WHY USE AN ALIAS?
As you know, NetWare allows you to create aliases that represent objects in your NDS. Why should you bother with aliases? These little gems can make your tree structure easier for end users. For example, you can create an alias for a mobile user, placing it at the top of the tree, helping him or her during authentication. Since aliases contain very little data, replication traffic is limited to the name and the data for a pointer to the real object, speeding up the process. Or, you can place aliases of your most-accessed printers, print queues, servers, and server volumes in an easy-to-access container. Now, instead of clicking around through the tree trying to find an object, it's a click or two away.
95 CLIENT V2.20 PATCH FILES
It's time for another update of your IntranetWare Client files! Novell recently released yet another update to the IntranetWare Client v2.20 for Windows 95. This update addresses several known issues identified in previous versions, including problems with some applications in a multi-user environment being unable to detect logical record locks set by another application and problems with mapping. You'll find the latest Client files in the file 95220P1.EXE on the Novell Support Web site at the following address:
http://support.novell.com/misc/patlst.htm
CONTROLLING ACCESS TO NDS OBJECTS
If you need to assign additional NDS rights to users, start with the default assignments. Defaults are in place to give users access to the resources they need without giving them access to resources they don't need.
Also, avoid assigning rights using the All Properties option. This protects private information about users and other resources on the network. Although assigning property rights using the All Properties option may seem easier, this option grants many property rights that users do not need.
Finally, use Selected Properties to assign property rights. This allows you to assign more specific rights and helps you avoid security problems.
AUDITING TOOL FOR NETWARE
Looking for a good auditing tool that tracks login/logout activity? If so, you should check out AUDITV2, a shareware utility created by David Condrey. This tool is an NLM that monitors server connections, writing easy to manipulate log files for your viewing pleasure. The tool can even periodically send log files to a single server running the consolidation (CONSLDAT) NLM, compiling the activity for all servers into one set of chronologically sorted logs for your entire network. For more information and to download the tool, visit the following Web site:
http://www.novellshareware.com/
BACK UP IMPORTANT SERVER FILES
Hopefully, you'll never experience a major server failure or an attack from a hacker who trashes the critical files on your server. However, just in case, you can protect yourself against potential disaster by taking a few precautionary steps. First, store copies of your STARTUP.NCF and AUTOEXEC.NCF files offline. Next, back up the bindery or NDS files and store them offsite. Also, consider copying and storing offline all System Login Scripts, Container Scripts, and any automated Login Scripts.
BINDING MULTIPLE FRAME TYPES
Depending on your network configuration, you may be running more than one IPX frame type. Microsoft NT Workstation 4.0 allows you to specify only a single IPX frame type. Normally, if you want to use multiple types, you can use the Autodetect option. If you use Autodetect, NT searches for multiple frame types in the following order:
Ethernet 802.2
Ethernet 802.3
Ethernet II
Ethernet SNAP
This may not be the best order for your network. You can specify more than one frame type to be bound when the network services are initialized by making changes in the Registry. The key you'll need to change is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \NWlnkIpx\NetConfig\ : PktType
PktType is a multiple string value (REGEDIT32), which means that you can make more than one entry as long as the values are on separate lines. The following values are possible:
ff - Autodetect (cannot be used in conjunction with other values)
0 - Ethernet II
1 - Ethernet 802.3
2 - Ethernet 802.2
3 - Ethernet SNAP
4 - ARCnet
You can determine what frame types are bound by using the IPXROUTE CONFIG command at a Command Prompt. Unlike NT Workstation, NT Server doesn't restrict you to a single frame type.
PROXY CACHE PATCH FOR BORDER MANAGER
Novell has released a patch for BorderManager 2.1 and FastCache 2.1b Proxy Cache which requires that IntraNetware Support Pack 6a (IWSP6A.EXE) and the BorderManager Admin Snap-in Patch (BMADM2C.EXE) be installed. The new patch contains Y2K fixes and addresses other problems, including:
Proxy cannot create log files when the date changes to 1 January 2000. It returns an Error 135 Creating Log File error.
An abend occurs in Proxy FastFree.
An abend occurs because ServerCbReinit called FastFree with an invalid memory area.
The proxy hangs (stops servicing HTTP requests).
A memory leak in proxy eats up memory.
You'll find the new patch on the Novell support site at
http://support.novell.com/cgi-bin/search/download?/pub/updates/bordserv/bmfc/bmp114.exe
BORDER MANAGER 3 SUPPORT PACK
To address several known problems in its BorderManager product, Novell recently released a patch kit--Support Pack 1 for BorderManager Enterprise Edition v3.0 for the product. This patch kit contains general fixes to the BMEE 3.0 product, and Novell recommends it for all BMEE 3.0 installations. For more information and to download this patch, visit
http://support.novell.com/misc/patlst.htm
BORDER MANAGER 3.0 CYBERPATROL UPDATE
Novell recently released an update to the CyberPatrol filtering tool provided with BorderManager 3.0. This patch file, named bm3cp2.exe, includes fixes for two known issues. First, it resolves a problem that occurred if an access control rule to deny access to categories on the CyberNot list was created. When requests came through the Transparent Proxy, some requests to search agent sites were blocked even though they were not part of the denied categories. Second, it resolves a cosmetic problem with the registration screen showing the registration date incorrectly. You'll find this file on the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
BOOTING A SERVER WITHOUT RUNNING STARTUP.NCF AND AUTOEXEC.NCF
Sometimes you might want to boot a file server without running the startup scripts C:\STARTUP.NCF and SYS:SYSTEM/AUTOEXEC.NCF. With NetWare 3.x, when you issue the Server command, include the parameter:
-ns
To not execute the STARTUP.NCF
-na
To not execute the AUTOEXEC.NCF
Note 1: These parameters are case sensitive and MUST BE lowercased.
Note 2: NEVER load memory management software before running SERVER.EXE.
CAN I MOVE A SUBTREE?
