====================================================================== Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 4 (128-bit Version) Release Notes - March 1999 ====================================================================== This document provides information about Service Pack 4 (SP4) for Microsoft Windows NT Server 4.0, Terminal Server Edition, as well as answers to questions that you might have. IMPORTANT: Before you install the service pack, read Section 2, "Installation Instructions." ------------------------ HOW TO USE THIS DOCUMENT ------------------------ To view Readme.txt on the screen in Notepad, maximize the Notepad window. For best viewing, click Edit, and then click Word Wrap. To print Readme.txt, open it in Notepad or another word processor, click the File menu, and then click Print. For best printing results, click Edit, click Set Font, type 9 in the Size box, and then click OK. --------------------- Copyright Information --------------------- Information in this document is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. (c) Copyright Microsoft Corporation, 1999 Microsoft, MS-DOS, MS, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ========= CONTENTS ========= 1.0 WHAT'S NEW IN SERVICE PACK 4 1.1 Active Accessibility Support 1.2 DCOM/HTTP Tunneling 1.3 Euro Key Patch 1.4 Internet Group Management Protocol 1.5 Microsoft File and Print Service for NetWare (FPNW) Support for Client32 1.6 Proquota.exe 1.7 Remote Winsock (DNS/Port 53) 1.8 Remote Procedure Calls (RPC) Enhancements for Visual Basic (VB) 1.9 Routing Information Protocol (RIP) Listener 1.10 Visual Studio-MICS 1.11 Year 2000 (Y2K) Fixes 1.12 Compaq Fiber Storage Driver 1.13 Internet Explorer 4.01 Service Pack 2 1.14 Option Pack Fixes 1.15 Security Configuration Manager (SCM) 1.16 Microsoft Windows Media Player 1.17 Event Log Security 1.18 Dynamic Host Configuration Protocol (DHCP) 1.19 Windows Internet Naming System (WINS) 1.20 Microsoft Routing and Remote Access Service (RRAS) 1.21 PPTP Performance and Security Update 1.22 NTLMv2 Security 1.23 Secure Channel Enhancements 1.24 IP Helper API (IPHLPAPI) 1.25 Event Log Service 1.26 Domain Name System (DNS) Service 1.27 Application Compatibility Script for Microsoft Outlook 2.0 INSTALLATION INSTRUCTIONS 2.1 Downloading and Extracting the Service Pack 2.2 Before You Install the Service Pack 2.3 Installing the Service Pack 2.4 Year 2000 Installation Issues 2.5 Uninstalling the Service Pack 3.0 USER NOTES 3.1 Emergency Repair Disk 3.2 Adding New Components to the System 3.3 Installing Symbol Files from the CD 3.4 Hardware Compatibility with Terminal Server 3.5 Compaq Alpha Notes 3.6 Running Administrative Tools from a Remote Server 3.7 CryptoAPI and Authenticode 3.8 Uninstalling Internet Explorer 3.9 Message Queue Notes 3.10 Installing COM Internet Services 3.11 Event Log Service 4.0 ADDITIONAL WORKAROUNDS AND FIXES 4.1 Installing SQL7 and Office97 SP2 4.2 Installing Terminal Server on a Windows 2000 Computer 4.3 Dual Booting Between Terminal Server and Windows 2000 4.4 NTFS Version 4 and NTFS Version 5 Support 4.5 Internet Information Server 4.0 4.6 Security Configuration Manager 4.7 Updating Audio Drivers 4.8 Microsoft Proxy Server 5.0 APPLICATION NOTES 5.1 CheckIt Diagnostic Kit 4.0 by Touchstone 5.2 Inoculan 4.0 5.3 Exceed 5.4 Microsoft NetMeeting 5.5 Numega SoftIce 5.6 Rational Visual Quantify Version 4 5.7 Microsoft IntelliPoint 6.0 LIST OF BUGS FIXED IN SERVICE PACK 4 7.0 DEPLOYMENT NOTE FOR SP4 (128-BIT VERSION) 8.0 EXPORT RESTRICTIONS FOR SP4 (128-BIT VERSION) 9.0 STRONG ENCRYPTION SUPPORT IN SP4 (128-BIT VERSION) ================================= 1.0 WHAT'S NEW IN SERVICE PACK 4 ================================= This section contains information about the updates included with this service pack. -------------------------------- 1.1 Active Accessibility Support -------------------------------- Microsoft Active Accessibility (MSAA) is a COM-based technology by which a utility program interacts with an application's user interface (UI). MSAA applications can expose all UI elements and objects with standard properties and methods. SP4 includes five new application programming interfaces (APIs): * GetGUIThreadInfo * GetAncestor * RealChildWindowsFromPoint * RealGetWindowClassA * RealGetWindowClassW ----------------------- 1.2 DCOM/HTTP Tunneling ----------------------- SP4 allows DCOM client/server communication to cross firewalls over the HTTP protocol port. The new protocol, "Tunneling TCP," is used in the same way as other DCOM protocols. The new moniker type OBJREF is passed in HTML to the client. The benefits of Tunneling TCP include high performance, use of existing open ports in the firewall, and control of client access for proxy administrators. For more information, see http://www.microsoft.com/com. For instructions on installing Tunneling TCP, see Section 3.10, "Installing COM Internet Services." ------------------ 1.3 Euro Key Patch ------------------ The Euro Key Patch is an update to include the new European Union euro currency symbol. The update supplies the core fonts (Arial, Courier New, and Times New Roman) and the keyboard drivers. ------------------------------------------------ 1.4 Internet Group Management Protocol (IGMP) v2 ------------------------------------------------ IGMPv2 allows a computer to inform the router that it's leaving a group. SP4 enables the router to determine whether there are no more members in a group and, if so, to execute a command to stop forwarding mcast packets to the link. This update is useful when users are frequently joining and leaving groups. --------------------------------------------------------------- 1.5 Microsoft File and Print Service for NetWare (FPNW) Support for Client32 --------------------------------------------------------------- Microsoft File and Print Service for NetWare permits Terminal Server to act as a NetWare 3.x Server. FPNW is able to process file and print requests from NetWare clients without changing or updating the NetWare client software. SP4 provides an update that allows Terminal Server to support NetWare's Client32. This update can be installed only on those computers that have FPNW already installed. ---------------- 1.6 Proquota.exe ---------------- Proquota.exe is a utility that can be set up to monitor the size of user profiles. If an individual user's profile exceeds the predetermined file limit, the user won't be able to log off the computer until the size of the file is reduced. -------------------------------- 1.7 Remote Winsock (DNS/Port 53) -------------------------------- Proxies or firewalls will often disable the Domain Name System (DNS) port number 53 in order to deter external sites from querying the internal DNS structure. As a result, inbound response packets sent on port 53 can't be received. SP4 provides a method to change the Terminal Server DNS server port number and configure the port to use a different port number when connecting outbound. To enable this feature, create a registry value "HKLM\CurrentControlSet\Services\DNS\Parameters\SendOnNonDnsPort" of Type DWORD and set it to a non-zero value. If the value is less than or equal to 1024, the server can use any port number. If the value is greater than 1024, the server will use the port number specified. ------------------------------------------------------------------- 1.8 Remote Procedure Calls (RPC) Enhancements for Visual Basic (VB) ------------------------------------------------------------------- RPC enhancements for VB have been provided in this release. In VB, a User Data Type (UDT) is added, which allows the TypeLib arrangement of structures. This new user interface, IRecordInfo, provides UDT information and a UDT field for the Access database. ----------------------------------------------- 1.9 Routing Information Protocol (RIP) Listener ----------------------------------------------- If you use RIP Listener on a computer that is running Terminal Server, you can use SP4 to update this component. If you want to install RIP Listener after you install SP4, use the following procedure. >>>To install RIP Listener 1. Insert the SP4 CD into the CD-ROM drive, and change the folder to \I386 (or \Alpha). 2. Copy Oemnsvir.wks to c:\\system32 and change the file name to oemnsvir.inf. 3. Click Start, point to Settings, and click Control Panel. 