accessible This behavior occurs because Terminal Server SP4 does not reset the permissions or delete existing temporary folders that are orphaned after a dirty shutdown. This behavior change was added in SP4 to improve security by preventing new users from viewing work that may have been abandoned by previous sessions because of a dirty shutdown. For more information, go to the Microsoft Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q234029 ---------------------------------------------------------------------- Stop Errors Caused by Third-Party Printer Drivers ---------------------------------------------------------------------- A computer running Terminal Server may crash if multiple Terminal Server users connect to a remote printer and print simultaneously. When a user connects to a remote printer by using Printers in Control Panel or by browsing a print server, the installed printer driver may be incompatible with Terminal Server. The problem is caused by printer drivers unable to handle requests from multiple users at the same time. By default, this fix will allow new printers to be installed only if the drivers for that printer exist in a pre-defined trusted path. This includes printers automatically created for Citrix ICA Client printing, and applies to all users, even administrators. Printers that were installed prior to this Service Pack will continue to function and will continue to be usable by all users. Drivers for many popular printers are preloaded on the system and the path to these drivers will be used by default. How To Add New Printer Drivers ------------------------------ If the administrator finds it necessary to install a new printer that does not have a driver in the trusted path, the following registry modifications must be performed: WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. 1. Start Registry Editor (Regedt32.exe). 2. Go to the following key in the registry: HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers 3. Set the following registry values: Value Name: LoadTrustedDrivers Data Type: REG_DWORD Value: 0 Value Name: EnablePrinterSecurity Data Type: REG_DWORD Value: 0 6. Quit Registry Editor. 7. Restart the server to allow the change to take effect. The administrator will now be able to install the new printer drivers on the system. Once installed these drivers will allow all users to add printers based on these drivers. IMPORTANT: The administrator should first make sure that newer printer drivers are compatible with Terminal Server. The administrator should ask multiple users to install and use the drivers in a test environment prior to the drivers' installation on production servers. After the needed drivers have all been installed, the administrator should return the registry values back to the default settings: Value Name: LoadTrustedDrivers Data Type: REG_DWORD Value: 1 Value Name: EnablePrinterSecurity Data Type: REG_DWORD Value: 1 The server should then be restarted to allow the change to take effect. How To Disable The New Print Driver Policy ------------------------------------------ To completely disable this new behavior and allow all users to install printer drivers, set the following registry values under the key: HKLM\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\Servers Value Name: EnablePrinterSecurity Data Type: REG_DWORD Value: 0 And delete these values: Value Name: LoadTrustedDrivers Value Name: AddPrinterDrivers Note: You need to restart the system in order for these registry changes to take effect. For more information, go to the Microsoft Knowledge Base at: http://support.microsoft.com/support/ and search for KB article Q238070. ---------------------------------------------------------------------- Emergency Repair Disk ---------------------------------------------------------------------- If you use the Windows NT Emergency Repair Disk to repair your Windows NT 4.0 computer, Windows NT requires you to supply the original Windows NT Server 4.0, Terminal Server Edition media at some time after you install SP5. This means you'll need to reinstall SP5 after the repair is completed because the Emergency Repair Disk repairs your computer by restoring your original Windows NT Server 4.0, Terminal Server Edition system files. After the repair is complete, follow the Installation Instructions (see Section 2.0) to reinstall SP5. For more information on using the Windows NT Emergency Repair Disk utility, go to the Microsoft Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q146887. Note: To use the Emergency Repair Disk utility, you must have the updated version of Setupdd.sys which comes with SP5. To update your version of Setupdd.sys, copy Setupdd.sys from the Service Pack to your Windows NT 4.0 Setup Disk 2 from the original product media. This replaces the older version of Setupdd.sys with the updated version. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q158423. ---------------------------------------------------------------------- Adding New Components ---------------------------------------------------------------------- If you change or add new software or hardware components to your computer after you install SP5, you'll need to install SP5 again. This is because the files included on the original Windows NT 4.0 media may not be the same as the files on the Service Pack CD. You can't install new components, such as a new keyboard or printer driver, directly from the Service Pack media. You must install new components from the original product media and then reinstall the Service Pack. For example, if you install the Simple Network Management Protocol (SNMP) service after installing SP5, you'll need to reinstall the Service Pack. Otherwise, you'll receive the message "Entrypoint SnmpSvcGetEnterpriseOID could not be located in Snmpapi.dll." This informs you that some of the files in the SNMP service have been updated in SP5 and that you have a version mismatch. Reinstalling SP5 fixes the problem by copying the newer versions of the files onto your computer. Note: Simple Network Management Protocol (SNMP) security provides the ability to set a permission level on the SNMP agent computer. The permission level determines how the SNMP agent computer processes requests from an SNMP community. ---------------------------------------------------------------------- Installing Symbol Files from the CD ---------------------------------------------------------------------- Each program file in Windows NT 4.0 has a corresponding symbol file that is helpful in diagnosing application and computer crashes. Symbol files are used in conjunction with a debugger and are not required proper operation of your computer. The symbols for SP5 files are compressed in self-extracting program files named Sp5symi.exe for Intel and Sp5syma.exe for Alpha-based