NetWare 4.x provides the ability to move a subtree should you find it necessary. You can also move any container and all subordinate objects to a new location in the tree. This upper container needs to be the root of a partition. If that uppermost container is not the root of a partition, then the operation will create one for you. There is no limit to the number of containers and objects that may exist beneath the container that is the root of the subtree. However, there cannot be any subordinate partitions to that container/partition root. If the partition to be moved has a subordinate partition, then a "join" operation could be performed prior to the attempt to move the subtree.
CLIB UPDATE FOR NETWARE 3.12 AND 3.2
Here's another Y2K patch from Novell. This file contains the latest version of CLIB for NetWare 3.12 and 3.2. This new release of CLIB.NLM contains two fixes for Year 2000 (Y2K) issues, including a problem in which the wrong day of the week is returned by applications using the CTIME API after Feb. 29, 2000, and a problem in which the wrong date is returned by applications using the API STRFTIME with the %D parameter. These problems are seen with NLMs developed using ANCII C source code, with the Novell APIs STRFTIME and CTIME. Novell states that these problems are seen only with NetWare versions 3.12 and 3.2 and have not been observed in NetWare version 4.x or 5.x. You can download the update file named lib312c.exe from the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
CLIB UPDATE FOR NETWARE 3.12 AND 3.2
Novell has released the latest version of CLIB for NetWare 3.12 and 3.2. The only changes since LIB312C.EXE are the inclusion of updated AFTER311.NLM and A3112.NLM, which address a possible memory corruption issue. You can download this update in the file lib312d.exe from Novell support at
http://support.novell.com/misc/patlst.ht
MOVING NEWER NETWARE UTILITIES TO OLDER SERVERS
As a network administrator, you may want to move newer NetWare utilities to older servers, or you may want to copy these utilities to a local drive on a workstation. LOGIN.EXE and NDIR.EXE are two such popular utilities.
However, before you move these utilities, you should know which unicode files should be moved as well. For most utilities, you can get this information simply by running the utility itself using the /VER parameter (for example, PCONSOLE /VER). Most utilities will generate the needed support files in this way. If a .MSG file for the utility exists, you should copy that file as well.
CHANGING THE NAME OR INTERNAL IPX ADDRESS OF A NETWARE SERVER
Here's a tip from Novell that will ensure success when changing the name or address of a NetWare server:
Novell recommends that when you rename a 4.x server or change the IPX Address, you should change only one parameter at a time. You should bring the server up with the new name or address and allow it to synchronize to the tree, then change the other parameter and cycle the server again.
COMMON LOGIN SCRIPT PROBLEMS--PART 1 OF 2
If you have a series of paths set in your AUTOEXEC.BAT file, your login script may overwrite some of these paths. The reason is that NetWare PATH statements are set up as search mappings when logged onto the network starting with S1, S2, and so on. When you specify MAP (S1:=), then you overwrite the existing search mapping. To avoid this problem, use a MAP INS on the search drives, pushing the existing statements down the line without overwriting.
COMMON LOGIN SCRIPT PROBLEMS--PART 2 OF 2
Be extremely careful when you use the EXIT command in your login scripts. Entering the command using the correct syntax is critical. For example, you need to make sure the path and command you put in the quotes are not more than 14 characters long. The early versions of LOGIN.EXE in 3.1X and the LOGIN.EXE in 4.1 don't support more than 14 characters in the path. Also, remember that EXIT will exit you clear out of the login script, not allowing any other login scripts to run.
If there is a user or profile login script that a user needs to execute, you should not use EXIT to get out of the system/container login script.
CENTRAL REPLICA REPOSITORY SERVER
Does it make sense to have a single server be responsible for all replicas? In some cases, the answer is yes. For example, having a central server makes backing up the NDS tree easier, since you can do it from one server. Also, tree walking on the central server is faster both on external and subordinate references.
In other cases, however, a single replica server may not be the best solution. For example, the single server will have to communicate to all servers in the tree that hold any type of replica. It will be updating replicas, sub ref time stamps, external reference backlinks, etc. on every server. This server will have to receive all updates made in the tree, including object creations, deletions, modifications, and login timestamps. This means that every change in the network will be replicated to this single server. Weigh the options carefully as you plan your network.
UPDATES FOR NOVELL'S CLIENT FOR WINDOWS 95/98
Novell recently released a Service Pack to address a few known issues with its Novell Client 3.1 for Windows 95/98. The Service Pack fixes the following known problems you may experience when using the Client:
Disappearing printers.
CMD will not work on certain computers.
DNS will not work if DHCP lease is expired.
Application cannot be launched using Start/Run.
Client only tries the first address from a list of IPs.
Volumes cannot be accessed when opening from Start.
(Novell notes on its support site that your NetWare 4.11 and 4.2 servers will require an update prior to the installation of this Client Service Pack. The server update is located in the NetWare 4 Support Pack 7.)
You'll find the Support Pack in the file 9531sp1.exe at the following URL:
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/nwclients/9531sp1.exe
COMMON LOGIN SCRIPT PROBLEMS
Be extremely careful when you use the EXIT command in your login scripts. Entering the command using the correct syntax is critical. For example, you need to make sure the path and command you put in the quotes are not more than 14 characters long. The early versions of LOGIN.EXE in 3.1X and the LOGIN.EXE in 4.1 don't support more than 14 characters in the path. Also, remember that EXIT will exit you completely out of the login script, not allowing any other login scripts to run. If there is a user or profile login script that a user needs to execute, you should not use EXIT to get out of the system/container login script.
CONNECTION MONITORING UTILITY
Need a quick way to find out which connection is causing performance problems or hogging disk space? If so, check out this shareware utility--UGadget V1.0 from NetTech Australia. This tool displays a full list of all connections used on a server, including the number of requests and bytes read and written. You can also view information about messages sent to users and connections cleared. For more information on this monitoring tool, visit the following Web site:
http://www.novellshareware.com/
CONSOLE MANAGEMENT ASSISTANCE
In traditional NetWare environments, messages occurring on servers are not always reported to systems administrators. ConsoleAlert allows an administrator to generate SNMP alerts when messages appear on the NetWare server console or third-party application screens. In addition to alerting the administrator, ConsoleAlert can automatically take corrective console actions as defined by the administrator. For more information, visit
http://www.serversystems.com/frames/cs_al.htm
HOW MANY OBJECTS IN A CONTAINER?