4. Double-click Network, and on the Services tab, click Add. 5. In Select Network Service, select RIP for Internet Protocol, and then click OK. 6. In the Terminal Server Setup dialog box, type the path for the location of the SP4 files and click OK. ----------------------- 1.10 Visual Studio-MICS ----------------------- SP4 includes an update to Visual Studio called Visual Studio Analyzer Events. Visual Studio Analyzer Events provides a graphical representation of high-level behaviors and their solutions. Use Visual Studio Analyzer Events to view simple tables of event logs, the system's performance, and Windows NT Performance Monitor (NT PerfMon), as well as other system data. -------------------------- 1.11 Year 2000 (Y2K) Fixes -------------------------- SP4 contains fixes for known year 2000 issues for Terminal Server, including: * The User Manager and User Manager for Domains recognize the year 2000 as a leap year. * The Date/Time Control Panel applet can update the system clock. * Find Files supports only numeric character recognition in the decades field. * Word document properties recognize both 1900 and 2000 as valid centuries and support four-digit years. * The Dynamic Host Configuration Protocol (DHCP) administrators program supports displaying the years between 2000-2009 with a minimum of two digits. For additional information, see section 2.4, "Year 2000 Installation Issues." -------------------------------- 1.12 Compaq Fiber Storage Driver -------------------------------- This driver and .inf file are located in the \Drvlib folder. When installed, the Compaq fiber storage driver and the .inf file provide support for Compaq fiber storage devices. The certified devices are: * Compaq Fiber Channel Host Controller/P for PCI * Compaq Fiber Channel Host Controller/E for EISA ------------------------------------------ 1.13 Internet Explorer 4.01 Service Pack 2 ------------------------------------------ Internet Explorer 4.01 Service Pack 2 is located in SP4 in the \Msie401 folder. Run Ie4setup.exe to install this version of Internet Explorer on your computer. ---------------------- 1.14 Option Pack Fixes ---------------------- SP4 includes option pack fixes and enhancements. If you have Windows NT 4.0 Option Pack installed, SP4 will automatically update the option pack components installed on your computer. If you install Windows NT 4.0 Option Pack on a server that has Terminal Server SP4 and Internet Information Server 3.0 installed, the following message may appear: "Setup detected that Terminal Server SP4 or greater is installed on your machine. We haven't tested this product on SP4. Do you wish to proceed?" Windows NT 4.0 Option Pack is supported to run on servers that have Terminal Server SP4 installed. Click Yes to continue Setup. NOTE: It is recommended that you reinstall Terminal Server SP4 after you install Windows NT 4.0 Option Pack. Otherwise, MSMQ MQIS Controller won't work. Index Server Index Server is a content-indexing engine that provides full text retrieval for Web sites. You must have Internet Information Server installed to use Index Server. Internet Information Server (IIS) SP4 includes the following improvements for Internet Information Server version 4.0 Option Pack components: * Security enhancements-Support for long file names for access restrictions on a file or a folder. * Performance-Improvements on the logging and caching of information. IIS performance is improved when mapping extensions, log files, and unmapped data files if memory configuration is low or stressed. Message Queuing Services (MSMQ) for Terminal Server This update to MSMQ includes: * Performs cleanup of unused message file space every six hours to reduce disk-space usage. NOTE: Configure this schedule (in milliseconds) by using the MSMQ registry key. * Clears all obsolete express message files when the MSMQ service starts. * Enforces case insensitivity with foreign language characters in private queue names. * Reduces occurrences of duplicate messages in persistent delivery mode. * Displays performance counters for remote queues after a system recovery. * Displays per-session outgoing message performance counters. * Refreshes cached information on MSMQ MQIS servers every 12 hours. * Prevents rejection of transactional messages. * Allows you to specify external certificates by using the MSMQ ActiveX components interface. * Allows you to read transactional messages from connector queues after restarting the MSMQ connector application. * Supports MQSetQueueSecurity for private queues. * Supports sending Microsoft PowerPoint and Microsoft Word documents, using ActiveX components. * Fails when a user attempts to renew internal certificates and the Primary Enterprise Controller (PEC) is unreachable. * Recomputes the machine quota limitation correctly after restarting MSMQ. * Allows MSMQ COM objects to correctly process asynchronous message arrival events in multithreaded applications. * Improves detection and reporting of corrupted message packets in message files that previously caused MSMQ service to fail. * Prevents rejection of transactional messages sent offline with a bad message class: MQMSG_CLASS_NACK_BAD_DST_Q. Such messages will no longer be routed to the sender's exact dead letter queue. * Supports sending messages to different computers that have the same IP address. This can happen when a server attempts to send messages to two different RAS clients who were assigned the same address at different times. * Recovers correctly when sending messages from a server to a client whose address is no longer valid (for example, a RAS client that has timed out). Previously, extra message traffic might have been generated. * Ensures that asynchronous messaging now functions correctly on Japanese Windows 95 when using MSMQ COM objects. * Fixes a problem in the MSMQ COM objects when referencing the response and admin queue properties of a message for queues not explicitly refreshed from the MQIS. * Prevents lengthy blocking when calling MQOpenQueue with a DIRECT format in Windows 95. * Stops enforcement of MSMQ per-seat licensing if the Terminal Server licensing service isn't running. * Prevents a specific call to MQLocateBegin from causing an exception on the MQIS server. This occurred previously when the Label restriction specified an incorrect vt argument (anything other than VT_LPWSTR). * Enables MSMQ applications to be run by users logged on to local machine accounts. This previously worked only for shadowed local accounts, that is, for accounts that had "identical" local accounts (user name/password) on the server machine. The default security for queues created by such users is that everyone is granted full control (in particular, read and delete permissions). * Supplies a new MQIS update/restore utility that enables administrators to seamlessly recover from failures on MQIS servers. Microsoft Transaction Server (MTS) MTS is updated with a new Java Context class. If you're building applications using Visual J++, you can use the new Context class instead of IObjectContext. The Context class allows you to do the following using Visual J++: * Declare that the object's work is complete. * Prevent a transaction from being processed, either temporarily or permanently. * Instantiate other MTS objects and include their work within the scope of the current object's transaction. * Determine whether a caller is in a particular role. * Determine whether security is enabled. * Determine whether the object is executing within a transaction. See the Visual J++ section of Programmer's Reference for complete documentation of the new class. SMTP, NNTP Simple Mail Transport Protocol (SMTP) and Network News Transport Protocol (NNTP) enhancements are available in SP4. SMTP now supports the following services: * Multiple virtual servers, or sites. * ETRN command for dequeuing mail over dial-up connections. >>>To enable these services 1. Create a text file with the following text: set obj = GetObject ( "IIS://localhost/smtpsvc" ) obj.Put "SmtpServiceVersion", 2 obj.SetInfo NOTE: This is an Active Directory Service Interface (ADSI) script that will update a value in the metabase. 2. Save this file as Enable.vbs. 3. From a command prompt, type the following: cscript enable.vbs 4. Press ENTER. For more information about SMTP, see http://support.microsoft.com/support/kb/articles/Q183/4/76.asp ----------------------------------------- 1.15 Security Configuration Manager (SCM) ----------------------------------------- Security Configuration Manager (SCM) is an integrated security system that gives administrators the ability to define and apply security configurations for Terminal Server. SCM is also able to perform inspections of the installed systems to locate any degradation in system security. For further information on SCM,\ including installation and usage instructions, refer to Readme.txt in the \Mssce folder. ----------------------------------- 1.16 Microsoft Windows Media Player ----------------------------------- Microsoft Windows Media Player replaces Microsoft ActiveMovie and Microsoft NetShow Player. Windows Media Player has all the features found in both of these multimedia players, plus many more. It also upgrades existing Windows Media Player and ActiveMovie support to provide convenient access to new Windows Media content. Windows Media Player supports most local and streaming multimedia file types, including .wav, .avi, QuickTime, RealAudio 4.0 and RealVideo 4.0. The new player takes over the class IDs of the previous players: after you install it, programs that used the old class IDs will function normally. Windows Media Player is located in the \Mplayer2 folder on the compact disc. ----------------------- 1.17 Event Log Security ----------------------- SP4 includes