********************************************************************** Microsoft Windows NT 4.0 Workstation and Windows NT 4.0 Server Service Pack 5 ********************************************************************** Information in this document, including URL and other Internet Web site references, is subject to change without notice and is provided for informational purposes only. The entire risk of the use or results of the use of this document remains with the user, and Microsoft Corporation makes no warranties, either express or implied. The example companies, organizations, products, people and events depicted herein are fictitious. No association with any real company, organization, product, person or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. (c)1999 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, MS, Windows, and Windows NT, Active Accessibility, Active Directory, ActiveX, Authenticode, BackOffice, FrontPage, Outlook, PowerPoint, Visual Basic, Visual J++, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the U.S.A. and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners. ====================================================================== HOW TO USE THIS DOCUMENT ====================================================================== This document provides information about Microsoft Windows NT 4.0 Workstation and Windows NT 4.0 Server Service Pack 5 (SP5), as well as answers to questions that you might have. To view Readme.txt in Notepad, maximize the Notepad window. For best viewing, click Edit, and then click Word Wrap. To print Readme.txt, open it in Notepad or another word processor, click the File menu, and then click Print. For best printing results, click Edit, click Set Font, type 9 in the Size box, and then click OK. For a current list of computer and hardware peripherals supported by Windows NT 4.0, see the Windows NT Hardware Compatibility List at http://www.microsoft.com/hwtest/hcl/. ====================================================================== CONTENTS ====================================================================== 1.0 INTRODUCTION 1.1 What Is Service Pack 5? 1.2 List of Fixes in Service Pack 5 1.3 Downloading and Extracting the Service Pack 2.0 INSTALLATION INSTRUCTIONS FOR WINDOWS NT 4.0 SERVICE PACK 5 2.1 Before You Install the Service Pack 2.2 Service Pack Install Order Documentation 2.3 Installing the Service Pack 2.4 Service Pack Uninstall 3.0 USER NOTES 3.1 Emergency Repair Disk 3.2 Adding New Components 3.3 Installing Symbol Files from the CD 3.4 Hardware Compatibility with Windows NT 4.0 3.5 Compaq Alpha Notes 3.6 Running Windows NT 4.0 Administrative Tools from a Remote Server 3.7 CryptoAPI and Authenticode 3.8 Uninstalling Internet Explorer 3.9 Certificate Server Notes 3.10 Internet Information Server 4.0, Secure Sockets Layer and Root Certifying Authority Certificates, and the IISCA.EXE Tool 3.11 Message Queue Notes 3.12 COM Internet Services 3.13 Event Log Service 3.14 Upgrading a Cluster to Service Pack 5 3.15 Year 2000 Updates 3.16 Uninstalling IE 4.01 SP2 if using MSSCE 3.17 Find Files or Folders by Date using Dates Prior to 1980 4.0 ADDITIONAL FIXES AND WORKAROUNDS 4.1 Installing Windows NT 4.0 on a Windows 2000 Computer 4.2 Dual Booting Between Versions of Windows NT 4.0 and Windows 2000 4.3 NTFS for Windows NT 4.0 and NTFS for Windows 2000 Support 4.4 Installing SP5 on a Windows NT 4.0 Server Enterprise Edition System 4.5 Internet Information Server 4.0 4.6 Security Configuration Manager 4.7 Updating Audio Drivers 4.8 Microsoft Proxy Server 4.9 Ositech Jack of Spades 4.10 MDAC 2.0 Service Pack 1 4.11 Installing Internet Explorer 4 SP2 as a Non-Default Browser 5.0 APPLICATION NOTES 5.1 CheckIt Diagnostic Kit 4.0 by Touchstone 5.2 Norton CrashGuard 2.0 for Windows NT 5.3 Inoculan 4.0 5.4 Exceed 5.5 Terminal Server 5.6 Microsoft NetMeeting Security and Year 2000 Issues 5.7 NuMega SoftICE 5.8 Microsoft BackOffice Small Business Server 5.9 Rational Visual Quantify Version 4 5.10 Microsoft IntelliPoint 5.11 Systems Management Server 2.0 6.0 IF YOU DO NOT HAVE SERVICE PACK 4 6.1 New in Service Pack 4 6.2 List of Fixes in Windows NT 4.0 Service Packs 1 through 4 ====================================================================== 1.0 INTRODUCTION ====================================================================== This release of Microsoft Windows NT 4.0 Service Pack 5 (SP5) is easy to apply while Windows NT is running. SP5 updates all files that are older than those included in this Windows NT Service Pack. Service Pack releases are cumulative, containing all previous Service Pack fixes and any new fixes created after Service Pack 4. IMPORTANT: It's recommended that you stop running any critical services before you apply Windows NT 4.0 SP5. For more preinstallation recommendations, see Section 2.1, "Before You Install the Service Pack." IMPORTANT: SP5 contains only 40-bit encryption. This release isn't supported for installation on an existing North American 128-bit installation of Windows NT 4.0. If you install SP5 on a computer with 128-bit encryption, system services might fail to start. If you are on a North American computer, you may have 128-bit encryption installed. >>>To determine if 128-bit encryption is installed 1. Open My Computer, click View, and then click Options. 2. Click the View tab, select Show All Files, and click OK. 3. Click Start, point to Find, and then click Find Files or Folders. 4. Search for files named "Rsaenh.dll" on your local hard drives. 5. If the file exists in the System folder in your Windows NT folder, then you have 128-bit encryption support installed. If the file does not exist, you have 40-bit encryption. Installing the 40-bit version of SP5 on a previously existing 128-bit computer will not downgrade all of the encryption in the operating computer, so it will not necessarily change the exportability of the computer. ---------------------------- 1.1 What Is Service Pack 5? ---------------------------- SP5 is a collection of current updates and enhancements to Windows NT Server 4.0 and Windows NT Workstation 4.0 since their releases. SP5 is not a required upgrade. If you have deployed or are in the process of deploying a previous Service Pack, you probably need not change your plans. To accommodate customers in this situation, Microsoft provides software updates for critical issues to previous Service Packs. For example, you can continue to obtain Year 2000 (Y2K) software updates if you're using SP4. SP5 content is focused on: * Demonstrated customer impact SP5 rolls up many of the recent updates to Windows NT 4.0. In addition, SP5 has undergone extensive regression testing. The following is a list of the most frequently requested Windows NT 4.0 updates that are included in SP5: - DHCP Server of SP4 Ignores Reservations - SP4 forces cluster servers to be taken off and online - Windows NT 4.0 SP4 Does Not Update MTS Files - Duplicate SCSI Logical Unit (LUN) 0 When LargeLUNs Registry Key Enabled - Under stress, a computer running Windows NT Server or Workstation may display a STOP 0x0000001E error message on a blue screen. - Cannot configure ODBC logging when using Microsoft Data Access Components (MDAC) 2.0 SP1, SP4, and Proxy Server 2.0. - Secondary WINS query delayed by 1500ms even when primary WINS returns 'na - Using SP4, RCP "host:foo ." fails whereas RCP "host:foo foo" - SP4 systems access the hard disks every five minutes, which interferes with Power Management. * Y2K fixes SP5 provides the latest fixes to known Year 2000 issues in Windows NT 4.0. For more information on SP5 and Year 2000 issues, see Section 3.15, "Year 2000 Fixes." For the latest information on Year 2000 and Windows NT 4.0, see the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at http://www.microsoft.com/year2000/ or call 1-888-MSFT-Y2K. * Updates to SP4 issues, including: - Reduced heap fragmentation issues which would lead to memory problems. - Eliminated memory fragmentation problem with Critical Sections. - Eliminated a system hang that could occur on multiprocessor systems with multiple memory maps. - Resolved SP4 issues with Oracle Fail Safe software for Windows NT Clusters. - Eliminated hanging issues when SetSecurityInfo and SetNamedSecurityInfo calls were made during DLLInit time. - Enabled Desktop folders in Explorer windows to retain settings. - Eliminated issues where LPD would stop the printing of multiple copies. - Prevented DNS from converting host names to lowercase. - Prevented GetHostbyName from returning unbound IP RAS addresses. - Eliminated issues where Apple Macintosh Clients can't see Windows NT 4.0 Server after upgrading to SP4. - Eliminated issues where changing an SFM password allows Windows NT client computer to share access with null password. * Euro issues SP5 includes the existing updates for Windows NT 4.0 euro support. For the most recent information about Windows NT 4.0 and euro, see the Microsoft Euro Web site at http://www.microsoft.com/euro/. * Security updates SP5 contains current updates for known Windows NT 4.0 security issues. For the most recent information about Windows NT security, see the Microsoft Security Advisor Web site at http://www.microsoft.com/security/. ------------------------------------ 1.2 List of Fixes in Service Pack 5 ------------------------------------ To assist customers who are deciding whether to upgrade to SP5, Microsoft provides extensive documentation of the fixes and updates contained in SP5. This documentation gives customers the opportunity to analyze whether the SP5 contents justify the necessary test and deployment resources. This list of affected Service Pack files is available at http://support.microsoft.com/support/kb/articles/Q225/0/37.asp. ------------------------------------------------ 1.3 Downloading and Extracting the Service Pack ------------------------------------------------ If you have downloaded this Service Pack from an FTP site or a Web site, you should read the release notes completely before you extract and install the Service Pack. For this release, these self-extracting program files are also located at the root of the CD. They are SP5alpha.exe for Alpha processor type computers and SP5i386 for Intel- processor type computers. After downloading the Service Pack, you'll have a compressed program file on your hard drive. To extract this file and begin the installation process, for example, type SP5i386.exe at the command prompt, or double-click the file in Windows NT Explorer. You can also extract the file into the current folder without launching the installation program by using the command prompt switch /x. (For example, at the command prompt, type SP5i386 /x.) ====================================================================== 2.0 INSTALLATION INSTRUCTIONS FOR WINDOWS NT 4.0 SERVICE PACK 5 ====================================================================== Carefully read the installation instructions before you install Service Pack 5, since they may have changed from previous Service Packs. ---------------------------------------- 2.1 Before You Install the Service Pack ---------------------------------------- Close all active debugging sessions before installing this Service Pack, otherwise, the Update program is unable to replace system files that are in use. If a file is in use when you install SP5, a dialog box appears prompting you to cancel the installation or skip the file copy. It's recommended you cancel the installation and then uninstall SP5. To do this, run Spuninst.exe, or click Start, point to Settings, click Control Panel, double-click Add/Remove Programs, and then click Uninstall Service Pack 5. Close all active sessions on the computer, and then run Update.exe again to install the Service Pack. Also, to maximize recovery of the computer in the event of installation failure, it's recommended that you do the following before installing SP5: 1. Update the system Emergency Repair Disk by using the Rdisk.exe command with the /s switch. 2. Perform a full backup of the computer, including the registry files. 3. Disable any nonessential third-party drivers and services (that is, drivers and services that aren't required to boot the computer). 