What's the limit on the number of objects you can put in a container? You may not get a consistent answer to this question. For example, the NDS Design class materials from Novell say the number is 100. However, the advanced 4.x administration materials say 500. Why the confusion? The answer is that there is no limit within the base NDS. Any problems you may have faced were with displaying the objects within a container, not a physical limit. For example, NetWare 4.01 could effectively process about 1,200 objects, while the newer versions can process 12,000 to 15,000 objects per container (a sign that if you're running into problems, you might want to rethink your structure).
SAFE WAY TO DOWN A FILE SERVER WHEN CONSOLE IS HUNG
If your NetWare 4.11 server is frozen, you can still safely down the server even though you don't have the console prompt. This will not work for hard hangs since the server will not accept input from the keyboard. The console can get hung for a variety of reasons, although the most common hang is caused by unloading an NLM and the console doesn't come back.
You can still toggle screens and drop into the debugger by holding down Ctrl-Alt-Shift-Esc or Ctrl-Alt-Esc. You'll then see the prompt Down The File Server And Exit To DOS (Y/N). Selecting Y and pressing Enter will close down the database and exit you to the DOS prompt.
CREATING A GUEST EQUIVALENT
With NetWare 3, you had a guest account that you could quickly assign for limited access to your networks. With NetWare 4, you can create a guest equivalent as well, granting rights to these users for access to the tree. However, this approach requires a separate account for guest privileges. Another option you might use is to grant the rights that you would have granted to the guest user to the public. This gives guest rights to all connected users. The downside to this option is that no authentication is required to access these resources, which could potentially compromise your NDS security. The most recommended solution is to grant the rights to [root] rather than public. This approach gives guest rights to ALL authenticated users in the tree without compromising any security.
DEFAULT LOGIN SCRIPTS
NetWare embeds the default login script in the LOGIN.EXE command, meaning that you can't modify the file or the script. This script will execute without regard for previously run scripts. For example, if the default login script runs after a system login script, it may overwrite mappings the system login script just created. You can prevent the execution of the default script by including the EXIT script command. The EXIT command in the system login script will cause LOGIN.EXE to immediately exit without executing any further instructions in the current or subsequent scripts. Also, on 3.12 networks only, LOGIN.EXE supports the script command NO_DEFAULT. Placing this command in the system login script prevents the default script from running, even if no user script exists.
UNDERSTANDING DHCP
DHCP (Dynamic Host Configuration Protocol) provides you with an easy way to manage the assignment of IP addresses to workstations on your NetWare network. DHCP is the new generation of the Bootstrap Protocol (BOOTP). You can still use BOOTP to configure clients with IP addresses; however, BOOTP lacks the extensibility of DHCP and doesn't support client leases. What is a client lease? DHCP grants the use of an IP address to a client for a specified period of time as a lease. As the lease nears expiration, the client will attempt to renew the lease. If the lease expires, the client loses its IP address and must obtain a new lease. The power of managing IP addresses using leases lies in the fact that the DHCP server can manage pools of IP addresses, which are recycled as clients log in and off of your network.
TRACKING DIRECTORY SERVICE CONDITIONS
In some NDS environments, errors that occur on remote servers may not be reported automatically to systems administrators. In these cases, holdups can go undetected until user backlash bombards the help desk or support staff. DSAlert is a diagnostic and network support tool that enables Novell's Network Directory Services error conditions to be monitored and reported. For more information, visit
http://www.serversystems.com/frames/ds_al.htm
LIMITING USER DISK SPACE
Do you need to limit the amount of disk space a given user can access on a volume? No problem. In NWADMIN, click on the volume object. From the menu, choose Object, Details, See User Space Limits, or click on the directory under the volume. Then choose Object, Details, Facts, and Restrict Size to make the change.
DOUBLE DRIVE MAPPINGS
Are you experiencing drive mappings that are created twice or to the root directory? If so, the cause is most likely because the default login script is running along with your system login script. To avoid this double duty, put the line
NO_DEFAULT
into the container login script.
LOST DRIVE MAPPINGS
When you use Novell's Client32 for Windows 95 and log into your server, have you noticed that your workstations will sometimes get the right drive mappings, while at other times they won't? Most users have encountered this inconsistency.
The problem is with your permanent drive mappings in Windows 95. These mappings can conflict with drive mappings coming from your login scripts. Don't attach to server drives and map them permanently from inside Windows 95. Instead, use drive mappings from inside of login scripts.
FIBER AND FRAME TYPES
Are you upgrading to Fiber and not sure what frame type to use? The only defined and necessary NetWare frame types for IPX on FDDI are FDDI_802.2 and FDDI_SNAP.
If you're running ETHERNET_802.2 IPX clients, use FDDI_802.2 for IPX on your servers. If you're running ETHERNET_II IPX clients, use FDDI_SNAP for IPX on your servers.
If you're running ETHERNET_II TCP/IP clients, you MUST use FDDI_SNAP for TCP/IP on your servers. If you're running ETHERNET_SNAP AppleTalk clients, you MUST use FDDI_SNAP for AppleTalk on your servers. Finally, don't use ETHERNET_802.3, ETHERNET_SNAP, or "FDDI_RAW" for IPX, and you'll be fine.
DON'T MESS WITH FILE COMPRESSION
If you have file compression enabled on your NetWare server, Novell says that it is essential that you have the latest OS patches loaded on your server. Compression puts a heavy load on your CPU cycles to compress and decompress files. Novell has set the default SET parameters for compression to provide the best possible performance. For example, compression is designed to take place after midnight when most servers have little or no traffic. Also, THE DAYS UNTOUCHED BEFORE COMPRESSION SET parameter is designed to make sure frequently used files are not compressed. Novell warns that any adjustments to the default compression SET parameters may severely impact the server's performance. Be careful with this SET command.