a bug fix in the Event Log service that requires the user to enable the SE_SECURITY_NAME privilege, also known as the security privilege, in order to view and manage the security event log. By default, Terminal Server grants the privilege to Administrators and Local System. In order to take effect, however, the privilege must also be enabled in the program accessing the security event log. Without this fix, members of the Administrators group and services, running as Local System, can open the security log for read or change access without enabling the security privilege. If the privilege is removed from the Administrators group, members of the Administrators group can still manage the security log. This fix enforces the security model that administrators must be granted the privilege to manage the security log. Administrators can always grant themselves this privilege, but this event can be audited. ----------------------------------------------- 1.18 Dynamic Host Configuration Protocol (DHCP) ----------------------------------------------- SP4 includes several quality improvement fixes to correct known Dynamic Host Configuration Protocol (DHCP) issues reported for Microsoft DHCP Server, for the DHCP Manager administration tool, and for Microsoft DHCP-enabled clients running under previous versions of Terminal Server. For more information about fixes for DHCP, see http://support.microsoft.com/support/kb/articles/Q184/6/93.asp ------------------------------------------- 1.19 Windows Internet Naming Service (WINS) ------------------------------------------- SP4 includes the following new Windows Internet Naming Service (WINS) and WINS Manager features: * Manual removal of dynamic WINS database records * Multi-select operations for WINS database records * Burst mode handling for WINS servers ------------------------------------------------------- 1.20 Microsoft Routing and Remote Access Service (RRAS) ------------------------------------------------------- SP4 can be installed on a Terminal Server system running Routing and Remote Access Service (RRAS). SP4 will automatically update your RRAS system with RRAS Hotfix 3.0 components. If you install RRAS after installing SP4, you must reinstall SP4 for the updated RRAS files that ensure proper RRAS operation. For more information about RRAS Hotfix 3.0, see http://support.microsoft.com/support/kb/articles/Q189/5/94.asp ----------------------------------------- 1.21 PPTP Performance and Security Update ----------------------------------------- SP4 includes new performance and security updates to PPTP that greatly increase data transfer speeds and enhance security. Both the PPTP client and server systems must be running the updated files to get these benefits. For more information, see http://support.microsoft.com/support/kb/articles/Q189/5/95.asp -------------------- 1.22 NTLMv2 Security -------------------- SP4 contains an enhancement to NTLM security protocols called NTLMv2, which significantly improves both the authentication and session security mechanisms of NTLM. For more information, see http://support.microsoft.com/support/kb/articles/q147/7/06.asp -------------------------------- 1.23 Secure Channel Enhancements -------------------------------- SP4 contains an enhancement to the secure channel protocols used by member workstations and servers to communicate with their domain controllers and by domain controllers to communicate with other domain controllers. In addition to authentication, you can now encrypt and check the integrity of these communications. For more information, see http://support.microsoft.com/support/kb/articles/q183/8/59.asp ----------------------------- 1.24 IP Helper API (IPHLPAPI) ----------------------------- The IP Helper API provides Windows network configuration and statistics information to Win32 applications. The public API is available on Terminal Server, Windows NT 4.0 and later, and Windows 95 and later. SP4 updates the API with a new .dll so that applications can communicate with a TCP/IP stack. ---------------------- 1.25 Event Log Service ---------------------- SP4 contains new features in the Event Log service to assist administrators in measuring the reliability and availability of Terminal Server. The SP4 Event Log service records three new events in the system event log that are useful in measuring operating system availability: * Clean Shutdown Event (Event ID: 6006) * Dirty Shutdown Event (Event ID: 6008) * System Version Event (Event ID: 6009) For more information, see Section 3.11, "Event Log Service." ------------------------------------- 1.26 Domain Name System (DNS) Service ------------------------------------- SP4 includes several quality improvement fixes to correct known Domain Name System (DNS) issues reported for Microsoft DNS Service and the DNS Manager administration tool. For more information about fixes for DNS, see http://support.microsoft.com/support/kb/articles/Q184/6/93.asp ----------------------------------------------------------- 1.27 Application Compatibility Script for Microsoft Outlook ----------------------------------------------------------- SP4 includes a new application compatibility script for Outlook 98. The script, located at: %systemroot%\application compatibility scripts\install\outlk98.cmd improves the behavior of Outlook 98 in Terminal Server. ============================== 2.0 INSTALLATION INSTRUCTIONS ============================== Carefully read all of these installation instructions before you install SP4. This release is easy to install while Terminal Server is running. It updates previous versions of the files included in SP4. ------------------------------------------------ 2.1 Downloading and Extracting the Service Pack ------------------------------------------------ You can download SP4 from a Web site. The self-extracting executables are wtsalpha.exe for Alpha-based systems and wtsi386.exe for Intel-based systems. These files are also located at the root of the CD. After downloading SP4, you'll have a compressed executable file on your hard drive. To extract this file and begin the installation process, run the compressed executable file. For example, type wtsi386.exe at the command prompt or double-click the file in Windows Explorer. You can also extract the file into the current folder without launching the installation program by using the command prompt switch /x. For example, at the command prompt, type wtsi386 /x. ---------------------------------------- 2.2 Before You Install the Service Pack ---------------------------------------- IMPORTANT: There are separate releases of SP4 for 40-bit encryption and for 128-bit encryption. You must install the correct version of SP4 on your system. If you install the incorrect version, system services might fail to start. SP4 warns you if you try to install it on a system with the incorrect encryption. Before you install SP4: * It is recommended that you stop running any critical services. * You must be in Install mode. * You must be at the console. * Warn all users to save their data and log off. Installation requires the system to be restarted one or more times. * Close all active debugging sessions; otherwise, the Update program will be unable to replace system files that are in use. If a file is in use when you install SP4, a dialog box will appear in which you can choose to cancel the installation or skip the file copy. It's recommended that you choose to cancel the installation, and then uninstall SP4. To do this, click Start, point to Settings, click Control Panel, double-click Add/Remove Programs, and then click Uninstall Service Pack 4. Close all active sessions on the system, and then install SP4. System Recovery To maximize the ability to recover the system in the event of installation failure, it is recommended that you do the following before installing SP4: * Update the system Emergency Repair Disk using the Rdisk.exe command with the /s switch. * Perform a full backup of the system, including the system registry files. * Disable any nonessential third-party drivers and services (that is, drivers and services that aren't required to boot the system). * Contact the original equipment manufacturer (OEM) that provided the driver or service for the updated versions of the files. * Restart the computer and check Event Viewer to ensure that there are no system problems that could interfere with the installation of SP4. Application Notes If your computer contains SystemSoft CardWizard version 2.x or earlier, you must obtain SystemSoft CardWizard version 3.00.01 or later before installing Terminal Server SP4. Otherwise, your operating system will no longer function. Contact SystemSoft at http://www.systemsoft.com for further details. Because Advanced Power Management isn't supported by Terminal Server, it is recommended that you remove Advanced Power Management features before installing SP4. Power management utilities might not work on Terminal Server with SP4 installed. Contact the vendor of your power management utilities for an updated version to work with Terminal Server SP4. If you use a NEC Versa 6050 or 6200 Series notebook computer with Terminal Server preinstalled, select Yes when you are prompted to replace the Hal.dll file. For Silicon Graphics workstations, do not install SP4 without the Silicon Graphics companion software. SP4 requires additional files to update your Silicon Graphics systems. For these necessary files, visit the Silicon Graphics Web site at http://support.sgi.com/nt. -------------------------------- 2.3 Installing the Service Pack -------------------------------- Installation of SP4 requires about 80 MB of disk space for Intel-based computers (40 MB for the updated system files and another 40 MB for the Uninstall folder) and about 90 MB of disk space for alpha-based computers (40 MB for the updated system files and 50 MB for the Uninstall folder). IMPORTANT: If you want the option of uninstalling SP4, you must create an Uninstall folder when prompted during installation. You can install SP4 from a CD, from a network drive, or from a Web site. All three methods are explained below. NOTE: Installation requires the system to be restarted one or more times. >>>To install SP4 from a CD 1. Insert the SP4 CD into your CD-ROM drive. 