computers. To install the symbol files corresponding to the new binaries in SP5, run the executable file, and, when prompted, specify the path to the location of the previous version's symbols (for example, C:\WTSRV\Symbols\). This command copies the SP5 .dbg files over the existing versions of these files. For more information about debugging in Windows NT, see Chapter 39, "Windows NT Debugger," in the Microsoft Windows NT 4.0 Workstation Resource Kit. ---------------------------------------------------------------------- Hardware Compatibility with Windows NT 4.0 ---------------------------------------------------------------------- Video Drivers ---------------------------------------------------------------------- Due to incompatibilities between the ATIRage drivers and Service Pack setup, the files Ati.sys and Ati.dll are not included with SP5. Any ATI drivers currently installed on your computer still function normally. If you install SP5 over a previous Service Pack on a computer that has a Number Nine Visual Technologies Imagine 2 video card and drivers installed, you may experience some loss of functionality in the video driver, such as loss of any resolutions requiring 256 or more colors. If you uninstall SP5 and revert to SP3, the Imagine 2 card may be unable to display 256 colors or higher. There is no known resolution for either of these two issues because reinstalling the Imagine 2 video drivers doesn't restore the lost functionality. Number Nine is aware of this issue and is working on a fix. Support for 255 SCSI Logical Unit ---------------------------------------------------------------------- Windows NT 4.0 detects only the first eight logical units on a SCSI device. To work around this limitation, install SP5 and add the following key in the registry: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \[Driver Service Key]\Parameters\Device[N] LargeLuns: REG_DWORD: 0x1 where [Driver Service Key] is your SCSI driver name and [N] is the SCSI bus number. ---------------------------------------------------------------------- Compaq Alpha Notes ---------------------------------------------------------------------- Alpha-based Fixes and Enhancements ---------------------------------------------------------------------- The following sections describe fixes and enhancements to Alpha-based computers since the release of Windows NT Server 4.0, Terminal Server Edition. Many of these fixes and enhancements are in the Hardware Abstraction Layer (HAL). SP5 ships with the latest version of HAL (revision E). This version is also available from Compaq as HAL V4.0 OEM revision E. IMPORTANT: If your computer has a Compaq KZPSA SCSI controller, revision E of HAL requires that you upgrade your DECKZPSX disk driver to V1.51 or later. Installing SP5 automatically installs the correct driver. Computer Hangs on Alpha Systems with Only One Processor Physically Present The following Alpha-based computers with only one processor physically present no longer hang when booted: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 Clock Interrupt Period Changed from 7.5 microseconds to 10 microseconds In Windows NT 4.0 SP5, the effective clock interrupt period on the following computers was changed from 7.5 microseconds to 10 microseconds: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 This change provides parity with Intel-based computers and alleviates performance anomalies caused by assumptions of 10 microseconds for the resolution for timers (which are equal to the clock interrupt period). Pyxis Error Registers HAL Revision D, which ships with Windows NT 4.0 SP5, supports updated Pyxis error registers, which provide more meaningful information during hardware crashes. Peer-to-Peer DMA Transfers This Service Pack, together with the current AlphaBIOS firmware, now allows peer-to-peer DMA transfers. PCI Devices with 256 MB of Memory or Greater The following Alpha platforms now support PCI devices with 256 MB of memory or greater for memory-mapped I/O: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Compaq Server 3000 AlphaStation 600 AlphaStation 500 Alpha XL 3xx Alpha Computers That Used to Hang When Rebooting The following computers no longer hang during reboot: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 I/O Performance Degradation or a Hung Computer Under Heavy I/O Loads On Alpha-based computers with heavy I/O loads, certain device drivers consumed too many DMA map registers. This sometimes caused poor I/O performance or a hung computer. SP5 allows a greater number of DMA map registers. Crashes to Alpha-Based Computers with STOP Code 0x0A Minor "Correctable" Hardware errors no longer generate crashes with STOP code 0x0A on the following computers: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Compaq Server 3000 AlphaStation 600 AlphaStation 500 AlphaStation 600A Alpha XL 3xx Improved Support for AlphaServer 4x00 and 1200 Computers HAL and system error-logging software allow these computers to store hardware fault data in the system event log for subsequent retrieval and analysis by service engineers or higher-level fault analysis software. HAL Prevents Disk Corruption on AlphaServer 2100 5/xxx Computers I/O errors no longer cause disk corruption on these computers. Crash Dumps can Complete without Hanging the Computer Parameter checking in IoFllushAdapterBuffer() allows for Diskdump.sys. This workaround allows crash dump operations to complete without hanging the computer. HAL Traps VGA-mode Blue Screen Text HAL can trap VGA-mode blue screen text so that support engineers can get it from crash dump files by using kernel debuggers. AlphaServer 1000A 5/xxx Computers Allow Disabled Warm Restarts To support Microsoft Cluster Server, you can disable warm restarts on these computers. In AlphaBIOS V5.68, you disable warm restarts in CMOS Setup, Advanced Settings. Enhanced AlphaServer 2000, 2100, and 2100A Computers These computers avoid using bit 31 in DMA addresses and run when CPU slots are skipped. Running UPDATE.EXE in Unattended Setup Mode (-u) To run UPDATE.EXE in unattended Setup mode by using the -u flag, you must also use the -o flag to ensure that OEM-supplied files are updated. If you don't use the -o flag, files such as HAL and disk miniport drivers are not updated. ---------------------------------------------------------------------- Running Windows NT 4.0 Administrative Tools from a Remote Server ---------------------------------------------------------------------- To run administrative tools from a remote server, you must upgrade the remote server to SP5. If you try to run administrative tools from a remote computer that hasn't also been upgraded to SP5, they may fail to load or not function properly. ---------------------------------------------------------------------- CryptoAPI and Authenticode ---------------------------------------------------------------------- The Authenticode environment won't be set up correctly for existing user accounts on upgrades from Windows NT 4.0 computers running Internet Explorer 3.02. This doesn't affect new user accounts created on the computer. Also, upgrades from Windows NT 4.0 computers with Internet Explorer 4.0 or later aren't affected. Users need to enter the following command line in a command prompt window before they use Authenticode: setreg 1 false 2 true 3 false 4 false 5 true 6 false 7 true 8 false 9 false 10 false Setreg.exe isn't part of SP5; you can download it as part of the CryptoAPI tools. You can install the latest CryptoAPI tools (Internet Explorer 4.0 or later) from the Platform SDK on MSDN. The CryptoAPI tools (also known as Authenticode Signing tools) that were released for Internet Explorer 3.02 are no longer supported. Tools released for Internet Explorer 4.0 continue to work with SP5. To ensure proper CryptoAPI functionality, it's recommended that you install Internet Explorer 3.02 or later before you install SP5. The following is a list of known problems when Internet Explorer 3.02 or later is installed after SP5: * Certain CryptoAP2 networking functions depend on Wininet.dll and may fail if Wininet.dll isn't on the computer. To work around this, install Internet Explorer 3.02 or later before installing SP5. * Certain CryptoAPI-related file extensions (.cer, .crt, and .der) aren't registered correctly when Internet Explorer 4.0 is installed after SP5. To restore the file extension registration, run the following command line: Regsvr32.exe cryptext.dll This is fixed in Internet Explorer 5. ---------------------------------------------------------------------- Uninstalling Internet Explorer ---------------------------------------------------------------------- On a computer that had Internet Explorer 4.0 or later installed and then had SP5 applied, uninstalling Internet Explorer partially removes newer CryptoAPI components. Reinstall SP5 after uninstalling Internet Explorer. This problem doesn't affect the computer if Internet Explorer was installed after SP5. ---------------------------------------------------------------------- COM Internet Services ---------------------------------------------------------------------- COM Internet Services has not been fully tested on Terminal Server 4.0. The only COM mode Terminal Server 4.0 supports is run as activator. Additionally, the Terminal Server can only hold the role as a COM Client or a COM Server, not both roles simultaneously. Installing COM Internet Services ---------------------------------------------------------------------- COM Internet Services (CIS) provides facilities for making DCOM calls over the Internet when other transports can't be used due to a firewall on the server side or a proxy server on the client's network. There are three configuration options for CIS: * Windows 95 or Windows 98 CIS Client Support * Windows NT 4.0 SP5 and Windows 2000 CIS Client Support * Windows NT 4.0 SP5 and Windows 2000 CIS Server Support This section explains how to install CIS on computers running Windows NT 4.0 SP5. If possible, you should start with client and server computers that aren't separated by either proxy servers or firewalls. Once you have verified that this configuration works correctly, you can add proxy servers or firewalls to the configuration. Windows NT 4.0 SP5 CIS Client Support ---------------------------------------------------------------------- For Windows NT 4.0, CIS requires that SP5 be installed on your Windows NT Server 4.0 computer. To enable CIS, you need to add the Tunneling TCP protocol to the DCOM protocol list. You can modify the protocol list by running DCOMCNFG: 1. Select the Default Protocols tab. 2. Use the Add button to add Tunneling TCP/IP. 3. Restart the computer for this change to take effect. If multiple protocols are configured, DCOM tries to use them in the order in which they appear in the DCOM protocol list. CIS also requires that Internet Information Server 4.0 (including the Internet Service Manager) be running. IIS 4.0 is part of the Windows NT 4.0 Option Pack. To add the Tunneling TCP protocol to the DCOM protocol list 1. Create an RPC subfolder under your Inetpub folder. For example, at the command prompt, type md c:\inetpub\rpc This folder is referred to as %inetpub%\rpc in the following steps. 2. Copy Rpcproxy.dll from the Windows system folder to %inetpub%\rpc. For example, at the command prompt, type copy %windir%\system32\rpcproxy.dll c:\inetpub\rpc 3. Create a virtual root for the folder you created. To do this: * Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Server Manager. * In the left pane of the MMC window, select Console Root/IIS/ /Default Web Site. * Right-click Default Web Site, click Create New, and then click Virtual Directory. * In the New Virtual Directory wizard, enter the following: alias to be used to gain access to virtual directory = rpc physical path = %inetpub%\rpc permissions = Execute Access 4. Don't close Internet Service Manager. Change the connection timeout for the Default Web Site to 5 minutes. To do this: * In the left pane of the MMC window, select Console Root/IIS / /Default Web Site. * Right-click Default Web Site, and then click Properties. * In the Default Web Site Properties dialog box, select the Web Site tab. * Change the Connection Timeout to 300. * Click OK. Do not close Internet Service Manager. * Install the RPC Proxy ISAPI Filter. To do this, run the IIS 4.0 Internet Service Manager, select Console Root/IIS/ in MMC, right-click the computer name, click Properties, select Edit for the Master WWW Service Properties, select the ISAPI Filters tab, select Add, and then type: filter name = Rpcproxy executable = %inetpub%\rpc\rpcproxy.dll 5. Close Internet Service Manager now. 6. Enable CIS on the server. You do this by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Properties tab. * Make sure the check box labeled Enable COM Internet Services on this computer is checked. Don't close DCOMCNFG. 7. Add the Tunneling TCP protocol to the protocol list. You can modify the protocol list by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Protocols tab. * Use the Add button to add Tunneling TCP/IP. * Close DCOMCNFG. 