MONITORING COMPRESSED FILES
File compression and archival is an important part of managing your NetWare networks. Because of the nature of file compression and the realities of disk storage, archived files may on occasion become corrupted. To help you keep tabs on these compressed files, you can use a utility such as CompMon, which runs as an NLM and examines compressed files, reporting the extent of damage to them, if any. CompMon v. 2.00 runs on your NetWare 4.1 servers. For more information, visit
http://www.midnighttech.com/compmon.htm
RECOVERING DATA FROM CORRUPT COMPRESSED FILES
If you've ever lost valuable data in compressed files and had no way to restore it, you'll be interested in a utility called FixCFile v. 1.21. This utility can help recover your valuable data that is locked away in corrupted compressed files. FixCFile is a NetWare Loadable Module for NetWare 4.1. It'll cost you $795.95 per site, but only a few uses of the software could easily pay for it. For more information, visit
http://www.midnighttech.com/fixcfile.htm
TROUBLESHOOTING FILE COMPRESSION
If you're experiencing performance problems and you have file compression enabled, you may consider disabling the compression. This will allow you to either identify it as the problem or eliminate it from the suspect list. To disable compression, set ENABLE FILE COMPRESSION=OFF.
Files will still be queued for compression; however, they won't be compressed. If you try to access a compressed file, it will still be decompressed.
PROTECTING YOUR MOST IMPORTANT FILES
As network administrator, one of the most challenging tasks you may face is rebuilding your network after a crash or devastating hacker attack. That's why it's important that you keep copies of some of the more important files archived, ready for use if needed. For example, you should have copies of your STARTUP.NCF and AUTOEXEC.NCF files. You should back up your bindery or NDS, as well as System Login Scripts and Container Scripts. Keep these copies offsite or in a secure place. Then, hope that you never need them!
A GREAT FILE RECOVERY UTILITY
As you know, recovering deleted files, or even getting detailed information about deleted files, can be tough. Fortunately, utilities like Salvage 98 make it easier. Salvage 98 works with your NetWare 3, NetWare 4, IntranetWare, and IntranetWare for Small Business server, providing a wealth of information about your deleted files. Using Salvage, you can view info about each deleted file, including the file size, who deleted the file, and the date the file was deleted. You do all this using a Windows Explorer-like interface, making the task of file recovery easy.
To download the utility, visit the Novell FTP site at the following address:
ftp://ftp.novell.com/pub/nwc-online/utilities/salv98.zip
FORCE A MINIMUM PASSWORD LENGTH
For a hacker, the front door to your network is the login screen. Your choice of password can be their key in or their ticket to nowhere. The shorter you make your password, the easier it is for the hacker to guess. Take advantage of NetWare's restriction settings and force your users to choose a password at least eight characters long. Also, request the use of passwords that contain a mix of numbers and letters. Such passwords are much harder to break.
FORCING A SERVER ABEND
There is a Novell AppNote dated June 1995 "Abend recovery Techniques for Netware 3 and 4 Servers" You can simulate an abend anytime by using:
<left-shift><esc><right-shift><right-alt>
sequence to enter the debugger.
FRAME INFORMATION
Ethernet_802.2 - used for IPX packets only
Ethernet_802.3 - used for IPX packets only
Ethernet_II used for TCP/IP, Appletalk Phase I and DEC mini's
Ethernet_Snap used for Appletalk Phase II
On a network using IPX & TCP/IP you need 802.2 or 802.3 AND ENET II.
You will need to ADD not change the Ethernet II protocol to the stations running 802.2 or 802.3 (for IPX) to run TCP/IP.
GROUPWISE NT GATEWAY FOR CC:MAIL PATCH
Novell has released a patch for its GroupWise 5.x Gateway for cc:Mail product on the Microsoft Windows NT platform. This patch addresses some known issues and provides the option of verifying GroupWise account creation at the destination post office before initiating mailbox migration. It also provides control over the GroupWise domains and cc:Mail post offices that can participate in directory operations.
You'll find the patch in the file ccmln1.exe, which is available for download from the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
GROUPWISE 4.X API GATEWAY PATCH
If you're running Novell's GroupWise 4.x API Gateway, you'll be interested in obtaining the latest patch from Novell. This patch fixes several known problems you may have experienced, including:
- Abends that occurred while the gateway was processing a directory list.
- Abends caused by memory allocation/free error. The gateway would not free memory when it was stopped. If the gateway was not stopped for a long period of time, an abend would eventually occur.
You'll find the patch in the file GW41API.exe on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
PATCH 2 GW5 NT GATEWAY FOR EXCHANGE
Novell has released a patch file for GroupWise 5 NT Gateway for Exchange--Patch 2. This patch file provides the following fixes to some known problems:
- Filtering switches /blockdom and /allowdom now work with directory synchronization as well as with directory exchange.
- The gateway can now initialize a migration in certain non-English environments.
- GroupWise users will no longer be deleted if the location of the gateway is changed to another domain.
- Mail from Exchange to GroupWise now works with a userid on both GroupWise and Exchange.
- Mail sent from a user on an external GroupWise domain to MS Exchange now does not drop any recipients.
- The problem with replies to mail sent from the Internet to MS Exchange through GroupWise 5.2 GWIA has now been fixed. Replies will still not work if GroupWise 5.5 GWIA is used with Internet addressing.
You can find the patch in the file exchnt2.exe, available for download from the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
GROUPWISE 5 NT GATEWAY FOR EXCHANGE PATCH
Novell has identified a host of problems with its GroupWise 5 NT Gateway for Exchange. The problems that you may experience include the following:
- A GPF occurs while processing certain inbound messages.
- The gateway cannot obtain the configuration information during initialization if a UNC path is used.
- A GPF occurs while processing an inbound message with OLE attachments.