4. Contact the original equipment manufacturer (OEM) that provided the driver or service for the updated versions of the file(s). 2.1.1 NEC Versa 6050 or 6200 Series Notebook Computers ------------------------------------------------------ Users of NEC Versa 6050 or 6200 Series notebook computers, with Windows NT version 4.0 preinstalled, should select "Yes" when SP5 Update.exe prompts you to replace the Hal.dll file. 2.1.2 SystemSoft Card Wizard ---------------------------- If your computer contains SystemSoft Card Wizard version 2.x or earlier, you must obtain SystemSoft Card Wizard version 3.00.01 or greater before installing Windows NT 4.0 Service Pack 5. Otherwise, your operating system may no longer function. For further details, see the SystemSoft Web site at http://www.systemsoft.com/. 2.1.3 Advanced Power Management ------------------------------- Advanced Power Management isn't supported by Windows NT 4.0. As a result, it's recommended that you remove Advanced Power Management features before installing SP5. 2.1.4 Power Management Utilities -------------------------------- Power Management Utilities may not work on Windows NT 4.0 SP5. Contact the vendor of your Power Management Utilities for an updated version to work with Windows NT 4.0 SP5. -------------------------------------------- 2.2 Service Pack Install Order Documentation -------------------------------------------- IMPORTANT: If you are installing Service Packs for multiple Microsoft products, the order in which you install the Service Packs may have an effect on stability. You can view the documentation about the recommended installation order at http://www.microsoft.com/windows/servicepacks/. -------------------------------- 2.3 Installing the Service Pack -------------------------------- >>>To install the Service Pack from the CD 1. Insert the Service Pack CD into your CD-ROM drive. 2. If a Web page opens in your browser after you insert the CD, click Windows NT Service Pack, and then click Install Service Pack. 3. When you're prompted to open the file Spsetup.bat or save it to disk, click Open, and then follow the instructions that appear. Note: To use the uninstall feature of SP5, you must create an Uninstall folder during the initial installation. 4. If a Web page doesn't automatically open when you insert the CD, open the command prompt window, and change the folder to the drive letter associated with the CD-ROM drive. 5. Change the folder to \I386\Update or \Alpha\Update (depending upon whether you have an x86 or Alpha CPU), and type UPDATE. 6. Follow the instructions that appear. If SP5 doesn't install from the CD after you click Install Service Pack 5 or your browser doesn't automatically display installation instructions when you insert the CD into your CD-ROM drive, start the SP5 installation process manually from the CD. For more information, see "To Install the Service Pack from the CD" earlier in this section. >>>To install SP5 from a network drive 1. Run the command to connect to the network drive that has the SP5 files. 2. Change the drive letter to that of the network drive. 3. Change the folder to \I386\Update or \Alpha\Update (depending upon whether you have an x86 or Alpha CPU), and then type UPDATE. 4. Follow the instructions that appear. Note: It's recommended that you allow Setup to create an Uninstall folder the first time you install SP5. >>>To install SP5 from the Internet Use a Web browser (such as Internet Explorer 3.02 or later) to visit http://microsoft.com/windows/servicepacks/. Click the Install Service Pack 5 option to install SP5 on your computer. This Web page automatically detects which files need to be updated and then copies the appropriate files to a temporary folder on your computer. It then installs only those files that are needed to update your computer. Note: If you use Web browsers other than Internet Explorer 3.02 or later, you may be unable to install SP5 by using this update method. You can still install SP5 by downloading the entire Service Pack from the Internet onto your computer and running Update.exe locally. You can use installation switches with Update.exe. The following syntax help is available by typing update /?: UPDATE [-u] [-f] [-n] [-o] [-z] [-q] -u Unattended mode -f Force other programs to close at shutdown -n Do not back up files for uninstall -o Overwrite OEM files without prompting -z Do not reboot when installation is complete -q Quiet mode - no user interaction --------------------------- 2.4 Service Pack Uninstall --------------------------- This Service Pack contains an uninstall feature that you can use to restore your computer to its previous state. To enable the uninstall option, run Update.exe. A subfolder in your Windows NT folder named Uninstall is created. This requires at least 120 megabytes (MB) of free space on the drive on which Windows NT is installed, 60 MB for the uninstall folder, and 60 MB for the Service Pack-updated system files. To uninstall SP5, in Control Panel, double-click the Add/Remove Programs. Select Windows NT 4.0 Service Pack 5, and click Add/Remove. If this option isn't available, run Spuninst.exe from the \%systemroot%\$NtServicePackUninstall$\spuninst\ folder. Note: If you install any programs or services that require SP5 or have fixes contained in SP5, uninstalling SP5 could adversely affect those programs. To uninstall SP5, the drive letter for the boot drive must be the same one used when you installed SP5. If you change the drive letter for the boot drive, you can't uninstall SP5. To uninstall Service Pack 2 (SP2) and Service Pack 3 (SP3), you had to run Update.exe and then select "Uninstall a previously installed Service Pack." These commands returned your computer to its previous state. After your computer restarted, the Update.exe program replaced the files updated by the Service Pack with most of the files from the previous installation and returned most of your registry settings to what they were before that Service Pack was installed. Note: If you uninstall SP5 on a computer that previously had SP3 (without Internet Explorer 4.0) installed on it, cryptography won't work correctly after the uninstall completes. To work around this issue, reinstall SP3 after you have uninstalled SP5. Uninstalling SP5 won't uninstall new versions of CryptoAPI and SChannel. IMPORTANT: If you plan to install a previous Service Pack after uninstalling SP5, take note of the following important precaution. SP5 modifies the Security Account Manager (SAM) database and the Security database so that older versions of the Samsrv.dll, Samlib.dll, Lsasrv.dll, Services.exe, Msv1_0.dll, and Winlogon.exe files no longer recognize the database structure. Therefore, the uninstall process doesn't restore these files when uninstalling SP5. If you install a prior Service Pack (for example, SP3) after uninstalling SP5, click "No" on the "Confirm File Replace" dialog boxes that prompt you to overwrite Samsrv.dll and Winlogon.exe. If you overwrite the newer files with these older versions, you'll be unable to log on to the computer. Note: If you're reinstalling SP5 after installing new software or hardware, you must choose to create a new Uninstall folder. To retain your ability to return to a bootable configuration, copy the current Uninstall folder to a safe location before running the SP5 installation program. ====================================================================== 3.0 USER NOTES ====================================================================== This section covers information that is specific to Service Pack 5. -------------------------- 3.1 Emergency Repair Disk -------------------------- If you use the Windows NT Emergency Repair Disk to repair your Windows NT 4.0 computer, Windows NT requires you to supply the original Windows NT 4.0 media at some time after you install SP5. This means you'll need to reinstall SP5 after the repair is completed because the Emergency Repair Disk repairs your computer by restoring your original Windows NT 4.0 system files. After the repair is complete, follow the Installation Instructions (see Section 2.0) to reinstall SP5. For more information on using the Windows NT Emergency Repair Disk utility, go to the Microsoft Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q146887. Note: To use the Emergency Repair Disk utility, you must have the updated version of Setupdd.sys which comes with SP5. To update your version of Setupdd.sys, copy Setupdd.sys from the Service Pack to your Windows NT 4.0 Setup Disk 2 from the original product media. This replaces the older version of Setupdd.sys with the updated version. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q158423. -------------------------- 3.2 Adding New Components -------------------------- If you change or add new software or hardware components to your computer after you install SP5, you'll need to install SP5 again. This is because the files included on the original Windows NT 4.0 media may not be the same as the files on the Service Pack CD. You can't install new components, such as a new keyboard or printer driver, directly from the Service Pack media. You must install new components from the original product media and then reinstall the Service Pack. For example, if you install the Simple Network Management Protocol (SNMP) service after installing SP5, you'll need to reinstall the Service Pack. Otherwise, you'll receive the message "Entrypoint SnmpSvcGetEnterpriseOID could not be located in Snmpapi.dll." This informs you that some of the files in the SNMP service have been updated in SP5 and that you have a version mismatch. Reinstalling SP5 fixes the problem by copying the newer versions of the files onto your computer. Note: Simple Network Management Protocol (SNMP) security provides the ability to set a permission level on the SNMP agent computer. The permission level determines how the SNMP agent computer processes requests from an SNMP community. ---------------------------------------- 3.3 Installing Symbol Files from the CD ---------------------------------------- Each program file in Windows NT 4.0 has a corresponding symbol file that is helpful in diagnosing application and computer crashes. Symbol files are used in conjunction with a debugger and are not required proper operation of your computer. The symbols for SP5 files are compressed in self-extracting program files named Sp5symi.exe for Intel and Sp5syma.exe for Alpha0-based computers. To install the symbol files corresponding to the new binaries in SP5, run the executable file, and, when prompted, specify the path to the location of the previous version's symbols (for example, C:\Winnt\Symbols\). This command copies the SP5 .dbg files over the existing versions of these files. For more information about debugging in Windows NT, see Chapter 39, "Windows NT Debugger," in the Microsoft Windows NT 4.0 Workstation Resource Kit. ----------------------------------------------- 3.4 Hardware Compatibility with Windows NT 4.0 ----------------------------------------------- 3.4.1 Video Drivers ------------------- Due to incompatibilities between the ATIRage drivers and Service Pack setup, the files Ati.sys and Ati.dll are not included with SP5. Any ATI drivers currently installed on your computer still function normally. If you install SP5 over a previous Service Pack on a computer that has a Number Nine Visual Technologies Imagine 2 video card and drivers installed, you may experience some loss of functionality in the video driver, such as loss of any resolutions requiring 256 or more colors. If you uninstall SP5 and revert to SP3, the Imagine 2 card may be unable to display 256 colors or higher. There is no known resolution for either of these two issues because reinstalling the Imagine 2 video drivers doesn’t restore the lost functionality. Number Nine is aware of this issue and is working on a fix. 3.4.2 Dell Latitude Computers ----------------------------- If you're running Windows NT 4.0 on a Dell Latitude portable computer, your Dell-supplied Softex Advanced Power Management and PC Card Controller services (versions 2.0 and later) continue to function after you install SP5. Softex version 1.0 stops functioning after SP5 installation. To update your computer for SP5, install version 2.19 or later of the Softex utilities. Your computer becomes unusable if you reinstall any version of Softex prior to 2.19 after installing SP5.To download this utility, visit the Dell Web site at http://support.dell.com/filelib/. 