8. Restart your computer for these changes to take effect. Notes on Proxy Servers ---------------------------------------------------------------------- If your Terminal Server is located behind a proxy server, you need to ensure that: * The proxy server is configured to enable the HTTP CONNECT verb for port 80. * Your client computer is correctly configured to use the proxy server to gain access to the World Wide Web. To configure your client to use the proxy server, use the Internet control panel. Notes on Firewalls ---------------------------------------------------------------------- CIS requires that the firewall let TCP/IP traffic through on port 80. ---------------------------------------------------------------------- Event Log Service ---------------------------------------------------------------------- SP4 introduced new features in the Event Log Service to assist administrators in measuring the reliability and availability of Windows NT 4.0. When running SP4 or later, the SP5 Event Log Service records the following three new events in the system event log that are useful in measuring operating system availability: Clean Shutdown Event (Event ID: 6006) ---------------------------------------------------------------------- The Event Log Service records a clean shutdown event whenever an operating system shutdown is initiated. Several mechanisms can initiate a clean shutdown: * Direct user interaction using the Shut Down screen * Shutdown/Restart using CTRL+ALT+DELETE * Shutdown/Restart using the Start Menu * Shutdown/Restart using the Logon screen Clean shutdowns are also recorded if one of the following shutdown events happens programmatically: * InitiateSystemShutdown WIN32 API (local) or * InitiateSystemShutdown WIN32 API (remote). Dirty Shutdown Event (Event ID: 6008) ---------------------------------------------------------------------- The Event Log Service records a dirty shutdown event whenever the operating system is shut down by a mechanism other than a clean shutdown. This most commonly occurs when the computer is power-cycled; that is, you stop Windows NT 4.0 by powering off the computer. The event is recorded upon the subsequent reboot. While Windows NT 4.0 Server is running, the computer periodically writes a time stamp to the registry. This time stamp always overwrites the "last alive" time stamp from the previous interval. When the "last alive" time stamp is written, it's also flushed to disk. A normal, clean shutdown is also flagged in the registry. If the clean shutdown flag isn't found on disk when an SP5 computer reboots, a dirty shutdown event is recorded. The description part of the event contains the "last alive" time stamp. The "last alive" time stamp is written to the registry at a default interval of five minutes to HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability \LastAliveStamp. Adding the registry DWORD value TimeStampInterval can change the interval. This value is in units of minutes. Setting it to zero prevents any "last alive" time stamp logging. Only the boot and normal shutdown stamps are written in that case. System Version Event (Event ID: 6009) ---------------------------------------------------------------------- The Event Log Service records a system version event containing the operating system version information whenever the computer is booted. This record makes it easier to post-process Windows NT system event logs by operating system version. Note: Prior to SP5, the recording of operating system crashes in the event log (Save Dump events) was optional. By default, crash events were recorded, but a system administrator could disable this behavior in the System control panel by clearing "Write an event to the system log when a STOP error occurs" on the Startup/Shutdown tab. In SP5, the recording of crashes in the event log is mandatory for Windows NT Server and can't be disabled by an administrator. ---------------------------------------------------------------------- Year 2000 Updates ---------------------------------------------------------------------- SP4 and SP5 contain updates for known Year 2000 issues for Windows NT 4.0: * BIOS Date Value Does Not Immediately Update on January 1, 2000 * NET USER /TIME does not work beyond the year 2000 * Can't input 00 as year in document properties of Office file * System Command Line Shows the Wrong Date * Terminal Server License Service May Not Start on 2/29/2000 * The User Manager and User Manager for Domains recognize the year 2000 as a leap year. * The Date/Time Control Panel applet can update the system clock. * Find Files supports only numeric character recognition in the decades field. * Word document properties recognize both 1900 and 2000 as valid centuries and support four-digit years. * The Dynamic Host Configuration Protocol (DHCP) administrators' program supports displaying the years 2000 through 2009 with a minimum of two digits. SP5 is not required for Year 2000 Compliance. Microsoft is committed to maintaining SP4, SP5, and future Service Packs as Year 2000 compliant. To determine if you have any additional components installed which need to be updated, see the Year 2000 Readiness Disclosure & Resource Center Web site at: http://www.microsoft.com/year2000/ or call 1-888-MSFT-Y2K. The Microsoft Year 2000 Product Analyzer scans a hard or network drive to report the Year 2000 compliance levels of Microsoft products and if updates are required, the report provides links to product-specific update information. You can download the Microsoft Year 2000 Product Analyzer at the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at http://www.microsoft.com/year2000/. For the latest Year 2000 information regarding Microsoft products, visit the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at http://microsoft.com/year2000/. You can also call toll-free 1-888-MSFT-Y2K within the United States or contact your local Microsoft subsidiary. ---------------------------------------------------------------------- Find Files or Folders by Date using Dates Prior to 1980 ---------------------------------------------------------------------- Find Files or Folders by Date does not properly search for files dated prior to 1980. The Find Files or Folders utility is accessible from the Start menu. If finding files by date using a date range prior to 1980, no files will be listed. If searching for files within a date range that spans 1980, all files are listed. Searching on files dated 1980 through 2035 works correctly. You will not encounter this problem if using the Internet Explorer 4.0 Desktop Update. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q229313. ====================================================================== 4.0 ADDITIONAL FIXES AND WORKAROUNDS ====================================================================== This section contains additional fixes and workarounds for Service Pack 5. ---------------------------------------------------------------------- Installing Windows NT 4.0 on a Windows 2000 Computer ---------------------------------------------------------------------- When installing Windows NT 4.0 on a computer that has a Windows 2000 beta or later installed, Setup may continuously restart at the boot menu after the initial text-mode phase of Windows NT 4.0 Setup. The updated Winnt32.exe in the Support\Winnt32 folder allows you to install Windows NT 4.0 on a computer already running Windows 2000. To update the Winnt32.exe 1. Obtain the Support\Winnt32\Winnt32.exe file from Windows NT 4.0 SP5 and copy the file to a folder on your hard disk, or double-click the file on the SP5 CD. 2. When you are prompted for the location of the Windows NT 4.0 files, supply the path to the \I386 folder or \Alpha on the Terminal Server 4.0 CD. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q185322. After Windows NT 4.0 is installed 1. Apply SP5. 2. Copy NTLDR and NTDETECT.COM from the Windows 2000 CD to the root of the system drive. Note: To use this installation method, your installation partition must be formatted with the FAT file system. ---------------------------------------------------------------------- Dual Booting Between Versions of Windows NT 4.0 and Windows 2000 ---------------------------------------------------------------------- If you dual-boot your computer to run both Windows NT 4.0 and Windows 2000, each installation or instance of Windows NT must have a unique computer name. Note: These unique names are required only if your dual-boot computer is on the same Windows NT domain. ---------------------------------------------------------------------- NTFS for Windows NT 4.0 Version 4 and NTFS for Windows 2000 Support ---------------------------------------------------------------------- There are two recent versions of Windows NT File System (NTFS): * One supported by both Windows NT 3.51 and Windows NT 4.0 * One supported by Windows 2000 This Service Pack contains an updated version of NTFS.sys that can also read NTFS Version 5 volumes created in NTFS for Windows 2000. Note: The following scenarios don't support dual-booting: * Pre-Windows NT 4.0 SP3 installations. * Windows NT 3.51 or earlier installations. The following features of Windows 2000-supported NTFS can't be accessed from SP5, even with the updated NTFS.sys: * Release points (also called mount points or junction points) * Native Structured Storage (NSS) files * Encrypting File System (EFS) * Disk Quotas Attempts by Windows NT 4.0 SP5 users or programs to access release points or NSS files created on NTFS for Windows 2000 drives with a Windows 2000 installation fail, usually with an "access denied" error. Antivirus programs may report to the user (by log file, popup dialog, or both) when a file can't be accessed. These programs may report their failure to access NSS files with extensions that the programs are set to scan. Archiving programs can't add NSS files to an archive, and the archiving might be reported as an error. Backup programs won't back up NSS files or release points as expected. The programs may log the failures as either "file in use" or "file not available." Some backup programs fail when they try to verify folders that contain NSS files during the backup process. When you mount a Windows 2000-supported NTFS volume under Windows NT 4.0 SP5, NTFS for Windows 2000 features are unavailable, and chkdsk can't be performed against the volume. However, most read/write operations function normally if they don't make use of any NTFS for Windows 2000 features. Also, since files can be read and written on Windows 2000-supported volumes under Windows NT 4.0, Windows 2000 may need to perform "clean-up" operations by running chkdsk on the volume after it's mounted on Windows NT 4.0. These clean-up operations ensure that the NTFS for Windows 2000 data structures are consistent after a Windows NT 4.0 mount operation. ---------------------------------------------------------------------- Updating Audio Drivers (Console only) ---------------------------------------------------------------------- If you aren't receiving audio from a Crystal Semiconductor audio chip or a Creative Labs Sound Blaster AWE32 Plug and Play Wavetable Synthesizer, you may need to install the updated drivers for these devices. For detailed information on updating these drivers, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q143155. ---------------------------------------------------------------------- Microsoft Proxy Server 1.0 Client ---------------------------------------------------------------------- Installing SP5 on a computer running Windows NT 4.0 Terminal Server with Microsoft Proxy Server 1.0 client installed disables the WinSock Proxy Client component. As a result, programs that access the Internet and depend on the Proxy client may not be able to gain access to the Internet. To correct the problem, reinstall the Proxy Server Client component after you install SP5. It's recommended that you uninstall the Microsoft Proxy Client before installing SP5. After you install SP5, you can reinstall the Proxy Client. ---------------------------------------------------------------------- MDAC 2.0 Service Pack 1 ---------------------------------------------------------------------- If you install MDAC 2.0 or later after installing SP5, the ODBC Help file Obdcinst.hlp does not match MDAC 2.0's. This is because the ODBC Help File installed by SP5 has the SP5 file date. To work around this, before installing MDAC, delete the file Odbcinst.hlp. If you've already installed MDAC, delete the Odbcinst.hlp and reinstall MDAC. For detailed information on updating MDAC components, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q216149. ---------------------------------------------------------------------- Installing Internet Explorer 4 SP2 as a Non-Default Browser ---------------------------------------------------------------------- You can install Microsoft Internet Explorer without adding the Internet Explorer icon to the desktop and the system file associations that make Internet Explorer the default browser. To do this, use the IE4SETUP.EXE command below from either a command line or the Run dialog box. This command changes the Internet Explorer installation to not add the Internet Explorer icon to the desktop or to change the system file associations to make Internet Explorer the default browser. Note: You should be logged on as an administrator on the console and put the server into application install mode before executing the setup program. It may be necessary to run the msie40.cmd application compatibility script before users logon and use IE4. IE4SETUP.EXE /C:"ie4wzd /S:""#e"" /X /R:N /Q:A /m:0" For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q224088. ---------------------------------------------------------------------- Installing Internet Explorer 5.0 ---------------------------------------------------------------------- If you chose to have Internet Explorer 4.0 setup automatically during the Terminal Server 4.0 installation, you should install SP5 before installing Internet Explorer 5.0. Failure to do so, may result in new