In-Depth
Windows 2000 SP3 Top 10 Fixes
Along with hardware and software fixes, this patch addresses recent antitrust settlement compliance issues.
Just like its predecessors, Windows 2000 Service Pack 3 fixes a large
number of bugs in Windows 2000. SP3 is cumulative—all the fixes that
were available in previous service packs are included. SP3 also adds a
series of security enhancements in keeping up with Microsoft's Trustworthy
Computing Initiative and addresses some issues that bring Microsoft in
compliance with the proposed antitrust settlement with the U.S. Department
of Justice.
In this article we will look at the top 10 fixes in SP3 related to the
operating system, networking, directory services, printing, management,
and the like. Just so you know, this is my personal top 10 list of the
fixes and is not something that Microsoft has officially endorsed. For
a complete listing of all the fixes in SP3, check out Knowledge Base article
Q320853
on Microsoft's Web site. At the end of this article, we will also examine
what Microsoft didn't fix in this service pack.
10. Wake Me Up When My Print
Job Is Finished
SP3 fixes a problem with Hewlett-Packard multifunction printers,
such as the OfficeJet series, that are connected to the parallel port.
The standard, single-function HP printers don't seem to have the same
problem. This bug has to do with the CPU utilization that can jump to
a high number (50-100) and then stays that high when you send a print
job to one of these multifunction printers. When the CPU utilization is
so high, you may not be able to use other applications, which seem to
hang or are running painfully slow. Microsoft recommends that you check
the port mode settings in your computer's BIOS. If the port mode is set
to AT, change it to ECP.
Depending on your computer, the port mode that uses ECP may be listed
as ECP, EPP, ECP/EPP, or PS/2. If the port mode is already set to ECP
and you still experience high CPU utilization, then SP3 should fix the
problem. (By the way, you may notice that changing port mode to ECP also
considerably improves scanning on your HP multifunction printer.)
Look
Before You Update |
Before we look at some of the fixes in more detail
I should point out that a large number of people have
reported problems with SP3. Microsoft has announced
that there are dozens of Windows 2000 and Active Directory
hotfixes that can cause conflicts with SP3. You need
to ensure that you use the updated versions of the hotfixes.
Details are available in the Knowledge Base articles
Q326797,
Q326936
and Q309601.
Users with AMD processors in particular have some serious
complaints about SP3. My contacts at Microsoft tell
me that they had6UNMJ some issues with the Windows Installer
(.msi packages) during SP3 deployment. Check out KnowledgeBase
article Q324906
for details.
|
|
|
9. Bang! You're Dead
If you try to connect to a domain controller with a username that starts
with an exclamation point "!" (commonly referred to as bang), you may
not be able to connect. For example, if you use the user principal name
(UPN) format to connect to the domain, such as !user1@nwtraders.msft,
the server may refuse connection. If you use the SAM account name, such
as nwtraders\!user1 you may be able to logon successfully. With SP3, you
should be able to logon properly with both the UPN and the SAM account
name.
|
Figure 1. SP3 fix: Connecting to DC with username
preceded with a bang. |
8. Watch Your PTEs
When you use the 4GB RAM Tuning (4GT) feature on a Windows 2000
Advanced Server or Windows 2000 Datacenter Server, you can increase the
user-mode memory available to applications from the default 2GB to 3GB.
You do this by expanding the virtual address range for the programs. By
default, the user-mode address range is 0x0000000 through 0x7FFFFFFF,
and the kernel-mode address range is from 0x80000000-0xFFFFFFFF. With
4GB RAM Tuning, the user-mode is expanded to 0x0000000 through 0xBFFFFFF
and the kernel-mode range is reduced to 0xC0000000-0xFFFFFFFF. The 4GB
RAM Tuning feature is also referred to as the /3GB switch: To enable this
feature you add a /3GB switch in the boot.ini file.
When you use 4GB RAM tuning on the servers, the system Page Table Entries
(PTEs) are significantly affected. In fact, a lot of times the scsiport.sys
driver can cause a fatal system error 0x000000d8 when your server is low
on PTEs. This behavior is likely due to servers performing heavy duty
tasks, such as Exchange or SQL Server. As a result, you end up getting
a blue screen of death with the following error:
*** STOP 0x000000D8 DRIVER_USED_EXCESSIVE_PTES
SP3 fixes these excessive PTE errors. For more information on 4GB RAM
Tuning feature check out Q291988.