3.4.3 Softex/Phoenix Utilities ------------------------------ If you're using any of the following Softex Incorporated or Phoenix Technologies utilities, you may encounter problems running SP5: * Softex PC Card Controller or Phoenix CardExecutive for Windows NT * Softex Power Management Controller or Phoenix APM for Windows NT * Softex Docking Controller or Phoenix NoteDock for Windows NT * Softex DeskPower Controller or Phoenix DeskAPM for Windows NT Follow these guidelines with Softex/Phoenix utilities: 1. Obtain the version number of the utilities you're using. 2. You must be running version 2.19 or later of the Softex or Phoenix utilities to avoid problems with SP5. Don’t install or reinstall any version of Softex or Phoenix utilities earlier than version 2.19 on your computer, or your computer might not start. For more information, see the Softex Incorporated Web site at http://www.softexinc.com/ or the Phoenix Technologies Web site at http://www.phoenix.com/. 3.4.4 Support for 255 SCSI Logical Unit --------------------------------------- Windows NT 4.0 detects only the first eight logical units on a SCSI device. To work around this limitation, install SP5 and add the following key in the registry: \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \[Driver Service Key]\Parameters\Device[N] LargeLuns: REG_DWORD: 0x1 where [Driver Service Key] is your SCSI driver name and [N] is the SCSI bus number. 3.4.5 SystemSoft Card Wizard ---------------------------- If your computer contains SystemSoft Card Wizard version 3.x and you have installed SP5, you may have lost socket services functionality. To work around this issue, reinstall SystemSoft Card Wizard version 3.x or higher after installing Service Pack 5. Or you can copy Pcmcia.sys from the Service Pack 5 Uninstall folder, $ntservicepacekuninstall$, to the \%systemroot%\System32\Drivers folder on your computer. Reboot the computer. ----------------------- 3.5 Compaq Alpha Notes ----------------------- 3.5.1 Using Remotely Possible 32 with Matrox Millennium Display Adapter --------------------------------------------------------------- If you use Remotely Possible 32 on an Alpha-based computer with a Matrox Millennium display adapter, don't use the Matrox drivers. Otherwise, your computer won't reboot properly. You must use VGA-compatible display adapter drivers to use Remotely Possible 32. 3.5.2 Lotus Notes 4.5 --------------------- If you want to use Lotus Notes and Internet Explorer 4.01 on an Alpha- based computer that runs Windows NT 4.0, you must follow this sequence when installing SP5: 1. If you have Internet Explorer 4.01 on your computer, uninstall it. 2. Install SP5. 3. Install (or reinstall) Lotus Notes. 4. Install Internet Explorer 4.01 SP2 from the SP5 CD. This problem will be fixed in a future release. 3.5.3 Alpha-based Fixes and Enhancements ---------------------------------------- The following sections describe fixes and enhancements to Alpha-based computers since Windows NT 4.0 SP3. Many of these fixes and enhancements are in the Hardware Abstraction Layer (HAL). SP5 ships with the latest version of HAL (revision E). This version is also available from Compaq as HAL V4.0 OEM revision E. IMPORTANT: If your computer has a Compaq KZPSA SCSI controller, revision E of HAL requires that you upgrade your DECKZPSX disk driver to V1.51 or later. Installing SP5 automatically installs the correct driver. 3.5.3.1 Computer Hangs on Alpha Systems with Only One Processor Physically Present The following Alpha-based computers with only one processor physically present no longer hang when booted: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 3.5.3.2 Clock Interrupt Period Changed from 7.5 microseconds to 10 microseconds In Windows NT 4.0 SP5, the effective clock interrupt period on the following computers was changed from 7.5 microseconds to 10 microseconds: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 This change provides parity with Intel-based computers and alleviates performance anomalies caused by assumptions of 10 microseconds for the resolution for timers (which are equal to the clock interrupt period). 3.5.3.3 Pyxis Error Registers HAL Revision D, which ships with Windows NT 4.0 SP5, supports updated Pyxis error registers, which provide more meaningful information during hardware crashes. 3.5.3.4 Peer-to-Peer DMA Transfers This Service Pack, together with the current AlphaBIOS firmware, now allows peer-to-peer DMA transfers. 3.5.3.5 PCI Devices with 256 MB of Memory or Greater The following Alpha platforms now support PCI devices with 256 MB of memory or greater for memory-mapped I/O: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Compaq Server 3000 AlphaStation 600 AlphaStation 500 Alpha XL 3xx 3.5.3.6 Alpha Computers That Used to Hang When Rebooting The following computers no longer hang during reboot: AlphaServer 4x00 AlphaServer 1200 AlphaStation 1200 Compaq Server 5000 Compaq Server 7000 3.5.3.7 I/O Performance Degradation or a Hung Computer Under Heavy I/O Loads On Alpha-based computers with heavy I/O loads, certain device drivers consumed too many DMA map registers. This sometimes caused poor I/O performance or a hung computer. SP5 allows a greater number of DMA map registers. 3.5.3.8 Crashes to Alpha-Based Computers with STOP Code 0x0A Minor "Correctable" Hardware errors no longer generate crashes with STOP code 0x0A on the following computers: AlphaServer 1000 5/xxx AlphaServer 1000A 5/xxx AlphaServer 800 or Compaq Server 3000 AlphaStation 600 AlphaStation 500 AlphaStation 600A Alpha XL 3xx 3.5.3.9 Improved Support for AlphaServer 4x00 and 1200 Computers HAL and system error-logging software allow these computers to store hardware fault data in the system event log for subsequent retrieval and analysis by service engineers or higher-level fault analysis software. 3.5.3.10 HAL Prevents Disk Corruption on AlphaServer 2100 5/xxx Computers I/O errors no longer cause disk corruption on these computers. 3.5.3.11 Crash Dumps can Complete without Hanging the Computer Parameter checking in IoFllushAdapterBuffer() allows for Diskdump.sys. This workaround allows crash dump operations to complete without hanging the computer. 3.5.3.12 HAL Traps VGA-mode Blue Screen Text HAL can trap VGA-mode blue screen text so that support engineers can get it from crash dump files by using kernel debuggers. 3.5.3.13 AlphaServer 1000A 5/xxx Computers Allow Disabled Warm Restarts To support Microsoft Cluster Server, you can disable warm restarts on these computers. In AlphaBIOS V5.68, you disable warm restarts in CMOS Setup, Advanced Settings. 3.5.3.14 Enhanced AlphaServer 2000, 2100, and 2100A Computers These computers avoid using bit 31 in DMA addresses and run when CPU slots are skipped. 3.5.3.15 Running UPDATE.EXE in Unattended Setup Mode (-u) To run UPDATE.EXE in unattended Setup mode by using the -u flag, you must also use the -o flag to ensure that OEM-supplied files are updated. If you don't use the -o flag, files such as HAL and disk miniport drivers are not updated. 3.5.4 Installation Fails on Alpha-Based Computers with Windows NT Option Pack 1.0 Installed ----------------------------------------------------------------- Security Configuration Manager (SCM) doesn't install on Alpha computers that have the Windows NT 4.0 Option Pack 1.0 for Alpha installed. This is because the Mfc42u.dll file installed by the Windows NT 4.0 Option Pack isn't compatible with SCM. To work around this issue, replace Mfc42u.dll installed by Windows NT Option Pack 1.0 for Alpha-based computers with Mfc42u.dll from the Windows NT 4.0 CD or from Visual C 6.0. This workaround may cause problems with the programs in the Windows NT 4.0 Option Pack 1.0 for Alpha-based computers. 3.5.5 Microsoft Transaction Server and Distributed Transaction Coordinator -------------------------------------------------------------- The file TestOracleXAConfig.exe isn't automatically installed on Alpha-based computers. If you are installing Windows NT 4.0 SP5 on an Alpha-based computer and are using Microsoft Transaction Server (MTS) or the Distributed Transaction Coordinator (DTC) with an Oracle or XA-compliant database, you must manually copy this file from the CD-ROM to the %sysroot%\system32 folder on your hard drive. The symbol %sysroot% represents the installation folder for Windows NT 4.0. For example, if your installation folder is C:\Winnt, you would copy it to C:\Winnt\System32. TestOracleXAConfig.exe is located in the \Alpha folder on the Windows NT 4.0 SP5 CD-ROM. If you are installing Windows NT 4.0 SP5 on an Intel-based computer, TestOracleXAConfig.exe is automatically installed during Setup. --------------------------------------------------------------------- 3.6 Running Windows NT 4.0 Administrative Tools from a Remote Server --------------------------------------------------------------------- To run administrative tools from a remote server, you must upgrade the remote server to SP5. If you try to run administrative tools from a remote computer that hasn't also been upgraded to SP5, they may fail to load or not function properly. ------------------------------- 3.7 CryptoAPI and Authenticode ------------------------------- The Authenticode environment won't be set up correctly for existing user accounts on upgrades from Windows NT 4.0 computers running Internet Explorer 3.02. This doesn't affect new user accounts created on the computer. Also, upgrades from Windows NT 4.0 computers with Internet Explorer 4.0 or later aren't affected. Users need to enter the following command line in a command prompt window before they use Authenticode: setreg 1 false 2 true 3 false 4 false 5 true 6 false 7 true 8 false 9 false 10 false Setreg.exe isn't part of SP5; you can download it as part of the CryptoAPI tools. You can install the latest CryptoAPI tools (Internet Explorer 4.0 or later) from the Platform SDK on MSDN. The CryptoAPI tools (also known as Authenticode Signing tools) that were released for Internet Explorer 3.02 are no longer supported. Tools released for Internet Explorer 4.0 continue to work with SP5. To ensure proper CryptoAPI functionality, it’s recommended that you install Internet Explorer 3.02 or later before you install SP5. The following is a list of known problems when Internet Explorer 3.02 or later is installed after SP5: * Certain CryptoAP2 networking functions depend on Wininet.dll and may fail if Wininet.dll isn't on the computer. To work around this, install Internet Explorer 3.02 or later before installing SP5. * Certain CryptoAPI-related file extensions (.cer, .crt, and .der) aren't registered correctly when Internet Explorer 4.0 is installed after SP5. To restore the file extension registration, run the following command line: Regsvr32.exe cryptext.dll This is fixed in Internet Explorer 5. ----------------------------------- 3.8 Uninstalling Internet Explorer ----------------------------------- On a computer that had Internet Explorer 4.0 or later installed and then had SP5 applied, uninstalling Internet Explorer partially removes newer CryptoAPI components. Reinstall SP5 after uninstalling Internet Explorer. This problem doesn't affect the computer if Internet Explorer was installed after SP5. ----------------------------- 3.9 Certificate Server Notes ----------------------------- 3.9.1 Known Problems and Limitations ------------------------------------ 1. Be sure to consult the release notes for the Certificate Server version 1.0 that were shipped with the Windows NT 4.0 Option Pack. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q184695. 2. Do not perform an initial installation of Certificate Server on February 29th of a leap year. The validity period for the server is set incorrectly. To work around this, set the computer time to the previous day (February 28th), perform the installation, and then reset the computer time back to February 29th. There is no problem issuing certificates on February 29th once the Certificate Server is successfully installed (as noted above). 