Microsoft

Solve WinXP network communication problems with these tips

After installing Windows XP Service Pack 1, you may experience problems when communicating with Windows 2000 servers. Find out how to resolve these issues by editing the Windows registry and policy settings.


After installing Service Pack 1 on several of my Windows XP workstations, I noticed a dramatic reduction in network performance when communicating with my Windows 2000 servers. Although everything worked fine with small files, when I tried to access, create, or modify a file over 70 KB, I would get a file creation error, a delayed write failure, or some other odd error. After a little digging, I discovered that my Windows 2000 servers were holding the files open even after I had closed them, thus making it impossible to modify the file. Unfortunately, these file lock problems often occurred while the file was open, resulting in a corrupt file.

I first suspected faulty hardware—a bad network cable or hard disk ribbon. Yet after months of experimenting, I determined that my hardware was working perfectly. Since I have almost 20 computers and only PCs running Windows XP with SP1 were experiencing these communication errors, I decided that SP1 must be the culprit. I began researching the problem and after months of searching I found three potential solutions.

Word of warning
The following article suggests ways to edit your system registry. Using the Windows Registry Editor incorrectly can cause serious problems that could require you to reinstall your operating system and you could possibly lose data. TechRepublic does not and will not support problems that arise from your editing the registry. Use the Registry Editor and the following directions at your own risk.

XP has trouble writing to 2000 domain controllers
Unfortunately Microsoft's support Web site doesn’t list Windows XP SP1 problems in a single location so I dug through its knowledge base until I found article 321169, "Slow SMB Performance When You Copy Files from Windows XP to a Windows 2000 Domain Controller."

According to the article, Windows sometimes has problems writing to domain controllers, but should have no trouble reading from domain controllers. Alas, I was having trouble reading and writing to Windows 2000. Sometimes it would take a full 60 seconds for Windows XP to open a 50-KB file that was stored on a Windows 2000 domain controller. Other times though, the same file would open instantly. Although this knowledge base article didn't address my exact problem, I decided to follow the instructions and see what happened.

The article suggests that the slow performance results from a delayed TCP/IP acknowledgement occurring in an SMB: C NT Transact-Notify Change packet. To put it simply, Windows 2000 uses what are known as SMB security signatures. If security signatures are enabled, the redirector is forced to wait until the current SMB command has completed before processing the next one. This means waiting for an SMB acknowledgement from the server. The easiest way to implement a workaround to the problem is simply to disable SMB security signatures on the domain controller by editing the registry.

To do this, open the Registry Editor and navigate to HKEY_LOCAL_MACHINE\System\
CurrentControlSet\Services\LanmanServer\Parameters. Double click on the RequireSecuritySignature value and enter 0 in the Value Data dialog box. Next, double-click on the EnableSecuritySignature value and enter 0 in the Value Data dialog box. However, this registry modification didn’t correct my particular problem.

Possible task scheduling bug
I decided to turn my attention to the Web and see if anyone else was having the same problem. A quick search revealed dozens of Web pages where people discussed similar problems. One of the suggested fixes involved a bug that exists in both Windows XP and in Windows 2000. The bug causes Windows to check for any scheduled tasks that might exist on a remote machine before displaying the browse contents.

This particular bug is also controlled by the registry. To solve the problem, just remove the following registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Explorer\RemoteComputer\NameSpace\{D6277990-4C6A-11CF-8D87-00AA0060F5BF}. This registry fix did speed things up somewhat for me, but didn’t completely correct the problem.

A solution at long last: SMB signing incompatibility
Finally, after another month of digging, I discovered MSKB article 331519, "Network File Errors Occur After You Install Windows XP SP1," in which Microsoft acknowledges the problem. According to Microsoft, the problem is related to an incompatibility in SMB signing between Windows 2000 and Windows XP SP1. It appears several group policy settings are to blame.

To fix the problem, go to a domain controller and open the Active Directory Users And Computers console. Then, right-click on the Domain Controller organizational unit (OU) and select the Properties command from the shortcut menu. Doing so will display the Domain Controllers Properties sheet. Select the Group Policy tab. Select the Default Domain Controller Policy (or what ever group policy applies to the domain) and click the Edit button. Navigate through the policy to Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. Then, locate the following four policy settings and change them to Disabled:
  1. Digitally Sign Client Communications (Always)
  2. Digitally Sign Client Communication (When Possible)
  3. Digitally Sign Server Communication (Always)
  4. Digitally Sign Server Communication (When Possible)

Close the Group Policy Editor, click OK, and close Active Directory Users And Computers. After you apply the settings, wait for the next replication cycle to complete and the settings should take effect. Once the settings took effect on my system the communication problems disappeared. Rumor has it that Microsoft intends to correct this issue in the next Windows XP Service pack.

Editor's Picks