NT - ENTERPRISE 4.0
Troubleshooting
The Emergency Repair Disk can verify the NT system files, inspect the system start-up
environment and inspect the boot sector.
If the /s switch is used with Rdisk.Exe, then the Emergency Repair Disk program will
backup user accounts and file security. To restore the user account database, start the
computer with the setup disks, and select the Repair option when prompted.
When you run the emergency repair process to verify Windows NT system files, Windows
NT will check the Setup.Log file on the Emergency Repair Disk to determine which files are
installed during Windows NT Setup. Each installed file will also have a checksum. The
repair process uses the checksums to verify the integrity of installed files.
System and boot partitions cannot be part of a volume set or a stripe set. Only a mirror set
can include the system or boot partition. To recover from losing the system partition, run
the NT setup program.
Dumpexam.Exe is used to view the contents of a memory dump file and export it to a text
file. This information can be used to determine the cause of a STOP error. Configure the
startup and location of a memory dump file in System Properties. Dumpchk.exe is only used
to verify the creation of a Memory Dump File.
You can edit the Boot.Ini file and add the /sos switch to the end of the Windows NT
entries in the [Operating Systems] section of the Boot.Ini file to display all driver names
while they are being loaded.
To reprint a document jammed in a printer, select Restart from the document menu in the
Printer folder.
Planning
Each domain database can store three types of accounts: user accounts,
computer accounts
and group accounts.
Each user account occupies 1 KB,
Each computer account uses 0.5 KB,
Each group account uses 4 KB.
The maximum recommend size of a domain database is 40 MB.
Therefore a 40 MB domain database can support 26,000 user accounts (26
MB), 26,000 computer
accounts (13 MB), and 250 group accounts (1 MB).
Installation and Configuration
To ensure that a server does not become a browse master change the
registry entry
MaintainServerList = No.
Creating Printing Pools
When you create a printer, you can associate it with more than one printing device in order
to form a printing pool. A printing pool consists of two or more similar printing devices
associated with one printer name. To set up a pool, you create a printer and assign it as
many output ports as you have identical printing devices. Printing pools have the
following characteristics:
� All devices in the pool share the same print property settings and act as a single unit.
For example, stopping one device pauses them all.
� Print destinations can be of the same type or mixed (serial, parallel, and network).
� When a job arrives for the printing pool, the spooler on the computer running Windows
NT Server checks the destinations to see which device is idle. The first port selected gets
checked first, the second port second, and so on. If your pool consists of a different type
of port, make sure you select the fastest port first (network, then parallel, and then serial).
� A printing pool can contain a mixture of printer interface types, but the printing devices
must all use the same printer driver.
You can use Ntdetect.Chk in place of Ntdectect.com if Ntdetect.com fails to detect all
hardware devices. Ntdetect.chk will display information on the screen as it detects
hardware to help isolate the problem.
Monitoring and Optimization
To view network traffic generated from a particular machine, you can either use a capture
filter or a display filter. Capture filters can be configured to capture network packet types
(NetBIOS, SMB, etc.) or network frames addressed to or from a given machine.
To capture all network frames being sent to KILROY, the line INCLUDE ANY -- KILROY
could be coded in the capture filter. To capture all network frames being sent from KILROY,
the line INCLUDE ANY <-- KILROY could be coded in the capture filter. Display filters are
used to filter information once it has already been captured into the Network Monitor
capture buffer.
The correct syntax for filtering by a specific protocol property on your computer would be
a line specifying the type of frame (SMB), a colon, the type of property (Command), two
equals signs and the frame type property for directory creation (Make Directory).
The "><-->" symbol is used for address capturing.
Four server memory settings are available:
� Minimize Memory Used
Allows memory to be allocated for up to approximately 10 network connections.
� Balance
Provides memory for up to approximately 64 connections (default).
� Maximize Throughput for File Sharing
Allocates maximum memory for file sharing operations.
� Maximize Throughput for Network Applications
Optimizes server memory for distributed applications that do their own memory caching,
such as Microsoft SQL Server.
Pulse:
The interval after which the Netlogon service looks for new changes to the database and
sends a pulse (change notice) to the backup domain controllers. The default is 5 minutes.
PulseMaximum:
The interval after which the NetLogon service will send a pulse to the backup domain to
verify the synchronization level, whether or not there are new changes to the database.
The default is 2 hours.
PulseConcurrency:
The number of backup domain controllers which pulses are sent concurrently. A higher
value increases the amount or network bandwidth required at each synchronization.
