Linnet Solutions Logo

 Windows 2000 FAQ

 

Linnet Solutions Home Services We Provide About Us TCP/IP & Firewalls Pre-press Repro Windows XP FAQ Windows 2000 FAQ Windows 2003 FAQ NT4 FAQ Linux FAQ Virus Issues Glossary Of Networking Terms Linnet Solutions Approved Links

User Profile Hive Cleanup Service

When a user logs off or when the system is shutdown, Windows 2000 takes care of the uploading of the user profiles both for remote profiles and local profiles. In the real world, system processes and applications continue trying to make use of the Registry entries associated with these accounts even though that user has logged off. This leads to Windows 2000 not being able to fully unload the user profile and therefore causing shutdown problems.

If you are suffering from this problem the Event log applications section will be logging event ID 1000. If you have these event ID's you should download the Microsoft:-
User Profile Hive Cleanup Service

Upgrading Windows 2000 Group Policy for Windows XP

Need to apply XP SP2 firewall policies on a Windows 2000 Active Directory Domain see:-
Q307900. More details to come once I have experimented more myself.

Opportunistic Locking in Windows 2000

Do you use a product with a separate shared database (not SQL server) such as some versions of ACT and Accounting packages. Have you seen corruption or loss of data in the shared database? This is probably due to opportunistic Locking on the Windows 2000 server. If this is the case I suggest you disable Opportunistic Locking. The location of the registry control of opportunistic locking has changed in Windows 2000 from that in NT4 server:

    HKEY LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\
    Name: EnableOplocks
    Type: REG_DWORD
    Data Value: 0 or 1 (Default = 1 Enabled)
See Q296254 for full details of other Oplock controls.

Microsoft hfnetchk.exe utility

Microsoft have released the hfntchk.exe uility that can scan one or more windows computers and report any missing hotfixes. This hotfix checker also scans Microsoft SQL Server and IIS server which is normally missed by "Windows Update". See Microsoft knowledge base document Q303215 for full details.

Windows 2000 shared folders Win9.x/ME problems

Have you had users using Windows 9.X/ME complaining of problems saving Word documents when working from a Windows 2000 server. Windows 2000 server has a auto disconnect for LAN clients by default of 15 mins. If you're opening Word documents via a direct URL shortcut rather than a mapped network drive, and you have had a Word document open for 15 mins the connection to the 2000 server will be disconnected thus causing an error when you later try and save the document. The answer is to extend/disable the Window 2000 auto disconnect for LAN users.

    HKEY LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lanmanserver\Parameters\
    Name: autodisconnect
    Type: REG_DWORD
    Data Value: 0xffff (Default = 0xf) ;Windows 2000 domian member server maximum is 0xffff or 65536 minutes
See Microsoft knowledge base document Q138365 for full details.

Service packs for Microsoft Small Business Server 2000

I have had several people confused about which Windows 2000 service packs apply to Small Business Server. The following Microsoft knowledge base document Q303323 about securing a Small Business Server installation, also confirms all the standard service packs of the individual packages making up SBS also apply to SBS

Small Business Server 2000 "Out of Licenses" or "Event ID 201"

There are two Microsft Knowledge Base articles detailing problems with license usage on Smalll Business Server 2000 resulting in lots of warning messages. Please ses the following Microsft Knowledge Base articles:-

    Q311770 Event ID 201 Occurs for the MSExchnageUS Service in Small Business Server 2000.
    Q305138 "Out of License" Error Messages in SBS 2000 Event Logs
Note Windows 2000 Service Pack 3 has fixes for both of these problems with Small Business Server 2000

Source path for the Windows 2000 distribution media

If you need to change the saved source path for the Windows 2000 distribution media, thre are several places in the registry where this is stored:-

    HKEY LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\
    Name:Installation Sources
    Type: REG_MULTI_SZ
    Data Value: Full paths on separate lines
    HKEY LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\
    Name:SourcePath
    Type: REG_SZ
    Data Value:Full path
    HKEY LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\
    Name:SourcePath
    Type: REG_SZ
    Data Value:Full path

W32Time Clock synchronisation

The normal configuration of the W32time service on Windows 2000 computers is set to synchronise the real time clock with a domain controller. If you have a internet connection you can configure the W32time service to synchronise with an external time service using the NTP (Network Time Protocol).

