SP3 Upgrade Failure
Several readers asked for assistance with a Windows 2000 Service Pack 3 (SP3) setup failure that produces the error message "An error in updating your system has occurred. When you click OK, Windows is not upgraded to SP3 and you can no longer install programs that use the Windows Installer (.msi packages)."

When this error occurs, any later attempts to use Windows Installer to install software (e.g., SP3, a Microsoft Office update, or any software that uses winstall technology) will produce a message that says "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed...".

This failure occurs because the latest version of Windows Installer (version 2.0.2600.2), packaged with SP3, doesn't install or run on a system on which the Distributed COM (DCOM) default impersonation level is set to Anonymous. Even worse, after an SP3 installation fails, the system retains the SP3 version of Windows Installer, but the installer won’t function properly even if you restart the upgrade. To reinstall SP3 successfully, you need to change the DCOM impersonation level to Identify, and you need to delete the problem Windows Installer file (msisip.dll). To change the DCOM impersonation level, open a command prompt and type

dcomcnfg

If some objects aren't registered, the command will prompt you to register them. Then the utility displays the DCOM Configuration Properties window. Click the Default Properties tab, change the setting in the Default Impersonation field to Identify (click the down arrow for this field to view all valid settings), and click OK to exit.

To delete the problem Windows Installer file, locate and delete (or rename) the file %windir%\system32\msisip.dll. After taking this corrective action, you should be able to complete an SP3 upgrade. For more information, read the Microsoft article "Service Pack 3 Update Is Unsuccessful When DCOM Impersonation Level Is Set to Anonymous" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q324631.

SP3 Performance Monitor Hotfix for Non-English Versions
A bug in how Windows 2000 Service Pack 3 (SP3) updates Performance Monitor counters causes the counter names to display with unrecognizable characters at the end of each counter name. In addition, when you select a counter that you think is the correct one, Performance Monitor might not collect the statistics for this counter. This problem affects only non-English versions of SP3. For details, see the Microsoft article "Unrecognizable Characters Appear in Instance Names of Performance Counters or Incorrect Performance Data Is Collected After You Apply Windows 2000 Service Pack 3" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q327384.

A Bucketload of Windows Explorer Bugs
Several postings indicate that Windows Explorer has several bugs that Service Pack 3 (SP3) doesn't correct. Because Windows Explorer is such a core component of the UI, I don't understand why Microsoft didn’t delay SP3 until these fixes were ready to go. Here’s a list of the misbehaviors and bug fixes, all of which are available only from Microsoft Product Support Services (PSS).

  • A random access violation in Explorer.exe. The fix for this problem is a new version of shell32.dll with a file release date of June 5.
    Reference: "Access Violation Error Message in Explorer.exe"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q323045
  • Repeated Explorer restarts that cause your monitor to blink so rapidly that you can't see the screen. This fix includes updates to 36 files, many of which are in the kernel.
    Reference: "Windows 2000 Desktop Blinks When Explorer.exe Repeatedly Stops Responding"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q326836
  • A progress bar that goes from left to right and then starts over, possibly several times, when you copy or move very large files (i.e., 5GB). Although the file move or copy process is successful, the progress bar behavior makes you think that Windows Explorer isn't working properly. This bug fix is a later version of shell32.dll with a file release date of July 22.
    Reference: "The Windows Explorer Progress Bar May Be Misleading When You Move or Copy Large Files"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q326429
  • Repeated access violations in the browseui.dll module when someone is logged on with a non-Administrator account. The problem occurs because Windows Explorer doesn't use the proper method to release an object, and in the process, must modify registry keys that are not accessible by ordinary user accounts. The fix is a new version of browseui.dll with a file release date of July 29.
    Reference: "Explorer.exe Repeatedly Generates Access Violation Error Messages After You Log On"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q326572
  • Problems recognizing that a CD-ROM was replaced by a writeable disk. Instead of recognizing the new writeable media, Explorer prompts you to replace the original disk in the drive.
    Reference: "Windows Explorer Does Not Detect That the CD-ROM That Was Previously in the CD Drive Has Been Replaced with a Blank CD-R"
    http://support.microsoft.com/default.aspx?scid=kb;en-us;q322823

Post-SP3 COM+ Hotfix Rollup 21
Microsoft released the Windows 2000 post-Service Pack 3 (SP3) COM+ hotfix rollup package on June 4, almost 2 months before SP3 went public. The rollup is not yet available for public download, but it is available directly from Microsoft Product Support Services (PSS). For more information, see the Microsoft article " INFO: Availability of Windows 2000 Post-Service Pack 3 COM+ Hotfix Rollup Package 21" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q324039

Network Connection Manager Security Hotfix
A newly discovered flaw in the Network Connection Manager applies to all versions of Windows 2000 including Service Pack 3 (SP3). Although the flaw is difficult to exploit, attackers can theoretically run code of their choice on the local machine with full system privileges. Microsoft Security Bulletin MS02-042 (MS02-042: Flaw in Network Connection Manager Can Cause Rights Elevation) indicates that the hotfix is a new version of the file netman.dll, which you can download at http://www.microsoft.com/windows2000/downloads/critical/q326886/default.asp. This update is packaged with the standard hotfix installer, and you need to reboot to activate the hotfix after you install it.