The default is 10.
ReplicationGoverner:
Limits the amount of bandwidth the domain synchronization process can consume. Forces
the NetLogon service to sleep between calls and use smaller buffers to allow other network
traffic to pass. The default uses up to 100% of available bandwidth until synchronization is
complete.
The Processor object type will have multiple instances if a system has multiple processors.
Managing Resources
To give a user in one domain access to a folder in a FAT partition in another domain, create
a trust where the resource domain is the trusting domain and share the folder with the
appropriate permissions.
When logging on remotely, a user's level of access can be determined by first determining
his least restrictive level of access from NTFS, and his least restrictive level of access on
the share he is using. The most restrictive level of access would then be determined using
these two access levels. This would be the level of permission a user has for accessing an
NTFS folder via a share.
To successfully merge new group policy files you created on your workstation with the
existing policy files in the NTConfig.Pol file on the PDC, you need to copy the group
policies from your workstation system policy file and paste these policies into the system
policy file on the PDC (\Netlogon\NTConfig.Pol). Policies cannot be copied directly to a
registry on another machine. To enable a uniform policy (.pol) for all network computers
running Windows NT Server, Windows NT Workstation, you save this file to the
Netlogon folder in the system root folder of the primary domain controller:
\\PDCservername\Netlogon.
Local Groups can contain Local Users, Global groups from the local and trusted domains
and Users from trusted domains. Group permissions are cumulative.
In a master domain model, a users account in a trusting domain will automatically be a
member of the Master\Domain Users global group and will have access to resources in any
domain for which the Master\Domain Users global group has been granted permissions.
Roaming user profiles can be implemented in three ways:
� Add a user profile path to each user account to automatically create an empty user profile
folder named for the user in the server location and to allow users to create their own user
profiles.
� Add a user profile path to each user account and copy a pre-configured user profile to the
user profile path specified in each user account.
� Add a user profile path to each user account, copy a pre-configured user profile to the
user profile path specified in each user account, and then rename the NTuser.dat file to
NTuser.man in the user profile path specified in each user account. This creates a
mandatory user profile.
In User Manager for Domains, you can assign a server location for user profiles. If you
enter a user profile path into a user's domain account, a copy of the user's local user profile
is saved both locally and in the user profile path location when the user logs off.
The next time that user logs on, the user profile in the user profile path location is
compared to the copy in the local user profile folder and the most recent copy of the user
profile is opened. The local user profile becomes a roaming user profile by virtue of the
centralized domain location. It is available wherever the user logs on, providing the server
is available.
When multiple profiles apply to one user, a user profile for a specific user takes precedence
over a user profile for a group that the user is a member of.
Similarly, if no specific user profile has been defined for the user, a group profile for a
group that includes the user is used, if available, before the Default User profile is used. If a
user is a member of multiple groups, profiles are based upon Group Order.
Connectivity
A HOSTS file provides mappings of remote host names to IP addresses.
A LMHOSTS file provides mappings of IP addresses to NetBIOS names.
A DNS Name server is responsible for resolving IP addresses to fully
qualified domain names.
A HOSTS file can be regarded as a local DNS equivalent.
A DCHP (Dynamic Host Configuration Protocol) server is responsible for
dynamically assigning
and maintaining IP addresses for DCHP clients located on a local subnet.
A WINS server is used to resolve NetBIOS names to computer IP addresses
in a routed
network environment. A LMHOST file can be regarded as a local WINS
equivalent.
If your network consists of two subnets and you want to use Windows
Internet Naming
Service (WINS) to resolve NetBIOS names to IP addresses on both subnets,
the best
way to install and configure WINS on your network to minimize network
traffic and provide
fault tolerance between the subnets of your network is to install a WINS
server on each
subnet, computers on each of the subnets can perform name resolution
locally, thus
decreasing the amount of network traffic from name resolution between
subnets. By making each
WINS server a push-pull partner of the other WINS server, the WINS
database of each WINS
server can be replicated to the other WINS server at regular intervals.
This will
allow each WINS server to provide local name resolution for all computer
NetBIOS names in
either subnet. It will also provide fault tolerance for the WINS
database.
Although installing a WINS proxy agent on one of the subnets may
decrease network traffic,
it will not provide fault tolerance for the WINS database. WINS servers
cannot
be multihomed.