    HKEY LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

    Entry NameData TypeDescription
    LocalNTPREG_DWORD0 or 1, 0= do not start server, 1= Always start server
    TypeREG_SZNt5DS = default , sync to domain or manually configured,
    NTP= Only manually configured source
    PeriodDEG_DWORD
    or REG_SZ    		65531 "DailySpecialSkew" = once every 45min then once a day
    65532 "SpecialSkew" = one every 45min, the every 8 hours(Default)
    65533 "Weekly"65534 "Tridaily" = once every 3 days
    65535 "BiDaily" = once every 2 days0 = once per day
    NtpServerREG_SZe.g. "ntp0.pipex.net"

NOTE Time synchronisation between Windows 2000 computer in a NT Domain is important. Within a Windows 2000 domain you would typically configure the domain controller to synchronise with an external source and all domain members to synchronise via the domain controller. Stand alone Windows 2000 computers can be configured to set their time independently from any external NTP source as above.


AGP Program May Hang When Using Page Size Extension on Athlon Processors

Windows 2000-based computers with AMD Athlon or Duron processors need a registry patch to prevent corruption of AGP graphics data in some systems. Without this registry patch the system may stop responding when using accelerated graphics programs. Check out Microsoft Knowledge Base article Q270715 which details the following registry change:-

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\Memory Management
    Click Add Value
    Value Name: LargePageMinimum
    Data Type: REG_DWORD
    Radix: Hexidecimal
    Data Value: 0xffffffff

Need To Keep Changing Your Network Settings Bewteen Different Sites?

The "netsh" utility will allow you to save your current network settings IP/DNS/WINS etc in a simple text file and later re-aply them. This provides a simple method of changing the network configuration of a laptop that's moved between different different sites having different fixed network configurations.

To save the current network interface settings:-

    netsh -c interface dump > network-site1.txt

To apply a save network configuration:-

    netsh -f network-site1.txt

By initally saving the correct configuration for each site you can then simply apply the approprite setting as you move between sites


How to move the Print Spool Folder

Having problems printing large colour images, it may be the case you haven't got enough space on the system drive for the print spool directory. The default location for the "Print Spool" directory on Windows 2000 is "%SystemRoot%\System32\spool\PRINTERS".

To move the Print Spool directory for all printers open [Start][Settings][Printers] then from the "File" menu click "Server Properties". Select the "Advanced" tab and enter the new location for the spool directory, this must be a directory rather then just the root drive letter. Changing this setting is implemented immediately so make sure there are no pending print jobs when you change it. See Microsoft Knowledge Base Article "Q318748" for full details of how to move the spool directory for individual printers via registry edits.

Windows 2000 Remote Administration

The Terminal Service is not installed as default on Windows 2000 servers, but its highly recommended that you do. When installing, the wizard asks which of two setup modes is required, choose the default "Remote Administration" mode. In this mode licensing is not an issue, and it only imposes a small overhead on the server, allowing only a single administrator at a time to connect.

To access the Terminal Services you need to install a dedicated Terminal Services Client, but a better option is to use the new Terminal Services Advanced Client (TSAC) which allows a standard Microsoft IE4/5 browser to be used. To use the TSAC advanced client you need to have have an IIS Web server somewhere on your network. The TSAC client is an ASP web site that needs to be setup on a IIS Web server. The TSAC client is found in the "\Valueadd" folder on a Windows 2000 Service Pack 1 CD-ROM or from the Microsoft web site:-

Once the TSAC client is setup on the IIS web site, you can open a IE4/5 browser to that IIS web site and you should see a Terminal Services Web Connection page, asking which Windows 2000 server you wish to connect to, and what resolution you want to use. On entering the IP address of the Window 2000 server to manage, as long as its running the Terminal Service you should see a NT logon box for the target server to manage. Once logged on you should have a complete windows 2000 shell in your browser complete with scroll bars if necessary and acn run the appropriate administrative tools. Note this is a complete new shell, its not a remote control of the concole logon

The advantage of this setup is you can manage any of the servers from any workstation with a browser!

Windows 2000 Logon through Firewall

To enable a Windows 2000 Server-based computer to log on to a Windows 2000 domain through a firewall you need to open the following ports for inbound traffic. In most cases this would be done to allow a Windows 2000 server hosting Exchange 2000 to be placed on a DMZ.

  • 53 (User Datagram Protocol [UDP]) - Domain Name System (DNS).
  • 88 (Transmission Control Protocol [TCP], UDP) - Kerberos authentication.
  • 123 (TCP) - Windows Time Synchronization Protocol (NTP). Note that this is not necessary for Windows 2000 logon capability, but may be configured or required by the network administrator.
  • 135 (TCP) - EndPointMapper.
  • 389 (TCP, UDP) - Lightweight Directory Access Protocol (LDAP).
  • 445 (TCP)- Server message block (SMB) for Netlogon, LDAP conversion and distributed file system (Dfs) discovery.
  • 3268 (TCP)- LDAP to global catalog servers.