3. If you install Certificate Server over SP5, you may receive a "Some system services could not start" message upon startup. Click OK to continue, and check the Event Viewer log for the following errors. There are no workarounds. Event ID: 7000 Source: Service Control Manager Description: The Certificate Authority service failed to start due to the following error: "The service did not respond to the start or control request in a timely fashion." Event ID: 7009 Source: Service Control Manager Description: Timeout (120000 milliseconds), waiting for service to connect. 3.9.2 Virtual Directory Attributes for Certificate Server --------------------------------------------------------- IIS enforces the program attribute of virtual directories in such a way that the Certificate Server's administration Web pages fail. This failure appears in the form of database access errors that are identified by an E78 access failure code. You can't access the Certificate Server log and queue from the administration Web pages. To work around this problem, make sure that the program attribute for the Certificate Administration (CertAdm) folder is applied. >>>To apply the program attribute for CertAdm folder 1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Service Manager. 2. In MMC, expand the left pane entries until the Default Web Site is visible. 3. Double-click the Default Web Site. The right pane now contains the first level of virtual directories for the Web server. 4. Right-click the CertAdm virtual directory. 5. Click Properties. 6. On the Virtual Directory tab, in the Application Settings section, click Create. 7. Click Apply, and then click OK. 3.9.3 Invalid Hash Algorithm Accepted on Installation ----------------------------------------------------- During Certificate Server installation, don't select HMAC as the hash algorithm that the Certificate Server should use when it issues certificates. Although HMAC is among the selections on the optional Advanced Settings page, this isn't a valid use of this algorithm. If HMAC is selected, installation of the Certificate Server fails. For more information about Certificate Server, consult the Microsoft Knowledge Base. ------------------------------------------------------------------- 3.10 Internet Information Server 4.0, Secure Sockets Layer and Root Certifying Authority Certificates, and the IISCA.EXE Tool ------------------------------------------------------------------- If you use Internet Information Server 4.0 (IIS) with secure sockets layer (SSL) and you have installed a root certifying authority certificate (other than those issued by well-known third parties, such as Verisign, Thawte Consulting, or Microsoft), you may need to reinstall the affected root certifying authority certificates after you install SP5. You need to do this if you're using Microsoft Certificate Server 1.0, which shipped with the Windows NT 4.0 Option Pack. >>>To reinstall the root certifying authority certificate 1. Open Internet Explorer 4.0. 2. Browse to the root certifying authority certificate that you want to add. For example, for Microsoft Certificate Server, go to http://server/certsrv/CertEnroll/cacerts.htm, and click the root certifying authority certificate you want. 3. Select Open this file from its current location, and then click OK. 4. Click Install Certificate. 5. After the Certificate Manager Import wizard has started, click Next. 6. Select Place all certificates into the following store. 7. Click Browse, and then click Show physical stores. 8. Expand Trusted Root Certification Authorities, select Local Computer, and then click OK. 9. Click Next, and then click Finish. 10. Restart your Web server. Note: You no longer need to use the IISCA.exe tool. ------------------------- 3.11 Message Queue Notes ------------------------- A new MSMQ registry entry helps you configure the MSMQ Service to not try to contact the MQIS at startup (to avoid auto-dialing, for example). To activate that mode, under the "HKEY_LOCAL_MACHINE \Software\Microsoft\MSMQ\Parameters" registry key, add a value "DeferredInit", of type DWORD and with a value of 0x1. Add this only if the initial MQIS access causes unwanted dial-up because this setting can delay programs calling MQOpenQueue in offline situations. --------------------------- 3.12 COM Internet Services --------------------------- 3.12.1 Installing COM Internet Services --------------------------------------- COM Internet Services (CIS) provides facilities for making DCOM calls over the Internet when other transports can't be used due to a firewall on the server side or a proxy server on the client's network. There are three configuration options for CIS: * Windows 95 or Windows 98 CIS Client Support * Windows NT 4.0 SP5 and Windows 2000 CIS Client Support * Windows NT 4.0 SP5 and Windows 2000 CIS Server Support This section explains how to install CIS on computers running Windows NT 4.0 SP5. If possible, you should start with client and server computers that aren't separated by either proxy servers or firewalls. Once you have verified that this configuration works correctly, you can add proxy servers or firewalls to the configuration. 3.12.2 Windows NT 4.0 SP5 CIS Client Support -------------------------------------------- For Windows NT 4.0, CIS requires that SP5 be installed on your Windows NT Workstation 4.0 or Windows NT Server 4.0 computer. To enable CIS, you need to add the Tunneling TCP protocol to the DCOM protocol list. You can modify the protocol list by running DCOMCNFG: 1. Select the Default Protocols tab. 2. Use the Add button to add Tunneling TCP/IP. 3. Restart the computer for this change to take effect. If multiple protocols are configured, DCOM tries to use them in the order in which they appear in the DCOM protocol list. CIS also requires that Internet Information Server 4.0 (including the Internet Service Manager) be running. IIS 4.0 is part of the Windows NT 4.0 Option Pack. >>>To add the Tunneling TCP protocol to the DCOM protocol list 1. Create an RPC subfolder under your Inetpub folder. For example, at the command prompt, type md c:\inetpub\rpc This folder is referred to as %inetpub%\rpc in the following steps. 2. Copy Rpcproxy.dll from the Windows system folder to %inetpub%\rpc. For example, at the command prompt, type copy %windir%\system32\rpcproxy.dll c:\inetpub\rpc 3. Create a virtual root for the folder you created. To do this: * Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Information Server, and then click Internet Server Manager. * In the left pane of the MMC window, select Console Root/IIS/ /Default Web Site. * Right-click Default Web Site, click Create New, and then click Virtual Directory. * In the New Virtual Directory wizard, enter the following: alias to be used to gain access to virtual directory = rpc physical path = %inetpub%\rpc permissions = Execute Access 4. Don't close Internet Service Manager. Change the connection timeout for the Default Web Site to 5 minutes. To do this: * In the left pane of the MMC window, select Console Root/IIS/ /Default Web Site. * Right-click Default Web Site, and then click Properties. * In the Default Web Site Properties dialog box, select the Web Site tab. * Change the Connection Timeout to 300. * Click OK. Do not close Internet Service Manager. * Install the RPC Proxy ISAPI Filter. To do this, run the IIS 4.0 Internet Service Manager, select Console Root/IIS/ in MMC, right-click the computer name, click Properties, select Edit for the Master WWW Service Properties, select the ISAPI Filters tab, select Add, and then type: filter name = Rpcproxy executable = %inetpub%\rpc\rpcproxy.dll 5. Close Internet Service Manager now. 6. Enable CIS on the server. You do this by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Properties tab. * Make sure the check box labeled Enable COM Internet Services on this computer is checked. Don't close DCOMCNFG. 7. Add the Tunneling TCP protocol to the protocol list. You can modify the protocol list by running DCOMCNFG. To do this: * Click Start, and then click Run. * In the Run dialog box, type dcomcnfg, and then click OK. * In the left pane of the MMC window, select the Default Protocols tab. * Use the Add button to add Tunneling TCP/IP. * Close DCOMCNFG. 8. Restart your computer for these changes to take effect. 3.12.3 Notes on Proxy Servers ----------------------------- If your client is located behind a proxy server, you need to ensure that: * The proxy server is configured to enable the HTTP CONNECT verb for port 80. * Your client computer is correctly configured to use the proxy server to gain access to the World Wide Web. To configure your client to use the proxy server, use the Internet control panel. 3.12.4 Notes on Firewalls ------------------------- CIS requires that the firewall let TCP/IP traffic through on port 80. ----------------------- 3.13 Event Log Service ----------------------- SP4 introduced new features in the Event Log Service to assist administrators in measuring the reliability and availability of Windows NT 4.0. When running SP4 or later, the SP5 Event Log Service records the following three new events in the system event log that are useful in measuring operating system availability: 3.13.1 Clean Shutdown Event (Event ID: 6006) -------------------------------------------- The Event Log Service records a clean shutdown event whenever an operating system shutdown is initiated. Several mechanisms can initiate a clean shutdown: * Direct user interaction using the Shut Down screen * Shutdown/Restart using CTRL+ALT+DELETE * Shutdown/Restart using the Start Menu * Shutdown/Restart using the Logon screen Clean shutdowns are also recorded if one of the following shutdown events happens programmatically: * InitiateSystemShutdown WIN32 API (local) or * InitiateSystemShutdown WIN32 API (remote). 3.13.2 Dirty Shutdown Event (Event ID: 6008) -------------------------------------------- The Event Log Service records a dirty shutdown event whenever the operating system is shut down by a mechanism other than a clean shutdown. This most commonly occurs when the computer is power-cycled; that is, you stop Windows NT 4.0 by powering off the computer. The event is recorded upon the subsequent reboot. While Windows NT 4.0 Server is running, the computer periodically writes a time stamp to the registry. This time stamp always overwrites the "last alive" time stamp from the previous interval. When the "last alive" time stamp is written, it's also flushed to disk. A normal, clean shutdown is also flagged in the registry. If the clean shutdown flag isn't found on disk when an SP5 computer reboots, a dirty shutdown event is recorded. The description part of the event contains the "last alive" time stamp. The "last alive" time stamp is written to the registry at a default interval of five minutes to HKLM\Software\Microsoft\Windows \CurrentVersion\Reliability\LastAliveStamp. Adding the registry DWORD value TimeStampInterval can change the interval. This value is in units of minutes. Setting it to zero prevents any "last alive" time stamp logging. Only the boot and normal shutdown stamps are written in that case. 3.13.3 System Version Event (Event ID: 6009) -------------------------------------------- The Event Log Service records a system version event containing the operating system version information whenever the computer is booted. This record makes it easier to post-process Windows NT system event logs by operating system version. Note: Prior to SP5, the recording of operating system crashes in the event log (Save Dump events) was optional. By default, crash events were recorded, but a system administrator could disable this behavior in the System control panel by clearing "Write an event to the system log when a STOP error occurs" on the Startup/Shutdown tab. In SP5, the recording of crashes in the event log is mandatory for Windows NT Server and can't be disabled by an administrator. However, there is no change for Windows NT Workstation; an administrator can still choose either setting. ------------------------------------------- 3.14 Upgrading a Cluster to Service Pack 5 ------------------------------------------- 3.14.1 Rolling Upgrade ---------------------- You can eliminate the downtime of your cluster services and minimize administrative complexity by performing a rolling upgrade of the operating system. In a rolling upgrade, you sequentially upgrade the operating system on each node, making sure that one node is always available to handle client requests. A rolling upgrade consists of four phases: * Phase 1: Preliminary Each node runs Windows NT 4.0 SP3. * Phase 2: Upgrade Node 1 Node 1 is paused, and Node 2 handles all cluster resource groups while you upgrade the operating system of Node 1 to Windows NT 4.0 SP5. * Phase 3: Upgrade Node 2 Node 1 rejoins the cluster. Node 2 is paused, and Node 1 handles all cluster resource groups while you upgrade the operating system on Node 2 to SP5. * Phase 4: Final Node 2 rejoins the cluster. The operation of Phase 3, when the two cluster nodes run different Service Packs, is called a "mixed-version cluster." It's recommended that you ensure that every resource on your cluster can operate in a mixed-version environment. If version incompatibilities prevent a cluster resource from operating in a mixed-version cluster, you won't be able to successfully complete your rolling upgrade. Note: You can't create new groups, resources, or resource types in a mixed-version cluster. >>>To perform a rolling upgrade 1. Pause the cluster service on Node 1, and move its resource groups to Node 2. 