To address these and other issues, Novell recently released a patch file for the product. For more information and to download this patch, visit
http://support.novell.com/misc/patlst.htm
GROUPWISE 5.5 SUPPORT PACK 2
GroupWise administrators will be glad to know that Novell recently posted an update to the Support Pack for GroupWise 5.5--Support Pack 2. This update includes fixes and improvements to the GW Administration, GW Agents (Internet, NLM, NT, and WebAccess), and GW Client (Win 95/98/NT) components. You'll find the English version of Support Pack 2 on the Novell Support Web site. Look for the file g552en.exe at
http://support.novell.com/misc/patlst.htm
UNIVERSAL ADDRESS BOOK FOR GROUPWISE
Are you running Novell's GroupWise on your network? If so, you'll be interested in a dynamic third-party application called NexCard. NexCard is a shareable, universal address book for Novell GroupWise that allows your users to share addresses over the network, enhances the user interface for address entries, includes custom field capabilities, and delivers a portable/universal address book for multiple Windows applications. NexCard for GroupWise is available both as a 32-bit MAPI Address Book Service Provider and as a 16-bit application. You can use both versions simultaneously to provide both MAPI and non-MAPI applications. For more info on NexCard, visit this Web address:
http://www.nexal.com/NexCardGroupwise.htm
CREATING A GUEST EQUIVALENT
With NetWare 3, we were used to having a guest account that we could quickly assign for limited access to our networks. With NetWare 4, you can create a guest equivalent as well, granting rights to users for access to the tree. However, this requires a separate account for guest privileges. Another option you might use is to grant the rights that you would have granted to the guest user to public. This gives guest rights to all connected users. The downside to this option is that no authentication is required to access these resources, which means that you're potentially compromising your NDS security. The most recommended solution is to grant the rights to [root] rather than to public, which gives guest rights to ALL authenticated users in the tree. Thus, users can authenticate as themselves and access the resources (servers, volumes, services, etc.) that are for guest use. This allows for flexibility for granting rights to public services without compromising security.
HOW MANY OBJECTS DOES A CONTAINER HOLD?
If you need to know the limit on the number of objects you can put within a container, be prepared for a variety of answers. For example, in the NDS Design class materials from Novell, it says the number is 100. However, in the advanced 4.x administration materials, it says 500. Why the confusion?
The answer is that there isn't a limit on the number of objects within the base NDS. If you've encountered problems, they probably have to do with displaying the objects within a container, rather than the physical number of objects. To give you an idea of the actual number of objects NetWare can effectively process, version 4.01 could handle about 1200 objects, while the newer versions can process 12,000 to 15,000 objects per container. If problems persist, it might be time to re-think your structure.
IGNORING THE STARTUP FILES WHEN BOOTING A NETWARE 3.X SERVER
There may be times when you want to boot a file server without running the startup scripts, C:\STARTUP.NCF and SYS:SYSTEM/AUTOEXEC.NCF. With NetWare 3.x, when you issue the SERVER command, include the parameter:
-ns to skip STARTUP.NCF
-na to skip AUTOEXEC.NCF
Remember: These parameters are case-sensitive and must be entered in lowercase!
TRACKING ACTIVITY ON YOUR 3.X NETWORK
]NetWare includes a powerful tool for monitoring activity on your network--the Security utility. You'll find the utility in the System subdirectory. Security provides a wealth of information about who is accessing the network, who has supervisor rights, what trustee assignments they have, and more. You should run the report often, comparing results and looking for dramatic changes in activity or to rights. This should help you identify potential security holes or hackers.
INCONSISTENT DNS RESPONSES
Having trouble with DNS Services on your IntranetWare server? Novell recently identified a problem you may experience when running the DNS Services utilizing the NAMED.NLM. These DNS Services respond to DNS queries for Internet names (such as www.pcworld.com). The problem seems to occur after the IntranetWare server runs with no problems for an extended period, then it begins to send incomplete responses back to the client for Internet lookups. Novell has linked the problem to the NAMED.NLM, which runs out of the memory needed to successfully complete the DNS lookup. The solution is to increase the cache memory for DNS in the SYS: ETC\NAMED.CFG file. To resolve the problem, set the MAXCACHE value to 1024. Novell warns that even with this higher setting, it is possible that a busy DNS may run out of space in its cache. If this is the case for you, Novell recommends configuring your server to automatically unload and load the NAMED.NLM file at configurable intervals to regularly clear the cache.
INOCULAN V4.0 FOR WINDOWS NT
With the latest rash of virus scares, it's vital that you have the latest virus signatures for your antivirus software. For those using InocuLAN, Novell has posted the latest virus signature update and service pack for InocuLAN v4.0 for Windows NT. These files update your system to version 4.19H and also update to the NT Service Pack 2A BUILD 375. You can use this patch with either ManageWise 2.5 or 2.6.
For more information and to download this patch, visit the following Novell URL:
http://support.novell.com/misc/patlst.htm
INOCULAN V4.0 FOR WINDOWS NT UPDATE FILE
Novell has released the latest virus signature update and service pack for InocuLAN v4.0 for Windows NT for the Intel platform only. These files update your system to version 5.02 and also update to the NT service pack 2A Build 375. This patch can be used for either ManageWise 2.5 or 2.6. You'll find the update file--mxinoc2d.exe--on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
INTRANETWARE CLIENT YEAR 2000 FIXES
If you're running the IntranetWare Client v2.20 for DOS/WIN or Windows 95, IntranetWare Client 4.11 for Windows NT, or the NetWare Client for 0S/2 2.12, then you're year-2000-ready. However, if you meet any of the following criteria, you need to download a fix from Novell to ensure Y2K compliance.
- You're using NWADMN3X.EXE for administration (the 16-bit version of NWAdmin).
- You're in a locale where the year is displayed yy-mm-dd, and you want the year to display in two digits (not one) for the years 2000-2009.
- You're unable to use the 32-bit version of NWAdmin (NWADMIN.EXE).
You'll find the fix in a file named CLTY2KP1.EXE on the Novell Web site at the following URL:
http://support.novell.com/cgi-bin/search/patlstfind.cgi?2933241
The patch updates your NWLOCALE.DLL file, updating the API named NWLstrftime to report the correct year after 1999.
INTRANETWARE INSTALLATION TIP
If you're installing IntranetWare, you have two choices for installation--Simple or Custom. The Simple installation streamlines the process, but it may cause you more work down the road. A good rule of thumb is: If your network will consist of only one or two servers and fewer than 1,000 users, you'll need only one NDS container; if IPX is the only protocol you'll use, then you'll be fine using the Simple install. However, if you'll have multiple servers with more than 1,000 users, you'll need multiple NDS containers; if you plan to use TCP/IP, you should use the Custom install, which will give you much more control over the process.
