Microsoft Releases Service Pack 6a

Service Pack 6a
I’m back from vacation, and I see that the Winsock bug and TCP/IP sequence number hotfix caused a real ruckus while I was gone. Microsoft re-released Windows NT Service Pack 6 (SP6) as SP6a on November 24. SP6a includes a correction for Winsock problems users experienced with Lotus Notes and other Winsock-based applications (see Microsoft Support Online article Q245678), but it doesn't include the TCP/IP initial sequence number (ISN) hotfix I wrote about a couple of weeks ago. Apparently, the post-SP6 ISN hotfix introduced a regression error, so Microsoft pulled the original and plans to release a working version soon, possibly this week. Although predictable sequence numbers don't create a serious vulnerability, they leave the door ajar for potentially malicious activity, so I recommend that you install the ISN hotfix when it's available. If you haven’t installed SP6 yet, you can download it. If you've already installed SP6, you can download and install the Winsock hotfix separately from the URL above. And, if you’ve been looking for a copy of setupdd.sys, you’ll find it at the bottom of the SP6a download page.

You might also encounter a potentially nasty problem related to a combination of Innoculan virus drivers older than February 11, 1999, and Microsoft Outlook personal folders. According to Microsoft Support Online article Q244652, interaction between these two applications can unintentionally delete Outlook personal folders if Innoculan is running during a service pack installation. No one has figured out exactly what causes the deletion. You can download Innoculan driver updates.

RAS Stops Accepting PPTP Connections
Are you running RAS server on a multiprocessor system configured to accept PPTP connections? If so, you might experience problems with incoming connections when you enable PPP logging on the RAS server. When PPP logging is active, two RAS threads attempt to write to the PPP log file, and a problem in the kernel causes one of the two threads to wait indefinitely. The waiting thread hangs rasman.exe and prevents RAS from accepting any new connections; however, this bug doesn't affect established connections. Over time, users will close active PPTP sessions and won't be able to reconnect, even though all incoming RAS PPTP ports are available.

To work around this problem, disable PPP logging on the server. Microsoft Support Online article Q246467 (not available as of November 28) documents this PPTP issue and indicates that Microsoft has a hotfix that eliminates the thread conflict (updates two NT kernel components). The article also states that Microsoft will not release the hotfix to you until you demonstrate that your system is experiencing this specific problem.

Adding Fonts Bug
Several readers sent me email indicating that when you attempt to add fonts to Windows NT Workstation, the Control Panel Font applet displays only the C: drive, even if you have several local drives and partitions available. According to Microsoft Support Online article Q240254, this problem can also occur with the Multimedia applet. To work around the problem, install either a network adapter card or the Microsoft Loopback Adapter. I have absolutely no idea why this workaround enables these applets to display all local hard drives, and I can't test the workarounds because I haven't experienced this problem on my system. Let me know if this fix solves the problem.

PPTP LAN Connections
Tunneling protocols are most commonly deployed to connect clients to a server over the Internet. However, you can also employ these protocols to connect clients to a server on a LAN. For example, you might isolate a standalone server for security purposes and let clients connect via PPTP to take advantage of the protocol’s encryption and encapsulation features. Apparently, the word is spreading about this use of tunneling protocols, because article Q246478 contains detailed instructions about how to configure a PDC in two different domains to support incoming PPTP connections.

In this scenario, each PDC has one network adapter card instead of two (one for a LAN and one for a WAN link). To support PPTP connections, you have to fool RAS into thinking that each PDC has two network adapter cards. To trick RAS, add a second IP address to the installed network adapter card or install the Microsoft Loopback Adapter on each server. You also need an LMHOSTS file that associates the second IP address on each server with the NetBIOS name of the server and the domain name. Once the servers can see each other, you establish the trust. The procedure is straightforward, so have a look and give it a try. And if you get it working, let me know so I can share your experience with other readers.

RAS Configuration Tip
When you configure RAS, you can assign client IP addresses with a DHCP server or a static address pool. If you use the DHCP option, you need to be aware that RAS clients don't inherit DHCP TCP/IP scope settings, so connected clients do not have an assigned WINS server. Without a WINS server, RAS clients can only see NetBIOS resources (file and print shares) on their local subnet. To ensure that clients can browse resources across the network, you need to specify the IP address of the WINS server(s) in the TCP/IP configuration on the RAS server. When clients connect, they inherit the hardcoded WINS server addresses from the RAS server and can successfully resolve names across the enterprise.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.