Keeping Up with Win2K and NT

If you’re preparing to deploy Microsoft Small Business Server (SBS) 2003, you should be aware of two problems that can cause the server to shut down improperly. In the first case, the SBS installer incorrectly defines the registry value entry that controls the amount of time the system waits for services to stop before initiating a shutdown. The WaitToKillServiceEntry value is located in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control registry subkey. This value should be defined as a string of data type REG_SZ, but the installer incorrectly defines it as a REG_DWORD type. When you shut down the system, the shutdown process interprets the incorrect data type WaitToKillServiceEntry as zero milliseconds and immediately stops system processes. The immediate stop prevents running services related to Web access or email from completing pending work and can result in lost data or compromised files. To correct the problem, you need to delete and then recreate the WaitToKillServiceEntry as a REG_SZ data type with an initial value of 120000 milliseconds and reboot. After you make this change, the SBS shutdown procedure waits 2 minutes to allow services to stop cleanly before restarting the system. This problem is documented in the Microsoft article "Services may stop abruptly when you shut down or restart a Windows Small Business Server 2003-based computer" ( On a related note, if you remove and reinstall the Microsoft Exchange Server component of SBS by using the Exchange installer, Exchange setup sets the WaitToKillServiceEntry to 10 minutes to provide adequate time for mail services to wind down before a reboot. If the server processes a large amount of email, the 10-minute wait might be necessary. On servers that manage only a small amount of mail, the delay can be a real annoyance. You can reduce the shutdown service wait time to 2 minutes by changing the WaitToKillServiceEntry value in the registry to the default value of 120,000 milliseconds (of data type REG_SZ). You need to reboot to activate this change. The Microsoft article, "Shutdown and restart operations are very slow in Windows Small Business Server 2003" (, states that you can avoid the 10 minute delay if you reinstall Exchange using the SBS integrated installer. Given that the installer incorrectly defines the data type for WaitToKillService Entry, verify that the data type is REG_SZ before you follow the recommended instructions.

Windows Server 2003 Resets Terminal Services License Mode
When you use the Control Panel Add/Remove Programs applet to reconfigure Windows components on a Windows 2003 terminal server , you might discover that the client license mode has unexpectedly changed from per user to per device. A bug in the component configuration incorrectly changes the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\Licensing Core\PolicyAcOn registry subkey. On a terminal server with per-user license mode, PolicyAcOn has a value of 4; in device mode, the subkey has a value of 2. During the configuration procedure, the Add/Remove Wizard incorrectly changes PolicyAcOn to a value of 2. If you use per-user licenses, you can work around the problem by manually changing the value of PolicyAcOn back to 4. To permanently solve the problem, call Microsoft Product Support Services (PSS) and ask for the Terminal Services license hotfix, a new version of tsoc.dll with a file release date of January 13. According to Microsoft, you don't need to reboot after you install the hotfix. For more information, see the Microsoft article, "Terminal Services Licensing mode changes from Per User to Per Device after you add or remove a Windows component" (

Windows Server 2003 NTP Problem
When the System event log is full, a bug in the Network Time Protocol (NTP) time provider code prevents the system from synchronizing with an NTP time source, and the NTP code doesn't generate an error message informing you that the NTP provider is “out-of service.” Although a full System event log is unusual, an out-of-synch clock on the root domain controller (DC) in a forest can wreak havoc on Kerberos authentication and many other time-sensitive operations. Microsoft PSS has a hotfix--a new version of w32time.dll with a file release date of February 6. The Microsoft article "Time synchronization does not occur on an NTP provider on a Windows Server 2003-based computer" ( states that you don't have to reboot after you install the fix.

Windows 2000 Server SP4 Corrupts Event Logs
I’ve encountered corrupt event logs on several Win2K Service Pack 4 (SP4) systems. If you configure event logs to overwrite as needed or after a specific number of days, the logs might get corrupted during the overwrite process. When you have a corrupt log, you might not be able to view the log in the Event Viewer utility. To work around the problem, you can manually delete the corrupt log file. Event logs are usually stored in %systemroot% \system32\config and have a file type of .evt (e.g., the system log is SysEvent.evt, the application log AppEvent.evt). To solve the problem, you need to install a new version of eventlog.dll, released last October. The hotfix is only available from Microsoft PSS, and you need to reboot to activate the change. For details about the problem, see the Microsoft article "Event Logs Are Corrupted" (

Windows 2000 Wireless Client Hotfix
Here’s a problem you might encounter when a wireless Win2K client attempts to log on to a Win2K domain. On 802.11 wireless LANs, clients experience authentication problems when you configure the wireless logon to use the stored username and password. After a period of time, you’ll see the error message “Svchost.exe has generated errors and will be closed by Windows. You will need to restart the program. An error log is being generated. “ (Svchost.exe is the main control mechanism for network-based system services.) When the client can't authenticate, the wireless connection and network connections might be unresponsive, the shutdown procedure might display a message indicating that the Connections Tray is busy or not responding, or the wireless connection might display a message stating that the system is “Attempting to Authenticate” even though the client is unable to log on. You can work around the problem by manually entering the username and password when prompted (i.e., clear the checkbox that instructs the connection to automatically supply the credentials). To permanently solve the problem, call Microsoft PSS and ask for the updated version of rastls.dll, with a file release date of January 13. For more information, see the Microsoft article "SVCHOST crashes on a Windows 2000 SP4 wireless client" (