DOCUMENT:Q169415 09-AUG-2001 [winnt] TITLE :Routing and Remote Access Release Notes Readme.doc File PRODUCT :Microsoft Windows NT PROD/VER:WinNT:4.0 OPER/SYS: KEYWORDS:kbnetwork ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT Server version 4.0 - Microsoft Routing and Remote Access Service Update for Windows NT Server version 4.0 ------------------------------------------------------------------------------- SUMMARY ======= This article contains the Release Notes Readme.doc file for Routing and Remote Access Service, formerly known as Steelhead. MORE INFORMATION ================ Release Notes for Windows NT Routing and Remote Access Service June 1997 ------------------------------------------------------------------------ *(c) 1997 Microsoft Corporation. All rights reserved. This document contains known issues for the Microsoft Routing and Remote Access Service for Windows NT Server version 4.0 release. Contents -------- - Using WordPad to View This Document - Routing and Remote Access Service Documentation - Setup Issues - Routing and Remote Access Service Packet Filtering and Windows NT 4.0 TCP/IP Security - Routing and Remote Access Service Packet Filtering and the Microsoft Proxy Server - Using DHCP Versus Static Pool Addresses on a RAS Server - Demand-Dial Interface Issues - IPX Issues - OSPF Issues - Miscellaneous Issues Using WordPad to View This Document ----------------------------------- If you enlarge the WordPad window to its maximum size, this document will be easier to read. To do so, click the Maximize button in the upper-right corner of the window. Or open the Control menu in the upper-left corner of the WordPad window (press ALT+SPACEBAR), and then click Maximize. To move through the document, press PAGE UP or PAGE DOWN. Or click the arrows at the top and bottom of the scroll bar along the right side of the WordPad window. To wrap words to the screen size or the ruler: 1. On the View menu, click Options. 2. Click Wrap to window or click Wrap to ruler, then click OK. To print the document: 1. On the File menu, click Print. 2. Select the printer, and then click OK. Routing and Remote Access Service Documentation ----------------------------------------------- After you download the Routing and Remote Access Service files from the Web, documentation is available for Routing and Remote Access Service in the \Doc directory of the directory in which you choose to install the files on your computer. For example, if you choose to install the files in theC:\Program Files\Routing directory, the documentation will be available in the C:\Program Files\Routing\Doc directory. If you want to view management information through an SNMP console, you can use the .mib (Management Information Base) files supported by Routing and Remote Access Service. The .mib files are also copied to the \Doc directory, as described in the preceding paragraph. NOTE: Routing and Remote Access Service running on Windows NT Server version 4.0 is also referred to as the Windows NT router. Setup Issues ------------ General Setup Issues - You must install Routing and Remote Access Service on a computer running Windows NT Server version 4.0 with Service Pack 3 installed. - You cannot run the Remote Winsock client on a Windows NT router. If you have the Remote Winsock client installed on the computer, delete it before installing Routing and Remote Access Service. - If Setup detects that you have any of the following services, you will be prompted to delete them: - Remote Access Service (RAS) - RIP for IP - RIP for IPX - SAP Agent - BOOTP/DHCP Relay Agent These services and the Registry settings for the services are now part of the Routing and Remote Access Service. For more setup information, see Chapter 2, "Installing and Configuring Routing and Remote Access Service," in the Administrator's Guide. Install Network Adapters Before Routing and Remote Access Service It is recommended that you install any network adapters or services (such as ISDN or PPTP) before installing Routing and Remote Access Service. If you install a network adapter or service after you have installed Routing and Remote Access Service, and if the adapter or service requires you to reinstall Service Pack 3, you must then update Routing and Remote Access Service. To update Routing and Remote Access Service: 1. In Network in Control Panel, on the Services tab, select Routing and Remote Access Service, and then click Update. 2. When prompted, type the path of the directory that contains the Routing and Remote Access Service program files. Setup Options: During the Routing and Remote Access Service Setup, you can install Remote access service (RAS), LAN routing, Demand-dial routing, or all three. If you install LAN routing, whatever network protocols are currently installed on your computer are automatically enabled for routing. However, if you install demand-dial routing, you can choose the protocols. To do this, click Network in the Routing and Remote Access Setup dialog box. NOTE: If you cancel Setup after the dialog box in which you choose Remote Access Service (RAS), LAN routing, or Demand-dial routing, then the Oemnsvra.inf file in your Systemroot\System32 directory is the version from Routing and Remote Access Service. To install Windows NT version 4.0 RAS or a previous version of Routing and Remote Access Service, you must manually copy the file Oemnsvra.inf from your Windows NT version 4.0 CD or your Service Pack CD to your Systemroot\System32 directory. For more information on the Setup options, see Chapter 2, "Installing and Configuring Routing and Remote Access Service," in the Administrator's Guide. Routing and Remote Access Service Packet Filtering and Windows NT 4.0 TCP/IP Security --------------- You can resolve the following two issues