Win2K Shutdown Blue Screen; a Cluster-Based VPN Bug; and DNS and Dfs Bug Fixes

Do you have any Windows 2000 systems that intermittently experience a blue screen during shutdown? If so, a bug in the server service, srv.sys, might be the cause of the problem. The system crash occurs when the server service shuts down before it completes queued-up tasks. The problem is related to interaction between the server service and the printing subsystem. When this bug crashes the system, you'll see a stop code of 0xCE in the component srv.sys. Microsoft released a bug fix that updates seven components—printui.dll, spoolss.dll, srv.sys, srvsvc.cll, win32spl.dll, winspool.drv, and winotify.dll. All files have a release date of December 18, 2002. If you call support, cite the Microsoft article "Bugcheck with Stop Message 'STOP 0x000000CE' and Svr.sys in Crashdump When Computer Shuts Down" (

Windows XP Cluster-Based VPN Bug
Although many variables can adversely affect a client’s ability to establish a VPN connection, here’s one that refers specifically to a VPN server that’s a member of a cluster. A recent Microsoft article states that when a Windows XP Service Pack 1 (SP1) client attempts to connect to a VPN server by using the cluster’s virtual IP address, the client might fail to connect and receive the message “Error 721: Remote PPP peer is not responding.” The failure is a result of a processing error that occurs when, as part of the initial connection negotiation, the server sends a Generic Routing Encapsulation (GRE) packet to the client. The client requests a connection to the virtual server TCP/IP address, but the GRE packet contains the TCP/IP address of the network adapter that appears first in the binding order on the VPN server. The client notices that the GRE packet contains a different address than the one to which the connection request was sent and responds by dropping the packet. After dropping the GRE packet, the connection request times out and the client reports that the remote peer isn’t responding. As a temporary workaround, you can disable the VPN address-validation function on the network adapter that clients use for VPN connections. See the Microsoft article "Your Windows XP-Based Client Cannot Establish a VPN Connection" ( for instructions about how you modify the registry to disable this feature. To permanently solve the problem, install the fix at the Windows Update site or call Microsoft Product Support Services (PSS) and ask for the VPN client update; cite the article number above as a reference.

DNS Server Forwarding Fix
A Win2K DNS server has a weak spot in the algorithm, which can cause long name-resolution delays when the server forwards a request to a server in a delegated zone. The problem occurs when the first server in the delegated zone is unreachable for some reason. The local DNS server doesn't correctly record the delayed response time to the first delegated server and continues, unsuccessfully, to send name-resolution requests to the same machine, instead of routing requests to the alternate delegated DNS server. The good news is that Microsoft has a new version of the DNS component dns.exe (released January 20, 2003) that eliminates this bug. Call PSS and cite the Microsoft article "Slow Response Times Occur If a Delegated Name Server Is Down" ( as a reference.

Dfs Snap-in Misbehaves
Do you have periodic problems using the Microsoft Management Console (MMC) Dfs snap-in to administer your Dfs root? The Microsoft article "DFS Manager Does Not Show DFS Roots" ( states that the Dfs service has a bug in how it reads service startup values in the registry, either during system startup or when you restart the Dfs service. The problem is specific to Dfs servers you configure to use Fully Qualified Domain Names (FQDNs) in referrals. If you use this method to configure your Dfs servers, look for the following symptoms: the Dfs snap-in responds with the error message “The specified domain either does not exist or could not be contacted,” and the Dfs utilities dfscmd.exe and dfsutil.exe respond with the cryptic message “System error 2662 has occurred.” To solve this problem, call PSS and ask for the latest version of the Dfs service, dfssvc.exe, released February 11, 2002. If you’d like a comprehensive list of Dfs server messages from dfs.sys and client-side messages from mup.sys, including event IDs and text, check out the Microsoft article "List of Windows 2000 Distributed File System Event Log Messages" ( This reference also includes links to references that guide you in implementing and troubleshooting Dfs services.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.