WINS proxy agents are normally installed in a routed environment to
provide faster name
resolution to non-WINS-enabled clients on a subnet. WINS proxy agents
intercept name
resolution requests sent as b-node broadcasts from non-WINS-enabled
clients
and provides those clients with corresponding IP addresses. WINS proxy
agents provide
name resolution by either forwarding the intercepted request onto the
WINS server or
by answering the request directly using locally cached information. The
WINS proxy agent's
ability to provide name resolution using its local cache reduces the
number of name
resolution requests made to the WINS server. B-node broadcasts cannot be
sent over a router.
There are two domains in your company, joined by a Windows NT server
acting as a router,
both domains are using TCP/IP as their communication protocol and one
domain currently
contains a DHCP server that manages IP addressing. To have the domain
without the DHCP
server domain to have its IP a ddressing managed by domain with the DHCP
server,
DHCP Relay Agent must be installed on the Windows NT server router.
Routing Information Protocol for Internet Protocol (RIP for IP) provides
a dynamic
approach to routing information across TCP/IP subnets. With RIP for IP
installed on
each router, IP datagrams can be sent from router to router based upon
dynamic tables
maintained by each router. RIP for IP reduces administrative overhead
but may increase network
traffic in large networks.
User Datagram Protocol (UDP) provides connectionless oriented delivery.
The Address Resolution Protocol (ARP) resolves physical addresses to IP
addresses
To maintain web pages for five new sites on your company's Intranet on
one IIS server,
you must assign each site's IP address to the network adapter card of
the IIS server.
You must create separate WWW folders for each site and assign the
correct IP
address for each site to each of these folders. A DNS server needs to be
installed to
provide DNS name resolution for the five new URL zones on your Intranet.
A WINS server
should also be installed and the DNS server should be configured to
request NetBIOS
name and IP address updates directly from the WINS server. This will
reduce the
administrative burden of maintaining entries on the DNS server for any
new
virtual servers. A DHCP server cannot be used to assign or manage
multiple addresses
on a single network adapter card.
To run the Migration Tool and to access NetWare servers, the Windows NT
Server computer
must be running the NWLink IPX/SPX Compatible Transport and the Gateway
Service for NetWare.
By default, when you transfer users from NetWare to Windows NT Server,
users with names
that already exist on the Windows NT Server domain are not transferred.
Conflicts are
recorded in the Error.log file.
A mapping file allows the greatest amount of control when migrating
NetWare user accounts
to a Windows NT domain. Mapping files can be used to migrate selected
user accounts
from NetWare servers, to standardize migrated user account names to
match existing domain
conventions, and to set passwords of migrated user accounts to unique
user-supplied
strings. Since NetWare passwords cannot be read by the Migration Tool, a
mapping file must
be used to ensure that migrated user accounts have passwords in the
Windows
NT domain that are the same as their NetWare user account passwords.
Mapping files are
also useful when performing large migrations involving many NetWare
servers that
contain multiple versions of the same user account names.
When File and Print Services for NetWare are installed on the Windows NT
server
(server solution), NetWare clients will be able to access files on the
Windows
NT server as if they were located on a NetWare server. When a Microsoft
redirector is
installed on each NetWare client machine (client solution), each NetWare
client
will generate requests to the Windows NT server for access to the remote
files. The Windows
NT server will process these requests and allow each client to access
the files. Client
Service for NetWare and Gateway Service for NetWare allow Windows NT
client
computers to directly access resources on NetWare servers.
Client Service for NetWare is designed for Windows NT workstations that
require a direct
link to NetWare servers.
Gateway Service for NetWare is used to allow Windows NT servers to map a
drive to a
NetWare server thus providing access to NetWare server resources for
Windows NT workstations (via a gateway).
Windows NT server requires the NWLink protocol to allow NetWare clients
and servers to access
client-server applications running on it.
NT Setup
Winnt.exe is used for the regular Windows NT setup, or an installation
through DOS or
Windows 95. Can also be used to create the setup disks by running WINNT
/OX.
Winnt32.exe is used to upgrade from another version of Windows NT.
To upgrade from a member server to a BDC or PDC, NT Server must be
reinstalled.
To downgrade from a PDC or BDC to a member server, NT Server must be
reinstalled. To change
a PDC to a BDC, or a BDC to a PDC, you must promote a BDC to a PDC in
the Server Manager.
Fault Tolerance
Disk Striping Divides data into 64k blocks and spreads it equally among
all disks in the
array. Needs a minimum of two hard disks.Disk MirroringDuplicates a
partition on another
physical disk. Disk Duplexing Duplicates a partition on another
physical disk which
is connected to another Hard Drive Controller. Disk Striping with
parityDistributes data and
parity information across all disks in the array. The data and the and
parity information
are arranged so they are always on separate disks. A parity stripe block
exists for each
row accross the disk. The parity stripe is used for disk reconstruction
in case of a failed disk. Supports a minimum of three disks and a
maximum of thirty-two disks.