by using Network in Control Panel. On the Protocols tab, select TCP/IP Protocol and click Properties. - On the IP Address tab, click Advanced. The PPTP filtering option in the Advanced IP Addressing dialog box has no effect after Routing and Remote Access Service is installed. However, if you configured TCP/IP filters before you installed Routing and Remote Access Service, those filters will migrate to Routing and RAS Admin. - Click the Routing tab. If the Enable IP Forwarding check box is selected, do not clear it after you install Routing and Remote Access Service. If you do clear it, your router will not function properly. NOTE: This applies only if you have enabled IP routing before you installed Routing and Remote Access Service. If you have never enabled IP routing, you do not need to select this check box to enable the routing functionality of Routing and Remote Access Service. Routing and Remote Access Service Packet Filtering and Microsoft Proxy Server ----------------------------------------------------------------------------- If you install Microsoft Proxy Server and Routing and Remote Access Service on the same computer, it is important to use caution when you configure filtering in both Microsoft Proxy Server and Routing and Remote Access Service. Packet filtering in Routing and Remote Access Service can impair the functionality of Microsoft Proxy Server in two ways: - Routing and Remote Access Service input filtering can prevent inbound intranet client requests from being processed on the intranet interface. It can also prevent inbound response data from Internet Web servers from being processed on the Internet interface. - Routing and Remote Access Service output filtering can prevent translated Web requests by Microsoft Proxy Server from being transmitted to Internet Web sites on the Internet interface. It can also prevent translated Internet Web server responses by Microsoft Proxy Server from being transmitted to intranet clients on the intranet interface. If you want to use Microsoft Proxy Server on the same computer as Routing and Remote Access Service, you must configure local host filters in Routing and RAS Admin. For information about how to configure local host filters, see Chapter 3, "Administering Routing and Remote Access Service," of the Administrator's Guide, or see the online Help file in Routing and RAS Admin. Using DHCP Versus Static Pool Addresses on a RAS Server ------------------------------------------------------- If a RAS server is connected to a LAN with multiple network numbers on the same physical wire, do not use DHCP to assign addresses to clients. Instead, use a static address pool to assign the addresses. If you use DHCP to assign addresses to RAS clients, some clients might not be able to reach other computers on the LAN that are on the same subnet. For example, say a RAS Server uses DHCP to assign addresses. For its LAN interface, it gets the address a.a.a.11 from the range a.a.a.0, with a mask of 255.255.255.0. The RAS Server also uses the DHCP server to assign addresses for its RAS address pool. It gets the addresses b.b.b.10, b.b.b.11, and b.b.b.12 from the range b.b.b.0, with a mask of 255.255.255.0. Because the DHCP server gives addresses from both ranges to computers on the LAN, other computers on the LAN will have addresses on the b.b.b.0 subnet. Although the RAS Server uses only a few addresses from the b.b.b.0 subnet, it adds a route for the whole subnet through the RAS Server interface. Therefore, RAS dial-in clients cannot reach other computers on the b.b.b.0 subnet because of this bad route. To work around this, either use a static pool on the RAS Server, or add a static route to the RAS Server for all logical subnets on your local segment. Demand-Dial Interface Issues ---------------------------- General Demand-Dial Interface Issues: - When you restore the configuration of a router by using Load Configuration from the Server menu, the credentials for the demand-dial interfaces are not restored. You must specify them manually for each interface. - When a Windows NT router connects to another Windows NT router by using a demand-dial interface, both routers act as PPP clients and obtain an IP address for their local demand-dial interface from the remote router. There can be IP addresses from different subnets on each end of a WAN link. This is not a problem because it is a point-to-point link. However, if a routing protocol is used, configure the interface to use multicast, not broadcast. - You can use the Point-to-Point Tunneling Protocol (PPTP) that shipped with Windows NT version 4.0, or you can use the PPTP drivers that are in the directory in which you installed the Routing and Remote Access files. If you run Multilink PPTP, use these drivers to improve performance and stability on heavily used computers, or when connecting over congested networks. If you want to use these drivers, copy Raspptpe.sys, Raspptpm.sys, and Raspptpu.sys to your Systemroot\System32\Drivers directory. Demand-Dial Interface Is Unreachable: When a demand-dial interface reconnects after the WAN link has been disconnected, an error might appear in the Event Log. Also, in Routing and RAS Admin, the Connection State for the interface is temporarily marked unreachable. The event logged in Event Viewer is the result of a timing condition and is incorrectly marked as an error. It should be marked as information because the router recovers and successfully reconnects the interface in these cases. The event logged in Event Viewer is the following: Event ID: 20111 Source: Router Event Description: A Demand Dial connection to the remote interface on port was successfully initiated but failed to complete successfully because of the following error: The interface is already connected. Connect to Third-Party Routers: You can enable a Windows NT router to request an IP address when you connect to third-party routers through demand-dial interfaces. To enable a Windows NT router to request an IP address: 1. In Network in Control Panel, on the Services tab, select Routing and Remote Access. 