Windows Tips & Tricks UPDATE, July 25, 2005, —brought to you by the Windows IT Pro Network and the Windows 2000 FAQ site
http://www.windows2000faq.com

Make sure your copy of Windows Tips & Tricks UPDATE isn't mistakenly blocked by antispam software! Be sure to add Windows_TipsandTricks_UPDATE@list.windowsitpro.com to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Windows Tips & Tricks UPDATE.

Download a Tool that will Benefit any Sys Admin
https://www.tntsoftware.com/wintipstrickspri072505

Is Your Office Truly Fax Integrated?
http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=tipsmid_725


Sponsor: Download a Tool that will Benefit any Sys Admin

Are you searching for an affordable real-time monitoring toolset that will support your proactive system management objectives? Start NOW and download ELM Enterprise Manager from TNT Software. Within an hour, you will experience for yourself why ELM is recognized as the tool that will benefit any System Administrator. Before the 30 Day full feature trial is completed, the Monitoring, Alerting and Reporting will have saved you time and provided you the data for prompt corrective action. Be Proactive; and download ELM Enterprise Manager from the link below:
https://www.tntsoftware.com/wintipstrickspri072505


FAQs

  • Q. Do Windows 2000 or later DHCP clients renew their existing lease on restart?
  • Q. Do any special virus-scanning considerations exist for domain controllers (DCs)?
  • Q. How can I enable conflict detection on my DHCP server?
  • Q. How can I stop Microsoft Internet Explorer (IE) from opening documents in the IE window instead of using the document's regular application?
  • Q. How can I avoid Kerberos authentication problems that occur when Kerberos authentication uses UDP?

Commentary
by John Savill, FAQ Editor, jsavill@windowsitpro.com

In this issue, I discuss DHCP client lease renewal and how to enable conflict resolution on DHCP servers. I also offer guidelines for virus-scanning your domain controllers (DCs) and explain how to stop Microsoft Internet Explorer (IE) from opening documents in the IE window instead of using the document's regular application. And finally, I tell you how to avoid Kerberos authentication problems that occur when Kerberos authentication uses UDP.


Sponsor: Is Your Office Truly Fax Integrated?

Discover how to make your business more productive with easier ways for users to communicate and carry out mission-critical business processes. Download this free white paper to learn how to integrate fax with Microsoft Office and Exchange/Outlook applications. Get usage examples of Office-to-Fax integration, learn the benefits, and how fax works with Microsoft Office to deliver clear and substantial benefits to users.
http://www.windowsitpro.com/whitepapers/faxback/officefax/index.cfm?code=tipsmid_725


FAQs

Q. Do Windows 2000 or later DHCP clients renew their existing lease on restart?

A. When a Win2K or later client that already has a DHCP lease tries to boot, it attempts to renew its lease with its previous DHCP server by sending a DHCPRequest packet. If the DHCP server responds with a DHCPAck packet, the client renews its lease. If the DHCP server responds with a DHCPNack, the client restarts the lease process. If the DHCP server doesn't respond, the client pings the default gateway defined in the current lease. If the Ping succeeds, the client continues to use its current lease, attempting to renew at 50 percent of its assigned lease time. If the Ping fails, the client autoconfigures the IP address and continues to attempt to find a DHCP server in the background.

You can configure clients to release leases on shutdown by performing this registry change:

  1. Start the registry editor (regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\\{
  3. From the Edit menu, select New, DWORD Value.
  4. Enter a name of ReleaseOnShutDown and press Enter.
  5. Double-click the new value and set it to 2 to release the lease according to the DHCP server's instructions (which is the default) or 0 to configure the client to not release the lease on shutdown. Click OK.

To configure the DHCP server to instruct clients to release their lease when they shut down, perform these steps:

  1. Start the Microsoft Management Console (MMC) DHCP snap-in (Start, Programs, Administrative Tools, DHCP).
  2. Expand the DHCP server.
  3. Open the scope whose options you wish to modify. Select Scope Options, and click the Advanced tab.
  4. Select Microsoft Options from the Vendor class drop-down menu and select Default User Class from the User class drop-down menu. Under Available Options, select the "002 Microsoft Release DHCP Lease on Shutdown Options" check box, as the figure shows. Set its value to one of these options: 1 = DHCP clients send a DHCPRelease message on proper shutdown, which means they'll give up their lease. 0 = DHCP clients don't send a DHCPRelease message on proper shutdown, which means that when the clients restart they'll attempt to renew their existing lease.

