Making NT and NetWare Get Along

So, you want to add the Windows NT operating system to your network, but you already have a lot invested in your NetWare servers. Fear not. Windows NT's assortment of utilities and services make working with both systems painless and productive. With information about these tools and some common problems and solutions, you can decide what solutions are best. You'll also find out how to implement these solutions and avoid pitfalls.

NWLink
NetWare connectivity begins with NWLink, the low-level protocol that provides a transport for upper-level services. NetWare uses the Internet Packet eXchange (IPX)/Sequenced Packet eXchange (SPX) protocols, and NWLink is NT's version of them.

Although NWLink does not provide any NetWare connectivity, NWLink is essential to the coexistence of NT and NetWare. Without NWLink, you can't connect to NetWare servers. However, NWLink can be the source of many difficulties if you don't configure it correctly.

All the utilities and services that the following questions address require NWLink. Because NWLink is the foundation of all NetWare connectivity, it is the first logical place to look when problems arise.

Q: When I installed NWLink on my NT system, the configuration dialog asked me to specify a frame type. What is a frame type?

A frame type is the format of the packet that your OS will use to communicate over your network. Figure 1 lists all the available frame types. Most difficulties with frame types occur on Ethernet networks. With Ethernet, you have four choices of frame types: Ethernet 802.2, Ethernet 802.3, Ethernet II, and Ethernet SNAP. The first two are the most common on a NetWare network. NetWare servers before version 3.12 default to Ethernet 802.3. The newer versions default to Ethernet 802.2. Ethernet II and Ethernet SNAP are usually only for TCP/IP and AppleTalk, respectively. Most other topologies have only one or two frame types. This limitation leaves little room for error, because each topology follows its standard. Also, because industry standards exist for frame types on most topologies, you usually do not have a problem with frame types on topologies other than Ethernet. Since Novell changed the frame type NetWare servers use by default on Ethernet, configuring NWLink incorrectly is easy.

Q: How do I know which frame type to use?

The frame type you already use on your network is the simple answer. The most common dilemma is Ethernet 802.2 vs. Ethernet 802.3. This situation gets back to the previous answer. Find out what you already use and stick with it. If you don't currently have a frame type configured, use Ethernet 802.2. The difficulties start when you use both frame types, but more on that later.

Q: When do I need Auto Detect Frame Type, and when do I manually specify one?

The answer to this question is easy, once you know how the autodetect process works. NT tries each frame type until it finds one that works. First, NT tries the frame types in the order listed in the frame type selection box. For example, with Ethernet, NT tries Ethernet 802.2, Ethernet 802.3, Ethernet II, and then Ethernet SNAP.

NT stops when it finds a frame type, which means that NT will use only one frame type if you set NT to Auto Detect. If no frame type responds, NT will use the first frame type in the list. In the Ethernet example, if NT can't get a response on any frame types, it will use Ethernet 802.2. You can deduce that you have to specify the frame type manually if you have a frame type on your network that is higher on the list than the frame type you want to use (e.g., you have Ethernet 802.2 on your network but you want to use Ethernet 802.3); you want NT to use multiple frame types (server only); or you know that NT will not be able to detect the frame type on the network, and you want to use a type that is not the first on the list.

Q: Can you tell me what an IPX network number is?

This number is what routers use to determine whether to route a packet to another physical or logical network. Every network a router separates must have a unique IPX network number. If multiple frame types are running on the same physical network, each frame type will be on its own logical network and must therefore have a unique IPX network number.

You set the IPX number on the NetWare servers and on routers. Except for File and Print Services for NetWare and Multi-Protocol Router (MPR), you can't set this number in NT. NWLink will always try to autodetect this number.

If NWLink can't detect an IPX network number, the default is zero.

You can route among frame types on the same physical network. However, this routing creates a tremendous amount of network traffic, so we don't recommend it.

Q: What is an internal IPX network number?

The internal IPX number is similar to the IPX network number but refers to a virtual network inside the machine. You can think of the internal IPX network as one that the NetWare server routes to. NetWare servers must always have an internal IPX network number that must be unique to the entire network. You can set this number in NT, but File and Print Services for NetWare and Multi-Protocol Router are the only services from Microsoft that use it.

