Windows NT Common Problems and Gotcha!s

Rather than bloat the administrator index further with lots of
individual Gotcha! items and hacks, I will make a separate list here. I will be
updating this tip with NT oriented gotcha! from Microsoft security bulletins,
newsletters, bug lists, and my own experience.



  • USB support for NT4
    There is no built in support for USB in Windows NT
    4.0. A better approach may be to upgrade to Windows 2000 Pro. If you must stay
    with Windows NT, Bsquare is a 3rd party utility which will support USB
    keyboards, mice, printers, and most Pocket PC cradles. If you have a USB
    joystick, scanner, camera, pool cue, charging station, or other USB device, you
    will have to check with the manufacturer for an NT4 driver. Good luck. EdgeUSB
    allows one to run existing WDM USB class drivers on Windows NT. See for Edgeport NT 4.0 drivers.
  • You have Win98 and want to dual boot with NT but can’t convert because
    primary partition is FAT32.
    The
    primary partition needs to be FAT16 so Win98 and NT can boot. You probably have
    one large FAT32 partition. Clean up the disks – uninstall apps that can be
    reinstalled easily; delete unneeded files; minimize swap file; defrag the drive.
    Use PartitionMagic to create a new FAT32 partition large enough form your
    remaining apps. Move your data and apps to the new partition. Reduce the
    primiary partition to less than 2GB. Convert it to FAT16. Install NT on the
    primary partition. Complicated. Do you have all the needed utilities? If not,
    backup your data and blow it away. Install either NT and Win98 on a 2GB FAT16
    primary partition. Format rest of drive into either FAT16 to share partition
    between NT & Win98 or create NTFS and FAT32 partitions and keep them
    separate.

  • Access/IE Bigtime Gotcha!
    SANS Issued a FLASH message describing a vulnerability that
    is probably the most dangerous programming error in Windows workstation (all
    varieties — 95, 98, 2000, NT 4.0) that Microsoft has made.

    You are vulnerable to total compromise simply by previewing or reading an
    email (without opening any attachments) if you have one of the affected
    operating systems and have the following installed:

    Microsoft Access 97 or 2000
    Internet Explorer 4.0 or higher, including
    5.5 (Windows 2000 includes IE 5)


  • Access Denied even to administrator when trying to
    change to a folder or read a file. As administrator you can not take ownership
    to get access under NTFS.
    I have had
    this happen with random files and an occasional folder. Its there in the
    directory but the owner can’t access it nor can the administrator take ownership
    to get access. I had this happen about once a month on web servers which had a
    lot of developer owners. I verified the problem was not a virus or other
    malicious activity. I initially assumed it was disk corruption because it could
    only be cleared up by chkdsk /f. Having to reboot to
    clearup the problem is a real pain in a production environment. I eliminated
    disk or file corruption by renaming the problem file(s) or folder(s) and leaving
    them on the disk. The problem would pop up again in a few days or weeks later.

    I later came to the conclusion that the problem is a natural side-effect of
    NTFS. That the developer or someone with access deletes the file or folder while
    it is opened by someone on the web (another developer or a web service perhaps).
    The file or folder is GONE, deleted. But since someone has it open, NTFS can not
    remove the NTFS table entry for the file or folder. Schedule chkdsk /f, reboot
    (which breaks any connections to open files or folder) and chkdsk finds an
    directory entry without data and cleans up the “bad” (actually obsolete)
    directory entry. Voila! the file or folder that you gave Access
    Denied
    even as administrator is gone. The access problem was not
    permissions, it is simply that the directory entry exists but no file or folder
    does. I later found a kb article which described this
    behavior.


  • AT commands Task Scheduler is installed with IE4 or
    IE5
    and replaces the Schedule service and the AT commands. Some programs
    will only run under the schedule service, or they run unpredictably under Task
    Scheduler. If this is a problem you have had with AT, uninstall Task Scheduler
    and use the Schedule service (atsvc.exe) instead. See this MS Knowledge Base
    article:
    http://support.microsoft.com/support/kb/articles/q196/7/31.asp

  • Certificate
    You may have trouble
    importing a Security Certificate in Microsoft Outlook or Microsoft Outlook
    Express running on Windows NT 4.0. The path to the Security Certificate may
    contain random ASCII characters, or Internet Explorer may stop responding (hang)
    or close unexpectedly. This issue can occur if you upgrade to SP4 and then
    export the Security Certificate from Netscape Navigator, or if you try to import
    a Security Certificate that uses the SMIME security standard. The only fix for
    this is to upgrade to SP5.


