Keeping Up with Terminal Services - 01 Aug 2001

Port 3389 Memory Leak Can Lead to Denial of Service
Microsoft article Q292435 describes a possible vulnerability in Windows 2000 Server Terminal Services and Windows NT Server 4.0, Terminal Server Edition (TSE) servers. A function that processes incoming RDP data via port 3389 contains a memory leak. Each time the system processes an RDP packet that contains a specific malformation, the memory leak depletes a small amount of server memory. An attacker who sends a sufficiently large quantity of such data to an affected machine could deplete the machine's memory so that response time slows or, eventually, the machine can't respond. According to Microsoft, hackers can't use the vulnerability to compromise data or usurp privileges. Use a firewall to block port 3389 or download the patch from Microsoft's Web site.

Error Uninstalling IE on Terminal Server
According to Microsoft article Q200047 , you must use the Change User command to remove Internet Explorer (IE) 4.0 from a TSE terminal server. The Control Panel Add/Remove Programs utility doesn't work because it doesn't switch the terminal server into Install mode when you uninstall IE. If you're having problems uninstalling IE from a TSE terminal server, follow the steps outlined in the article.

TCP Server Session Never Closes
It might appear that TCP server sessions never close, even though the client sends a request to close the session. When two NT-based computers establish a connection, the server application quits and the server sends a FIN request (which the network loses). The server state is then FIN_WAIT_1 or LAST_ACK and the client state is ESTABLISHED. The server will remain in the FIN_WAIT or LAST_ACK state until you reboot. See Microsoft article Q254930 to learn how to get a fix for this problem (dated September 2000).

Can't Print From Redirected Printer on Win2K Terminal Server
Microsoft article Q276532 recommends that you pay careful attention to the Data section of a system event's Properties sheet; the data in this section can give you more detailed information than is usually available for an event. See the article for a list of the possible error codes for Event ID 1103 in TermServDevices, which reports that redirected printing is no longer functioning.

GRE Protocol 47 Packet Description and Use in VPNs
If you're interested in how VPNs work under Win2K, see Microsoft article Q241251 for a detailed description of the required protocols.

Diskperf Use Causes Error
After you install Terminal Services or you upgrade from TSE to Terminal Services, the server might blue-screen with a "STOP 0X0000001E KMODE_EXCEPTION_NOT_HANDLED" error message. The computer boots into Safe mode or Safe mode with Networking. However, if the computer boots into Safe mode and you've disabled the Diskperf utility (using the Control Panel), you might receive a "Stop 0x0000007b" error message. According to Microsoft article Q300224, the Diskperf utility controls the type of counters you can view when you use the System Monitor tool. By default, the computer is set to collect physical drive data. To collect logical drive data, you must specifically enable the system. If you use the -n switch to disable the disk performance counters, and then re-enable all the performance counters using the -y switch, you can't return to the default state and the computer will blue-screen. To resolve the problem, boot into Safe mode, disable the performance counters with the diskperf-n command, then re-enable performance logging with the –yd or –yv switches.

Print to File Feature in Application Mode Causes Error
If you attempt to use the "Print to file" Terminal Services feature in Application mode and your file is targeted to a mapped drive letter that points to a writeable share, you could receive an error message indicating that the system can't print to that location and asking you to retry or cancel. According to Microsoft article Q301444, during a Terminal Services server client session the spoolsv.exe program doesn't inherit access to the drive mappings from the user. To resolve this problem, target the file using Universal Naming Convention (UNC) paths rather than drive letters.

Symbol Checksum Error During Kernel Debugging
When you load symbols for a kernel debug against a computer running NT 4.0 Service Pack 4 (SP4), the debugger reports a checksum error, symbol mismatch against win32k.sys, ntdll.dll, kernel32.dll, and winsrv.dll. The symbols are correct and shouldn't cause this error. If you install SP4 on a computer with one processor, you smash the lock prefix instructions. This behavior is new to SP4. The lock x86 instruction comes into play only on multiprocessor computers. When you install SP4 on a computer with one processor, replace the lock instruction (0xF0) with a NOOP instruction (0x90). Newer versions of Windbg know about this behavior and don't display the warning for these files. See Microsoft article Q184825 for more information.

WQuinn QuotaAdvisor 4.1 Installation Causes "Stop 0X0000007F" Error Message
If you use QuotaAdvisor 4.1, be sure to install the latest version of qafilter.sys from the WQuinn Web site. According to Microsoft article Q300225, the terminal server can receive STOP errors if you have an outdated version of this file.

Pagefile Size Limited to 4095MB
Although some computers running TSE and NT 4.0 Enterprise Edition use as much as 4GB of RAM, these servers might require more than 12GB of pagefile space. However, as noted in Microsoft article Q197776, the system limits a pagefile to 4095MB, and each logical partition can only have one pagefile. For these large-memory computers, divide up one or more large physical drives into 4GB logical drives and use the entire logical drive as a pagefile. You can create as many pagefiles as needed or reassign the drive letters to high values and hide them from users.

Win2K Upgrade CD-ROM Allows New Installations
You can use the Win2K Upgrade CD-ROM to perform a new Win2K installation as long as you have the previous OS's installation CD-ROM to prove that you're licensed for the older OS. See Microsoft article Q256026 for the upgrade paths for Win2K Pro and Win2K Server.

TAGS: Windows 8
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.