Q: How do I tell what frame type and network number my NT system is using?

The IPXROUTE command is your best option. If you do much work with NWLink, this utility will be a good friend. The simplest use is IPXROUTE CONFIG, which will return a description of all the network cards in your system, the frame type(s) they use, and the network number. This command is indispensable when you're troubleshooting an NWLink problem.

Client Services for NetWare
Client Services for NetWare (CSNW) is the most straightforward of the NetWare services NT offers and is quite useful. It runs as a service on an NT Workstation and lets users on this system access file and print resources on a NetWare server. As the name implies, CSNW is strictly a client. It is easy to install and use.

As with all the services we cover here, CSNW uses NWLink to communicate on the network. So, after making sure that NWLink is installed and running properly, add CSNW through Control Panel - Network - Add Software. The next time you log on, NT will ask you for a preferred server. You set this value on a per-user basis, and is a valid option. If installation does not go quite as smoothly as you want, we hope the answers to some common questions will help.

FIGURE 1: Frame Types
Frame Type Common Protocol
Ethernet 802.2 IPX (new standard)
Ethernet 802.3 IPX (old standard)
Ethernet II TCP/IP
Ethernet SNAP AppleTalk
Token Ring IPX
Token Ring SNAP TCP/IP & AppleTalk

Q: What types of NetWare servers does CSNW support?

CSNW supports NetWare 2.x, 3.x, and 4.x (in bindery emulation mode).

Q: I have selected my preferred server, and I can connect to it via File Manager. However, my logon scripts on my NetWare server are not running. What have I done wrong?

Nothing. CSNW does not execute logon scripts. Think of CSNW as always using the NetWare Attach command.

Q: What is the equivalent of the Map Root command?

All connections you make through CSNW are the equivalent of Map Root. The following commands are identical:

MAP ROOT F:=FILESERVER\SYS:\PUBLIC

NET USE F: \\FILESERVER\SYS\PUBLIC

Q: What is the equivalent of a Map command?

No such equivalent is available. The following commands will produce similar results:

MAP F:=FILESERVER\SYS:\PUBLIC

NET USE F: \\FILESERVER\SYS

F:

CD \PUBLIC

Q: I can see only some of my NetWare servers in my browse list. Why do some servers show up and not others?

CSNW runs on NT Workstation, which supports only one frame type at a time. If some of your servers use Ethernet 802.2 and some use Ethernet 802.3, you will be able to see only the servers that are using the same frame type as your NT Workstation system.

Q: Why are file transfers from some NetWare servers fast and others slow?

This discrepancy can happen if some file servers are running one frame type, other file servers are running another, and your network has a device that can route among them. You can communicate directly with the file servers running the same frame type you are running. Communications to the other file servers has to pass through the router.

For example, let's say you have two NetWare servers, Server1 and Server2. Server1 is running Ethernet 802.2 and Ethernet 802.3. Server2 is running only Ethernet 802.3. Your NT workstation has CSNW installed, and NWLink is configured to Auto Detect Frame Type. All three machines are on the same Ethernet segment.

When NWLink starts, it sends out an Ethernet 802.2 packet. Server1 responds, and NWLink uses Ethernet 802.2 for all communications. Server1 will tell CSNW about itself and Server2. It will also tell CSNW that to get to Server2, CSNW will have to send the packets to Server1. If you connect to Server2, all the packets will leave your network card in Ethernet 802.2 format and go to Server1. Server1 will then resend the packets in Ethernet 802.3 format to Server2. The return packets will follow the same path back. This approach means you need twice as many packets to talk to Server2 as to talk to Server1. The solution is simple: Standardize on one frame type.

Gateway Services for NetWare
Gateway Services for NetWare (GSNW) provides all the functionality of CSNW and adds a gateway between NetWare servers and Microsoft clients. GSNW will run only on NT Server and will show up in the list of software in place of CSNW.

GSNW lets you share a NetWare volume to Microsoft clients. NetWare uses NetWare Core Protocols (NCPs). NT uses Server Message Blocks (SMBs). GSNW converts SMB requests from a Microsoft client to NCP requests that the NetWare server can understand. This conversion lets a Microsoft client attach to a share on the NT server that really connects it to a NetWare server. This conversion is transparent to the client and, therefore, your users.