2. Upgrade Node 1 from SP3 to SP5. 3. Perform validation tests on Node 1 to certify that the node is fully functional. 4. In Cluster Administrator, click Resume Node. 5. Repeat steps 1 through 4 for Node 2 instead of Node 1. 3.14.2 Alternatives to a Rolling Upgrade ---------------------------------------- There are two alternatives to a rolling upgrade for upgrading Windows NT 4.0 on a cluster. If you can't perform a rolling upgrade because your cluster manages a resource that is incompatible with rolling upgrades, consider taking the incompatible resource offline, performing a rolling upgrade, and then installing the new version of the resource. If most of your cluster resources are incompatible with a rolling upgrade, you should consider a clean install of Microsoft Cluster Server. If you do this, you must reconfigure your cluster after the installation. >>>To perform a clean install of Microsoft Cluster Server 1. Following the procedure described in Cluster Administrator Help, stop the cluster service on Node 1. On Node 1, uninstall Microsoft Cluster Server. 2. Stop the Cluster Service on Node 2. On Node 2, uninstall Cluster Server. At this point, the cluster that was running on Node 1 and Node 2 no longer exists. 3. Reinstall Cluster Server on Node 1 using the Windows NT 4.0 Enterprise Edition Components CD, and then form a new cluster using the name of the original cluster. 4. Reinstall SP5 and perform validation tests on Node 1. SP5 upgrades the original SP3 clustering product to SP5. 5. Reinstall the Cluster Server on Node 2 using the Windows NT 4.0 Enterprise Edition Components CD and then join the newly formed cluster. 6. Reinstall Cluster Server and then perform validation tests on Node 2. 7. Using Cluster Administrator, add cluster resources to your new cluster. 3.14.3 Known Clustering Issues ------------------------------ You won't be able to select or clear the Use network name for the computer name check box on the Generic Service Parameters tab if you change the value for the resource from its original setting. The service uses the network name for the computer name, regardless of the check box value. To fix the problem, open Regedt32, and edit the following key on all the cluster nodes: HKLM\SYSTEM\CurrentControlSet\Services\\Environment This is a multiline string. Remove the line containing _CLUSTER_NETWORK_NAME_. ---------------------- 3.15 Year 2000 Updates ---------------------- SP4 and SP5 contain updates for known Year 2000 issues for Windows NT 4.0: * The User Manager and User Manager for Domains recognize the year 2000 as a leap year. * The Date/Time Control Panel applet can update the system clock. * Find Files supports only numeric character recognition in the decades field. * Word document properties recognize both 1900 and 2000 as valid centuries and support four-digit years. * The Dynamic Host Configuration Protocol (DHCP) administrators’ program supports displaying the years 2000 through 2009 with a minimum of two digits. SP5 is not required for Year 2000 Compliance. Microsoft is committed to maintaining SP4, SP5, and future Service Packs as Year 2000 compliant. Note: In order to simplify the upgrade process, the SP4 Y2ksetup.exe composite patch is no longer included in the recommended upgrade path. Y2ksetup.exe was used to update the following Windows NT 4.0 components: * Internet Explorer * Microsoft Data Access Components (MDAC) * Site Server Express With SP5, it's recommended that you install any needed updates these components individually. To determine which updates, if any, that you need, see the Year 2000 Readiness Disclosure & Resource Center Web site at http://www.microsoft.com/year2000/ or call 1-888-MSFT-Y2K. Do not install Y2ksetup.exe after you install SP5. The Microsoft Year 2000 Product Analyzer scans a hard or network drive to report the Year 2000 compliance levels of Microsoft products and if updates are required, the report provides links to product-specific update information. You can download the Microsoft Year 2000 Product Analyzer at the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at http://www.microsoft.com/year2000/. For the latest Year 2000 information regarding Microsoft products, visit the Microsoft Year 2000 Readiness Disclosure & Resource Center Web site at http://microsoft.com/year2000/. You can also call toll-free 1-888-MSFT-Y2K within the United States or contact your local Microsoft subsidiary. -------------------------------------------- 3.16 Uninstalling IE 4.01 SP2 if using MSSCE -------------------------------------------- If you install Internet Explorer 4.01 SP2 and the Microsoft Security Manager (also known as the Microsoft Security Editor, or MSSCE), you may not be able to uninstall Internet Explorer. Instead, you receive the following message: "OLEMainThreadWndNmame: SETUP.EXE -Entry Point Not Found The procedure point GetVersionFromFileEx could not be located in the dynamic link library ADVPACK.dll." This is because the install programs for Internet Explorer and MSSCE require different versions of the file Advpack.dll. Complete the following procedure to use the version of Advpack.dll that allows you to uninstall Internet Explorer: 1. Open a command prompt window. 2. Create a folder by typing "md c:\temporary" (without the quotes) and pressing Enter. 3. Change to the temporary folder by typing "cd \temporary" and pressing Enter. 4. Type "copy c:\Internet Explorer 4.01 Sp2 Setup\setupnt.cab" to create a copy of the file containing Advpack.dll. 5. Type "extract setupnt.cab advpack.dll" to create a copy of Internet Explorer's Advpack.dll file. 6. Copy this Advpack.dll to the \%systemroot%\System folder inside your Windows NT folder. On most computers, you can type "copy advpack.dll c:\winnt\system". ------------------------------------------------------------- 3.17 Find Files or Folders by Date using Dates Prior to 1980 ------------------------------------------------------------- Find Files or Folders by Date does not properly search for files dated prior to 1980. The Find Files or Folders utility is accessible from the Start menu. If finding files by date using a date range prior to 1980, no files will be listed. If searching for files within a date range that spans 1980, all files are listed. Searching on files dated 1980 through 2035 works correctly. You will not encounter this problem if using the Internet Explorer 4.0 Desktop Update. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q229313. ====================================================================== 4.0 ADDITIONAL FIXES AND WORKAROUNDS ====================================================================== This section contains additional fixes and workarounds for Service Pack 5. --------------------------------------------------------- 4.1 Installing Windows NT 4.0 on a Windows 2000 Computer --------------------------------------------------------- When installing Windows NT 4.0 on a computer that has a Windows 2000 beta or later installed, Setup may continuously restart at the boot menu after the initial text-mode phase of Windows NT 4.0 Setup. The updated Winnt32.exe in the Support\Winnt32 folder allows you to install Windows NT 4.0 on a computer already running Windows 2000. >>>To update the Winnt32.exe 1. Obtain the Support\Winnt32\Winnt32.exe file from Windows NT 4.0 SP5 and copy the file to a folder on your hard disk, or double-click the file on the SP5 CD. 2. When you are prompted for the location of the Windows NT 4.0 files, supply the path to the \I386 folder or \Alpha on the Windows NT 4.0 CD. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q185322. >>>After Windows NT 4.0 is installed 1. Apply SP5. 2. Copy NTLDR and NTDETECT.COM from the Windows 2000 CD to the root of the system drive. Note: To use this installation method, your installation partition must be formatted with the FAT file system. --------------------------------------------------------------------- 4.2 Dual Booting Between Versions of Windows NT 4.0 and Windows 2000 --------------------------------------------------------------------- If you dual-boot your computer to run both Windows NT 4.0 and Windows 2000, each installation or instance of Windows NT must have a unique computer name. Note: These unique names are required only if your dual-boot computer is on the same Windows NT domain. ---------------------------------------------------------------- 4.3 NTFS for Windows NT 4.0 Version 4 and NTFS for Windows 2000 Support ---------------------------------------------------------------- There are two recent versions of Windows NT File System (NTFS): * One supported by both Windows NT 3.51 and Windows NT 4.0 * One supported by Windows 2000 This Service Pack contains an updated version of NTFS.sys that can also read NTFS Version 5 volumes created in NTFS for Windows 2000. Note: The following scenarios don't support dual-booting: * Pre-Windows NT 4.0 SP3 installations. * Windows NT 3.51 or earlier installations. The following features of Windows 2000-supported NTFS can't be accessed from SP5, even with the updated NTFS.sys: * Release points (also called mount points or junction points) * Native Structured Storage (NSS) files * Encrypting File System (EFS) * Disk Quotas Attempts by Windows NT 4.0 SP5 users or programs to access release points or NSS files created on NTFS for Windows 2000 drives with a Windows 2000 installation fail, usually with an "access denied" error. Antivirus programs may report to the user (by log file, popup dialog, or both) when a file can't be accessed. These programs may report their failure to access NSS files with extensions that the programs are set to scan. Archiving programs can't add NSS files to an archive, and the archiving might be reported as an error. Backup programs won't back up NSS files or release points as expected. The programs may log the failures as either "file in use" or "file not available." Some backup programs fail when they try to verify folders that contain NSS files during the backup process. When you mount a Windows 2000-supported NTFS volume under Windows NT 4.0 SP5, NTFS for Windows 2000 features are unavailable, and chkdsk can't be performed against the volume. However, most read/write operations function normally if they don't make use of any NTFS for Windows 2000 features. Also, since files can be read and written on Windows 2000-supported volumes under Windows NT 4.0, Windows 2000 may need to perform "clean-up" operations by running chkdsk on the volume after it's mounted on Windows NT 4.0. These clean-up operations ensure that the NTFS for Windows 2000 data structures are consistent after a Windows NT 4.0 mount operation. ----------------------------------------------------------------- 4.4 Installing SP5 on a Windows NT 4.0 Server Enterprise Edition System ----------------------------------------------------------------- If you upgrade from Windows NT Server 4.0 with SP5 to Windows NT Server Enterprise Edition by using the Winntup.exe upgrade, a message occurs at every reboot that prompts you to install SP3. If you try to install SP3, you're notified that a newer Service Pack is installed. To work around this, install SP5 again, which resolves the problem. This message won’t appear if you install SP5 over Windows NT Server Enterprise Edition or if you upgrade from Windows NT Server by using Winnt32.exe. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------------------ 4.5 Internet Information Server 4.0 ------------------------------------ 4.5.1 Username/Password Length ------------------------------ The length limitation for Username/Password combinations when you use Internet Information Server 4.0 has been fixed in SP5. This length limitation previously caused errors during basic authentication on IIS 4.0. 4.5.2 Global.asa ---------------- To use the Global.asa file after applying SP5, ensure that the file is in an program root folder. This is a change from the implementation in the Windows NT 4.0 Option Pack in which Global.asa was mistakenly processed from within a virtual directory. The Global.asa file specifies event scripts and declares objects that have session or program scope. In the Windows NT 4.0 Option Pack, the file Asp.dll processed Global.asa from the lowest defined virtual directory. This has been changed in SP5. After SP5 is installed, customers who are using Global.asa may need to make changes to IIS for the file to work properly. For more information, see the "Global.asa Reference" topic in the Windows NT 4.0 Option Pack online documentation. To ensure that Global.asa is available to Asp.dll after applying SP5, folders that contain Global.asa files should be marked as applications. For more information, see the "Creating Applications" topic in the Windows NT 4.0 Option Pack online documentation. Certain CryptoAPI-related file name extensions (.cer, .crt, and .der) aren't registered correctly when Internet Explorer 4.0 is installed after SP5. To restore the file name extension registration, run the following command line: Regsvr32.exe cryptext.dll This is fixed in Internet Explorer 5. ----------------------------------- 4.6 Security Configuration Manager ----------------------------------- 4.6.1 Error Messages Received When You Log On to a Secure Desktop ----------------------------------------------------------------- The first time a user logs on to a Compatible, Secure, or Hi Secure Windows NT computer running Internet Explorer 4.0 or later, the following message appears: INF Install Failure. Reason: Access is denied. Corresponding Start Menu Items are missing. To work around this message, have potential users of the system log on prior to securing the desktop. 4.6.2 Incorrect Analysis When Registry Key Doesn't Exist -------------------------------------------------------- If a registry value doesn't exist, analysis results for that registry value may be inaccurate. To work around this issue, configure the registry value to the appropriate setting. 4.6.3 Inherit Mode Not Available -------------------------------- Administrators can decide how SCM configures child objects after Access Control Settings for file system and registry objects are defined. The options are Inherit, Overwrite, or Ignore. In Windows NT 4.0, the Inherit option is dimmed and therefore not available. --------------------------- 4.7 Updating Audio Drivers --------------------------- If you aren’t receiving audio from a Crystal Semiconductor audio chip or a Creative Labs Sound Blaster AWE32 Plug and Play Wavetable Synthesizer, you may need to install the updated drivers for these devices. For detailed information on updating these drivers, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q143155. --------------------------- 4.8 Microsoft Proxy Server --------------------------- 4.8.1 Web Administration Tool ----------------------------- After SP5 is installed, the Web Administration Tool for Microsoft Proxy Server 2.0 may stop responding. This occurs because Internet Information Server doesn’t have the correct program setting for the Proxy Server Web administration tool, which requires script execute permission. This problem may only occur with Windows NT Server 4.0, SP5 and Windows NT 4.0 Option Pack. To correct the problem, follow the steps below: 1. Click Start, point to Programs, point to Windows NT 4.0 Option Pack, point to Microsoft Internet Server, and then point to Internet Service Manager. 2. In the left pane, click Internet Information Server. 3. In the right pane, double-click your server name. 4. In the right pane, double-click MS Proxy Administration Web Site. 5. In the right pane, right click PrxAdmin, and then click Properties. 6. Click the Virtual Directory tab. 7. In the Application Settings section, set the Permissions to "Script." 8. In the Application Settings section, click Create. If a Remove button appears and there isn’t a Create button, no further action is necessary. (The computer is already properly configured.) Click OK. You may have to reboot your computer. 4.8.2 Microsoft Proxy Server 1.0 Client --------------------------------------- Installing SP5 on a computer running Windows NT 4.0 Workstation or Server with Microsoft Proxy Server 1.0 client installed disables the WinSock Proxy Client component. As a result, programs that access the Internet and depend on the Proxy client may not be able to gain access to the Internet. To correct the problem, reinstall the Proxy Server Client component after you install SP5. It’s recommended that you uninstall the Microsoft Proxy Client before installing SP5. After you install SP5, you can reinstall the Proxy Client. --------------------------- 4.9 Ositech Jack of Spades --------------------------- If you're using an Ositech Jack of Spades laptop network/modem card with SystemSoft CardWizard, you need to remove and reinstall the Ositech Software and drivers after upgrading to SP5. ----------------------------- 4.10 MDAC 2.0 Service Pack 1 ----------------------------- If you install MDAC 2.0 or later after installing SP5, the ODBC Help file Obdcinst.hlp does not match MDAC 2.0's. This is because the ODBC Help File installed by SP5 has the SP5 file date. To work around this, before installing MDAC, delete the file Odbcinst.hlp. If you've already installed MDAC, delete the Odbcinst.hlp and reinstall MDAC. ---------------------------------------------------------------- 4.11 Installing Internet Explorer 4 SP2 as a Non-Default Browser ---------------------------------------------------------------- You can install Microsoft Internet Explorer without adding the Internet Explorer icon to the desktop and the system file associations that make Internet Explorer the default browser. To do this, use the IE4SETUP.EXE command below from either a command line or the Run dialog box. This command changes the Internet Explorer installation to not add the Internet Explorer icon to the desktop or to change the system file associations to make Internet Explorer the default browser. Note: This command only works if you have not installed the Microsoft Windows Desktop Update on your computer. IE4SETUP.EXE /C:"ie4wzd /S:""#e"" /X /R:N /Q:A /m:0" For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q224088. ====================================================================== 5.0 APPLICATION NOTES ====================================================================== This section includes program notes for Service Pack 5. --------------------------------------------- 5.1 CheckIt Diagnostic Kit 4.0 by Touchstone --------------------------------------------- The CheckIt Diagnostic Kit version 4.0 won't have full functionality when you install it onto any version of Windows NT. ----------------------------------------- 5.2 Norton CrashGuard 2.0 for Windows NT ----------------------------------------- To run when the computer is rebooted, Norton CrashGuard 2.0 for Windows NT needs to be installed by a user with administrative privileges. ----------------- 5.3 Inoculan 4.0 ----------------- The Inoculan version 4.0 Service Pack 2, with build number 373 or higher, is fully compatible with SP5. The Inoculan version 4.0 Service Pack 1 with build 270 causes Windows NT 4.0 bugcheck when you apply SP5. You can download the Inoculan SP2A build 375 (il0145i.zip) from the Computer Associates Web site at http://www.cai.com/. ----------- 5.4 Exceed ----------- If you use Exceed Inetd.exe to provide basic telnet services in Windows NT 4.0, see the Hummingbird Software Web site at http://www.hummingbird.com/ for an update. The version that ships with Exceed 6.0.1 doesn't work with SP5. -------------------- 5.5 Terminal Server -------------------- SP5 isn't supported on Windows NT Terminal Server. A revision of SP5 specifically for Terminal Server includes the information required to allow existing installed programs to run in a multiple-session environment. Obtain this revision to install SP5 on a Windows NT Terminal Server. ------------------------------------------------------- 5.6 Microsoft NetMeeting Security and Year 2000 Issues ------------------------------------------------------- 5.6.1 Security -------------- NetMeeting 2.1 is vulnerable to hostile speed-dial objects that can cause NetMeeting to stop responding. Consequently, the computer's memory is exposed and may be intentionally corrupted. To work around this, download the Speed Dial patch from the NetMeeting Web site at http://www.microsoft.com/netmeeting/. 5.6.2 Year 2000 --------------- When you transfer a file with a system date greater than 2000, the received file date is increased by 28 years. To work around this, download NetMeeting version 2.1 (or later) at http://www.microsoft.com/netmeeting/. -------------------- 5.7 NuMega SoftICE -------------------- If you try to install SP5 but aren't using the latest version of SoftICE, version 3.24, a message appears stating that Windows has detected a version of SoftICE that isn't supported. You can register and download the latest version of SoftICE from the Compuware NuMega Web site at http://www.numega.com/support/updates.htm. Earlier revisions of the SoftICE software cause system errors when you install SP5. SoftICE version 3.24 is a no-charge update for registered version 3.2 customers. If you have a 3.2 or earlier version of SoftICE, contact the Compuware sales department at 1-800-4NUMEGA (or 1-603-578-8400) to purchase an upgrade. ----------------------------------------------- 5.8 Microsoft BackOffice Small Business Server ----------------------------------------------- 5.8.1 Microsoft BackOffice Small Business Server Version 4.0 ------------------------------------------------------------ * Upgrade to SBS 4.0a before installing Windows NT 4.0 SP5. You can do this by installing SBS 4.0 Service Pack 1. For instructions on how to order SBS 4.0 Service Pack 1, see the Microsoft BackOffice Small Business Server Web site at http://www.microsoft.com/backofficesmallbiz/ or call 1-800-370-8758. * You must install SBS 4.0 Service Pack 1 before installing Internet Explorer 4.0 or 4.01. IMPORTANT: Don’t install Internet Explorer 4.0 or Internet Explorer 4.01 on SBS 4.0. This results in the loss of functionality to the "Manage Server" administration console. * If you install SBS 4.0 SP1 after installing Windows NT 4.0 SP5, a series of dialog boxes prompts you to replace newer files with older files. Click "No to All" so that the newer SP5 files remain on your computer. 5.8.2 Microsoft BackOffice Small Business Server Version 4.0a ------------------------------------------------------------- Install Windows NT 4.0 SP5 by running Update.exe. After Windows NT 4.0 SP5 installation is complete and the server reboots, you may be prompted to install additional components to resolve known Year 2000 issues in Windows NT 4.0. 