  • One port for the Active Directory logon and directory replication interface (universally unique identifiers [UUIDs] 12345678-1234-abcd-ef00-01234567cffb and e3514235-4b06-11d1-ab04-00c04fc2dcd2), which is typically assigned port 1025 or 1026 during startup. This value is not set in the DSProxy or System attendant (MAD) source code, so you need to map the port in the registry and then open the port on the firewall. To assign a static port mapping enter the following registry key

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters
    Value Name: TCP/IP Port
    Data Type: REG_DWORD
    Radix: Decimal
    Value: greater than 1024

For the servers inside the firewall to communicate back through the firewall to the external server on the DMZ, you also need to have ports 1024 through 65535 configured for outbound communications. Computers that initiate the communication through the firewall use a client-side port that is dynamically assigned and cannot be configured.

Exchange 2000 client access through a Firewall

Having now got your Windows 2000 server in your DMZ, logoning onto the Windows 2000 Domain on the internal network, and you have installed Exchange 2000. The next thing is to allow Exchange clients access to this server both from inside and the Internet, through the firewall.

Exchange 2000 supports a varity of types of client access such as POP3, IMAP or WEB access, but in most cases you will want to use the full connectivity given by the Microsoft Exchange MAPI client (either Outlook in Corporate or Workgroup mode in Exchange 2000 Server) to connect to this Microsoft Exchange 2000 Server placed on a DMZ through a firewall, as well as POP3 [tcp 110] or IMAP [tcp 143]etc.

Microsoft Exchange Server listens for a MAPI clients on a well-known static port (port 135), this is the RPC Endpoint Mapper Service. After the client connects to this socket, Microsoft Exchange Server then re-assigns the client two random ports to use when communicating with the directory and the information store. This makes it impossible to allow these through the firewall without forcing them to be statically assigned. To force these two ports to be static so they can be specifically allowed through the firewall you need to edit the following registry keys on the Exchange 2000 server:-

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeSA\Parameters
    Microsoft Exchange SA RFR Interface:
    Name: TCP/IP port
    Value: REG_DWORD
    Data Value: Port number to assign in range 1024-5000 decimal
    Microsoft Exchange Directory NSPI Proxy Interface:
    Name: TCP/IP NSPI port
    Value: REG_DWORD
    Data Value: Port number to assign in range 1024-5000 decimal
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeIS\ParametersSystem Microsoft Exchange Information Store Interface:
    Name: TCP/IP port
    Type: REG_DWORD
    Data Value: port number to assign in range 1024-5000 decimal

Once you have assigned the static ports as above, configure the firewall to allow TCP connections to be made to these ports, as well as to port 135.

Exchange 2000 Server Information Store Recovery

If your Exchange 2000 is refusing to mount the information store yet the service is running. You probably have a corrupted databases in your information store. The following Microsoft knowledge base has detailed instructions in the use of the "\Program Files\exchsrvr\BIN\eseutil" command line utility to hopefully repair the corruption and produce a consistent information store once again:-

How to recover the Information Store Q313148

To check the consistency of the Exchange databases:-

C:\Program Files\exchsrvr\BIN>eseutil /mh "drive:\Program Files\exchsrvr\MDBDATA\priv1.edb"
C:\Program Files\exchsrvr\BIN>eseutil /mh "drive:\Program Files\exchsrvr\MDBDATA\pub1.edb"

Attempt a soft recovery of the databases, this requires a full set of log files:-

C:\Program Files\exchsrvr\MDBDATA>"C:\Program Files\exchsrvr\BIN\eseutil" /r E00

If the soft recovery doesn't fix the databases try a forced rebuild. This still requires the log files:-

C:\Program Files\exchsrvr\BIN>eseutil /p "drive:\Program Files\exchsrvr\MDBDATA\priv1.edb"
C:\Program Files\exchsrvr\BIN>eseutil /p "drive:\Program Files\exchsrvr\MDBDATA\pub1.edb"

If the forced rebuild is succesfull delete all .log files in the Mdbdata folder, delete the .chk file, and then delete the Temp.edb file (if it exists).

