Windows Server 2003 Comprehensive VSS Update
Last November, I discussed two hotfixes you could install to correct problems with the Volume Shadow Copy Service (VSS) code. In late December, Microsoft released a cumulative update for VSS that supersedes the November version documented in the Microsoft article "Time-Out Errors Occur in Volume Shadow Copy Service Writers, and Shadow Copies Are Lost During Backup and During Times When There Are High Levels of Input/Output" (http://support.microsoft.com/?kbid=826936). Time-out errors occur in VSS writers, and shadow copies are lost during backup and during times with high I/O levels. The update corrects fourteen documented bugs in the VSS code, including failure of shadow copies on disks with small cluster sizes, timeout errors that occur when you back up the system, and errors specific to a Windows Server 2003 cluster configuration. Available only from Microsoft Product Support Services (PSS), this update contains new versions of 12 components critical to the volume shadow service (VSS); most of the components have a file release date of December 18 or December 26. The Microsoft article "A Volume Shadow Copy Service (VSS) update package is available for Windows Server 2003" (http://support.microsoft.com/?kbid=833167) documents the bugs this update addresses.

Windows Server 2003 Time Service Hotfix
In Windows 2003, Kerberos authentication, Active Directory (AD) authentication, and replication require that network system clocks be accurately synchronized. The time service uses a sophisticated algorithm to poll and set the local time from as many as six independent external and internal time sources. The time service in Windows 2003 has a bug that causes it to log errors when a Network Time Protocol (NTP) client attempts to synchronize the system clock. The bug report provides no details about the source of the time service errors, but it does state that you might see multiple event ID 50 events from the W32time service stating that “The time service is no longer synchronized and cannot provide the time to other clients or update the system clock,” plus one or more events from the NTP client showing that 1) The time service detected a time difference of greater than 5000 milliseconds for 900 seconds; 2) NtpClient cannot reach or is currently receiving invalid time data from yourpdc.forestroot.com; or 3) No valid response has been received from manually configured peer yourpdc.forestroot.com after 8 attempts to contact it. On January 31, Microsoft released an updated version of w32time.dll that eliminates the time synch errors. You need to install this hotfix on all Windows 2003 domain controllers (DCs) in the enterprise, starting with the operations master (the authoritative time source for a network). After updating the operations master, you should synchronize the operations master with a Stratum 1 NTP server to ensure the trusted time source is accurate. When you call Microsoft PSS for the hotfix, cite the article "W32Time frequently logs Event ID 50 and cannot update the system clock in Windows Server 2003" (http://support.microsoft.com/?kbid=830092)as a reference.

Debugging the Time Service
Synchronizing time across a global network can be technically challenging because of multiple time zones, slow or broken network links, inaccessible external NTP time servers, and problems with DCs that serve as trusted time sources for systems on a local segment. The Microsoft article "Basic Operation of the Windows Time Service" (http://support.microsoft.com/?kbid=224799) describes the default behavior of the time service synchronization. You can fine tune how the time service operates (e.g., changing the synchronization interval or the machine to contact for a time update) by adjusting the service’s registry entries, as documented in the Microsoft article Registry Entries for the W32Time Service (http://support.microsoft.com/?kbid=223184). You can debug the time service on Windows 2003 and Windows XP systems by adding value entries to the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W32time\Config registry subkey. The three value entries define the size and location of the time service log file and control the amount of information the time service logs. • FileLogSize: REG_DWORD:10000000 defines the size of the log file in bytes. • FileLogName :REG_SZ:c:\windows\debug\\w32time.log, defines the location of the log file. The system root debug folder is the default location for the log file, but you can enter any valid path and filename. • FileLogEntries: REG_SZ:0-116 controls the amount of detail the time service logs. To log the most detail about time service operation, set this value to 0-300. After you finish debugging, be sure to delete these value entries before you return the system to full-time production mode; if you don't, you’ll waste processor time and disk space with logging you no longer need This technique is documented in the Microsoft article "HOW TO: Turn On Debug Logging in the Windows Time Service" (http://support.microsoft.com/?kbid=816043).

Dfs Enhancement
Microsoft released an enhanced version of its Dfs code that accurately maintains Universal Naming Convention (UNC) mappings after you move the files from one volume to another. If you're migrating file servers to Windows 2003, the new root-server Dfs's ability to provide referrals to relocated UNC shares will greatly simplify your task. The new functionality is embedded in two Dfs components, dfs.sys and dfssvc.exe, with file release dates of January 26 and January 30, respectively. When you call, cite the Microsoft article "Distributed File System update to support consolidation roots in Windows Server 2003" (http://support.microsoft.com/?kbid=829885) as a reference.

NAT Blue Screen Bug Fix
When you configure Windows 2003 to use Network Address Translation (NAT), the server might crash with a stop code of 0x00000001 in ipnat.sys. A bug in how NAT code processes Internet Control Message Protocol (ICMP) table entries when a local user attempts to connect to the Internet through the server causes the crash. Microsoft PSS has a new version of ipnat.sys, with a file release date of January 19, that eliminates the blue screen. You need to reboot after you install the new version. This problem is documented in the Microsoft article "You receive a Stop 0x000000D1 error message in Ipnat_sys on a Windows Server 2003-based computer that is configured to use NAT" (http://support.microsoft.com/?kbid=834831).

SBS 2003 POP3 Connector Patch
A bug in the POP3 connector that downloads email from an external machine to Microsoft Small Business Server (SBS) 2003 can tie up to 100 percent of CPU resources, which in turn prevents the system from successfully downloading messages. If you’re having problems with POP3 mail, start Task Manager and see whether the Imbdownl.exe process is using a large amount of CPU time. If so, when you kill the process, the download should complete successfully. When a POP3 download fails, you can confirm that the download process is the culprit if you see a message in the application event log with an event ID of 1067 and a message stating “There was an error logging out from the POP3 server. The error is 2147014858 (An operation was attempted on something that is not a socket.)” Read more about this problem and the fix in the Microsoft article "Scheduled POP3 connector e-mail message downloads may not occur on your Windows Small Business Server 2003-based computer" (http://support.microsoft.com/?kbid=833992). The hotfix, a new version of imbpop3.dll, has a file release date of January 9, 2004.