2. Click Properties, and then click Network. 3. In the Network Configuration dialog box, click the TCP/IP Configure button. 4. Select the Allow remote clients to request a predetermined IP address check box. Removing an Interface when the Router is stopped In Routing and RAS Admin, if you remove a demand-dial interface when the router is stopped, the interface is removed from the Registry, but is left behind in the router phonebook file. If you want to add the interface again and you continue to receive the error "interface already exists," you must delete the entry from the router phonebook file. To delete an entry from the router phonebook: 1. In your Systemroot\System32\Ras directory, open the Router.pbk file in a text editor. 2. Delete the entry for the demand-dial interface. 3. Save and close the file. IPX Issues ---------- General IPX Issues: - If your Windows NT router is a primary domain controller (PDC) that uses only the IPX protocol, then clients that dial in to that Windows NT router will not be validated on the router's domain. To avoid this problem, add the IP protocol on the router, or move the Windows NT router to a different computer. - If your Windows NT router is using File and Print Services for NetWare (FPNW), the router cannot connect to any FPNW shares on the router. This does not affect any other aspect of FPNW. Clients can still connect and use FPNW on the router, and the router can connect and use FPNW on other NetWare servers. - If the IPX protocol does not route with Eicon Technology WAN Services for Windows NT V3R4, then use the Eicon Configuration tool (Ecadmin.exe) supplied by Eicon. Run Ecadmin.exe, select router, select connections, and then select the X25 entry on the right. Select properties, and ensure that 00 appears in the User Data field. Repeat this procedure on all the systems that use Eicon WAN Services for IPX to route. Disable IPX Routing: By default, if you have installed the IPX transport protocol, your router is an IPX router. If you want to disable IPX routing on your computer, you must disable IPX on all RIP for IPX and SAP for IPX interfaces in Routing and RAS Admin. Do not delete the NWLink IPX/SPX Compatible Transport protocol or disable the bindings for IPX in Network in Control Panel. If you do, Routing and RAS Admin will not start. To disable IPX routing: 1. In Routing and RAS Admin, under IPX Routing, select RIP for IPX or SAP for IPX. 2. Right-click an interface, and then select Configure Interface. 3. In the Interface Configuration dialog box, clear the Enable RIP or SAP on this Interface check box. You must complete this procedure for every IPX interface in Routing and RAS Admin. Disable RIP or SAP Protocol: There is no way to individually remove RIP for IPX or SAP for IPX routing protocols. However, you can disable them by using the Routing and RAS Admin tool in the Start/Programs/Administrative Tools (Common) folder. To disable IPX RIP or IPX SAP on an interface: 1. In Routing and RAS Admin, under IPX Routing, select RIP for IPX or SAP for IPX. 2. Right-click an interface, and then select Configure Interface. 3. In the Interface Configuration dialog box, clear the Enable RIP or SAP on this Interface check box. Auto-Static Route Updates Fail for IPX Interfaces: In Routing and RAS Admin, if you do an auto-static update over an IPX demand-dial interface and the static table remains empty for the interface you are updating, check the network number of the interface. To check the network number: - Under IPX Routing, click Summary, and then select the demand-dial interface. Check the number that is displayed in the Network Number column. If the network number is anything other than zero, you must replace the Nwlnkipx.sys file on your computer. To do this, copy the Nwlnkipx.sys file from the directory in which you installed the Routing and Remote Access Service files on your computer to your Systemroot\System32\Drivers directory, and then restart your computer. For more details about this problem, see the Ipxfix.txt file that is located in the \Support directory in the directory in which you installed the Routing and Remote Access Service files on your computer. OSPF Issues ----------- General OSPF Issues: - In Routing and RAS Admin, in the global OSPF Configuration dialog box, do not configure the router identification number to be 0.0.0.0. - When you configure an OSPF router, do not duplicate router identification numbers. The router identification number must uniquely identify a router throughout the OSPF autonomous system. Change One of Multiple IP Addresses on an OSPF Interface: If OSPF is configured on an interface that has multiple IP addresses and you want to change one of the IP addresses, complete the following steps: - Remove the interface from OSPF. - Change the IP address. - Restart your computer. - Add the interface to OSPF. To remove the interface from OSPF: 1. In Routing and RAS Admin, under IP Routing, select OSPF by Bay Networks. 2. Right-click the interface and then click Remove interface. To change the IP address: 1. In Network in Control Panel, configure the TCP/IP Protocol. 2. In the IP Address tab, click Advanced. 3. In the Adapter box, select an adapter. 4. In IP Addresses, click Edit. 5. Type the new IP address and click OK. 6. Restart your computer. To add the interface back to OSPF: 1. In Routing and RAS Admin, under IP Routing, right-click OSPF by Bay Networks, and then click Add interface. 