2. If a Web page opens in your browser after you insert the CD, click Install Service Pack to run Update.exe. If a Web page does not automatically open when you insert the CD, start the installation process manually from the CD. Update.exe is located in the \I386\Update folder or \Alpha\Update folder (depending on whether you have an Intel-based or Alpha-based processor). NOTE: You can also run Spsetup.bat from the root of the CD. This file will determine the type of processor and run the correct version of the installation. 3. Follow the instructions that appear on the screen. >>>To install the Service Pack from the Internet 1. Using a Web browser (such as Internet Explorer 3.0 or later), visit one of the following sites: http://support.microsoft.com/support/ntserver/tse/servicepacks http://support.microsoft.com/support/ntserver/content/servicepacks/ http://support.microsoft.com/support/downloads/ 2. Click the option to install Terminal Server SP4 on your computer. The Web site automatically detects which files need to be updated and then copies the appropriate files to a temporary folder on your computer. It then installs only those files that are needed to update your computer. NOTE: If you use a Web browser other than Internet Explorer 3.0 or later, you may be unable to install SP4 through this update method. If you are unable to install SP4 using this method, download SP4 from the Internet onto your computer and run the installation process locally. >>>To install the service pack from a network drive 1. Connect to the network drive that contains the service pack files. 2. Change the drive letter to that network drive. 3. Change the folder to \I386\Update or \Alpha\Update (depending on whether you have an Intel-based or Alpha-based processor). Start Update.exe 4. Follow the instructions that appear on the screen. NOTE: If you need to reinstall SP4, run Update.exe from the \I386\Update or \Alpha\Update folders. It isn't necessary to uninstall SP4 before running Update.exe more than once on the same system. Installation switches There are installation switches that can be used with Update.exe. The following syntax help is available when you type update /?: UPDATE [-u] [-f] [-n] [-o] [-z] [-q] -u Runs in unattended mode -f Forces other programs to close at shutdown -n Installs SP4 without an Uninstall folder -o Overwrites OEM files without prompting -z Prevents a restart when installation is complete -q Runs in quiet mode-no user interaction ---------------------------------- 2.4 Year 2000 Installation Issues ---------------------------------- 2.4.1 SP4 and Year 2000 Issues For information about Terminal Server SP4 and Y2K issues, visit http://www.microsoft.com/technet/promo/terminal.htm 2.4.2 Year 2000 Issues for FrontPage Server Extensions Releases of FrontPage 1.0, FrontPage 1.1, and FrontPage 97 do not resolve year 2000 issues. Releases of FrontPage 98 do resolve known Year 2000 issues. If you installed the Windows NT 4.0 Option Pack, you will have FrontPage 98 Server Extensions. It's possible to have two or more versions of FrontPage Server Extensions on your computer at one time. Be sure that the version you are using is an updated version. To determine which version of FrontPage Server Extensions is actively in use on computers with FrontPage 98 or earlier 1. Run FrontPage Server Administrator (Fpsrvwin.exe). 2. From the list in the upper-left corner, select every Web server or virtual server that has been configured with FrontPage Server Extensions. The version number of FrontPage Server Extensions is displayed to the right of the list. Version numbers with a first digit of 3 or higher (for example, .3.0.2.1706) resolve known year 2000 issues. If the first digit of the version number is a 1 or 2, download and install the latest version of FrontPage Server Extensions. For details on the latest available version and how to download it, see http://www.microsoft.com/frontpage/ ---------------------------------- 2.5 Uninstalling the Service Pack ---------------------------------- SP4 contains an Uninstall feature that you can use to restore your system to its previous state. IMPORTANT: To uninstall SP4, you must create an Uninstall folder during the Installation process. If you did not create this folder when prompted, you cannot uninstall SP4. Once created, the Uninstall folder (%systemroot%\$NtServicePackUninstall$) is hidden by default. >>>To uninstall SP4 1. Double-click Add/Remove Programs in Control Panel. 2. Select Windows NT Terminal Server 4.0 Service Pack 4. 3. Click Add/Remove. NOTES: * If you are unable to uninstall using Add/Remove Programs, run Spuninst.exe from the \%systemroot%\$NtServicePackUninstall$\spuninst\ folder. * If you install any applications or services that require SP4 or have bug fixes contained in SP4, uninstalling SP4 could adversely affect those applications. * To uninstall SP4, the drive letter for the boot drive must be the same as when you installed SP4. If you change the drive letter for the boot drive, you cannot uninstall SP4. * If you reinstall SP4 after installing new software or hardware, you must create a new Uninstall folder. To retain your ability to back out to a bootable configuration, copy the current Uninstall folder to a safe location before running the SP4 installation program. The Uninstall folder (%systemroot%\$NtServicePackUninstall$) is hidden by default. * Uninstalling SP4 won't uninstall new versions of CryptoAPI and SChannel. * If you reinstall Terminal Server after uninstalling SP4, take note of the following important precaution. SP4 modifies the Security Account Manager (SAM) database and the Security database so that older versions of the Samsrv.dll, Samlib.dll, Lsasrv.dll, Services.exe, Msv1_0.dll and Winlogon.exe files no longer recognize the database structure. Therefore, the uninstall process does not restore these files when uninstalling SP4. If you reinstall Terminal Server after uninstalling SP4, click No on the Confirm File Replace dialog boxes that ask whether you want to overwrite Samsrv.dll and Winlogon.exe. If you overwrite the newer files with these older versions, you'll be unable to log on to the system. =============== 3.0 USER NOTES =============== This section covers information that is specific to SP4. -------------------------- 3.1 Emergency Repair Disk -------------------------- If, after you install SP4, you use the Terminal Server Emergency Repair Disk to repair your system and are required to supply files from the original Terminal Server installation, you will have to reinstall SP4 after the repair is completed. This is because the Emergency Repair Disk repairs your system by restoring your original Terminal Server system files. After the repair is completed, follow the Installation Instructions (Section 2.0) to reinstall SP4. For more information about using the ERD utility, see http://support.microsoft.com/support/kb/articles/Q146/8/87.asp NOTE: To use the Emergency Repair Disk utility, you must have the updated version of Setupdd.sys contained in SP4. To update your version of Setupdd.sys, copy Setupdd.sys from SP4 to your original Terminal Server Setup Disk 2. For more information, see http://support.microsoft.com/support/kb/articles/Q158/4/23.asp ---------------------------------------- 3.2 Adding New Components to the System ---------------------------------------- If you change or add new software or hardware components to your system after you install SP4, you must install SP4 again because the files included on the original Terminal Server installation may not be the same as the files on the SP4 CD. You can't install new components, such as a new keyboard or printer driver, directly from SP4. You must install new components from the original product installation and then reinstall SP4. For example, if you install the Simple Network Management Protocol (SNMP) service