In-Depth
The Treasures of Windows 2000 SP4
Besides amending the EULA to maintain antitrust compliance and adding USB and wireless support, Microsoft rolls up fixes for a slew of performance bugs into its latest service pack.
Windows 2000 Service Pack 4, released in June, is the latest batch of
fixes and features that can be applied to Windows 2000 Professional, Windows
2000 Server, Windows 2000 Advanced Server, and Windows 2000 with the Server
Appliance Kit operating systems. The 129MB SP4 contains more than 660
bug fixes, the more interesting ones of which are detailed here. You can
either download SP4 from Microsoft's Web site at no charge (
click
here), or you can order it on a CD (
click here).
Although SP4 doesn't include any new features, it includes Microsoft
Internet Explorer 5.01 SP4 and Microsoft Outlook Express 5.5 SP2. SP4
primarily includes driver updates and security patches since the last
service pack (SP3). The areas of main focus include security, operating
system reliability, application compatibility, and Windows 2000 setup.
Similar to the previous service packs, SP4 is cumulative—it includes
all the previous fixes from Windows 2000 service packs (SP1, SP2, and
SP3) and the Windows 2000 Security Rollup Package version 1. Microsoft
recommends that you download and install SP4 to benefit from all the latest
updates. If you're running any previous version, you can simply install
SP4 on top of an existing service pack without removing it.
EULA, USB, and Wireless
As I mentioned, SP4 primarily consists of security updates, patches,
and new drivers. Let's first look at two major changes: end-user licensing
and support for new devices.
Updated EULA—There's been a lot of controversy about
so-called "phone home" features embedded in Microsoft products,
particularly because those features raise privacy concerns. Windows XP
also includes several of them, such as Windows Media Player, Update Root
Certificates, and error reporting features. Due to strong public criticism,
Microsoft has updated the Windows 2000 End User License Agreement to address
these issues. According to Microsoft, users are now given more specific
information regarding features that will "call home" to Microsoft
and are made aware that they can turn these features off if they want
to. (Both Digital Rights Management and
Software Error Reporting by default run in silent mode, but can be turned
off; I cover these and other "phone home" features in more detail
in this
article I've written for another site.)
Support for Wireless and USB 2.0—SP4 also adds support
for wireless authentication protocol 802.1x and support for USB 2.0 EHCI
host controllers. With wireless and USB devices gaining tremendous popularity,
this is great news for most users. For more information on using 802.1x
authentication on computers running Windows 2000, Microsoft publishes
detailed information in Knowledgebase
Article 313664, "Using 802.1x Authentication on Computers
Running Windows 2000." For information on USB 2.0 support in Windows
2000, read KB
319973.
| Deploying
SP4 Across a Network |
|
If you're an administrator interested in installing
SP4 on multiple computers in a corporate environment,
you'll definitely be interested in reading the Windows
2000 SP4 Installation and Deployment Guide from
Microsoft. The guide helps you plan deployment of SP4
in both stand-alone installations as well as integrated
installations where SP4 is integrated with Windows 2000.
The step-by-step guide allows you to customize your
deployments and it covers several scenarios.
|
|
|
Updated Deployment and Support Tools
SP4 includes updated deployment tools, sysprep.exe and setupcl.exe,
that allow you to deploy Windows 2000 on multiple computers. However,
the Windows 2000 Resource Kit Deployment Tools are not automatically installed
when you install Windows 2000 SP4. The tools are available on Windows
2000 SP4 CD-ROM in the Support\Tools\Deploy.cab file. They are also available
from Microsoft's Web site at no charge (click
here to get it).
In addition to the deployment tools, the following support tools have
been updated but are not installed with SP4:
- Iadstools.dll
- Netdiag.exe
- Netdom.exe
- Repadmin.exe
- Replmon.exe
These are available in the Support\Tools\Support.cab file on the SP4
CD-ROM. If you don't have the SP4 CD-ROM, you can download the updated
Windows 2000 SP4 Support Tools from Microsoft's Web site.
Updated Drivers in SP4
Windows 2000 includes a file called driver.cab file, which contains
drivers that can be used with Windows 2000. You'd imagine that SP4's update.exe
program should update that file, but it doesn't. Instead update.exe adds
another file called sp4.cab, which contains just the updated drivers in
the driver.cab file. SP4 also installs a drvindex.inf file that points
to sp4.cab for the updated drivers and a pointer to driver.cab for all
other drivers.