2. Select the interface to add and then click OK. 3. On the General tab, select each IP address in the IP Address box, and then click the Enable OSPF on this interface check box. 4. When you are finished configuring the interface, click OK. OSPF and the Default Gateway: It is possible to unintentionally advertise a default route within an autonomous system (AS). If you configure the TCP/IP protocol by using Network in Control Panel and enable a default gateway, adding this same default gateway address on an OSPF interface might cause the unintentional advertisement. The problem occurs when the router is defined as an autonomous system boundary router (ASBR) and you add the interface to OSPF, then enable OSPF to run on the interface. OSPF, as a result, picks all of the non-OSPF routes that are configured on the interface and advertises them to the AS. This means that the router also picks the default route (0.0.0.0) and advertises it to the other OSPF routers. If the router that is the default gateway also runs OSPF, it will learn about the default route and thus learn that the next hop for the default route is itself. This causes the default gateway to drop all the packets destined to the default route since the next hop is its own interface. This can cause major network problems. NOTE: This can also occur when you add a static route to the address 0.0.0.0. If you still need the default route locally, you can prevent OSPF from picking it up and advertising it by adding a route filter that processes all the external routes except the default route. To add the route filter: 1. In Routing and RAS Admin, right-click OSPF by Bay Networks and then click Configure OSPF. 2. On the External Routing tab, click Routes. 3. In the OSPF External Route Filters dialog box, click Process all routes except those listed. 4. Enter a route with the address 0.0.0.0 and the mask 0.0.0.0, and then click Add. NOTE: The External Routing tab is visible only after you configure the router as an AS boundary router on the General tab. Use OSPF and RIP Together: If two routers use OSPF, do not use any other routing protocols between them. This is because you do not want the routers to exchange intra-area or inter-area routes through another routing protocol that were originally learned by OSPF. To work around this problem, configure only one router to listen to RIP. Configure the other router not to listen at all. To do this, you can use either of these methods: - Set a peer filter to drop RIP packets that come from the remote OSPF router. - Ignore incoming RIP packets that come over an interface. To set a peer filter for RIP: 1. In Routing and RAS Admin, right-click RIP for IP, and then click Configure RIP. 2. On the Security tab, select the Discard all announcements from the routers listed check box. 3. Enter the address of the computer to ignore, and click Add. To ignore RIP packets on an interface: 1. In Routing and RAS Admin, select RIP for IP. 2. Right-click the interface, and then click Configure interface. 3. On the General tab, in the Protocol for incoming packets box, select Ignore incoming packets. Miscellaneous Issues -------------------- - If the router process (Routing and Remote Access Service) is not responding, restart your computer. - If you save the configuration of a remote computer by using Save Configuration from the Server menu, the directory and drive into which you are saving must exist on both the local and the remote computers. For example, if you are saving a configuration to the C:\Save directory on the computer on which you are running Routing and RAS Admin, then make sure the C:\Save directory exists on the remote computer you are administering. - To monitor a Windows NT router you must use the Routing and RAS Admin tool in the Start/Programs/Administrative Tools (Common) folder. To administer a Windows NT version 4.0 or earlier RAS Server, you must use the Remote Access Admin tool (Rasadmin.exe). - Routing and Remote Access Service supports only 40-bit encryption. If you upgrade a RAS server that uses 128-bit encryption to Routing and Remote Access Service, you will have only 40-bit demand-dial and RAS encryption. - You cannot remove a routing protocol by using the Routing and RAS Admin tool (Mpradmin.exe). However, you can remove a routing protocol by using the routemon command. You can add a routing protocol by using the Routing and RAS Admin tool or the routemon command. To delete a routing protocol by using routemon, at the command prompt, type: ROUTEMON IP DELETE PROTOCOL PROTO= { RIP | OSPF | BOOTP } - The following are limits for Routing and Remote Access Service: - 16 LAN interfaces - 48 demand-dial interfaces - 256 RAS clients You must purchase a client access license for every remote access connection/port that you configure. For more information, see your license agreement. Information in this document is subject to change without notice. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Complying with all applicable copyright laws is the responsibility of the user. No part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. If, however, your only means of access is electronic, permission to print one copy is hereby granted. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Microsoft, MS-DOS, MS, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. Other product and company names mentioned herein may be the trademarks of their respective owners. Additional query words: rras ====================================================================== Keywords : kbnetwork Technology : kbWinNTsearch kbWinNT400search kbWinNTSsearch kbWinNTS400search kbWinNTS400 kbAudDeveloper kbRRASNTSearch kbRRASNT400 Version : WinNT:4.0 Issue type : kbinfo ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2001.