PLANNING FOR INTRANETWARE SETUP
When you install IntranetWare, you'll have the option of setting up multiple volumes. While you may be tempted to create one large SYS: volume to hold everything, doing so is not recommended. One reason is that you don't want to locate your print queues on your SYS: volume. If your print queues fill up, NDS will become disabled. Follow the planning guides available on your IntranetWare CD or on the Novell Web site to plan your volumes well.
INTRANETWARE UTILITIES
Looking for specialized tools and utilities for Novell's IntranetWare? If so, you'll be interested in JRButils from JRB Software. JRButils v4.00 contains 73 bindery-based and 64 NDS-aware utilities for managing IntranetWare. The utilities are command-line based and cover almost all aspects of managing NW 2.x, 3.x, and 4.x, providing far greater functionality and flexibility than the tools shipped with IntranetWare. They are particularly suited for managing large numbers of users, allowing operations to be performed on objects selected by wild cards, container, membership of a group, or by a list in a file. JRButils is suited to batch mode operations such as mass usercode creation, customization, and deletion. For more information, see
http://www.jrbsoftware.com/
NOVELL INTERNET MESSAGING SYSTEM 2.01 REV A
Novell has released a patch kit for the Novell Internet Messaging System, version 2.01 rev a. You'll find the patches in the file NIMS201A.EXE, which provides fixes and enhancements for the Novell Internet Messaging System version 2.00. A note from Novell on this patch: To upgrade to NIMS 2.01, you must have a released copy of NIMS 2.0. You cannot upgrade beta versions of NIMS 2.0 to 2.01. If your installation of NIMS 2.01 failed, you do not have a recognized released copy of NIMS 2.0. If you already have NIMS 2.01 and just want to update to NIMS 2.01a, you should use NIMD201A.EXE instead of this patch. Look for the file NIMS201A.EXE on the Novell Support Web site
at
http://support.novell.com/misc/patlst.htm
CONFIGURING IPX AS THE PRIMARY TRANSPORT PROTOCOL
You can reconfigure the Microsoft network device transport protocol to reduce the time necessary to discover new NetWare and Microsoft network devices, such as workstations and servers. To do so, try this idea from Novell.
If you're using an IP Novell environment (NetWare 5 server environment or a mixed NetWare 4.11/5 environment with NetWare 5 compatibility mode enabled), configure TCP/IP as the primary transport protocol for Novell's client. Otherwise, configure IPX as the primary transport protocol for Novell's client.
To do this in an IP Novell environment, go to Control Panel/Network/Bindings and display the bindings for Novell Client For Windows NT by clicking on the + next to it. Highlight TCP/IP Protocol and click on the Move Up button so that this option is first. Make sure that NWLink IPX/SPX Compatible Transport is listed second.
In an IPX Novell environment, go to Control Panel/Network/Bindings and display the bindings for Novell Client For Windows NT by clicking on the + next to it. Highlight NWLink IPX/SPX Compatible Transport and click on the Move Up button so that this option is first. Make sure that TCP/IP Protocol is listed second.
ENABLING LOAD BALANCING ON YOUR 4.X SERVER
Imagine the performance increase you would get if you could install a second network card in your server and share the traffic load between it and the existing card. You can do this by taking advantage of a NetWare feature known as load balancing. Load balancing allows you to bind two network cards to the same IPX network address (this process works only for the IPX protocol).
To enable load balancing on your 4.x server, you'll use the INETCFG utility. In INETCFG, enable NLSP routing and define the maximum number of path splits. Then, turn on Load Balancing with a set command at the server console prompt. Next, at the server console, type
LOAD IPXRTR
(Be sure you are using the current version of IPXRTR. As of mid-1998, this is the common version found in IPX65G.exe. Note: The version of IPXRTR that ships with NetWare 4.10 does not support load balancing.) Next, type
LOAD INETCFG
and select Protocols, IPX, Advanced IPX (set to Enabled), Routing Protocol (NLSP with Rip/Sap Compatibility), Expert Configuration Options, Maximum Number of Path Splits (set to the number of cards that will be used in load balancing). Then, exit INETCFG and save the changes. You'll need to reinitialize the system to make the changes take effect. Next, you need to set the Set Load Balance Local LAN to On and add the command to your AUTOEXEC.NCF to have it automatically load in the future.
LOGIN SCRIPTS AND NETWARE 4.1
With NetWare 4.1, you need specific rights in order to use the login scripts. For example, you must be a trustee of the object and have at least the read right to the login script property to run the script. This read right is all you need to run the login scripts. You don't need the browse right since it only gives the object the right to be seen by another object--you don't have to see the login script in order to run it. NetWare 4.1 stores the login scripts in NDS, meaning you should not attempt to make changes by any other means than through the 4.1 NETADMIN and NWADMIN utilities.
COMMON LOGIN SCRIPT PROBLEMS--PART 1 OF 2
If you have a series of paths set in your AUTOEXEC.BAT file, your login script may overwrite some of these paths. The reason for this is that NetWare PATH statements are set up as search mappings when logged onto the network starting with s1, s2, and so on. When you specifically MAP (S1:=), then you overwrite the existing search mapping. To avoid this problem, use a MAP INS on the search drives, pushing the existing statements down the line without overwriting.
DEFAULT LOGIN SCRIPTS
NetWare embeds the default login script in the LOGIN.EXE command, meaning that you can't modify the file or the script. This script will execute without regard for previously run scripts. For example, if the default login script runs after a system login script, it may overwrite mappings the system login script just made. You can prevent the execution of the default script by including the EXIT script command. The EXIT command in the system login script will cause LOGIN.EXE to exit immediately without executing any further instructions in the current or subsequent scripts. Also, on 3.12 networks only, LOGIN.EXE supports the script command NO_DEFAULT. Placing this command in the system login script prevents the default script from running, even if no user script exists.