users experiencing an error: "RUNDLL:An exception occurred while trying to run SIGNUP" during their first logon attempt. Only the "Typical" and "Minimal" installations of Internet Explorer 5.0 are supported on Terminal Server. Any additional IE5 components added may result in access errors when users logon. ---------------------------------------------------------------------- Upgrading Internet Explorer 3.0 to Internet Explorer 5.0 ---------------------------------------------------------------------- Upgrading Internet Explorer 3.0 installed on a Terminal Server to Internet Explorer 5.0 may result in loss of settings and error messages for existing users. This can be avoided by first upgrading to Internet Explorer 4.01 SP2, which can be done by running the ieinst.bat file contained on this Service Pack CD. ---------------------------------------------------------------------- Terminal Server Client Carrier Loss Detection ---------------------------------------------------------------------- It is possible that Terminal Server Clients that have been disconnected may remain in an active state. Introduced in Service Pack 4 was the ability to allow the "keep alive" mechanism to time out and disconnect sessions that do not respond in a set period of time. For a full description of the problem and how to enable the workaround, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q216783. ====================================================================== 5.0 APPLICATION NOTES ====================================================================== This section includes program notes for Service Pack 5. ---------------------------------------------------------------------- CheckIt Diagnostic Kit 4.0 by Touchstone ---------------------------------------------------------------------- The CheckIt Diagnostic Kit version 4.0 won't have full functionality when you install it onto any version of Windows NT. This has not been tested for compatibility with Terminal Server 4.0. ---------------------------------------------------------------------- Norton CrashGuard 2.0 for Windows NT ---------------------------------------------------------------------- To run when the computer is rebooted, Norton CrashGuard 2.0 for Windows NT needs to be installed by a user with administrative privileges. This has not been tested for compatibility with Terminal Server 4.0. ---------------------------------------------------------------------- Inoculan 4.0 ---------------------------------------------------------------------- The Inoculan version 4.0 Service Pack 2, with build number 373 or higher, is fully compatible with SP5. The Inoculan version 4.0 Service Pack 1 with build 270 causes Windows NT 4.0 bugcheck when you apply SP5. This has not been tested for compatibility with Terminal Server 4.0. You can download the Inoculan SP2A build 375 (il0145i.zip) from the Computer Associates Web site at http://www.cai.com/. ---------------------------------------------------------------------- Exceed ---------------------------------------------------------------------- If you use Exceed Inetd.exe to provide basic telnet services in Windows NT 4.0, see the Hummingbird Software Web site at http://www.hummingbird.com/ for an update. The version that ships with Exceed doesn't work with SP5. This has not been tested for compatibility with Terminal Server 4.0. ---------------------------------------------------------------------- Microsoft NetMeeting Security and Year 2000 Issues ---------------------------------------------------------------------- This has not been tested for compatibility with Terminal Server 4.0. Security ---------------------------------------------------------------------- NetMeeting 2.1 is vulnerable to hostile speed-dial objects that can cause NetMeeting to stop responding. Consequently, the computer's memory is exposed and may be intentionally corrupted. To work around this, download the Speed Dial patch from the NetMeeting Web site at http://www.microsoft.com/netmeeting/. Year 2000 ---------------------------------------------------------------------- When you transfer a file with a system date greater than 2000, the received file date is increased by 28 years. To work around this, download NetMeeting version 2.1 (or later) at http://www.microsoft.com/netmeeting/. ---------------------------------------------------------------------- NuMega SoftICE ---------------------------------------------------------------------- This has not been tested for compatibility with Terminal Server 4.0. If you try to install SP5 but aren't using the latest version of SoftICE, version 3.24, a message appears stating that Windows has detected a version of SoftICE that isn't supported. You can register and download the latest version of SoftICE from the Compuware NuMega Web site at http://www.numega.com/support/updates.htm. Earlier revisions of the SoftICE software cause system errors when you install SP5. SoftICE version 3.24 is a no-charge update for registered version 3.2 customers. If you have a 3.2 or earlier version of SoftICE, contact the Compuware sales department at 1-800-4NUMEGA (or 1-603-578-8400) to purchase an upgrade. ---------------------------------------------------------------------- Rational Visual Quantify Version 4 ---------------------------------------------------------------------- This has not been tested for compatibility with Terminal Server 4.0. If you install SP5 on a computer with Rational Visual Quantify version 4 installed, you may receive .dll error messages. To work around this, reinstall Rational Visual Quantify after you install SP5. ---------------------------------------------------------------------- Microsoft IntelliPoint ---------------------------------------------------------------------- If you receive an access violation message from IntelliPoint Productivity Tips (Tips.exe) when you start Windows NT 4.0 SP5, we recommend that you install the latest version of IntelliPoint software, available from the Microsoft Web site at http://www.microsoft.com/products/hardware/mouse/. ---------------------------------------------------------------------- Microsoft Outlook 98 ---------------------------------------------------------------------- SP5 includes a new Uninstall script for Outlook 98. The script, located at: %systemroot%\application compatibility scripts\uninstall\Uoutlk98.cmd should be run if Outlook 98 is uninstalled from the Terminal Server. ---------------------------------------------------------------------- Microsoft Visual Studio 6.0 ---------------------------------------------------------------------- SP5 includes a new application compatibility script for Visual Studio 6. The script, located at: %systemroot%\application compatibility scripts\install\vs6.cmd should be run after Visual Studio 6.0 is