after installing SP4, you must reinstall SP4. If you do not, you'll receive the error message "Entrypoint SnmpSvcGetEnterpriseOID could not be located in Snmpapi.dll." This is because some of the files in the SNMP service have been updated in the SP4 and you have a version mismatch. Reinstalling SP4 fixes the problem by copying the newer versions of the files to your system. NOTE: SNMP security provides the ability to set a permission level on the SNMP agent computer. The permission level determines how the SNMP agent computer will process requests from an SNMP community. ---------------------------------------- 3.3 Installing Symbol Files from the CD ---------------------------------------- Each program file in Terminal Server has a corresponding symbol file that is used to find the cause of kernel STOP errors. The symbols for SP4 files are compressed in self-extracting executables named Sp4symi.exe and Sp4syma.exe, for Intel-based and Alpha-based computers respectively. To install the symbol files corresponding to the new binaries in SP4, run the executable and specify the path to the location of the previous version's symbols (for example, c:\wtsrv\symbols\) when prompted. This copies the SP4 .dbg files over the existing versions of these files. ------------------------------------------------ 3.4 Hardware Compatibility with Terminal Server ------------------------------------------------ 3.4.1 Video Drivers Due to incompatibilities between the ATIRage drivers and service pack setup, the files Ati.sys and Ati.dll haven't been included with SP4. Any ATI drivers currently installed on your system will still function normally. If you install SP4 on a computer that has a Number Nine Visual Technologies Imagine 2 video card and drivers installed, you may experience some loss of functionality in the video driver, such as loss of resolutions requiring 256 or more colors. If you uninstall SP4, the Imagine 2 card may be unable to display 256 colors or more. There is no known resolution for either of these two issues because reinstalling the Imagine 2 video drivers doesn't restore the lost functionality. Number Nine is aware of this issue and is working on a fix. 3.4.2 Dell Latitude Systems If you're running Terminal Server on a Dell Latitude portable computer, your Dell-supplied Softex Advanced Power Management and PC Card Controller services (versions 2.0 and later) will continue to function after you install SP4. However, Softex version 1.0 will stop functioning after SP4 installation. To update your system for SP4, install version 2.19 or later of the Softex utilities, available from http://support.dell.com/filelib/ Your computer will become unusable if you reinstall any version of Softex earlier than 2.19 after installing SP4. 3.4.3 Softex/Phoenix Utilities You may encounter problems running SP4 if you're using any of the following Softex Incorporated or Phoenix Technologies: * Softex PC Card Controller * Phoenix CardExecutive for Windows NT * Softex Power Management Controller * Phoenix APM for Windows NT * Softex Docking Controller * Phoenix NoteDock for Windows NT * Softex DeskPower Controller * Phoenix DeskAPM for Windows NT Check the version number of the utilities you're using. You must be running version 2.19 or later of the Softex or Phoenix utilities to avoid problems with SP4. Don't install or reinstall any version of Softex or Phoenix utilities earlier than 2.19 on your system, or your system might not boot. For more information, visit the Softex Incorporated Web site at http://www.softexinc.com or Phoenix Technologies at http://www.phoenix.com. 3.4.4 255 SCSI Logical Unit Support Terminal Server detects only the first eight logical units on a SCSI device. To work around this limitation, install SP4 and add the following key in the registry: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[Driver Service Key] \Parameters\Device[N] LargeLuns: REG_DWORD: 0x1 where [Driver Service Key] is your SCSI driver name and [N] is the SCSI bus number. 3.4.5 SystemSoft Card Wizard If your computer contains SystemSoft CardWizard version 3.x and you install SP4, you may lose socket services functionality. To work around this issue, reinstall SystemSoft CardWizard version 3.x or later after installing SP4, or copy Pcmcia.sys from the Service Pack 4 Uninstall folder ($ntservicepackuninstall$) to the \%systemroot%\System32\Drivers folder on your computer. Reboot the computer. ----------------------- 3.5 Compaq Alpha Notes ----------------------- 3.5.1 Remotely Possible 32 with Matrox Millennium Display Adapter If you use Remotely Possible 32 on an Alpha-based computer with a Matrox Millennium display adapter, don't use the Matrox drivers. If you do, you will get a system failure after rebooting. You must use VGA-compatible display adapter drivers to use Remotely Possible 32. 3.5.2 Lotus Notes 4.5 If you want to use Lotus Notes and Internet Explorer 4.01 on an Alpha computer that runs Terminal Server, you must follow this sequence when installing SP4: 1. If you have Internet Explorer 4.01 on your computer, uninstall it. 2. Install SP4. 3. Install (or reinstall) Lotus Notes. 4. Install Internet Explorer 4.01 from the SP4 CD. This problem will be fixed in a future release. 3.5.3 Alpha Fixes in SP4 The following notes describe problems on Alpha-based systems that have been resolved since the release of Terminal Server. NOTE: Terminal Server SP4 ships with HAL Revision D. This revision is also currently available from Compaq. System Stops Responding on Alpha-based Systems with Only One Processor Physically Present The following Alpha-based systems, with only one processor physically present, no longer stop responding when booted: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 DIGITAL Server 5000 DIGITAL Server 7000 Clock Interrupt Period Changed from 7.5 ms to 10 ms SP4 changes the effective clock interrupt period on the following systems from 7.5 ms to 10 ms: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 DIGITAL Server 5000 DIGITAL Server 7000 This change will provide parity with Intel systems and alleviate performance anomalies caused by assumptions of 10 ms for the resolution for timers (which is equal to the clock interrupt period). Pyxis Error Registers HAL Revision D, which ships with Terminal Server SP4, supports updated Pyxis error registers. These updates provide more meaningful information during hardware failures. Peer-to-Peer DMA Transfers SP4, together with the current AlphaBIOS firmware, now allows peer-to-peer DMA transfers. PCI Devices with 256 MB of Memory or Higher The following Alpha-based platforms now support PCI devices with 256 MB of memory or higher for memory-mapped I/O: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Digital Server 3000 AlphaStation 600 AlphaStation 500 Alpha XL 3xx Alpha-Based Machines Sometimes Stop Responding When Rebooting The following systems no longer stop responding during an attempted reboot: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 DIGITAL Server 5000 DIGITAL Server 7000 I/O Performance Degradation or an Unresponsive Machine Under Heavy I/O Loads on Alpha-based machines with heavy I/O loads, certain device drivers consumed too many DMA map registers. This sometimes caused poor I/O performance or an unresponsive machine. SP4 provides a greater number of DMA map registers. Failures on Alpha-Based Systems with STOP Code 0x0A Minor correctable hardware errors no longer generate failures with STOP code 0x0A on the following machines: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Digital Server 3000 AlphaStation 600 AlphaStation 500 AlphaStation 600A Alpha XL 3xx 3.5.4 DIGITAL Ultimate Workstation 533 SP4 won't update the Hal.dll file on the system because Hal.dll is marked as an OEM file. To work around this, manually copy Halrawmp.dll from SP4 to your system. First locate the Hal.dll file on the system (in the \Osloader subfolder), and then copy Halrawmp.dll from SP4 to this folder, renaming it Hal.dll. 3.5.5 Installation Fails on Alpha-Based Machines with Windows NT Option Pack 1.0 Installed Security Configuration Manager (SCM) cannot be installed on Alpha-based machines that have the Windows NT Option Pack 1.0 for Alpha installed. This is because the Mfc42u.dll file installed by the Windows NT 4.0 Option Pack isn't compatible with SCM. To work around this, replace Mfc42u.dll installed by Windows NT Option Pack 1.0 for Alpha with Mfc42u.dll from the Terminal Server CD or from Visual C 6.0. This may cause problems with the applications in the Windows NT Option Pack 1.0 for Alpha. This will be fixed with the release of Windows 2000 Server. 