HOW TO LOGIN WITHOUT RUNNING THE SYSTEM/USER LOGIN SCRIPT
The DEFAULT login script built into LOGIN.EXE executes after the SYSTEM login script (NET$LOG.DAT) when there are no USER login scripts. The solution is either to use an Exit command at the end of the SYSTEM login script or to create individual USER login scripts. The latter approach requires more work, but creating USER login scripts has a security benefit.
INTERMITTENT FAILURE OF NETWARE LOGIN
If you're experiencing intermittent failures when logging in to your NetWare servers, the problem may lie with licensing. When a Windows NT client logs onto a NetWare NDS tree, a licensed connection to the NetWare server is required. If your NetWare server is out of licenses, NT can't establish a connection, causing the login script to fail, and no access will be allowed.
TROUBLESHOOTING LOGIN SCRIPTS
What's the number one cause of problems in login scripts? Most of the problems NetWare administrators and users face with login scripts are the result of syntax and spelling errors. Correcting spelling errors and using variables in the right way (for example, putting quotes around a login name being tested in an IF..THEN condition) resolve many problems. It's a good idea to double- and triple-check for spelling and syntax errors before moving on to more complex troubleshooting techniques.
COMMON LOGIN SCRIPT PROBLEMS--PART 1 OF 2
If you have a series of paths set in your AUTOEXEC.BAT file, your login script may overwrite some of these paths. The reason is that NetWare PATH statements are set up as search mappings when logged onto the network, starting with s1, s2, and so on. When you specifically MAP (S1:=), then you overwrite the existing search mapping. To avoid this problem, use a MAP INS on the search drives, pushing the existing statements down the line without overwriting.
COMMON LOGIN SCRIPT PROBLEMS--PART 2 OF 2
Be extremely careful when you use the EXIT command in your login scripts. Entering the command using the correct syntax is critical. For example, make sure the path and command you put in the quotes are not more than 14 characters long. The early versions of LOGIN.EXE in 3.1X and the LOGIN.EXE in 4.1 don't support more than 14 characters in the path. Also, remember that EXIT will exit you clear out of the login script, not allowing any other login scripts to run. If there is a user or profile login script that a user needs to execute, you should not use EXIT to get out of the system/container login script.
TROUBLESHOOTING LOGIN SCRIPTS--PART 1 OF 3
What's the number-one cause of problems in login scripts? Most of the problems NetWare administrators and users face with login scripts are the result of syntax and spelling errors. Correcting spelling errors and using variables in the right way (for example, putting quotes around a login name being tested in an If/Then condition) resolve many problems. Double- and triple-check for spelling and syntax errors before moving on to more complex troubleshooting techniques.
TROUBLESHOOTING LOGIN SCRIPTS--PART 2 OF 3
To help you track progress (or lack of progress) in your login scripts, take advantage of the built-in troubleshooting commands available in NetWare. For example, you can set Map Display and Map Errors to On in the login script. It's common for administrators to set these parameters to Off, hiding mapping errors that occur during login script execution. With these settings on, you'll be able to see the error, providing clues as to why a certain command did not execute as expected. After seeing that the login script performs all map commands without error, the Map Display and Map Errors parameters can be returned to the Off position.
TROUBLESHOOTING LOGIN SCRIPTS--PART 3 OF 3
Another built-in command that can prove helpful in troubleshooting login scripts is the Pause command. Use the Pause command prior to the script command that doesn't work as expected. Run the script, looking for the errors. Keep moving the Pause command down through the script until you isolate the problem in the script.
UNDERSTANDING THE LOGIN SCRIPT HIERARCHY
Login scripts can prove difficult to troubleshoot. You'll have much more success if you know where the login script text files are located and in which order the login scripts run. If you are running a 3.1x network, you'll have three types of login scripts--the system, user, and default login scripts. Here's the order in which NetWare executes these scripts. First, if a system login script exists, it executes first. Next, the user login script runs. If no user login script has been defined, a default login script will run.
You'll find the system login script in the SYS:PUBLIC directory in a file named NET$LOG.DAT. You can edit this file using any text editor. You'll find the user login script in the user's mail directory in a file named LOGIN.
EXTRA TOOLS FOR YOUR NETWARE 4.X AND 5 SERVERS
Looking for extra tools to help you through the day as administrator of your NetWare 4.x and 5 servers? If so, try out the utilities found in TOOLBOX.NLM version 2.01. You can execute this group of utility functions on the server console or via NCF files without involving any clients. You'll find TOOLBOX.NLM in the file etbox2.exe, available from
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/inw411/etbox2.exe
ADDITIONAL NETWARE 4.10 YEAR 2000 FIXES
Novell has identified additional issues related to the Y2K problem and its NetWare 4.10 product. These issues affect the LOADER.EXE and RCONSOLE.EXE features. For example, one issue could result in the file server abending at the year 2000 rollover to 1/1/2000. Using the SET TIME command, the BIOS clock would also be reset to the year 1980. To address these issues, Novell provides the file 410y2kp2.exe, which you can download from
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/nw410/410y2kp2.exe
ENABLING LONG FILENAME SUPPORT ON NETWARE 4.1 AND 3.11
Need to enable long filename support on your NetWare 4.1 or 3.11 server? Here are the steps you'll need to take. First, you need to ensure that you have the latest patch kit installed (check the Novell Web site Technical Support area). Next, to load long filename support, at the server console prompt, enter
LOAD OS2.NAM
Then, type
ADD NAME SPACE OS2 TO VOLUME
Finally, to prevent the need to perform these steps each time you restart your server, add the load commands for the OS2.NAM to your AUTOEXEC.NCF file.
ENABLING LONG FILENAME SUPPORT ON INTRANETWARE OR NETWARE 4.11
Need to enable long filename support on your IntranetWare or NetWare 4.11 server? Here are the steps you'll need to take: First, you need to ensure that you have the latest patch kit installed (check the Novell Web site Technical Support area). Next, to load long filename support, at the server console prompt, type
LOAD LONG.NAM
Then, type
ADD NAME SPACE LONG TO VOLUME
Finally, to prevent the need to perform these steps each time you restart your server, add the load commands for the LONG.NAM to your AUTOEXEC.NCF file.