installed and before any users logon. To insure proper installation of Visual Studio 6.0, Internet Explorer 4.01 SP2 or later should be installed and working correctly on the Terminal Server before installing Visual Studio 6.0. ---------------------------------------------------------------------- Internet Explorer 5.0 ---------------------------------------------------------------------- Only the "Typical" and "Minimal" installations of Internet Explorer 5.0 are supported on Terminal Server. Any additional IE5 components added may result in access errors when users logon. ---------------------------------------------------------------------- Internet Explorer 4.0 ---------------------------------------------------------------------- Only the "Standard" and "Browser Only" installations of Internet Explorer 4.0 are supported on Terminal Server. Any additional IE4 components added may result in access errors when users logon. ---------------------------------------------------------------------- Microsoft Terminal Server Client ---------------------------------------------------------------------- SP5 includes an update to the Microsoft Terminal Server Client. All computers using the Terminal Server Client should be upgraded to this new version. This can be done by creating new installation diskettes from a Terminal Server that has SP5 installed and then using these new disks to reinstall the client. ====================================================================== 6.0 IF YOU DO NOT HAVE SERVICE PACK 4 ====================================================================== If you did not install SP4, the following section summarizes the new features that were introduced in SP4. If you're already familiar with SP4, you can skip this section. ---------------------------------------------------------------------- New in Service Pack 4 ---------------------------------------------------------------------- Active Accessibility Support ---------------------------------------------------------------------- Microsoft Active Accessibility (MSAA) is a COM-based standard method by which a utility program interacts with a program's user interface (UI). Using MSAA programs can expose all UI elements and objects with standard properties and methods. SP4 and SP5 includes five new application programming interfaces (APIs). These new APIs include: * GetGUIThreadInfo * GetAncestor * RealChildWindowsFromPoint * RealGetWindowClassA * RealGetWindowClassW This has not been tested for compatibility with Terminal Server 4.0. DCOM/HTTP Tunneling ---------------------------------------------------------------------- This update allows DCOM client/server communication to cross firewalls over the HTTP protocol port. The new protocol "Tunneling TCP" is used like other DCOM protocols. The new moniker type OBJREF is passed in HTML to the client. The benefits of Tunneling TCP include high performance, use of existing open ports in the firewall, and control of client access for proxy administrators. For more information, see the Microsoft COM Web site at http://www.microsoft.com/com/. For instructions on installing Tunneling TCP, see Section 3.12.1, "Installing COM Internet Services." This has not been tested for compatibility with Terminal Server 4.0. Euro Key Patch ---------------------------------------------------------------------- The Euro Key Patch is an update to include the new European "Euro" currency symbol. The update supplies the core fonts (Arial, Courier New, and Times New Roman) and the keyboard drivers. Internet Group Management Protocol (IGMP) version 2 ---------------------------------------------------------------------- IGMPv2 allows a computer to inform the router that it's leaving a group. This update enables the router to determine if there are no more members in a group and then executes a command to stop forwarding mcast packets on to the link. This update is useful when users are frequently joining and leaving groups. This has not been tested for compatibility with Terminal Server 4.0. Microsoft File and Print Service for NetWare (FPNW) Support for Client32 ---------------------------------------------------------------------- Microsoft File and Print Service for NetWare permits the Windows NT 4.0 Server to act as a NetWare 3.X Server and is able to process file and print requests from NetWare clients without changing or updating the NetWare client software. SP4 and SP5 provide an update that allows Windows NT 4.0 to support NetWare's Client32. This update installs only on those computers that have the FPNW service already installed. This has not been tested for compatibility with Terminal Server 4.0. Proquota.exe ---------------------------------------------------------------------- The Proquota.exe utility can be set up to monitor the size of users' profiles. If an individual user's profile exceeds the predetermined file limit, the user won't be able to log off of the computer until the user reduces the size of the file. This has not been tested for compatibility with Terminal Server 4.0. Remote Winsock (DNS/Port 53) ---------------------------------------------------------------------- Proxies or firewalls often disable the Domain Name System (DNS) port number 53 in order to deter external sites from querying the internal DNS structure. As a result, inbound response packets sent on port 53 can't be received. SP4 and SP5 provide a solution to change the Windows NT DNS server port number and configure it to use a different port number when you are connecting outbound. To enable this feature, the registry value "DWORD" is created. Locate \services\dns\parameters\SendOnNonDnsPort and set the key to a non-zero value to go off port 53. If the value is less than 1024, the server can use any port number. If the value is greater than 1024, the server uses the port number specified. This has not been tested for compatibility with Terminal Server 4.0. Remote Procedure Calls (RPC) Enhancements for Visual Basic (VB) ---------------------------------------------------------------------- This release provides RPC enhancements for VB. In VB, a User Data Type (UDT) is added, allowing the TypeLib arrangement of structures. New user interfaces, IRecordInfo, provide UDT information and a UDT field for the Access Database. This has not been tested for compatibility with Terminal Server 4.0. Routing Information Protocol (RIP) Listener ---------------------------------------------------------------------- This has not been tested for compatibility with Terminal Server 4.0. If you use RIP Listener on a computer running Windows NT 4.0, you can use SP4 or 5 to update this component. If you want to install RIP Listener after you apply SP5, use the following procedure. To install the RIP Listener 1. Insert the SP5 CD into the CD-ROM drive and change to the \I386 (or \Alpha) folder. 