3.5.6 Microsoft Transaction Server and Distributed Transaction Coordinator The file TestOracleXAConfig.exe isn't automatically installed on Compaq Alpha-based computers. If you are installing Terminal Server SP4 on an Alpha-based computer and will be using Microsoft Transaction Server (MTS) or the Distributed Transaction Coordinator (DTC) with an Oracle or XA-compliant database, you must manually copy this file from the CD-ROM to the %systemroot%\system32 folder on your hard drive. The symbol %systemroot% represents the installation folder for Terminal Server. For example, if your installation folder is C:\Wtsrv, copy the file to C:\Wtsrv\system32. TestOracleXAConfig.exe is located in the \Alpha folder on the Terminal Server SP4 CD. If you are installing Terminal Server SP4 on an Intel-based computer, TestOracleXAConfig.exe is automatically installed during Setup. ------------------------------------------------------ 3.6 Running Administrative Tools from a Remote Server ------------------------------------------------------ In order to run administrative tools from a remote server, you must upgrade the remote server to SP4. If you attempt to run administrative tools from a remote machine that hasn't also been upgraded to SP4, they will fail to load or won't function properly. ------------------------------- 3.7 CryptoAPI and Authenticode ------------------------------- The Authenticode environment won't be set up correctly for existing user accounts on upgrades from Terminal Server systems running Internet Explorer 3.02, but new user accounts created on the system won't be affected. Upgrades from Terminal Server systems with Internet Explorer 4.0 or later aren't affected either. Each user must enter the following command line in a command prompt window before using Authenticode: setreg 1 false 2 true 3 false 4 false 5 true 6 false 7 true 8 false 9 false 10 false Setreg.exe isn't part of SP4; you can download it as part of the CryptoAPI tools. You can install the latest CryptoAPI tools (Internet Explorer 4.0 or later) from the Platform SDK on MSDN. The CryptoAPI tools (also known as Authenticode Signing tools) that were released for Internet Explorer 3.02 are no longer supported. Tools released for Internet Explorer 4.0 will continue to work with SP4. If you install SP4 on a system with Internet Explorer 4.0 or later and then uninstall Internet Explorer, newer CryptoAPI components will be partially uninstalled. This won't affect the system if Internet Explorer 4.0 was installed after SP4. Reinstall SP4 after uninstalling Internet Explorer for full functionality. To ensure proper CryptoAPI functionality, it's recommended that you install Internet Explorer 3.02 or later before you install SP4. If you install Internet Explorer 3.02 or later after SP4, certain CryptoAP2 networking functions that have a dependency on Wininet.dll may fail. If you install Internet Explorer 4.0 after you install SP4, the following problems occur: * Certificate revocation checking fails. To fix this, reinstall SP4 after installing Internet Explorer 4.0. This will be fixed in a future release of Internet Explorer. * Certain CryptoAPI-related file extensions (.Cer, .Crt, and .Der) aren't registered correctly. To restore the file extension registration, run the following command line: Regsvr32.exe cryptext.dll This will be fixed in a future release of Internet Explorer. ----------------------------------- 3.8 Uninstalling Internet Explorer ----------------------------------- If you have Internet Explorer 4.0 or later on your system and then install SP4, uninstalling Internet Explorer will partially uninstall newer CryptoAPI components. Reinstall SP4 after uninstalling Internet Explorer. This problem won't affect the system if Internet Explorer was installed after SP4. ------------------------ 3.9 Message Queue Notes ------------------------ A new MSMQ registry entry helps you configure MSMQ so it does not attempt to contact MQIS at startup (to avoid auto-dialing, for example). To activate that mode, under the registry key: "HKEY_LOCAL_MACHINE\Software\Microsoft\MSMQ\Parameters", add a value "DeferredInit" of type DWORD and with a value of 0x1. Add this only if the initial MQIS access causes unwanted dial-up, because this setting can delay applications calling MQOpenQueue in offline situations. -------------------------------------- 3.10 Installing COM Internet Services -------------------------------------- 3.10.1 Installing COM Internet Services COM Internet Services (CIS) provides facilities for making DCOM calls over the Internet when other transports can't be used because of a firewall on the server side or a proxy server on the client's network. There are three configuration options for CIS: 1. Windows 95 or Windows 98 CIS Client Support 2. Windows NT 4.0 SP4 and Windows 2000 CIS Client Support 3. Windows NT 4.0 SP4 and Windows 2000 CIS Server Support This section explains how to install CIS on computers running Terminal Server SP4. If possible, you should start with client and server machines that aren't separated by either proxy servers or firewalls. Once you have verified that this configuration works correctly, you can add proxy servers or firewalls to the configuration. 3.10.2 Terminal Server SP4 CIS Client Support To enable CIS, add the Tunneling TCP protocol to the DCOM protocol list after you install SP4. To modify the protocol list by running DCOMCNFG 1. Select the Default Protocols tab. 2. Click Add. 3. Select Tunneling TCP/IP and then click OK. 4. Reboot the system to have this change take effect. If multiple protocols are configured, DCOM attempts to use them in the order in which they appear in the DCOM protocol list. 3.10.3 Terminal Server SP4 CIS Server Support For Terminal Server, CIS requires that you install SP4 on your Windows NT Server 4.0 computer. Internet Information Server 4.0 (including the Internet Service Manager) must be running. IIS 4.0 is part of the Windows NT 4.0 Option Pack. >>>To install CIS 1. Create an RPC subdirectory under your Inetpub directory. For example, at the command prompt, type md c:\inetpub\rpc This directory will be referred to as %inetpub%\rpc in the following instructions. 2. Copy Rpcproxy.dll from the Windows system directory to %inetpub%\rpc. For example, at the command prompt, type copy %windir%\system32\rpcproxy.dll c:\inetpub\rpc 3. Create a virtual root for the directory you created. To do this: * Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Server Manager. * In the left pane of the MMC window, select Console Root/IIS/ /Default Web Site. * Right-click Default Web Site, click Create New, and then click Virtual Directory. * In the New Virtual Directory wizard, enter the following: alias to be used to access virtual directory = rpc physical path = %inetpub%\rpc permissions = Execute Access 4. Don't close Internet Service Manager. Change the connection timeout for the Default Web Site to 5 minutes. To do this: * In the left pane of the MMC window, select Console Root/IIS/ /Default Web Site. * Right-click Default Web Site, and then click Properties. * In the Default Web Site Properties dialog box, select the Web Site tab. * Change the Connection Timeout to 300. * Click OK. Do not close Internet Service Manager. * Install the RPC Proxy ISAPI Filter. To do this, run the IIS 4.0 Internet Service Manager, select Console Root/IIS/ in MMC, right-click the machine name, click Properties, select Edit for the Master WWW Service Properties, select the ISAPI Filters tab, select Add, and then type: filter name = Rpcproxy executable = %inetpub%\rpc\rpcproxy.dll 5. Close Internet Service Manager. 6. Enable CIS on the server by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Properties tab. * Ensure that the check box labeled Enable COM Internet Services on this computer is checked. Don't close DCOMCNFG. 7. Add the Tunneling TCP protocol to the protocol list. You can modify the protocol list by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Protocols tab. * Click Add. * Select Tunneling TCP/IP and click OK. * Close DCOMCNFG. 8. Restart your computer to have these changes take effect. 3.10.4 Notes on Proxy Servers If your client is located behind a proxy server, ensure that: * The proxy server is configured to enable the HTTP CONNECT verb for port 80. * Your client computer is correctly configured to use the proxy server to access the Internet. To configure your client to use the proxy server, use the Internet control panel. 