Q. Do any special virus-scanning considerations exist for domain controllers (DCs)?

A. Protecting your DCs from viruses is vital. Here are some important guidelines:

  • Ensure that the antivirus software is certified for the version of Windows you're running.
  • Use antivirus software that's Active Directory (AD)-aware.
  • Don't perform actions from a DC that might make it more susceptible to viruses (e.g., surfing the Web).
  • Avoid using a DC as a file share if load on the machine is a concern; the additional work involved in virus-scanning files on the shares will stress the DC.
  • Don't place the AD or File Replication Service (FRS) database and log files on a compressed NTFS volume.
  • Ensure that your virus scanner doesn't scan the following AD database files. (These are the default locations, so you might need to modify the pathnames if you specified nondefault folders during AD creation.) - %windir%\ntds\ntds.dit
    - %windir%\ntds\ntds.pat
    - %windir%\ntds\EDB*.log
    - %windir%\ntds\Res1.log
    - %windir%\ntds\Res2.log
    - %windir%\ntds\Temp.edb
    - %windir%\ntds\Edb.chk
  • Ensure that your virus scanner doesn't scan the following FRS files. (These are the default locations, so you might need to modify the pathnames if you specified nondefault folders during AD creation.)
    - %windir%\ntfrs\jet\ntfrs.jdb
    - %windir%\ntfrs\jet\sys\edb.chk
    - %windir%\ntfrs\jet\log\*.log
  • Also exclude these SYSVOL areas:
    - %windir%\sysvol\staging areas
    - %windir%\sysvol\sysvol

Q. How can I enable conflict detection on my DHCP server?

A. You can configure the DHCP server to determine whether an address is in use before the server allocates it to a client. Doing so is useful in scenarios in which you've set up a new DHCP server to take over for a failed DHCP scope for which no backup exists. This method helps alleviate concerns that the new DHCP server will give out addresses that were allocated when the scope was used on the previous server.

If the DHCP server checks to determine whether the address is in use before giving it to a client, you shouldn't see many allocation problems, assuming that you've configured clients to renew their lease at start-up to alleviate problems with clients that were turned off when the DCHP server performed the check. When you restart clients that were turned off during the DHCP server check, and they use the existing lease rather than trying to renew their lease, address-conflict problems will arise.

To enable conflict detection on your DHCP server, perform these steps:

  1. Start the Microsoft Management Console (MMC) DHCP snap-in (Start, Programs, Administrative Tools, DHCP).
  2. Right-click the DHCP server and select Properties.
  3. Select the Advanced tab.
  4. By default, "Conflict detection attempts" is set to 0. Increase the value to 1 or 2, as the figure shows. Setting it higher than 2 isn't recommended because each attempt takes as long as 1 second.
  5. Click OK.

Q. How can I stop Microsoft Internet Explorer (IE) from opening documents in the IE window instead of using the document's regular application?

A. If you're using IE and follow a link to a Microsoft Word document, for example, IE will open the document within the IE window. If you prefer to start a separate Word instance and load the document in that instance, you need to make an OS-level change. To do so, perform these steps:

  1. Start Windows Explorer (Start, Run, Explorer).
  2. From the Tools menu, select Folder Options.
  3. Select the File Types tab.
  4. Select the file type that you don't want to open in IE and click Advanced.
  5. Clear the "Browse in same window" check box and click OK.
  6. Close the Folder Options dialog box.
That file type will now open within the application instead of IE.

Q. How can I avoid Kerberos authentication problems that occur when Kerberos authentication uses UDP?

A. Kerberos authentication normally takes place over the UDP protocol. However, Windows Server 2003 decreased the Maximum Transmission Unit (MTU) from 2000 bytes to 1465 bytes. This decrease means that packets might need to be broken into fragments. However, UDP is a connectionless protocol, which means no explicit connection is created in advance between the machines involved. Packets just arrive with no formal relationship to any other packets being sent, and no error, sequence, or flow control exists, as do with a connection-based protocol. Therefore, if the fragments are received out of sequence, the receiving server might drop them. For VPN connections that are affected by this problem, the client machines will hang at the "Loading your personal settings" logon stage.

To address the problem, you can increase the MTU under Windows 2003, or you can force the Kerberos authentication request at the client to use TCP instead of UDP. TCP is a connection-based protocol and won't drop the packets if they're received out of sequence. To increase the MTU, perform these steps:

  1. Start the registry editor (regedit.exe).
  2. Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry subkey. (If the Parameters subkey doesn't exist, create it.)
  3. From the Edit menu select New, DWORD value.
  4. Enter a name of MaxPacketSize and press Enter.
  5. Double-click the new value, and set it to 1. Click OK.
  6. Restart the computer.
Microsoft also created an .adm template, which you can integrate into Group Policy to help you make this change to all clients in your environment. For more information about the template, see the Microsoft article "How to force Kerberos to use TCP instead of UDP in Windows Server 2003, in Windows XP, and in Windows 2000" .

