Microsoft

Windows 2000 Service Pack 3 includes 130 security fixes

In addition to addressing numerous security problems, Win2K SP3 includes fixes for the base operating system, Terminal Services, and Windows Directory Services. Hershel Dunne explains how SP3 will make your job easier.


Microsoft recently released Service Pack 3 for Windows 2000. To help you determine whether Service Pack 3 is worth a download, I’ve developed this partial listing of fixes of interest to IT professionals. Keep in mind that these are just a few of the many problems addressed in Service Pack 3. Everything from base OS fixes to Windows setup fixes is covered in this Daily Drill Down.

Base operating system fixes
The USB keyboard or mouse may not function when returning from hibernation mode; theIntel Controller Hub version 3 (ICH3) chipset has been found to not respond to the call from the operating system to return to normal usage. The call of the OS has been modified to address this issue.

Mirrored drives larger than 137 GB perform slowly in Windows 2000. When 48-bit LBA is used with a RAID-1 configuration, the performance of the mirrored drives decreases dramatically. The fix involves installing Service Pack 3 and editing the registry to enable Large Logical Block Addressing (LLBA). If you’re running Microsoft Datacenter Server, you need to consult Microsoft Knowledge Base Article Q265173 for information on how to obtain the hot fix for that particular product.

Caution
Be careful editing the registry; any changes made could result in a nonbootable computer or an unstable system if not performed correctly. Consult Microsoft Knowledge Base Article Q314695 for the exact process to change the registry setting.

Data fragmentation occurs when you use Ntbackup.exe to restore data to a clean volume. The data restored to an NTFS volume will appear as fragmented when restored to a clean volume. The clean volume is seen as a mirror of the drive that was backed up; therefore, the data is written to the same location on the clean volume as it held in the previous volume. If there is a difference in the volume size or the location of the volume on the disk, there will be inconsistencies in the data.

Security fixes
A vulnerability in Windows 2000 remote access service phonebook is due to an unchecked buffer. This could allow someone to gain complete access to the computer and delete accounts and limit access to the computer from existing accounts.

Security concerns abound
There are approximately 130 other security fixes in Service Pack 3 that I have researched. Each of these is a possible threat to the continuous functionality of your company’s computer systems. For this reason alone, I believe that Service Pack 3 is needed for any company that is using Windows 2000 clients.

Once you’ve applied Service Pack 2, a drive letter disappears from My Computer. Even if you attempt to reassign the drive letter, you will still not be able to access it. The following error message has also been confirmed as a result of this problem: Title: Logon Message: The System Can Not Log You On (1F). Please Try Again Or Consult Your System Administrator. This message occurs when a user has attempted to log on to the computer and has received no error message. However, the Welcome To Windows login screen has reappeared, asking the user to press [Ctrl][Alt][Del] to log on. Further attempts to log on by any user will then invoke the message outlined above. The cause of these errors is a drive mapping of the user that logs on and overwrites a local drive letter with the home folder of that user.

Terminal Services fixes
Windows 2000 Terminal Server hangs when you close a remote connection. This situation occurs in Windows 98 and Windows 95 clients that are connected to the Terminal Server and try to close the connection to the server. Terminal Services is waiting on another service that is on the same thread as the final exchange that needs to occur between the Windows client and the Terminal Server. This could leave Terminal Services in an unusable state until the server is rebooted. This reboot technique would obviously be a temporary fix since you wouldn’t want to have to restart a server every time this bug appeared. Service Pack 3 corrects this problem by placing the service on a different processor thread that allows it to run simultaneously with the logoff procedure.

Terminal Services clients consume multiple Terminal Services CALs. This problem occurs when a computer is connected to a Terminal Services server and is assigned a temporary Terminal Services CAL token. If the client is turned off before the full token can be authenticated into flash memory, it will be assigned a second full token the next time it connects. This multiple issuance of full tokens can also occur when a Windows client machine that has been issued a full token is reimaged with an image that contains either the temporary token or no token at all.

You may receive one of the four following Status Unexpected Network Error error messages from redirector to Terminal Services client sessions when you try to access files on a mapped network drive:
  • Status_Unexpected_Network_Error (0xc00000c4)
  • Status_Connection_Disconnected (0xc000020c)
  • Error_Unexp_Net_Err (Error 59 in decimal or 0x3b in hexadecimal)
  • Error_Netname_Deleted (Error 64 in decimal or 0x40 in hexadecimal)

Service Pack 3 contains updated versions of two files that will resolve this error.

Clients with an expired temporary license may be unable to connect to Terminal Services. A client that could previously connect to Terminal Services may not be able to connect once its temporary license has expired. The following error message is sent to the client trying to connect, Terminal Services Has Ended The Connection. The client with the expired temporary license can connect if the license is first removed from the client computer. Consult Microsoft Knowledge Base article number Q248430 for the process to delete an expired temporary license.