A Bug's Eye View
Let's look at some fixes in SP4 that may be of interest to most
of us. All of these bugs have been fixed in SP4:
Cannot View Presentation Material When Participating in Data Conference
If you're participating in a data conference, you may not be able
to see the presentation material, such as PowerPoint slides or Word documents.
To properly view the material you may need to leave the conference and
rejoin it. This problem is detailed in KB
328509.
IIS Admin Services Does Not Stay Running and Exchange SMTP Service
Repeatedly Stops
On an Exchange 2000 server running on Windows 2000 Server you
may notice that IIS Admin service stops repeatedly. When you try to start
IIS Admin, it stops again. Similarly, Simple Mail Transfer Protocol (SMTP)
service and the Network News Transport Protocol (NNTP) services also repeatedly
stop and restart. The problem occurs if the Exchange server receives a
corrupted message that contains an invalid recipient size. This problem
is detailed in KB
331509.
No Audio on a Web Camera When You Resume from Hibernation
When you're using a USB Web camera, your computer's power state
may not be managed properly it goes into hibernation. When the system
wakes up, it doesn't quite realize that it's time to wake up. As a result,
you may be unable to record sound with your microphone. This problem is
detailed in KB
318107.
Cannot Play Video CDs on Windows 2000
If you have a video CD that's written with third-party software
and the Joliet option is selected, you may not be able to access files
on the video CD. Even Windows Media Player will refuse to recognize the
format. More details in KB
811281.
Administratively Created DNS Records May Not Be Security-Enhanced
Any static records that are manually created by an administrator
in an Active Directory-integrated DNS zone configured with the Allow Secure
Updates Only setting, may give full control access to members of Authenticated
users group. Because the Authenticated users group essentially includes
every logged in user, this could be a security risk. This problem is detailed
in KB
321610.
You Cannot Access Protected Data After You Change Your Password
If you change your domain password, you may get an error when
you try to access your own encrypted data. This happens because when the
domain password is changed, data is not re-encrypted with the new password
until you try to access the data. If you are not connected to the domain
and you try to access the data for the first time, your attempt fails
because you can't contact a domain controller. Obviously, you can't re-encrypt
the data with your new password-you're not communicating with the domain
controller, so you can't read your data. See KB
322346 for more details.
Your Windows XP-Based Client Cannot Establish a VPN Connection
When you try to establish a VPN connection from your Windows XP
computer to your corporate network, you may get this:
Error 721: Remote PPP peer is not responding
This error occurs if you connect to a Windows 2000 server that's configured
in a cluster environment and is using the cluster's virtual IP address
on TCP port 1723, which is the port used by PPTP to establish a VPN tunnel.
More details in KB
810839.
The Serial Number Is Decremented in DNS When You Reboot the Computer
Some times the DNS doesn't know how to update the Active Directory-integrated
zones during the shutdown process. This can cause problems because when
you reboot your computer, the serial numbers of the DNS zone may be magically
decremented. Install SP4 and be a happy camper. See KB
304653.
You Cannot Collect DHCP Data by Using SNMP
Due to a bug in Windows 2000, when you remove and then reinstall
DHCP Server service you may not be able to collect DHCP data using SNMP.
The problem is that SNMP functionality requires a certain registry key
and when you reinstall DHCP Server service it doesn't create the registry
key HKEY_LOCAL_MACHINE\Software\Microsoft\DhcpMibAgent. See KB
320677.
CPU Utilization in Services.exe Increases to 100 Percent
CPU utilization in Services.exe may intermittently reach 100 percent
on your computer and your computer may stop responding. If your computer
is a domain controller or a file server, the users connected to the server
may get disconnected. You may even need to reboot your computer to fix
the problem. This happens if Esent.dll incorrectly processes the way that
files are flushed to disk. See KB
328885.