7. Ever Heard of a 4MHz System?
One of the bugs that SP3 fixes is the way the System Information
tool (winmsd.exe or msinfo32.exe) reports the processor speed on mobile
computers. Instead of reporting the maximum clock speed, the msinfo32.dll
reports the current clock speed, which varies on mobile computers depending
on the CPU usage. The System Information tool may report the processor
speed to be ~4MHz.
|
Figure 2. SP3 fix: SysInfo reports on computer
with clock speed of less than 4 MHz. (Click image to view larger version.) |
6. Don't Touch My Camera
If your computer supports a USB camera and it's Advanced Configuration
and Power Interface (ACPI) compliant, and if you connect your USB camera
to your computer, you may notice that everything is working just fine.
So, what's the problem? Well, if you then suspend the computer and disconnect
the USB camera, when you restart the computer the camera may still be
visible in the Device Manager. The rest of the behavior depends on whether
or not the Device Manager was running. If it was running when you removed
the camera, the Device Manager may just hang and won't even let you scan
for new hardware. If it wasn't running and you try to start Device Manager,
it will still hang. Either way you're toast! Luckily, SP3 comes to the
rescue and fixes this nuisance.
5. Sorry, You Don't Count
For some companies the printer naming convention includes numbers.
Some organizations use asset numbers to name their printers. You may have
noticed that Windows 2000 doesn't allow you to create a TCP/IP printer
that has a host name that starts with a number. The problem lies in the
tcpmonui.dll; SP3 fixes the bug.
4. You May Not Use Windows Update—Just Kidding!
Windows 2000's Group Policy has a feature that allows you to prevent
users from running Windows Update. When you enable this feature, you may
notice that although the link to Windows Update disappears from the Start
menu, you can still use the Device Manager and Printer wizard to access
the Windows Update site. SP3 fixes this bug so when the administrator
says "no Windows Update," she really means it.
|
Figure 3. SP3 fix: Windows Update can be enabled
by a user, even though administrator may have disabled that feature. |
3. No-Win Situation
Here's a common scenario: Sometimes you try to connect to a share
on Windows 2000 domain controller and nothing happens. Even though you
can successfully ping the server you still end up getting a network error
58. Sound familiar? This is due to a thread blocking issue which can cause
the directory services on heavily loaded Windows 2000 domain controllers
to stop responding to clients. Under certain conditions, a thread that
holds the NTDSA!csHiddenDBPOS function may be waiting for another thread
to finish what it is doing. However, the thread that it's waiting for
is waiting for the execution of the thread that holds this NTDSA!csHiddenDBPOS
function. So let's say Maria has the car keys in her purse and she is
waiting for Matt to pick her up at a friend's house, but Matt can't leave
the house because Maria's got the car keys. Obviously, they're in a catch-22.
This type of deadlock causes a huge backlog in the directory services
which results in network error 58. SP3 resolves the deadlock.
2. Slower Than Molasses
Another bug that's fixed in SP3 has to do with the disk Input/Output
performance. Over time, your server may become very slow and no matter
what you do the disk I/O throughput continues to go down. The only solution
is to reboot the computer. (Isn't that the cure for all problems? When
in doubt, reboot!)
Now when I talk about disk degradation, I am not talking about disk fragmentation,
which is a totally different issue. In fact, rebooting won't do any good
if your disk is fragmented because it won't rearrange the files on your
server. The main culprit here is the classpnp driver. This driver keeps
a close eye on disk subsystems, such as RAID arrays with multiple spindles,
and pays close attention to errors reported by lower-level drivers. When
it notices too many errors, it starts to disable certain performance features
to cut down on the errors. The problem is that the algorithm used by classpnp
driver is not intelligent enough to consider all types of possible scenarios.
In addition, the performance features are not enabled automatically once
they are disabled. The only way to restore the performance features is
to reboot the computer. Until then your computer may be running slower
than molasses.
1. Oops! I Did It Again!
A fix related to DHCP server fixes a problem that has to do with
DHCP server attempting to assign reserved IP addresses to non-reserved
clients. This is most likely on a DHCP server that has a large number
of reservations and exclusions. Here's what happens: The client boots
up and sends a DHCPDiscover packet to obtain an IP address. The packet
includes the client's media access control (MAC) address. The server sends
a DHCPOffer packet which includes a reserved address. The client sends
a DHCPRequest packet, requesting that the server assign that IP address
to the client. Normally, the server at this point sends a DHCPAck package
to acknowledge the request and the client then starts using that IP address.