Q: What types of NetWare servers does GSNW support?

GSNW supports 2.x, 3.x, and 4.x (in bindery emulation mode).

Q: When do I use GSNW?

GSNW is ideal if your clients are running only the Microsoft redirector and you need to access a few files on a NetWare server. GSNW will act as a gateway only between a Microsoft client and a NetWare server.

For a NetWare client to connect to an NT server, you need File and Print Services for NetWare (FPNW). Also, be aware that because GSNW is a gateway and you are converting protocols, accessing files through GSNW will be somewhat slower than connecting to the NetWare server directly. If you have a lot of clients accessing large files through GSNW, consider other options.

Q: How does GSNW handle security?

The NT server will access the NetWare server through the gateway account you specify during GSNW setup. NT will be able to access only resources that this account has rights to. To limit access on a per-user basis, you can assign share-level permissions on the NT server through the GSNW icon in Control Panel.

Q: How does licensing work?

NT makes only one connection to the NetWare server and routes all client requests through this connection. You must ensure that you do not violate your license agreement with Novell.

Q: I have configured my NT server with GSNW installed to print to a print queue on a NetWare server. I then shared the printer that I created on the NT server so that other Microsoft systems can connect to it. When they try to print to the printer on the NT server, the clients get an error message saying that the printer is paused. The Print Manager on the NT server shows the status of the job as error. What's wrong?

When you use GSNW to share a NetWare print queue, be sure to take the following steps. First, choose Connect to Printer, not Create Printer, in Print Manager on the GSNW system. If the clients printing to the NT server share are running NT, make sure you choose Connect to Printer in their Print Manager, too, but choose the shared printer on the NT server. Second, make sure that the gateway is enabled in Control Panel - GSNW. Finally, make sure that the NetWare server has a volume shared through GSNW. You set this volume up through Control Panel - GSNW. If you do all three of these steps correctly, the gateway will work.

Directory Service Manager for NetWare
Directory Service Manager for NetWare (DSMN) is a server-only utility that lets you manage user accounts on your NetWare 2.x and 3.x servers. After installing DSMN, you can add NetWare servers for DSMN to manage. This process adds all users and groups from the NetWare server to the NT server's security accounts database. From this point, any changes you make to the users on the NT server go to the NetWare server. One NT server can manage multiple NetWare servers.

Q: When do I use DSMN?

If you have multiple NetWare 2.x or 3.x servers, you have to manage user accounts on each server individually. For example, if you have a user who needs access to five NetWare 3.12 servers, you have to create an account for that user on each server. With DSMN installed on an NT server and managing these same five servers, you need to create the user only on the NT server, and DSMN will automatically update the NetWare servers for you.

Q: If I have a domain environment, do I need to install DSMN on all the domain controllers?

No. In a domain environment, install DSMN on the primary domain controller only. All information will then be replicated to the backup domain controllers during domain synchronization.

Q: I have installed DSMN on my NT server and added my NetWare servers for it to manage. When I add an account on a NetWare server, it is not added on the NT server. Why?

Once you make a NetWare server a DSMN-managed server, you need to do all account creation, deletion, and changing on the NT server. These changes will then automatically occur on the NetWare server.

The reverse situation is not true. If you change a NetWare server, DSMN will be out of synch. You will then either have to undo your change or remove that server from DSMN and re-add it.

Q: I have a NetWare server that DSMN managed. I now manage it as a standalone server, but I want to manage it with DSMN again. DSMN says it is already managing this server. What is wrong?

When DSMN manages a NetWare server, it adds an account, winnt_sync_agent, to the NetWare server. If this account exists on the NetWare server when you try to add it to DSMN, DSMN will report an error saying that the server is already being managed. If DSMN is not managing the NetWare server, remove the account from the NetWare server. You can then add the server again in DSMN.

NetWare Conversion Utility
NT Server ships with a utility called NetWare Conversion (NWConv). This program (nwconv.exe) lets you migrate your NetWare server to an NT server. NWConv reads the bindery on the NetWare server and creates the users and groups on the NT server. The utility also copies the files from the NetWare server's volumes to the NT server. If the destination volume has NT File System (NTFS) installed, NWConv will also convert file and directory permissions.