5.8.3 Microsoft Proxy 1.0 on Small Business Server 4.0 and 4.0a --------------------------------------------------------------- Installing Windows NT 4.0 SP5 on a Small Business Server (SBS) 4.0 disables the Winsock Proxy Client component. As a result, some programs that access the Internet and depend on the proxy Dial-On- Demand won't run on the SBS server. To correct the problem, reinstall the Proxy Client component after you install Windows NT 4.0 SP5. To reinstall the Proxy Client, click Start, point to Programs, point to Startup, point to Microsoft Proxy Client, and then click Setup. 5.8.4 Windows NT Workstation 4.0 Client for Microsoft BackOffice Small Business Server 4.0 and 4.0a ---------------------------------------------------------------------- If you install Windows NT 4.0 SP5 Update.exe on an SBS 4.0 or 4.0a Windows NT 4.0 Workstation client, a dialog box may appear stating that SBS 4.0 has been detected on your computer. For more information on known Year 2000 Windows NT issues, see the Microsoft BackOffice Small Business Server Web site at http://www.microsoft.com/backofficesmallbiz/. --------------------------------------- 5.9 Rational Visual Quantify Version 4 --------------------------------------- If you install SP5 on a computer with Rational Visual Quantify version 4 installed, you may receive .dll error messages. To work around this, reinstall Rational Visual Quantify after you install SP5. ---------------------------- 5.10 Microsoft IntelliPoint ---------------------------- If you receive an access violation message from IntelliPoint Productivity Tips (Tips.exe) when you start Windows NT 4.0 SP5, we recommend that you install the latest version of IntelliPoint software, available from the Microsoft Web site at http://www.microsoft.com/products/hardware/mouse/. ----------------------------------- 5.11 Systems Management Server 2.0 ----------------------------------- The Windows Management Instrumentation (WMI) component of Systems Management Server 2.0 (SMS) fails to install during installation of SMS 2.0 site servers, clients, and SMS Administrator consoles on computers running SP5. WMI is required for the operation of these SMS computers and the SMS 2.0 Hardware Inventory Agent on 32-bit Windows clients. For information on how to install SMS 2.0 on computers running SP5 without this problem, query on article Q221481 in the Knowledge Base at http://support.microsoft.com/support/. ====================================================================== 6.0 IF YOU DO NOT HAVE SERVICE PACK 4 ====================================================================== Unlike previous Service Packs, Service Pack 5 has no new features. It is also being released relatively soon after SP4. Depending on your particular needs, you may decide to skip one of these Service Packs. If you did not install SP4, the following section summarizes the new features that were introduced in SP4. If you're already familiar with SP4, you can skip this section. -------------------------- 6.1 New in Service Pack 4 -------------------------- 6.1.1 Active Accessibility Support ---------------------------------- Microsoft Active Accessibility (MSAA) is a COM-based standard method by which a utility program interacts with a program's user interface (UI). Using MSAA programs can expose all UI elements and objects with standard properties and methods. SP4 and SP5 includes five new application programming interfaces (APIs). These new APIs include: * GetGUIThreadInfo * GetAncestor * RealChildWindowsFromPoint * RealGetWindowClassA * RealGetWindowClassW 6.1.2 DCOM/HTTP Tunneling ------------------------- This update allows DCOM client/server communication to cross firewalls over the HTTP protocol port. The new protocol "Tunneling TCP" is used like other DCOM protocols. The new moniker type OBJREF is passed in HTML to the client. The benefits of Tunneling TCP include high performance, use of existing open ports in the firewall, and control of client access for proxy administrators. For more information, see the Microsoft COM Web site at http://www.microsoft.com/com/. For instructions on installing Tunneling TCP, see Section 3.12.1, "Installing COM Internet Services." 6.1.3 Euro Key Patch -------------------- The Euro Key Patch is an update to include the new European "Euro" currency symbol. The update supplies the core fonts (Arial, Courier New, and Times New Roman) and the keyboard drivers. 6.1.4 Internet Group Management Protocol (IGMP) version 2 --------------------------------------------------------- IGMPv2 allows a computer to inform the router that it's leaving a group. This update enables the router to determine if there are no more members in a group and then executes a command to stop forwarding mcast packets on to the link. This update is useful when users are frequently joining and leaving groups. 6.1.5 Microsoft File and Print Service for NetWare (FPNW) Support for Client32 ----------------------------------------------------------------- Microsoft File and Print Service for NetWare permits the Windows NT 4.0 Server to act as a NetWare 3.X Server and is able to process file and print requests from NetWare clients without changing or updating the NetWare client software. SP4 and SP5 provide an update that allows Windows NT 4.0 to support NetWare's Client32. This update installs only on those computers that have the FPNW service already installed. 6.1.6 Proquota.exe ------------------ The Proquota.exe utility can be set up to monitor the size of users' profiles. If an individual user's profile exceeds the predetermined file limit, the user won't be able to log off of the computer until the user reduces the size of the file. 6.1.7 Remote Winsock (DNS/Port 53) ---------------------------------- Proxies or firewalls often disable the Domain Name System (DNS) port number 53 in order to deter external sites from querying the internal DNS structure. As a result, inbound response packets sent on port 53 can't be received. SP4 and SP5 provide a solution to change the Windows NT DNS server port number and configure it to use a different port number when you are connecting outbound. To enable this feature, the registry value "DWORD" is created. Locate \services\dns\parameters\SendOnNonDnsPort and set the key to a non-zero value to go off port 53. If the value is less than 1024, the server can use any port number. If the value is greater than 1024, the server uses the port number specified. 6.1.8 Remote Procedure Calls (RPC) Enhancements for Visual Basic (VB) --------------------------------------------------------------------- This release provides RPC enhancements for VB. In VB, a User Data Type (UDT) is added, allowing the TypeLib arrangement of structures. New user interfaces, IRecordInfo, provide UDT information and a UDT field for the Access Database. 6.1.9 Routing Information Protocol (RIP) Listener ------------------------------------------------- If you use RIP Listener on a computer running Windows NT 4.0, you can use SP4 or 5 to update this component. If you want to install RIP Listener after you apply SP5, use the following procedure. >>>To install the RIP Listener 1. Insert the SP5 CD into the CD-ROM drive and change to the \I386 (or \Alpha) folder. 2. Copy Oemnsvir.wks to D:\\System32 \Oemnsvir.inf. 3. Click Start, point to Settings, and click Control Panel. Double-click Network, and on the Services tab, click Add. 4. In Network Service, select RIP for Internet Protocol, and then click OK. 5. In the Windows NT Setup dialog box, type the path for the location of the SP5 files, and click OK. 6.1.10 Visual Studio-MICS ------------------------- SP4 and SP5 include an update to Visual Studio called Visual Studio Analyzer Events. Visual Studio Analyzer Events provides a graphical representation of high-level behaviors and their solutions. Use Visual Studio Analyzer Events to view graphically simple tables of event logs, the computer's performance, and Windows NT Performance Monitor (NT PerfMon), as well as other system data. 6.1.11 Compaq Fiber Storage Driver ---------------------------------- This driver and .inf are located in the \Drvlib folder. When installed, the Compaq fiber storage driver along with the .inf provides support for Compaq fiber storage devices. The certified devices are: * Compaq Fiber Channel Host Controller/P for PCI. * Compaq Fiber Channel Host Controller/E for EISA. 6.1.12 Internet Explorer 4.01 Service Pack ------------------------------------------ SP4 included the most recent Internet Explorer Service Pack when it was released, Internet Explorer 4.01 SP1. SP5 also includes the most recent Internet Explorer Service Pack available, Internet Explorer 4.01 SP2, located in SP5 in the \Msie401 folder. Run Ie4setup.exe from the \Msie401\Alpha or \Msie401\i386 folder to install this version of Internet Explorer on your computer. To deploy IE to a large number of users, see the Internet Explorer Administration Kit at http://www.microsoft.com/windows/ieak/. 6.1.13 Message Queue (MSMQ) for Windows 95 Client ------------------------------------------------- This Service Pack also includes MSMQ Windows 95 Client fixes, located in the \Support\Msmq.95 folder. Most problems that are mentioned in Section 3.11, "Message Queue Notes," also apply to Windows 95. In addition, the Windows 95 MSMQ update fixes a problem causing long delays with MQOpenQueue() and MQIS operations on offline computers. This MSMQ Windows 95 update doesn't have an uninstall option. 6.1.14 Windows NT 4.0 Option Pack Fixes --------------------------------------- SP4 and SP5 include Option Pack fixes and enhancements. If you have the Internet Information Server version 4.0 Option Pack installed, the SP5 update program automatically updates the Option Pack components installed on your computer. When you begin the installation of the Windows NT 4.0 Option Pack on a server with Windows NT SP5 and Internet Information Server 3.0, the following messages may appear: "Setup detected that Windows NT 4.0 SP4 or greater is installed on your machine. We haven't tested this product on SP4. Do you wish to proceed?" "The Windows NT 4.0 Option Pack is fully tested and supported to run on servers with the Windows NT Service Pack 5. Click Yes to continue Setup." Note: It's recommended that you reinstall SP5 after you install Windows NT 4.0 Option Pack. Otherwise, an MSMQ MQIS Controller installation won't work until the SP5 is reinstalled. 6.1.14.1 Certificate Server The Microsoft Certificate Server is a standards-based, highly customizable server program for managing the creation, issuance, and renewal of digital certificates. Certificate Server generates certificates in standard X.509 format. These certificates are used for a number of public-key security and authentication programs, including, but not limited to, server and client authentication under the Secure Sockets Layer (SSL) protocol and secure e-mail using Secure/Multipurpose Internet Mail. The update to Certificate Server includes: * Teletex Encoding--Data encoded as teletex in a certificate request is encoded as teletex data in the issued certificate. Formerly, this data would have been encoded as Unicode in the issued certificate. * Serial Number--Serial numbers are generated according to X.509 standards. These serial numbers are automatically generated, unique, and always positive. These features accommodate restrictive mail clients. * Backup/Restore--Specific backup requests are supported, including backing up keys and certificates. * An update to the default policy module so that Outlook 98 can use issued mail certificates. * An update to Certificate Server that fixes a problem with certificates issued on February 29th of a leap year. Previously, the validity period would have the NotBefore and NotAfter dates set to the same date. With this update, NotBefore and NotAfter are now set correctly in the context of the CA validity for certificates issued on February 29th of a leap year. For information on how to use the keys and certificate backup/ restore utility, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q185195. This release of Certificate Server doesn't support certificate hierarchies. However, a limited subset of the functions of Certificate hierarchies work specifically with Exchange. You can get additional information on this from a white paper titled "Creating Certificate Hierarchies with Microsoft Certificate Server Version 1.0." This is available as a self-extracting .exe file (Hier3.exe) on the Microsoft Support Downloads Web site at http://support.microsoft.com/support/downloads/LNP279.asp. 6.1.14.2 Index Server Index Server is a content-indexing engine that provides full text retrieval for Web sites. Index Server requires that Internet Information Server be installed. 