3.10.5 Notes on Firewalls CIS requires that the firewall allow TCP/IP traffic through port 80. ----------------------- 3.11 Event Log Service ----------------------- SP4 contains new features in the Event Log service to assist administrators in measuring the reliability and availability of Terminal Server. The SP4 Event Log service records three new events in the system event log that are useful in measuring operating system availability: * Clean Shutdown Event (Event ID: 6006) The Event Log service records a clean shutdown event whenever an operating system shutdown is initiated. A clean shutdown can be initiated through several mechanisms: direct user interaction using the Shut Down screen; Shutdown/Restart using Ctrl+Alt+Delete; Shutdown/Restart using the Start Menu; and Shutdown/Restart using the Logon screen. Clean shutdowns are also recorded if one of the following shutdown events happens programmatically: InitiateSystemShutdown WIN32 API (local), or InitiateSystemShutdown WIN32 API (remote). * Dirty Shutdown Event (Event ID: 6008) The Event Log Service records a dirty shutdown event whenever the operating system is shut down by an event other than a clean shutdown. The most common cause is when the system is power-cycled, that is, Terminal Server is stopped by powering off the system. The event is recorded the next time the system is rebooted. When Terminal Server is running, the system periodically writes a time stamp to the registry, which always overwrites the "last alive" time stamp from the previous interval. When the "last alive" time stamp is written, it's also flushed to disk. A normal clean shutdown is also flagged in the registry. If the clean shutdown flag isn't found on disk when an SP4 system reboots, a dirty shutdown event is recorded. The description part of the event contains the "last alive" time stamp. The "last alive" time stamp is written to the registry at a default interval of five minutes to HKLM\Software\Microsoft\Windows\CurrentVersion\Reliability\ LastAliveStamp. Adding the registry DWORD value TimeStampInterval can change the interval. This value is in units of minutes. Setting it to zero prevents any "last alive" time stamp logging: only the boot and normal shutdown stamps will be written in that case. * System Version Event (Event ID: 6009) The Event Log service records a system version event containing the operating system version information whenever the system is booted. This makes it easier to post-process Terminal Server system event logs by operating system version. NOTE: Previously, the recording of operating system crashes in the event log (Save Dump events) was optional. Crash events were recorded by default, but a system administrator could disable this behavior in the System control panel by clearing "Write an event to the system log when a STOP error occurs" on the Startup/Shutdown tab. In SP4, recording crashes in the event log is mandatory for Terminal Server and can't be disabled by an administrator. ===================================== 4.0 ADDITIONAL FIXES AND WORKAROUNDS ===================================== This section contains additional fixes and workarounds for SP4. ------------------------------------- 4.1 Installing SQL7 and Office97 SR2 ------------------------------------- After installing SP4, you will encounter a problem if you attempt to install programs that use ODBC components, such as SQL7 and Office 97 Service Release 2. To install these products, you must first stop Terminal Server License Service, which locks certain files that are updated during installation. Once you have installed the program, restart Licensing Service. If you rebooted after installation, Licensing Service restarts automatically. Otherwise, you can restart it manually by typing NET START TEMSERVLICENSING at the command prompt. As an alternative, click Start, point to Settings, click Control Panel, and then double-click Services. In Services, select Terminal Server Licensing and click Start. ---------------------------------------------------------- 4.2 Installing Terminal Server on a Windows 2000 Computer ---------------------------------------------------------- If you install Terminal Server on a computer that has Windows 2000 Beta or later installed, Setup may continuously reboot at the boot menu after the initial text mode phase of Terminal Server Setup. To prevent this, use the updated Winnt32.exe file on the SP4 CD. >>>To update Winnt32.exe 1. Copy the Winnt32.exe file from the Terminal Server SP4 CD to a folder on your hard disk, or double-click the file on the CD. The Winnt32.exe file is located in the \Support\Winnt32 folder. 2. When you are prompted for the location of the Terminal Server files, supply the path to the \I386 or \Alpha folder on the CD. 3. Install SP4. 4. Copy NTLDR and NTDETECT.COM from the Windows 2000 CD to the root of the system drive. NOTE: To use this installation method, the partition you install to must contain the FAT file system. For more information, see http://support.microsoft.com/support/kb/articles/Q185/3/22.asp ---------------------------------------------------------- 4.3 Dual Booting Between Terminal Server and Windows 2000 ---------------------------------------------------------- When you install a dual-boot system on your computer to access both Terminal Server and Windows 2000, each installation or instance of Windows 2000 must have a unique computer name. NOTE: This is required only if your dual-boot computer is on the same domain. ---------------------------------------------- 4.4 NTFS Version 4 and NTFS Version 5 Support ---------------------------------------------- There are two recent versions of the NTFS file system: * Version 4 is supported by Windows NT 3.51, Windows NT 4.0, and Terminal Server. * Version 5 is supported by Windows 2000. SP4 contains an updated version of NTFS.sys that can also read NTFS 5 volumes. NOTE: The following installations don't support dual-boot systems: * Pre-Windows NT 4.0 Service Pack 3 installations * Windows NT 3.51 or earlier installations These features of NTFS 5 can't be accessed from SP4, even with the updated NTFS.sys: * Release points (also called mount points or junction points) * Native Structured Storage (NSS) files * Encrypting File System (EFS) * Disk Quotas Attempts by Terminal Server SP4 users or applications to access release points or NSS files created on NTFS 5 drives with a Windows 2000 installation will fail, usually with an "access denied" error. Antivirus applications may report to the user (log file, popup dialog, or both) when a file can't be accessed. These applications may report a failure to access NSS files with extensions that the applications are set to scan. Archiving programs cannot add NSS files to an archive, and this might be reported as an error. Backup programs won't back up NSS files or release points as expected. They may log the failures as either "file in use" or "file not available." Some backup applications fail when trying to verify folders that contain NSS files during the backup process. When an NTFS 5 volume is mounted under Terminal Server SP4, NTFS 5 features are unavailable and chkdsk can't be performed against the volume. However, most read/write operations function normally if they don't make use of any NTFS 5 features. Also, since files can be read and written on NTFS 5 volumes under Terminal Server, Windows 2000 may need to perform "clean-up" operations by running chkdsk on the volume after it was mounted on Terminal Server. These clean-up operations ensure that the NTFS 5 data structures are consistent after a Terminal Server mount operation. ------------------------------------ 4.5 Internet Information Server 4.0 ------------------------------------ 4.5.1 Username/Password Length The length limitation for Username/Password combinations when using Internet Information Server 4.0 has been fixed in SP4. This previously caused errors when using basic authentication on IIS 4.0. 4.5.2 Global.asa To use the Global.asa file after installing SP4, ensure that the file is in an application root folder. This is a change from the implementation in Windows NT 4.0 Option Pack, in which Global.asa was mistakenly processed from within a virtual directory. The Global.asa file specifies event scripts and declares objects that have session or application scope. In Windows NT 4.0 Option Pack, the file Asp.dll processed Global.asa from the lowest defined virtual directory. This has been changed in SP4. After SP4 is installed, customers who are using Global.asa may need to make changes to IIS for the file to work properly. For more information, see the topic "Global.asa Reference" in the Windows NT 4.0 Option Pack online documentation. To ensure that Global.asa is available to Asp.dll after applying SP4, mark folders that contain Global.asa files as applications. For more information, see the topic "Creating Applications" in the Windows NT 4.0 Option Pack online documentation. Certain CryptoAPI-related file name extensions (.cer, .crt, and .der) aren't registered correctly when Internet Explorer 4.0 is installed after SP4. To restore the file name extension registration, run the following command line: Regsvr32.exe cryptext.dll ----------------------------------- 4.6 Security Configuration Manager ----------------------------------- 4.6.1 Error Messages Received When Logging on to a Secure Desktop The first time a user logs on to a Compatible, Secure, or Hi Secure Terminal Server system running Internet Explorer 4.0 or later, the following error message appears: INF Install Failure. Reason: Access is denied. Corresponding Start Menu Items are missing. To work around this error message, have potential users of the system log on before securing the desktop. 4.6.2 Incorrect Analysis When Registry Key Doesn't Exist If a registry value doesn't exist, analysis results for that registry value may be inaccurate. To work around this, configure the registry value to the appropriate setting. This problem will be fixed in Windows 2000. 