NT 4.0 TCP/IP Blue Screen
Microsoft introduced a TCP/IP bug with the UDP broadcast attack hotfix. If your system crashes and displays a Stop code of 0xA after you install the UDP hotfix, the system might be running an older version of tcpip.sys. Microsoft article Q276404 indicates that you need a newer version of the file on post-Service Pack 6 (SP6) systems if the date that accompanies tcpip.sys is between February 22, 2000, and May 26, 2000. To get the new version, you must call Microsoft Support.

Avoiding an NT 4.0 Print Spooler Memory Leak
When you enable spooler print notification (i.e., the pop-up completion notice) on a Windows NT 4.0 print server, a print spooler bug can consume all Paged Pool and eventually hang the print-server. This problem occurs only when the user who submits the print job isn't logged on—for example, when a service configured with a dedicated account submits print jobs.

After the print spooler completes a print job, it attempts to deliver a completion message. If the user who submitted the print job isn't logged on, the print spooler temporarily stores the completion message in Paged Pool. After a week or more, the delayed notifications consume all available Paged Pool, which causes the print server to hang. To recover, you need to reboot the system. According to Microsoft article Q283102, Microsoft doesn't plan to correct this problem in NT 4.0 and suggests that you either disable the print notifications or avoid submitting print jobs from a service that doesn't log on. The article also states that Microsoft will correct this problem in Win2K SP2.

Dismounting an NTFS Volume Hangs NT
Here’s another pre-SP7 fix. Microsoft article Q274151 indicates that an NT system might hang when you take an NTFS volume offline (i.e., dismount it). A bug in the NTFS code responsible for releasing a lock on the volume’s bitmap causes the problem. You can eliminate the problem by loading a new version of ntfs.sys, which is available from Microsoft Support. If you rarely dismount NTFS volumes, you can probably wait for SP7.

Win2K Services for UNIX Bug Fix
Microsoft stress testing has revealed a slow but steady memory leak that can potentially hang Services for UNIX running on a Windows 2000 Service Pack 1 (SP1) machine. The system hang is most likely to occur when you copy a large number of files from UNIX clients to the Win2K system. On the client side, the memory leak results in error messages on CIFS and NFS clients and lost connections. On the server side, the mouse pointer disappears, the server stops responding to keyboard commands, shortcut icons become scrambled, and Windows Explorer stops responding. Microsoft announced a bug fix for this memory leak late last week. You must call Microsoft Support to get the fix, a new version of nfssvr.sys with a file release date of December 22. For more information about the stress-testing particulars, see Microsoft article Q283013.

Win2K Services for UNIX Mapping Bug Fix
The Services for UNIX Administration utility includes an option that lets you configure the User Name Mapping service. On the tool's MAPS tab, you can enable the display of simple maps for users or groups. If you select Groups, the simple maps display. However, when you define advanced maps for a group, a logic error in the administration tool removes the simple maps, and you can no longer display them. Fortunately, the command-line interface tool, mapadmin.exe, still displays the simple groups correctly. To eliminate this mapping annoyance, call Microsoft Support and ask for the bug fix, a new version of mapmnty.js with a file release date of October 7.

Logging Schannel Events on Win2K and NT 4.0
Here’s a cool registry entry that you can set to log various levels of Schannel activity on either Win2K or NT 4.0 systems. Find the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL and add the value entry EventLogging:REG_DWORD. You can assign the EventLogging value entry a number between 0 and 4, depending on the event types you want to log. To log error messages only, set the value to 1; to log warning messages, set the value to 2; and to log informational and success events, set the value to 4. When you finish debugging, be sure to set EventLogging to 0 to stop logging Schannel events.

In NT 4.0, the default value for Schannel Event Logging is 0x0000, which means that no Schannel events are logged. In Win2K Server, this value is set to 0x0001 by default, which means that Schannel events are logged. In addition, you can log multiple events by specifying the hexidecimal value that equates to the logging options you need. For example, to log error messages (0x0001) and warnings (0x0002), set the value to 0x0003. Microsoft article Q260729 documents these settings.

Certificate Wizard MMC Snap-in Failure
Do you receive an error message when you try to load the Web Server Certificate Wizard as a Microsoft Management Console (MMC) snap-in? An unregistered DLL probably causes the error. Microsoft article Q273755 indicates that you can solve this problem by registering the file xenroll.dll with the command regsvr32 xenroll.dll.

IIS Security References
If you’re just getting started with Microsoft IIS or have decided to audit your Web site’s security, you'll find a few tips in the following references. If you run IIS 5.0, check out Secure Internet Information Services 5 Checklist; for IIS 4.0, see Internet Information Server 4.0 Security Checklist.