In both cases mount the databases one time, and then immediately dismount them to so that users cannot access them during this procedure. Use Isinteg.exe to fix the Pub1.edb database and the Priv1.edb database. The Isinteg.exe utility runs a test on all areas of each of the databases and reports the results. Isinteg.exe also tries to fix any issues that are encountered:-

C:\Program Files\exchsrvr\BIN>isinteg -s (servername) -fix -test alltests

Assuming the isinteg.exe is succesful you should be able to remount and have users connect once again

Exchange 2000 Server Corrupt Email Removal

I'm not sure how it happens but on several occasions I have had a user complain of an email within Outlook connected to Exchange 2000, that they can't delete. Veritas Backup Exec then also complains it can't backup or verify the mailbox.

Although the following solution is not for the faint hearted, it has proved quick and reliable method of removing this corrupt email within a users Exchange mailbox. The tool to use is MDB Viewer Utility which can be found on the Exchange 2000 server CD-ROM in the SUPPORT\UTILS\I386 folder. Copy the following files to a handy folder on your server:-

Mdbvu32.exe
Propvu32.dll
Statvu32.dll
Tblvu32.dll
Xvport.dll

This Mdbvu.exe utilty needs to be run as the user who has the corrupt email on a workstation with Outlook installed. Make sure this user doesn't have Outlook open anywhere else. Once Mdbvu.exe is open you can navigate down the users Mailbox to the Top Information Store, then Inbox, find the offending email by its subject line. Ensure when you opened the mailbox you selected read/write permission, then with the offeding message selected, select lpFolder->DeleteMessage() and delete the message. Suggest you look around in read-only mode first to gain confidence then open it read/writer

Debugging mail problems with Exchange 2000

If your experincing problems with routing of Mail in Exchange 2000 you can increase the error reporting from the Transport section of Exchange to the Event Viewer via the following registry change:-

  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MSExchangeTransport\Diagnostics
    Set all categories to "7"

Once you have diagnosed the problem it is best to return the debug level back to the previous lower level of a maximum of "5" set able within the Exchange System Management tool.

The table below summaries the possible causes of mail building up is different mail queue. I would like to thank Microsoft Support for this useful debugging table:-

Queue Name Component Name Trouble Shooting Suggestion
PreSubmissionQueue Pre-Categorizer Check for third-party applications (anti-virus gateways, et cetera)
Awaiting directory lookup Categorizer Check for DNS problems
Check for Active Directory problems
Check for proper attributes of Users (Q281761)
Check limits and restrictions (in Connectors and Internet Message Formats)
Check recipient policies
Check distribution group properties (if DL expansion)
Check permissions of objects in Active Directory
Check "Default Public Folder Store" value in Mailbox Store properties
Waiting to be routed Post-Categorizer Make sure Routing Engine service is started
Make sure Address Spaces are correct
Check Link State (use Winroute Q281382)
Local Delivery Store Driver Make sure the Information Store service is started and the mailbox and public folder stores are mounted
Remote Queues (name depends on remote domain) SMTP Verify DNS can lookup an MX and A record for remote domains (Internet)
Make SMTP service is started (internal)
Check for possible network problems (use Network Monitor)
Check for problems with firewalls, proxies, routers, et cetera (use Telnet)

Check out some of the Microsoft Knowledge Base documents on Exchange 2000 debugging listed below in the references section:-

References

The above information was based on the following Microsoft knowledge base documents, I have found this information very useful to my client base.

  • Q280132 - XCCC Exchange 2000 Windows 2000 Connectivity Through Firewalls
  • Q270836 - XCLN Exchange 2000 Static Port Mappings
  • Q250370 - Description of Svchost.exe in Windows 2000
  • Q256976 - XCLN How MAPI Clients Access Active Directory
  • Q281800 - XCON Troubleshooting Message Failures in Exchange 2000
  • Q257265 - XCON General Troubleshooting for Exchange 2000 Transport Issues
  • Q281761 - XCON Attributes Required to Route Messages Through the Exchange 2000 Categorizer
  • Q281382 - XCON How to Use the WinRoute Tool
  • Q256321 - XCON Enhanced Status Codes for Mail Delivery - RFC 1893
  • Q284204 - XCON Delivery Status Notifications in Exchange 2000 Server
  • Q318748 - How To: Move the Print Spool Folder in Windows 2000
  • Q296264 - Configuring Opportunistic Locking in Windows 2000
  • Q138365 - How Autodiconnect Works in Windows NT and Windows 2000
  • http://www.microsoft.com/exchange/techinfo/administration/2000/MessageFlow.asp

Send mail to Andy Graywith any comments about this web site.
Last modified: 17 June 2007

www.linnetsol.co.uk 2007 Linnet Solutions Ltd
All Rights Reserved