4.6.3 Inherit Mode Not Available Administrators can decide how SCM should configure child objects after Access Control Settings for file system and registry objects are defined. The options are: Inherit, Overwrite, or Ignore. In Terminal Server, the Inherit option is grayed out and therefore not available. --------------------------- 4.7 Updating Audio Drivers --------------------------- If you aren't receiving audio from a Crystal Semiconductor audio chip or a Creative Labs Sound Blaster AWE32 Plug and Play Wavetable Synthesizer, you may need to install the updated drivers for these devices. For detailed information on updating these drivers, see http://support.microsoft.com/support/kb/articles/Q143/1/55.asp --------------------------- 4.8 Microsoft Proxy Server --------------------------- 4.8.1 Web Administration Tool After SP4 is installed, Web Administration Tool for Microsoft Proxy Server 2.0 may stop working because Internet Information Server doesn't have the correct application setting for it, which requires script execute permission. This problem may only occur with Terminal Server SP4 and Windows NT 4.0 Option Pack. To change the application setting for the Proxy Server Web Administration Tool: 1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Server, and then click Internet Service Manager. 2. Click Internet Information Server in the left pane. 3. Double-click your server name in the right pane. 4. Double-click MS Proxy Administration Web Site in the right pane. 5. In the right pane, right-click PrxAdmin, and then click Properties. 6. Click the Virtual Directory tab. 7. In the Application Settings section, set the Permissions to "Script," and then click Create. If a Remove button is displayed and there isn't a Create button, no further action is necessary (the system is already properly configured). 9. Click OK. You may have to reboot your computer. 4.8.2 Microsoft Proxy Server 1.0 Client Installing SP4 on a Windows NT 4.0 Terminal Server with Microsoft Proxy Server 1.0 client installed causes the WinSock Proxy Client component to be disabled. As a result, applications that access the Internet and depend on the Proxy client may not be able to access the Internet. To correct the problem, reinstall the Proxy Server Client component after you install SP4. It's recommended that you uninstall Microsoft Proxy Client before installing SP4, and then reinstall Proxy Client. ====================== 5.0 APPLICATION NOTES ====================== This section includes application notes for SP4. These applications were not necessarily tested in a multi-user environment. --------------------------------------------- 5.1 CheckIt Diagnostic Kit 4.0 by Touchstone --------------------------------------------- CheckIt Diagnostic Kit version 4.0 won't have full functionality when installed on top of any version of Terminal Server. ----------------- 5.2 Inoculan 4.0 ----------------- Inoculan version 4.0 Service Pack 2 with build number 373 or later is fully compatible with SP4. The previous release of Inoculan 4.0 Service Pack 1 with build 270 will cause a Terminal Server bugcheck when you install SP4. You can download Inoculan SP2A build 375 (il0145i.zip) from http://www.cai.com ----------- 5.3 Exceed ----------- If you use Exceed Inetd.exe to provide basic telnet services in Terminal Server, contact Hummingbird Software at http://www.hummingbird.com for an update. The version that ships with Exceed 6.0.1 doesn't work with SP4. ------------------------- 5.4 Microsoft NetMeeting ------------------------- 5.4.1 Security NetMeeting 2.1 is vulnerable to maliciously created speed-dial objects that can cause NetMeeting to stop responding. If this happens, the computer's memory is exposed and may be intentionally corrupted. To work around this, download the Speed Dial patch from http://www.microsoft.com/netmeeting 5.4.2 Y2K When you transfer a file with a system date greater than 2000, the received file date is increased by 28 years. To work around this, download NetMeeting version 2.1 (or later) at http://www.microsoft.com/netmeeting ------------------- 5.5 Numega SoftICE ------------------- If you try to install SP4 and you aren't using the latest version of SoftICE, version 3.24, a message appears stating that Windows has detected a version of SoftICE that isn't supported. You can register and download the latest version of SoftICE from http://www.numega.com/support/updates.htm. Earlier revisions of the SoftICE software cause system errors when you install SP4. SoftICE version 3.24 is a no-charge update for registered version 3.2 customers. If your version of SoftICE is earlier than 3.2, contact the Numega sales department at 1-800-4NUMEGA (or 1-603-578-8400) to purchase an upgrade. --------------------------------------- 5.6 Rational Visual Quantify Version 4 --------------------------------------- If you install Terminal Server SP4 on a system with Rational Visual Quantify version 4 installed, you may get .dll error messages. To work around this, reinstall Rational Visual Quantify after you install SP4. --------------------------- 5.7 Microsoft IntelliPoint --------------------------- If you receive an access violation from IntelliPoint Productivity Tips (Tips.exe) while installing SP4, we recommend that you install the latest version of IntelliPoint software, available from the Microsoft Web site at http://www.microsoft.com/products/hardware/mouse/ ========================================= 6.0 LIST OF BUGS FIXED IN SERVICE PACK 4 ========================================= All bug fixes contained in SP4 are documented as Knowledge Base articles. You can query the Knowledge Base to find an article about a specific bug by using the Qxxxxxx number that is assigned to the bug. You can browse the Knowledge Base on the Microsoft Web site at http://support.microsoft.com/support/ For a list of all bug fixes in Terminal Server SP4, see http://support.microsoft.com/support/kb/articles/q150/7/34.asp ============================================== 7.0 DEPLOYMENT NOTE FOR SP4 (128-BIT VERSION) ============================================== System administrators and others who anticipate corporate-wide deployment of this product should consult Faq.txt for specific cautions regarding the nature of this high-encryption product. If you plan to install this product on a computer and travel out of the country with that computer, consult Faq.txt for cautions and requirements regarding the nature of this high-encryption product. ================================================== 8.0 EXPORT RESTRICTIONS FOR SP4 (128-BIT VERSION) ================================================== The North American (128-bit) version of SP4 is intended for distribution only in the United States and Canada. Effective January 1, 1997, export of this service pack from the United States is regulated under "EI controls" of the Export Administration Regulations (EAR, 15 CFR 730-744) of the U.S. Commerce Department, Bureau of Export Administration (BXA). EI controls are the current equivalent of ITAR munitions export controls that previously applied to this product. EI controls require that you obtain a Commerce export license prior to any export, transmission, or shipment of this product to any country, other than Canada, or to any person, entity, or end user subject to U.S. export restrictions. For further information, the Commerce export license process and EI controls are described on the BXA Web site at http://www.bxa.doc.gov/encstart.htm. Microsoft will distribute the North American (128-bit) version of SP4 to U.S. or Canadian companies or persons for end-use in the U.S. or Canada only. ======================================================= 9.0 STRONG ENCRYPTION SUPPORT IN SP4 (128-BIT VERSION) ======================================================= Available through SP4, CryptoAPI provides developers with access to standards-based, core cryptographic functionality. An Enhanced Cryptographic Service Provider is included in SP4, allowing applications that call CryptoAPI to use stronger keys and new algorithms. Algorithm support has been extended to include DES and Triple DES. Keylengths have been extended for RC2 and RC4 ciphers to 128-bits; RSA Keylengths have been lengthened to allow up to 16K-bit keys. SP4 also includes 128-bit support for Remote Access Server (RAS). Wide area connections made using RAS on Terminal Server will use a 128-bit key to encrypt data, thus providing a more secure connection. Secure Sockets Layer (SSL) is used today by Internet browsers and servers (including Microsoft Internet Explorer and Microsoft Internet Information Server) for message integrity and confidentiality of communications and for optionally mutual authentication. With SSL, parties using the Internet can be confident that their communications are private and haven't been tampered with or altered. The version of SSL shipped with SP4 uses 128-bit encryption. Secure Remote Procedure Call (RPC) has also been enhanced to support 128-bit encryption. Any application that requests secure RPC will automatically use 128-bit encryption. Installing SP4 (128-bit version) will update your system with all of the strong encryption support.