Volume SetMerges numerous partitions into one drive mapping. Drives are
read one at a time.
System and boot partitions cannot be part of a stripe or volume set, but
can be a part of
disk mirroring and duplexing partitions.
Speed factors - Disk striping will provide the fastest read/write
performance as it can
read multiple disks at a time. Disk striping with parity is slower, as
it has to write
the parity information, but is still faster than disk mirroring and
volume set.
Disk mirroring is slow due to the redundancy factor of writing the same
information to
two drives at once. Volume set can only read/write one drive at a time.
To recover from drive failure with disk mirroring, you must install the
new drive, boot
the system into NT, run disk administrator, break the mirror and then
recreate the mirror.
To recover from drive failure with disk striping with parity, you must
install the new
drive, boot the system into NT, run disk administrator, and choose the
Regenerate option.
To recover from multiple drive failure with disk striping with parity,
you must install
the new drives, boot the system into NT, and restore the system backup
from tape.
NTFS vs. FAT
FAT
- Files and directories on a FAT partition only contain the standard
attributes of
Volume, Read-Only, System and Hidden.
- Cannot set local security access on a FAT volume.
- Can convert the partition to NTFS by running convert.exe
- A FAT partition can be defragmented by booting with a
DOS diskette and running defrag.exe
- File moved from a FAT partition to an NTFS partition
retain their attributes and long-filename.
NTFS
- NTFS partitions contain the standard attributes, as well
as security desciptors basing file access from user-level security.
- Can set local security access on an NTFS volume.
- Partition cannot be converted to FAT. The partition must
be deleted and recreated as a FAT partition.
- NTFS partitions cannot be defragmented. To defragment an
NTFS partition, it must be formatted and restored from backup.
- Files moved from an NTFS partition to a FAT partition do
not retain their attributes or security descriptors, but will
retain their long filenames.
Domains
Workgroup - recommended for networks containing under 20 users. Users in
this type of network
administer all shares and methods of access on their personal
computers.
Single - No trust relationships are involved in this Domain domain
model. Network
administration and management is all controlled from a central
location.
Can contain up to 40,000 user accounts, but is usually
recommended for 20-500 users.
Single - Master domain is trusted by one or several single domains.
Master The master domain provides central administration.
Domain Can contain up to 40,000 user accounts, and is usually
recommended for 500-10,000 users.
Muliple - Several master domains are setup with complete trusts
between
Master each of them, and all single domains are setup to trust the
Domain master domains. Is usually recommended for more than 10,000
users.
Complete Trust Domain - All domains in this model have complete trusts
setup with each other.
You must remember how trusts work for the test. Domain A trusts Domain
B. Domain A is
trusting Domain B to access Domain A's resources. Domain A is the
trusting domain and Domain
B is the trusted domain.
Groups
Global groups - General domain grouping used to access resources
in its own domain. Can access resources in other
domains by being a member of another domains local
group.
Local groups - Group used for local domain access to resources.
Global groups from other domains go into these groups
for resource access across domains.
Backup Operators - Group designated for members to backup and restore
computers from tape. Backup Operators can only backup
and restore from tape when logged in locally to the
computer.
Account Operators - Group designated for members to manage user and
group accounts.
Server Operators - Group designated for members to manage resources,
but cannot manage user accounts.
Replicator - Group designated for NT computers to perform directory
replication.
Computer Name Resolution
DNS (Domain Name Services) - Used to resolve DNS host name to an IP
address.
WINS (Windows Internet Naming Service) - Used to resolve NetBIOS
computer
name to an IP address.
HOSTS - File which contains mappings between DNS host names and their IP
addresses.
LMHOSTS - File which contains mappings between NetBIOS computer names
and their IP addresses.
WINS Proxy - Picks up b-node broadcast sent by a non-WINS
enabled computer for NetBIOS computer name resolution,
and forwards the request to a WINS server. WINS server
replies to the WINS proxy, which then relays the reply
to the PC. Is enabled by editting the registry.
Virtual Memory
Virtual memory can be controlled in the System properties under the
Performance tab.
The paging file size can be in/decreased here, and even distributed
across multiple drives.
The recommended initial paging file size equals the amount of RAM in the
system plus 12mb.