Hot Release (advertisement)

  • NETWORK TESTING LABS COMPARES ARGENT TO MOM 2005

  • Network Testing Labs, one of the world's leading independent research companies, concluded that "Argent's suite had a smaller footprint, was more scalable, supported more platforms, had a more responsive and intuitive user interface and gave us more useful reports," the report says. "Argent's suite of monitoring products emerged from our testing with flying colors." Download this FREE Comparison Paper now:
    http://www.argent.com/w/whitepapers_mom.html?Source=WNT

    Events and Resources
    (A complete Web and live events directory brought to you by Windows IT Pro: http://www.windowsitpro.com/events )

  • Integrate Your Compliance System With Backup and Recovery

  • Discover the issues involved with integrating your compliance system with backup and recovery, including backup schedules, pros and cons of outsourcing backup media storage and management, the DR implications of backing up compliance data, the possibility of using alternative backup methods to provide backup and compliance in a single system, and more. You'll learn what to watch out for when combining the two functions and how to assess whether your backup/restore mechanisms are equal to the challenge.
    http://www.windowsitpro.com/seminars/backupandrecovery/index.cfm?code=0727emailannc

  • New Cities Added--SQL Server 2005 Roadshow in a City Near You

  • Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database-computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
    http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0727emailannc

  • Are Your High-Availability Requirements Outstripping the Capabilities of Your Backup/Restore Systems?

  • Choosing an appropriate availability technology means balancing the system cost, the skill set and knowledge level required, the complexity added to your existing environment, and how much availability each technology gives you. In this free Web seminar, you'll learn the factors for each technology and how Ed Heinemann's famous dictum for aircraft design, "simplicate and add lightness," applies to availability, design and deployment.
    http://www.windowsitpro.com/seminars/exchangehighavailability/index.cfm?code=0727emailannc

  • Chapter 8--SQL Server Administration for Oracle DBAs eBook

  • Databases have assumed a role of primary importance in many businesses. This highly visible role is complete with multiple responsibilities and demands. In Chapter 8 of this free eBook, you'll discover the availability- and scalability-related features of Oracle and Microsoft SQL Server and the requirements and features that can help you increase availability and scalability. Plus--you'll learn three key backup and recovery features related to availability and scalability.
    http://www.windowsitlibrary.com/ebooks/sqlserveradminoracle/index.cfm?code=0727emailannc

  • Identify the Key Security Considerations for Wireless Mobility

  • Wireless and mobile technologies are enabling enterprises to gain competitive advantage through accelerated responsiveness and increased productivity. In this free Web seminar, you'll receive a checklist of risks to factor in when considering your wireless mobility technology evaluations and design. Sign up today and learn all you need to know about firewall security, transmission security, OTA management, management of third-party security applications, and more!
    http://www.windowsitpro.com/seminars/mobilesecurity/index.cfm?code=0727emailannc

    Featured White Paper
    (from Windows IT Pro and its partners)

  • The Actual Cost to Own and Operate PCs Continues to Rise

  • In this free white paper, get insights into and solutions for some of the less visible but very real costs of PC and LAN ownership. You'll learn a practical approach to reducing the cost of supporting PCs and customers in a multiplatform environment. Plus, you'll also get a cost-savings model for Help desks that demonstrates the cost savings that can be realized by implementing remote control technology.
    http://www.windowsitpro.com/whitepapers/netopia/costcontrol/index.cfm

    Announcements
    (from Windows IT Pro and its partners)

  • July Special--Get Windows IT Pro at 44% Off!

  • Get Windows IT Pro and get answers! Act now to get an entire year for just $39.95--that's 44% off the cover price! You'll also gain exclusive access to the entire Windows IT Pro article database (over 9000 articles). Bonus: The Top 50 Windows Tips handbook. This is a limited-time, risk-free offer, so click here now:
    http://www.windowsitpro.com/rd.cfm?code=wfeu2057wu

  • Exclusive Content for VIP Subscribers!

  • Get inside access to all of the content and vast resources from Windows IT Pro, SQL Server Magazine, Exchange & Outlook Administrator, Windows Scripting Solutions, and Windows IT Security, with over 26,000 articles at your fingertips. Your VIP subscription also includes a 1-year print subscription to Windows IT Pro and a VIP CD (includes entire article database). Sign up now:
    http://www.windowsitpro.com/rd.cfm?code=wveu2757wu

    Sponsored Link

  • Argent versus MOM 2005

  • Experts Pick the Best Windows Monitoring Solution
    http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/TextLink/1112745096/x14/Penton/WN_Argent_July05_NLSplink_116194/1x1.gif/1

    Contact Us
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
    http://www.windowsitpro.com/rd.cfm?code=00eu205xeb