Remedies for what's still broken after Service Pack 1
If you haven't paid attention to Windows 2000 hotfixes since Microsoft released Service Pack 1 (SP1), this article will prepare you for the next round of Win2K updates. As of mid-August, Microsoft had listed 70 Win2K post-SP1 hotfixes on its Web site. Although many of the Win2K Professional hotfixes also apply to Win2K Server and Win2K Advanced Server, I don't cover hotfixes released only for Win2K Server versions. (If you're just now thinking about installing SP1, see Paul Thurrott, "Win2K Service Pack 1," November 2000.)
To help you evaluate this large collection of hotfixes, I've organized them into categories: desktop, DNS, Dr. Watson, group policy, hardware, memory leaks, Windows NT 4.0 interoperability, and networking. (See the sidebar "Important Security Hotfixes," page 62, for information about post-SP1 security hotfixes.) I include each hotfix's URL as a reference. However, I've taken editorial license with the official hotfix titles and, in many cases, modified the titles so that they better describe the problem that the hotfix corrects.
Generally, you should install hotfixes only for problems you experience on your systems. If the hotfix you want isn't available for public download (and most of them aren't), you must call Microsoft Product Support Services (PSS) to obtain the update. Before you call PSS, Microsoft expects you to document the problem your system is experiencing and to verify that your system's behavior is consistent with the documented bug.
Desktop Hotfixes
Nonadministrator users can't change system font size. The Microsoft article at http://support.microsoft.com/support/
kb/articles/q258/7/02.asp reports that only Administrators can change the display font size from large to small or small to large in both the workstation and server versions of Win2K. To see this bug, log on to a Win2K system as an ordinary user. Right-click the desktop, and select Properties to open the Display Properties dialog box. Click the Settings tab, then click Advanced. You'll see that the Font Size field is unavailable. If you want to permit users to change the display font size, you need to install the desk.cpl bug fix released on April 11. You must obtain the bug fix directly from PSS.
Sysprep might not install nonnative signed drivers. If you work with Sysprep to clone Win2K systems, you might already have encountered the following Plug and Play (PnP) bug. When you create a system with a third-party or nonnative driver and try to upgrade the image with a signed or test-signed driver by using the OEMPnPDriversPath entry in the sysprep.inf file, Windows doesn't install the new signed driver. According to the Microsoft article at http://support .microsoft.com/support/kb/articles/q260/3/19.asp, Sysprep incorrectly reverts to the original driver .inf file. If you update your builds with signed drivers (as opposed to unsigned drivers), you need to call PSS for the new version of
syssetup.dll released on May 11.
Screen saver doesn't run if the console is locked. Do you have screen-saver problems on a Win2K system configured as a member of a workgroup? If so, read on for one possible source of the problem and two potential solutions. Win2K Graphical Identification and Authentication (GINA) displays a screen saver when one is defined. But when you configure a Win2K system as a member of a workgroup, the OS disables GINA's ability to display the Computer Locked dialog box, preventing the screen saver from running. To verify that your system has this problem, enable a password-protected screen saver, press Ctrl+Alt+Del, and press Enter to lock the console. If you see the Unlock Computer dialog box instead of the Computer Locked dialog box, you have the screen-saver problem. To obtain the hotfix, call PSS and ask for the version of msgina.dll dated April 2.
You can work around this problem by manually enabling the Computer Locked dialog box in the Winlogon section of the Registry. Go to the HKEY_LOCAL_
MACHINE\SOFTWARE\Microsoft\Win-
dows NT\CurrentVersion\Winlogon subkey and add the value entry DisableCAD of REG_DWORD data type 0x1. If you set the DisableCAD value entry to 0 (0x0), rather than 1 (0x1), GINA won't display the Computer Locked dialog box and you're right back where you started. The Microsoft article at http://support
.microsoft.com/support/kb/articles/q254/
5/00.asp documents this problem.
DNS Hotfixes
DNS suffix incorrect after NT 4.0 to Win2K upgrade. When you upgrade an NT 4.0 system to Win2K, the upgrade procedure clears the Change primary DNS suffix when domain membership changes check box on the Network Identification tab of the System Properties screen. This detail becomes a problem when you upgrade an NT 4.0 system to a Win2K domain controller because you can't, by definition, change the computer name or DNS suffix after the domain controller is running. This upgrade problem prevents the domain controller from registering itself in Active Directory (AD) because the DNS suffix doesn't match the AD domain name. If your system has this problem, you'll see the message Attempt to update DNS Host Name of the computer object in Active Directory failed. The following error occurred: The parameter is incorrect with event ID 5789 in the System event log.
Microsoft has a hotfix, a new version of netcfgx.dll released on May 18, that corrects this problem. You can also fix the problem manually: After the Win2K upgrade finishes and Dcpromo runs, quit Dcpromo, go to My Computer, and select Properties. Select the Network Identification tab, select the Change primary DNS suffix when domain membership changes check box, and run Dcpromo again.
Can't clear the cache on a DNS server. The Win2K DNS server has a bug that prevents you from flushing the DNS name cache. When you attempt to clear the cache with DNS Administrator, the utility responds with the error message The server cache cannot be cleared. DNS zone already exists in the directory service. When you attempt to clear the cache from the command line with the dnscmd /clearcache command, you might receive the error message failed: status = 9718 (0x000025f6).
Call PSS for an update that lets you clear the DNS server's cache. The Microsoft article at http://support.microsoft.com/ support/kb/articles/q257/8/28.asp says that the hotfix is an update of dns.exe and has a release date of April 7.
Invalid DNS records not removed. If you build a Win2K site without a domain controller and later add a local domain controller, the following bug could be a problem. When you create a site that doesn't have a domain controller, Win2K assigns domain controllers from other sites to cover the site. After you install the local domain controller, you need to remove the DNS records that point to the domain controllers at the other sites to ensure that only local domain controllers authenticate logons. The Microsoft article at http://support.microsoft.com/ support/kb/articles/q262/2/89.asp states that a bug in Netlogon causes the invalid DNS entries to remain in the database after you install a local Win2K domain controller. Call PSS for the update of netlogon.dll released on May 6.
DHCP clients and dynamic DNS updates. If you have a non-Microsoft DHCP server providing addresses for Win2K DHCP clients, the third-party server might not support dynamic DNS (DDNS). To avoid problems, Microsoft recommends that you add the value entry DisableDynamicUpdate to the system's TCP/IP parameters in the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\Tcpip\Parameters
Registry subkey to globally disable a Win2K DHCP client's ability to send DDNS registrations. However, a bug in the Win2K DHCP client code causes the system to ignore this global setting, so Microsoft's recommended action doesn't work—the client continues to send dynamic registrations. If you need to globally disable DDNS updates on Win2K systems, call PSS for the hotfix, a new version of dhcpcsvc.dll, released on May 18.
To work around this problem, which the Microsoft article at http://support .microsoft.com/support/kb/articles/q263/5/50.asp describes, disable the dynamic update feature on each network interface. Open the Properties screen for the network connection, double-click Internet Protocol (TCP/IP), click Advanced, click the DNS tab, and clear the Register this connection's address in DNS check box.
Previous
Register