The number lock status is not synchronized during Terminal Services session. Clients running Windows 95, 98, and Me don’t change the number lock status on the keyboard or in reference to the operating system. When the [Ctrl][Alt][Num Lock] keys are pressed, only the Terminal Services session reflects the Num Lock On state. Once the Terminal Services session is terminated, the Num Lock On state is off.

Windows Directory Services fixes
You may experience poor performance with file and print services for NetWare. If certain client operations aren’t processed correctly, there are inconsistencies in the file dates and times from the source client to the destination client. Subsequent attempts to copy the files again are not copied. However, a message is sent informing the source computer that the file updates have been made. This could cause multiple instances of different versions of files contained on your network.

Windows MSMQ fixes
You may be unable to browse a remote access client from the message queuing service after establishing the connection. Clients using the Message Queuing service may receive the Remote Machine Not Available error message when attempting to view the queues on a remote computer. This error is caused by a remote connection being established after message queuing is initialized. Message Queuing services are bound to IP addresses when the service is first initialized and are not assigned dynamically as new connections are made. Message Queuing is not aware of the new connection and does not have a Remote Procedure Call (RPC) listening port attached to the new IP address. The fix included in Service Pack 3 binds all nonclustered computers, allowing the Message Queuing service to receive data from clients connected since it was first initialized.

MDAC fixes
There is a virtual memory leak when a large number of ActiveX Data Objects (ADOs) are open concurrently. This occurs when these ADO recordsets are opened and closed frequently, resulting in a memory leak that can lead to out-of-memory errors and memory fragmentation. This problem has been found to occur in all MDAC versions 2.5 and 2.6 and is not provider specific. Oracle, SQL, and ODBC drivers have been affected. The problem is a result of a feature in the MDAC memory management routine that places the recently vacated memory in a “look-aside list” rather than freeing it up for use by the system. This was done to cut down on the overhead that occurs when memory is completely freed up and then reallocated. The default setting is 500 allocations of memory for the look-aside list, with any allocations over that default freed by a call to the VirtualFree function. There is an error in the code for the memory management so that memory is not actually released. The application receives no information that the memory has leaked. Service Pack 3 addresses this problem by installing updated files that contain the memory management fix.

Management and administration fixes
Network printers may not be displayed if you use roaming profiles in Windows 2000. If a user has a roaming profile, they may not see their network printer if there is a local printer attached to the computer they logged on to. This occurs because the printer’s interface is designed to hide network printers that are installed as local printers. Sometimes, this feature hides printers that are not installed locally. The fix contained in Service Pack 3 contains an updated spool file called Spoolss.dll, which resolves this problem.

You cannot search contents of text attachments in e-mail messages in Windows 2000. If you try to search a text attachment to an e-mail message in the Unicode or ANSI format, you may not be able to complete the search. Multipurpose Internet Mail Extension (MIME) does not contain a plain text filter by default when it is sent to the Windows 2000 client. The MIME filter attempts to search the text file by using ASC (Microsoft Exchange Active Server Components) and is unable to do so. The fix contains an updated version of the file Mimefilt.dll, which resolves this problem.

Bad mail messages that cause the queue to grow and block delivery of other messages occur when an outgoing message is incorrectly configured for a specific server such as AOL.com. The offending message will be sent to the front of the queue, and subsequent messages are blocked from being delivered. This occurs because the message at the head of the queue is considered to be in a “retry” state and therefore prevents delivery of messages that follow it.

Windows setup fixes
Duplicate computer names are created when Sysprep.exe generates random computer names. The deployment of a Windows 2000 image on network computers may result in duplicate computer names. This may send an error message informing you that duplicate computer names exist on your network. The fix is contained in an update to Syssetup.dll within Service Pack 3.

Windows shell fixes
The computer may hang when a user logs on to a Terminal Services session. While logging in to a Terminal Services session, a user’s computer may stop responding as their local settings are being loaded. If another client tries to log on to the local machine, the following error message is displayed: C000021A Status_System_Process_Terminated. The culprit is an incorrect registry setting.

The My Documents folder isn’t refreshed correctly when it is redirected to a NetWare server. If you delete files from this folder, the contents don’t change on the NetWare server unless a manual refresh is performed. An internal naming problem causes the folder to not refresh. The operating system is expecting updates to the folder to be addressed to the shortened version of the folder name, while the updates are arriving with the longer folder name as the location. The updates aren’t registered because essentially the request is arriving at the wrong address.

Service Pack 3 is indeed worth your time
When you support a large number of employees at your company, you always face the threat of security problems. When a service pack is introduced, it’s always a good idea to add it to your workstations. However, I have a few rules before deciding to add just any service pack to my clients' machines. Those rules are as follows:
  • The computer is experiencing significant errors that can be attributed to a problem outlined in the service pack.
  • The computer is a server and absolutely mission critical to the operation of the business.
  • The computer is a server with remote access enabled. The service pack should be applied to diminish the possibility of denial of service attacks, as well as other attacks against the system.

Service Pack 3 should resolve many security, administration, and base OS bugs that have caused computers running Windows 2000 to operate erratically or cease functioning.

Editor's Picks

Free Newsletters, In your Inbox