Netware
NWLink (IPX/SPX) is the protocol used by NT to allow Netware systems to
access its resources.
Gateway Services for Netware can be implemented on your NT Server to
provide a MS client
system to access your Netware server by using the NT Server as a
gateway. You must have
a group account setup on the Netware server called NTGATEWAY. A user
account must also be
setup with proper rights and put in the NTGATEWAY group in order to have
access.
If you decide to convert a Netware server to an NT Server, you will
first need to implement
the Gateway Services for Netware on the NT Server. Once the conversion
has completed,
you will need to make sure all Netware workstations have had the
Microsoft (SMB) redirector
installed on their ystems to access the NT Server.
Make sure to remember that the frame types for the NWLink protocol must
match the computer
that the Server is trying to connect with. Unmatching frame types will
cause
connectivity problems between the two systems.
Server Stop Errors
In the System Properties Shutdown tab, there are options to configure
where you would like
the Server stop errors to be written. The errors are written to a .dmp
file which is readable
by the program dumpexam.exe
Profiles
Profiles are the user settings which are loaded when a user logs in.
They can contain desktop
and start menu preferences. These files can be located either locally or
on a server which
has been mapped in the User Manager.
NTUser.dat and *.dat files are the typical, user-configurable profiles
used.
NTUser.man and *.man files are read-only, so the user can configure
their desktop, etc.
however, the *.man file will not be updated. When the user logs in
again, it will restore
the original profile.
You may copy profiles using the User Profiles menu located under
Control Panel | System Properties.
Printers
NT Server 4.0 has the option to maintain drivers for different operating
systems on the server.
Each operating system uses different drivers. For example, NT 3.51
systems cannot use NT
4.0 printer drivers. If the system which is trying to connect to the
printer off of the
server does not have drivers for the printer, or if they are out of
date, then the server
will automatically install the updated drivers.
Print Pooling - Consists of two or more identical print devices
associated with one printer.
Availability - This option allows you to specify which hours the printer
can be printed to.
Priority - This option specifies which virtual printer should print
first if other virtual
printers are trying to print to the same physical printer at the same
time.
Priorities range from 1 - 99 with 1 being the lowest and 99 the
highest.
You can change the directory containing the print spooler in the
advanced server properties
for the printer.
To remedy a stalled spooler, you will need to stop and restart the
spoler services in the
Server Manager.
Emergency Repair
To create an Emergency Repair diskette, you can choose to do so either
during the
installation of NT Server, or you can run rdisk.exe
To use the Emergency Repair diskette, you will need to boot the server
with the NT
installation boot diskettes, and choose to repair your NT Server with
the Emergency
Repair disk that was created.
RAS (Remote Access Services)
RAS is capable of using the following connection protocols: SLIP, PPP,
and RAS.
RAS uses NetBEUI as the defualt network protocol, but can also use
TCP/IP and IPX/SPX.
TCP/IP will need to be used if you are using programs that utilize the
Windows Sockets
(Winsock) interface over the RAS services.
There are a few different options you can set in RAS for encryption
settings.
Allow any authentication including clear text - This will allow RAS to
use a number of
password authentication protocols including the Password Authentication
Protocol
(PAP) which uses a plain-text password authentication. This option is
useful if you
have a number of different types of RAS clients, or to support
third-party RAS clients.
Require encrypted authentication - This option will support
any authentication used by RAS except PAP.
Require Microsoft encrypted authentication - This option will only make
use of Microsoft's
CHAP (Challenge Handshake Authentication Protocol). All Microsoft
operating systems
use MS-CHAP by default.
Require data encryption - This option will enable the encryption of all
data sent to and
from the RAS server.
RAS will write to a log file which can be used for troubleshooting RAS
services. In order
to enable RAS to write to the log, you have to enable it in the
Registry.
Browser Services
All NT Servers have browser services available. The Master browser will
maintain a browse
list which contains a list of all workstations, servers and domains on
the network.
There can be only one master browser per subnet.
The PDC will always be the domain master browser. All BDC'S will be
backup domain master
browsers and are capable of becoming domain master browsers in the event
of a PDC failure.
All member servers are capable of becoming master browers or backup
browsers.
You can disable the ability of a server to become a master browser by
making the proper
changes in the registry.
Domain Synchronization
The registry contains settings which set the time between
synchronizations of domain
controllers.Sometimes this can cause much traffic. In order to reduce
traffic, increase the
value of the Pulse setting in the registry of the PDC, and decrease the
value of the
PulseConcurrency setting in the registry of the PDC.