6.1.14.3 Internet Information Server (IIS) The following Internet Information Server version 4.0 Option Pack components are installed on your computer: 1. Security Enhancements--Support for long file names for access restrictions on a file or a folder. 2. Performance--Improvements on the logging and caching of information. These improvements include, but aren't limited to: * IIS 4.0 performance on extension mapping. * IIS 4.0 memory performance for mapping log files. * IIS 4.0 performance in mapping unmapped data files if memory configuration is low or stressed. 6.1.14.4 Message Queue (MSMQ) for Windows NT This update to MSMQ does the following: * Performs cleanup of unused message file space every six hours to reduce disk-space usage. Note: This schedule may be configured through the MSMQ registry key (in milliseconds). * Clears all obsolete express message files when the MSMQ service starts. * Enforces case insensitivity with foreign language characters in private queue names. * Reduces occurrences of duplicate messages in persistent delivery mode. * Exhibits performance counters for remote queues after a system recovery. * Correctly shows outgoing messages performance counters for each session. * MSMQ MQIS servers refresh cached information every 12 hours. * Fixes a problem causing transactional messages to be rejected in some cases. * Allows specifying external certificates through the MSMQ ActiveX components interface. * Allows transactional messages to be read from connector queues after you restart the MSMQ connector program. * Supports MQSetQueueSecurity for private queue. * Allows MQCreateQueue for private queues to work on Windows NT Server 4.0 Option Pack installations on Microsoft Cluster Server computers. * Supports sending Microsoft PowerPoint and Microsoft Word documents using ActiveX components. * Fails if a user attempts the renewal of internal certificates when Primary Enterprise Controller (PEC) is unreachable. * Correctly recomputes computer quota limitation after restarting the MSMQ service. * Allows MSMQ COM objects to correctly process asynchronous message arrival events in multithreaded programs. * Detects and reports corrupted message packets in message files that could have previously resulted in a hung MSMQ service. * Accepts transactional messages sent offline instead of previous problems rejecting these messages are no longer with a bad message class: MQMSG_CLASS_NACK_BAD_DST_Q. The symptom was that such messages were immediately routed to the sender's exact dead letter box. * Supports sending messages to different computers that have the same IP address. This can happen when a server attempts to send messages to two different RAS clients that happen to be assigned the same address, one after the other. * Recovers correctly when sending messages from a server to a client whose address is no longer valid (for example, a RAS client that has timed-out). Previously, extra message traffic might have been generated. * Allows asynchronous messaging to function correctly on Japanese Windows 95 when using the MSMQ COM objects. * Fixes a problem in the MSMQ COM objects when referencing the response and administrator queue properties of a message for queues not explicitly refreshed from the MQIS. * No longer blocks for a long time calling MQOpenQueue with a DIRECT format in Windows 95. * No longer enforces MSMQ per-seat licensing if the Windows NT 4.0 licensing service isn't running. * No longer causes an exception on the MQIS server if there is a specific call to MQLocateBegin. This could have occurred previously when the Label restriction was specified with an incorrect vt argument (anything other than VT_LPWSTR). * Allows users logged on to a local computer to run MSMQ programs accounts. Note that users were previously able to run MSMQ for shadowed local accounts--that is, for accounts that had "identical" local accounts (user name/password) on the server computer. The default security for queues created by such users is that everyone is granted full control (in particular, read and delete permissions). * Supplies a new MQIS update/restore utility that enables administrators to seamlessly recover crashed MQIS servers. For more information, see \Support\Msmq.nt\MQISwizard.doc. 6.1.14.5 Microsoft Transaction Server (MTS) MTS is updated with a new Java Context class. If you're building programs using Visual J++, you can use the new Context class instead of IObjectContext. The Context class allows you to do the following using Visual J++: * Declare that the object's work is complete. * Prevent a transaction from being processed, either temporarily or permanently. * Create an instance of other MTS objects and include their work within the scope of the current object's transaction. * Determine whether a caller is in a particular role. * Determine whether security is enabled. * Determine whether the object is executing within a transaction. See the Visual J++ section of the Programmer's Reference for complete documentation of the new class. 6.1.14.6 SMTP and NNTP Simple Mail Transport Protocol (SMTP) and Network News Transport Protocol (NNTP) enhancements are available in SP4 and SP5. SMTP now supports the following services: * Multiple virtual servers or sites. * ETRN command for dequeuing mail over dial-up connections. >>>To enable this functionality: 1. Create a text file with the following text: set obj = GetObject ( "IIS://localhost/smtpsvc" ) obj.Put "SmtpServiceVersion", 2 obj.SetInfo NOTE: This is an Active Directory Service Interface (ADSI) script that updates a value in the metabase. 2. Save this file as Enable.vbs. 3. From a command prompt, type the following and press ENTER: cscript enable.vbs For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q183476. 6.1.15 Security Configuration Manager (SCM) ------------------------------------------- Security Configuration Manager (SCM) is an integrated security system that gives administrators the ability to define and apply security configurations for Windows NT Workstation and Windows NT Server installations. SCM also has the capability to perform inspections of the installed computers to locate any degradation in the computer's security. For further information on SCM, including installation and usage instructions, refer to Readme.txt in the \Mssce folder. 6.1.16 Security Privilege Must Be Enabled to View Security Event Log -------------------------------------------------------------------- SP4 and SP5 include a fix in the Event Log service that requires that the SE_SECURITY_NAME privilege, also known as the Security privilege, be enabled in order to view and manage the security event log. By default, Windows NT grants the privilege to administrators and local System. In order to take effect however, the privilege must also be enabled in the program accessing the security event log. Adding the Security privilege to manage the security log can be audited. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q188855. 6.1.17 Dynamic Host Configuration Protocol (DHCP) ------------------------------------------------- This Service Pack includes several quality improvement fixes for known Dynamic Host Configuration Protocol (DHCP) issues reported for Microsoft DHCP Server, the DHCP Manager administration tool, and for Microsoft DHCP-enabled clients running under earlier released versions of Windows NT 4.0. These fixes address specific problems fully described in the "DHCP/WINS Release Notes for Windows NT 4.0 SP4 Update" KB article. For more information, go to the Knowledge Base at http://support.microsoft.com/support/ and search for KB article Q184693. 6.1.18 Windows Internet Naming Service (WINS) --------------------------------------------- Windows NT Server includes the following new Windows Internet Naming Service (WINS) and WINS Manager features: * Manual removal of dynamic WINS database records. * Multi-select operations for WINS database records. * Burst mode handling for WINS servers. 6.1.19 Microsoft Routing and Remote Access Service (RRAS) --------------------------------------------------------- SP4 or SP5 can be installed on a Windows NT 4.0 computer running Routing and Remote Access Service (RRAS). SP5 updates your RRAS computer to RRAS Software Update (Hotfix) 3.0 components automatically. If you install RRAS after installing SP5, you must reinstall SP5 to get the updated RRAS files so that RRAS works properly. For more information on RRAS Software Update 3.0, see http://support.microsoft.com/support/kb/articles/Q189/5/94.asp. 6.1.20 PPTP Performance and Security Update ------------------------------------------- SP5 now includes new performance and security updates to Point-to-Point Tunneling Protocol (PPTP) that greatly increase data transfer speeds and enhance security. The PPTP client and server computer must both be running the updated files to get the new benefits. For more information, see http://support.microsoft.com/support/kb/articles/q189/5/95.asp 6.1.21 NTLMv2 Security ---------------------- SP4 and SP5 contain an enhancement to NTLM security protocols called NTLMv2 that significantly improves both the authentication and session security mechanisms of NTLM. For more information, see http://support.microsoft.com/support/kb/articles/q147/7/06.asp. 6.1.22 Secure Channel Enhancements ---------------------------------- SP4 and SP5 contain an enhancement to the secure channel protocols that member workstations and servers use to communicate with their domain controllers and that domain controllers use to communicate with other domain controllers. In addition to authentication, you can now encrypt and check the integrity of these communications. For more information, see http://support.microsoft.com/support/kb/articles/q183/8/59.asp. 6.1.23 IP Helper API (IPHLPAPI) ------------------------------- The Internet Protocol (IP) Helper API provides Windows network configuration and statistics information to Win32 programs. The public API is available on Windows NT 4.0 and above, and Windows 95 and above. SP4 and SP5 update the API with a new .dll so that programs can communicate to a TCP/IP stack. 6.1.24 Event Log Service ------------------------ SP4 and SP5 contain features in the Event Log Service to assist administrators in measuring the reliability and availability of Windows NT. The SP5 Event Log Service records three new events in the system event log that are useful in measuring operating system availability: * Clean Shutdown Event (Event ID: 6006) * Dirty Shutdown Event (Event ID: 6008) * System Version Event (Event ID: 6009) See Section 3.13, "Event Log Service," for more information. 6.1.25 Domain Name Server (DNS) Service --------------------------------------- SP4 and SP5 include several quality improvement fixes to correct known Domain Name Server (DNS) issues reported for Microsoft DNS Server and the DNS Manager administration tool. These fixes address specific problems described in the Q184693 "DNS/DHCP/WINS Release Notes for Windows NT 4.0 SP4 Update" KB article. For more information, see http://support.microsoft.com/support/kb/articles/q184/6/93.asp. -------------------------------------------------------------- 6.2 List of Fixes in Windows NT 4.0 Service Packs 1 through 4 -------------------------------------------------------------- All fixes contained in Service Packs 1 through 4 are documented as Knowledge Base articles. You can query the Knowledge Base to find an article about a specific issue by using the Qxxxxxx number assigned to the topic. You can browse the Knowledge Base on the Microsoft Web site at http://support.microsoft.com/support/. For a list of all fixes in Windows NT 4.0 Service Packs 1 through 4, see http://support.microsoft.com/support/kb/articles/q150/7/34.asp. For a list of all fixes, see http://support.microsoft.com/support/kb/articles/Q225/0/37.asp.