Cannot Connect to a Network Share over a VPN Connection
Once you make a VPN connection to the server, you may not be able
to connect to any shares on the server. You can ping the server successfully
by name or IP address but you can't establish any connections to network
shares on the server. The problem has to do with the TCP window size for
the TCP connection for the VPN client which is 0 (zero). When you try
to use Net View or Net Use commands, you get one of the following errors:
System error 121. The semaphore timeout period has expired
System error 53. The network path was not found.
System error 64. The specified network name is no longer available.
SP4 includes a patch for this problem. See KB
817069.
The Most Interesting Fix
One of the more interesting fix has to do with the USB keyboards
that have an incorporated PS/2 mouse port, with the mouse connected to
the port on the keyboard. Windows 2000 computers may hang for up to an
hour during startup. The GUI mode progress bar indicates 12 percent completion
at the time this problem occurs. This problem only occurs about five percent
of the time at startup. You can try to unplug and then reconnect the USB
keyboard during the delay but if that doesn't solve your problem, installing
SP4 will. See KB
320877.
What Didn't Get Fixed in SP4
Although SP4 includes over 650 patches it leaves dozens of problems
unsolved. There are almost 60 known bugs that SP4 doesn't address, including:
I've created this
link, which provides a comprehensive list of the fixes that
haven't been incorporated into SP4. It includes:
What SP4 Breaks
Not only SP4 doesn't fix all the bugs, it may break some things. For instance,
if you install Norton Internet Security 2001 or Norton Personal Firewall
2001, Internet Explorer may time out while it tries to load a Web page.
In addition, you may experience problems with NetMeeting in which you
may not receive notifications of incoming calls for several minutes. See
KB
823087 for more details. You can obtain an update from Symantec
to resolve these issues.
SP4 also breaks .NET Framework-based applications and Visual Studio .NET
over a Terminal Server session. Currently, Microsoft suggests that as
a workaround you may want to install .NET Framework 1.1. See KB
823485 for more info.
If you install SP4 on a Windows 2000 Server that's running Exchange 2000
SP3, Key Management Service on Exchange 2000 will not start. As a workaround
Microsoft recommends that you run the "eseutil.exe /d" command
against the KMS database to defragment it. The details are at KB
818952.
These are some of the known issues with SP4 that Microsoft has published.
For additional information check out the Release Note for Windows 2000
Service Pack 4 at KB
813432.
Windows 2000 Hotfixes That Conflict With SP4
According to Microsoft (see KB
822384), there are some 33 post-SP4 hotfixes from Microsoft
Product Support Services (PPS) that may cause a conflict with Windows
2000 SP4. However, the hotfixes obtained from Microsoft's download center
or Windows Update Web site don't seem to be affected and should work just
fine.
The Fix is In
Windows 2000 SP4 includes several crucial security updates that
address issues such as Internet Key Exchange selecting incorrect certificate,
DNS zones being removed from the registry when the DNS service is started,
potential Denial of Service vulnerability in Security Account Manager
(SAM), and malicious users potentially gaining access to your computer
by creating an RPC connection. (Click
here for Microsoft's complete list.) Microsoft recommends
that you apply this service pack to your qualifying systems. At the time
of writing SP4 has just been released so there isn't enough data to give
it a passing or failing grade.
As is always the case with any service pack, a lot of people will experience
problems with SP4. Despite the issues raised in some of the newsgroups
I read, overall SP4 seems to be relatively stable at this early stage
after the release. There will be hotfixes to fix the fixes, and then fixes
to fix those fixes, and over the years we'll have lots of service pack
disaster stories to share. However, Microsoft has definitely improved
its work compared to the NT 4.0 service pack days. But don't tell that
to the folks who have experienced problems with the service packs in the
past several years.
When I wrote about Windows 2000 Service Pack 3 in a previous MCP Magazine
article (click
here to read it), I said that SP3 left out some crucial updates.
SP4 is no different. In fact, SP4 leaves more than 50 bugs unresolved,
which you would hope that Microsoft will start addressing in upcoming
weeks and months.
For a complete listing of bug fixes, check out KB
327194, "List of Bugs That Are Fixed in Windows 2000
Service Pack 4." To find out what has not been fixed, click
here to view a custom search I created that lists them. In
addition, check out the Release Notes for Windows 2000 SP4 at http://support.microsoft.com/?kbid=813432,
which lists several known issues with SP4, including some that are related
to third-party programs.