However, in this scenario, the server realizes that it can't assign that
IP address because it is a reserved address for a different MAC address.
The server sends a negative acknowledgement, or NACK, instead of an ACK.
The client then goes back to sending another DHCPDiscover packet to start
the process all over again. The server does the same thing. It goes through
the same routine and tries to assign the next reserved address and gets
a NACK. Windows 95/98 and Windows NT clients will give up after a few
tries, but Windows 2000 clients keep on trying until they get a valid
address. SP3, fortunately, makes this issue moot.
Additional
Fixes |
I've only scratched the surface—the number of
bug fixes, just as you might expect in any service pack,
is rather large. Some of the fixes are off the wall
in the sense that most people are not likely to experience,
but they sure are interesting. Here are a few examples:
- If you run ntbackup.exe to backup the System State
of a domain controller on a tape or file and the domain
controller has more than 12 IP addresses on one network
card, the backup program may quit without any warning
or errors.
- If your DNS database has more than 16,000 DNS zones
and if you try to view the properties of a zone in
the Microsoft Management Console, your console may
freeze.
- Sometimes Windows Explorer doesn't know how to count
beyond 4GB. If you have a file that's greater than
4GB, you may notice that the size in the status bar
indicates that it's a zero-byte file.
For a complete listing of bug fixes, check out the
List
of Bugs Fixed in Windows 2000 Service Pack 3 on
Microsoft's Web site. SP3 includes several enhancements,
including TCP/IP enhancements which are described in
Q298896.
For a list of known issues with SP3 check out the Release
Notes in Q321295;
I recommend you read them and the ReadMe
file before you install SP3.
|
|
|
Why Some Fixes Didn't Make It
I've provided Microsoft with a list of bugs in Graphical User Interface
that need to be made in Windows 2000—yes, there are quite a few.
Some of them are not just cosmetic improvements but significant omissions
or bugs that can affect your daily administration tasks. Unfortunately,
Microsoft has not fixed those bugs in SP3. What's confusing to consumers
is the lack of consistency on the part of Microsoft. On the one hand,
they don't fix the bugs that have been around for a long time, yet they
make other tweaks that may be less important.
Here's one example: In November 2001 Swedish security researcher Andreas
Sandblad discovered a flaw in Internet Explorer that allows you to inject
a Java Script in the history that can be executed by using the Back button
on the browser. The
Register reported that Microsoft was notified about the flaw on
Nov. 12, 2001 and again on March 25, 2002. Microsoft has yet to fix this
bug. Andreas has written a script that can execute the Minesweeper game
on a local computer to demonstrate how programs can be executed without
a user's permission. I tested this exploit on several Windows 2000 clients
with SP3 installed with success. Sandblad says that Microsoft has not
responded to this issue as of this writing. (The company has fixed this
security hole in Windows XP running SP1 and Windows .NET running RC1.)
Perhaps Microsoft's excuse for not fixing this bug will be that it has
to do with Internet Explorer, so they didn’t add it to the service pack
for an operating system. But this reasoning contradicts the fix for a
bug that has to do with incorrect VBScript handling in Internet Explorer
that allows a Web site operator to view your local files (see Q318089).
Simply, they fixed the bug that allows viewing of files but not the one
that allows execution.
And that's not it. A series of Windows Explorer bugs have not been fixed
in SP3, but you can get fixes for them from Microsoft Product Support
Services (PSS).
Always More Fixes to Come
At the time of writing, Windows 2000 SP3 has been out for a couple
of months. Lots of people have successfully deployed SP3, but many also
complain about serious problems after upgrading. It's alarming that Microsoft
has spent lots of time fixing security holes but failed to patch holes
in some of the core components, such as Windows Explorer and Internet
Explorer.
In Microsoft's defense, one could argue that it's a daunting task to
fix every security hole in the operating system. But, with all the emphasis
on the Trustworthy Computing Initiative, security experts and consumers
expect Microsoft to cross every "t" and dot every "i" before releasing
SP3. Well, they didn't. You should expect several patches in the coming
weeks and months to fix the problems associated with SP3, Windows Explorer,
and Internet Explorer.