  • ClipArt bits you in the *ss

  • Cluster Server may not start after replacing defective disk
    Q243195

  • Default registry key permissions allow privilege elevation from
    console
    Q250625

  • Disable a Service or Device
    that Prevents NT from Booting


  • DNS Server Generates Errors Event 453 or 7053
    after you upgrade a Microsoft DNS-based server from Windows NT 4.0
    Service Pack 3 to Service Pack 4, 5, or 6 But that not really the problem. The
    SP upgrade is revealing a reall problem. Your DNS is improperly configured. You
    have something in your DNS configuration that is instructing the DNS server to
    send a message to an IP address that is not valid. The most common problem is
    that somewhere in your DNS configuration you have either a blank or a 0.0.0.0 IP
    address. This could be in the IP Master field telling a secondary zone database
    where to find a primary, or it could be in a Notify list, or it might be in a
    corrupted CACHE.DNS file. It is also possible that it could be in a corrupted
    entry in the registry. Check these areas for a blank, zero, or invalid IP
    address, correct it, then stop and re-start the DNS service.


  • Could not find domain controller for this domain

    You get this error when
    trying to create a trust to a domain which has RestrictAnonymous set. You can
    resolve by removing RestrictAnonymous or by placing the PDCs address in the WINS
    server db or LMHosts. See Q245172


  • DRIVE – one or more partitions missing
    Your antivirus software detects a boot sector virus. You allow
    the antivirus software to clean the virus off. When you reboot, a DRIVE (1 or
    more partitions) is missing. Actually the drive is not missing. The antivirus
    software rewrote the MBR (master boot record) to eliminiate the boot sector
    virus. The disk signature NT uses to recognize the drive as an NT drive is
    stored in the MBR and is no longer there after the antivirus software rewrote a
    default MBR. Reboot and when NT asks if its OK to write the drive signature,
    allow it to do so. Until the drive signature is rewritten, NT will set the drive
    offline.

  • Drive letter missing, SP6a gotcha! (flea bite size) Q259428

    When you assign a drive letter to a
    jazz drive or other removable media under SP6a, if you delete the partition,
    create it again, and assign a new drive letter, you won’t see the previously
    assigned drive letter in the available drive list until you reboot the system.

  • Emergency Repair Disk Is Full Q130029
    the combined size of the files in the
    %SystemRoot%\Repair folder exceeds the capacity of one floppy disk. See kb
    article for workarounds.

  • Emergency Repair Disk
    Gotcha!


  • Global group, can’t delete Q119743
    You get the following error when attempting you try to delete
    the global group:

    The following error occurred when trying to delete group : This
    operation is not allowed on this special group.

    The problem is that the global group still has members. OK! you now know
    the problem and try to remove the member(s). You get the message:

    The following error occurred changing the properties of the global group
    :
    This operation is not allowed on this special group.

    Check to see if a group is defined as a primary group for any members,
    then reset the primary group if any are found, before you delete the group.


  • High Encryption

  • HP4000 – Print to HP4000 hangs intermittently under NT 4.0
    You can resolve by using the HP5si driver or
    HP4si driver.

  • IIS Netscape Gotcha!


  • IIS / ZoneAlarm conflict
    Seen reports of IIS /
    ZoneAlarm conflict. Seems to be caused by ZoneAlarm’s TrueVector Internet Monitor service. To resolve, make the
    service dependon the IIS service w3svc . Then vsmon will
    wait on w3svc before starting. It seems the ZoneAlarm service interferes with
    w3svc starting if it starts first. Make it start after.

  • Installation Unattended


  • No one can LOGON unless they are an Administrator.
    This happens when someone has gotten heavy handed with user rights and removed
    the Access this computer from the network user right
    from the Everyone group. Resolve by

    • Start User Manager for Domains
    • Select Policy option
    • Select User Rights
    • Add Everyone group to user right Access this computer from
      the network

  • Memory Leak in the Rasapi32 API

  • NetWare Client 4.6 locks up NT4 servers Q253445

  • PDC becomes inaccessible periodically
    You find the following events:
      Event ID: 3013
    Description: The redirector has timed out to

    Event ID: 2022
    Source: SRV
    Type: Error
    Description: The server was unable to find a free connection times in the last seconds.

    McAfee NetShield has been known to cause this problem. If you have
    NetShield on your domain controllers, remove it.


  • Pagefile.sys, Cannot access
    Your
    pagfile is too small. It has gotten corrupted. I use the unix standard of
    setting the pagefile to 2xRAM but at least set it to RAM+12MB.


  • page fault in Apitrap.dll or Kernel32.dll caused by explorer NOT!
    This error is
    NOT an IE bug but is due to an incompatibility between Internet Explorer 5 and
    the Apitrap.dll file that is installed by Symantec’s Norton Cleansweep v4. Fix:
    Symantec


  • The partition you have chosen is not recognized by Windows NT.

    If you get this error during
    the installation of NT, it usually means that your drive is formatted with FAT
    32. If that’s the case, you must reformat to FAT 16 or NTFS.


  • Password corrupt
    If someone can
    NOT logon to their domain account but they can from another workstation, its
    probably the machine’s ability to logon that is failing not the users. You can
    reset the domain password and it does not help. (all assuming that the user is
    attempting to logon to the domain and not the local workstation). Solution:
    remove the workstation from the domain by adding it to a workgroup and then
    re-add to the domain. This will clearup the workstation’s ability to authenicate
    with the domain.