Q: When do I use NWConv?

You use NWConv to replace a NetWare server with an NT server.

Q: Can I consolidate multiple NetWare servers into one NT server?

Yes. You can specify multiple NetWare servers to migrate to one NT server. You can use NWConv's options to determine how to handle duplicate user accounts and groups.

Multi-Protocol Router
MPR runs on an NT server and lets it route network traffic. MPR can route multiple protocols (hence the name), but we will focus on IPX/SPX only, because it is the primary transport protocol for NetWare.

Q: What are the system requirements for installing MPR?

MPR requires NT Server 3.51 with Service Pack 2 or higher.

Q: What added functionality does MPR give me?

MPR lets your NT server route packets between network segments.

Q: I installed MPR on my NT server, and now my NetWare servers are getting error messages stating that a router on the network claims network A is really network B. What happened?

When you configure MPR, you have to specify frame types and a network number for each network. If you have the network number set incorrectly, other routers (such as NetWare) will complain.

You have two choices for fixing this problem: You can let MPR select the network number automatically if you leave the network number field blank in the IPX configuration dialog box. MPR then depends on another device on your network to supply the network number. A better solution is to determine what network number you are using on your network and set MPR to use this number. On a NetWare server, you can type CONFIG at the console to see all the configured networks.

Q: I installed MPR and configured it correctly, but it's not routing packets. What's wrong?

Make sure that you install RIP for NWLink IPX/SPX through Control Panel - Network - Add Software. Also, make sure that the Enable RIP Routing check box is checked under the NWLink configuration dialog.

File and Print Services for NetWare
FPNW is a server-only service that lets NetWare clients log in to an NT server. FPNW makes an NT server look like a NetWare server on the network. NT retains its abilities as an NT server, allowing both SMB and NCP clients to connect simultaneously.

Q: When do I use FPNW?

FPNW lets you install an NT server into an existing NetWare network without changing the clients. Suppose you have a large NetWare network with hundreds of clients running virtual loadable modules (VLMs), NetWare's latest DOS client, and you want to add an NT server. Rather than change all the client configurations to run dual redirectors, you simply install FPNW on the NT server. The VLM clients see the NT server as a NetWare server. If you have Microsoft clients on the network, they also access the NT server. FPNW is in addition to, not instead of, the usual functionality of the NT server.

Q: What clients does FPNW support?

FPNW supports the same clients as a NetWare server, including VLMs, NETX, Windows 95 client for NetWare networks, CSNW, and GSNW.

Q: I have FPNW installed on an NT server that is a member of a domain. If I try to log in to FPNW using a domain account, I get an Access Denied message. If I use an account created in the local accounts database, logon works fine. What's wrong?

When you install FPNW on an NT server, it modifies the Security Accounts Manager (SAM) database to let it handle the new FPNW information. This modification lets the SAM database store the FPNW password. When you attempt to log on using an account in the domain, FPNW will ask the domain controller to validate the user who enters the FPNW password. If the domain controller's SAM database has not been updated, you get an Access Denied response.

You have two options to correct this problem. You can install FPNW on all the domain controllers (the service does not have to be running), or you can run the FPNWAUTH program on each domain controller. This program is available from ftp.microsoft.com/bussys/winnt/fpnw-unsup-ed/utilities/fpnwauth.

Q: I have an FPNW server that is in Domain A. Domain A trusts Domain B and Domain C. I have users who log in to the FPNW server through their account in Domain B. Some users can log in fine, but others cannot. The domain controllers in Domain A and Domain B have FPNW installed. What's wrong?

NetWare clients do not know what a domain is. When you enter your login information, you simply specify server name (optional), login, and password. FPNW will search its local accounts database, in this case Domain A, and then any databases with which it has a trust relationship. In this scenario, if the user account does not exist in Domain A, FPNW will check Domain B and Domain C. If the user has an account in multiple domains, FPNW can find the wrong account. The password may not match, or the domain controller's SAM database may not have FPNW information. If Domain C does not have FPNW information and the FPNW server contacts Domain C before Domain B and finds an account for that user, it returns Access Denied. Make sure that each user has an account in one domain only. If you can't, make sure that all domain controllers in all domains can handle FPNW logon requests and the passwords match.