2. Copy Oemnsvir.srv to D:\\System32 \Oemnsvir.inf. 3. Click Start, point to Settings, and click Control Panel. Double-click Network, and on the Services tab, click Add. 4. In Network Service, select RIP for Internet Protocol, and then click OK. 5. In the Windows NT Setup dialog box, type the path for the location of the SP5 files, and click OK. Visual Studio-MICS ---------------------------------------------------------------------- SP4 and SP5 include an update to Visual Studio called Visual Studio Analyzer Events. Visual Studio Analyzer Events provides a graphical representation of high-level behaviors and their solutions. Use Visual Studio Analyzer Events to view graphically simple tables of event logs, the computer's performance, and Windows NT Performance Monitor (NT PerfMon), as well as other system data. This has not been tested for compatibility with Terminal Server 4.0. Compaq Fiber Storage Driver ---------------------------------------------------------------------- This driver and .inf are located in the \Drvlib folder. When installed, the Compaq fiber storage driver along with the .inf provides support for Compaq fiber storage devices. The certified devices are: * Compaq Fiber Channel Host Controller/P for PCI. * Compaq Fiber Channel Host Controller/E for EISA. This has not been tested for compatibility with Terminal Server 4.0. Internet Explorer 4.01 Service Pack ---------------------------------------------------------------------- SP5 includes the most recent Internet Explorer Service Pack available, Internet Explorer 4.01 SP2, located in SP5 in the \Msie401 folder. Run Ie4setup.exe from the \Msie401\Alpha or \Msie401\i386 folder to install this version of Internet Explorer on your computer. To deploy IE to a large number of users, see the Internet Explorer Administration Kit at http://www.microsoft.com/windows/ieak/. Dynamic Host Configuration Protocol (DHCP) ---------------------------------------------------------------------- This Service Pack includes several quality improvement fixes for known Dynamic Host Configuration Protocol (DHCP) issues reported for Microsoft DHCP Server, the DHCP Manager administration tool, and for Microsoft DHCP-enabled clients running under earlier released versions of Windows NT 4.0. These fixes address specific problems fully described in the "DHCP/WINS Release Notes for Windows NT 4.0 SP4 Update" KB article. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q184693. Windows Internet Naming Service (WINS) ---------------------------------------------------------------------- Windows NT Server includes the following new Windows Internet Naming Service (WINS) and WINS Manager features: * Manual removal of dynamic WINS database records. * Multi-select operations for WINS database records. * Burst mode handling for WINS servers. Microsoft Routing and Remote Access Service (RRAS) ---------------------------------------------------------------------- SP4 or SP5 can be installed on a Windows NT 4.0 computer running Routing and Remote Access Service (RRAS). SP5 updates your RRAS computer to RRAS Software Update (Hotfix) 3.0 components automatically. If you install RRAS after installing SP5, you must reinstall SP5 to get the updated RRAS files so that RRAS works properly. For more information on RRAS Software Update 3.0, see http://support.microsoft.com/support/kb/articles/Q189/5/94.asp. PPTP Performance and Security Update ---------------------------------------------------------------------- SP5 now includes new performance and security updates to Point-to-Point Tunneling Protocol (PPTP) that greatly increase data transfer speeds and enhance security. The PPTP client and server computer must both be running the updated files to get the new benefits. For more information, see http://support.microsoft.com/support/kb/articles/q189/5/95.asp NTLMv2 Security ---------------------------------------------------------------------- SP4 and SP5 contain an enhancement to NTLM security protocols called NTLMv2 that significantly improves both the authentication and session security mechanisms of NTLM. For more information, see http://support.microsoft.com/support/kb/articles/q147/7/06.asp. Secure Channel Enhancements ---------------------------------------------------------------------- SP4 and SP5 contain an enhancement to the secure channel protocols that member workstations and servers use to communicate with their domain controllers and that domain controllers use to communicate with other domain controllers. In addition to authentication, you can now encrypt and check the integrity of these communications. For more information, see http://support.microsoft.com/support/kb/articles/q183/8/59.asp. IP Helper API (IPHLPAPI) ---------------------------------------------------------------------- The Internet Protocol (IP) Helper API provides Windows network configuration and statistics information to Win32 programs. The public API is available on Windows NT 4.0 and above, and Windows 95 and above. SP4 and SP5 update the API with a new .dll so that programs can communicate to a TCP/IP stack. Event Log Service ---------------------------------------------------------------------- SP4 and SP5 contain features in the Event Log Service to assist administrators in measuring the reliability and availability of Windows NT. The SP5 Event Log Service records three new events in the system event log that are useful in measuring operating system availability: * Clean Shutdown Event (Event ID: 6006) * Dirty Shutdown Event (Event ID: 6008) * System Version Event (Event ID: 6009) See Section 3.13, "Event Log Service," for more information. Domain Name Server (DNS) Service ---------------------------------------------------------------------- SP4 and SP5 include several quality improvement fixes to correct known Domain Name Server (DNS) issues reported for Microsoft DNS Server and the DNS Manager administration tool. These fixes address specific problems described in the Q184693 "DNS/DHCP/WINS Release Notes for Windows NT 4.0 SP4 Update" KB article. For more information, see http://support.microsoft.com/support/kb/articles/q184/6/93.asp. ---------------------------------------------------------------------- List of Fixes in Windows NT 4.0 Service Pack 4 ---------------------------------------------------------------------- All fixes contained in Service Pack 4 are documented as Knowledge Base articles. You can query the Knowledge Base to find an article about a specific issue by using the Qxxxxxx number assigned to the topic. You can browse the Knowledge Base on the Microsoft Web site at http://support.microsoft.com/support/. For a list of all fixes in Windows NT 4.0 Terminal Server Edition Service Pack 4, see http://support.microsoft.com/support/kb/articles/q222/9/70.asp.