  • Printing problems for Win9x clients
    All kinds of odd problems occur when you create a printer
    and you ignore the compatibility warning about the name being more than 8
    characters long. A lot of people blow right past this one. It says there will be
    problems with MS-DOS clients. What you may not realize, is this includes Win9x
    clients. Don’t create a name with more than 8 characters or with a space
    embedded.

  • Domain Replication
    The
    Replication service included on the original Windows NT 4 CD is broken and does
    not work properly. Install SP3 (or higher) to fix its problems.


  • Rollback.exe kills NT


  • Secure channel password out of synch.
    I recently restored a server from tape, including the
    registry. After reboot, the web server and all other applications and services
    functioned perfectly. Unfortunately the server netlogon service would not start.
    The gotcha! was that the secure channel password which every workstation and
    server uses to authenicate to its domain, had been changed automatically
    sometime between when then backup tape had been created and when the restore
    took place. This forced the secure channel password out of synch. The BDC could
    not authenicate itself to the domain. This problem is easily resolved by the
    Windows NT Resource Kit utility
    netdom . See Admin Tip
    #272: NETDOM Reports Access Denied with Windows NT 4.0 SP4
    for further
    details.


  • Q151427: Not enough server storage is available to process this
    command.

    This is a puzzling
    error when encountered and is OFTEN asked in the newsgroups. The problem is
    easily resolved. This error message usually comes from an incorrect version of
    the file “srv.sys”. One common cause of this is adding networking software from
    the NT CD after installing a service pack. This replaces files from the service
    pack on the hard disk with an earlier version from the NT CD. Re-applying your
    latest service pack usually cures the problem. See Q151427 for details.


  • Setup is unable to locate the hard drive partition prepared by the MS-DOS
    portion of setup.
    If you get this
    error during the installation of NT, the failure message indicates that NT’s
    temporary setup files are inaccessible.

    Setup,
    Winnt.exe, by default places temporary files on the first available drive that
    has enough free space, but because Winnt.exe sees drives that NT may or may not
    support, these temporary files may be inaccessible to Setup. (Unsupported drives
    may include compressed drives, unsupported SCSI drives, or drives on secondary
    IDE or ESDI controllers.) To fix this problem, use the WINNT command with the /T
    switch. The /T switch specifies the target drive to which temporary files will
    be stored by Setup. For example, to install temporary files in the D: drive,
    type WINNT /T:D:.


  • Small Business Servers
    SBS must
    be the PDC. Thus there can only be one SBS server in the domain. You can have
    any number of member servers but they can not be SBS servers.

    You attempt to add a workstation or server to a SBS domain and the
    domain controller cannot be found. This is a bug and happens when tcpip is the
    only protocol. Keep retrying and it will work.


  • Service Packs, Not
    reapplying NTs Service Packs


  • Service Packs (SP1-SP6a) don’t update international license server
    files


  • Soon runs jobs the next day after IE5 installed

    When you install IE5, it installs Task Scheduler which schedules things by
    the minute rather than by the second which the AT scheduler does. You can fix it
    by uninstalling Task Scheduler and reinstalling AT. Or by scheduling a couple of
    minutes into the future. There also seems to be a gotcha! with SOON and time
    zones where it does not properly handle them.
  • SP upgrade fails with “Unable to open or modify SETUP.LOG file”

    The service pack upgrade must
    access this log. The error means the file has been deleted or corrupted or the
    folder where NT has been installed, has been renamed. See kb article for
    corrective measures.


  • Shortcuts from the Start Menu or from the Desktop don’t run
    Q172223
    When you double-click on a shortcut or select an item from the
    Start menu, nothing happens. When you try to run any program or shortcut from
    Control Panel, the following error messages may appear:

    Access to the specified device, path, or file is denied.
    -or- This file does not have a program associated with it for performing this
    action. Create an association in My Computer by clicking View and then clicking
    Options.
    The problem is caused by the Open and/or Open\Command key(s) in
    the HKEY_CLASSES_ROOT\Exefile\Shell subkey of the registry have been corrupted,
    modified, or are missing.


  • SP5 problems in Japanese, Chinese, & Korean versions
    Q250390

  • SQL query overcomes SQL Server and/or NT server security

  • STOP: 0x0000007B Inaccessible Boot Device or “0x4,0,0,0” Error


  • System32 Folder Opens When Logging into Windows NT

  • tcpcfg.dll unattended
    install bug


  • UNC : \\server\share is 10% slower than using drive letters.
    OK. No big deal usually but I have seen
    reports that Norton AV Autoprotect v7, nav2001 can make the UNCs extremely slow.
    If you think you have the problem, turn off Autoprotect and see if the network
    copies return to normal speeds.


  • USB : NT 4 does not have support for USB.
    Nada! Want to use that USB modem, scanner, printer, or
    whatever? Sorry. Consider Windows2000.


  • Win9x crashes on URL containing reserved devices names

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top