LONG FILENAMES
If your planning on moving long filenames to and from the file server from 32-bit programs, then not only will you need to add a long filename namespace, but also will need a Network client to support this file transfer. Client 32 will support LFN transfers, VLMs will not. If you are going to run only 16-bit applications, then I wouldn't worry about LFN support.....Remember this before purchasing 32-bit network applications. You must also be equipped with a 32-bit client, along with your 32-bit operating system and 32-bit namespace.
LOST DRIVE MAPPINGS USING OFFICE 97 FROM AN INTRANETWARE CLIENT
If you're running Microsoft's Office 97 suite of applications from a workstation utilizing IntranetWare Client version 2.20, you may experience intermittent problems with drive mappings and connections. The problem is random, most likely occurring during file-save attempts. The result is lost connection to the mapped drive. Fortunately, Novell has a fix, found in the file NOVELLNP.EXE. This file contains an updated version of NOVELLNP.DLL for the IntranetWare Client 2.20 for Windows 95. You'll find the fix on Novell's Web site at the following URL:
http://support.novell.com/cgi-bin/search/patlstfind.cgi?2936259
LPTX INVALID SELECTION ERROR
If you try to run NPrinter 95 (NPTWIN95.EXE) on your Windows 98 laptop with a printer attached to LPT1, you may receive an error message (This Printer Is Configured To Use LPT1 And LPT1 Is An Invalid Selection For Your PC) when selecting a printer to service. To avoid this problem, perform a Windows registry search for all occurrences of the string PORTNAME (all uppercase) and replace each with PortName
MANAGEWISE 2.6 FIXES
Novell has released an updated version of its Support Pack for ManageWise that addresses several known bugs. The ManageWise 2.6 Support Pack 1 provides all ManageWise 2.6 patches since the ManageWise 2.6 release. To download this patch and find more information, go to
http://support.novell.com/misc/patlst.htm
MANAGEWISE--CHEYENNE SIGNATURE UPDATE
Novell has released an update for ManageWise that contains the latest Engine and Signature version 4.19, changes to avupdate, Service Pack for Windows 95 Build 464, and Service Pack 2 for NetWare. The changes include fixes for the following problems:
- InocuLAN Examine.Exe hangs when CD-ROM drive is loaded
- MW 2.5: Couldn't open signature file [C:\INOCULAN\VIRBOOT.DAT]
- MW 2.5 Virus in w/s: Live Trial Build 320
- MW 2.5 InocuLAN: SUPDATE.DAT is outdated
- WIMM_DYN.VXD causing a blue screen when performing a signature update or shutting down the Windows 95 Workstation.
For more information and to download this patch, visit the following Novell URL:
http://support.novell.com/misc/patlst.htm
MANAGEWISE--VIRUS SIGNATURE 5.02
Novell has released the latest Engine and Signature version 5.02 for ManageWise. InocuLAN v4.0 has been updated to incorporate new virus scanning signatures (v5.02) and performance improvements. This release of the signature detects new variants of known macro viruses and provides changes to avupdate, service pack for Windows 95 Build 464, and service pack 2 for NetWare. Look for the file mwinoc1d.exe on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
MASTRY TRAINING FROM NOVELL
Looking for additional training to sharpen your Novell skills? Novell Technical Services has taken its training on the road, bringing technical support engineers to you. Their goal is to help you stay up to date on all core Novell technologies. They will also discuss system design and integration, installation, configuration, and troubleshooting techniques. You'll find complete details, including course descriptions, training dates, and online registration at the following address:
http://support.novell.com/events/masterytraining/
MONITORING UTILIZATION OF YOUR 4.10 SERVER
If you're closely watching your server utilization using the Monitor utility, you may be alarmed when utilization goes to 100 percent for a few seconds and bounces down. If you notice this happening on your server, don't panic. Novell has identified that the Monitor utilization number is not an entirely accurate number. The reason for this is that some server processes signal a NetWare function called CyieldWithDelay or CyieldUntilIdle. If there is a thread spinning on one of these functions, the server will appear to have high utilization, making it inaccurate. Novell says that this is normal for all 4.10 servers.
MORE MEMORY NEEDED
When you bring up your NetWare server, all free memory is assigned to file caching. As demand increases for other resources, the number of available file cache buffers decreases. NetWare doesn't immediately allocate new resources when a request is received; instead, it waits a specified amount of time to see if existing resources become available to service the demand. If this happens, no new resources are allocated. However, if the existing resources don't become available within the time limit, NetWare allocates the new resources. This time limit ensures that sudden, infrequent peaks of server activity don't permanently allocate unneeded resources. You can monitor the amount of cache buffers from the Monitor utility. If it drops below 40 percent, you should add more memory to your server.
MORE ON TROUBLESHOOTING LOGIN SCRIPTS
To help you track the progress (or lack of progress) in your login scripts, take advantage of the built-in troubleshooting commands available in NetWare. For example, you can set MAP DISPLAY and MAP ERRORS to ON in the login script. It's common for administrators to set these parameters to OFF, hiding mapping errors that occur during login script execution. With these settings on, you'll be able to see the error, providing clues about why a certain command did not execute as expected. After seeing that the login script performs all map commands without error, the MAP DISPLAY and MAP ERRORS parameters can be returned to the OFF position.
MORE ON TROUBLESHOOTING LOGIN SCRIPTS
Another built-in command that can prove helpful in troubleshooting login scripts is the PAUSE command. Use the PAUSE command prior to a script command that doesn't work as expected. Run the script, looking for the errors. Keep moving the PAUSE command down through the script until you isolate the problem in the script.
MPREXE.EXE ERRORS FROM WINDOWS 98
You may experience a few lingering problems from your Windows 98 workstations. For example, if you have a Windows 98 computer logged onto a Novell network and it is running a program that uses an older GetOpenFileName() API, you may see this error:
MPREXE.EXE Caused An Invalid Page Fault In Module KERNEL32.DLL
Microsoft states that this is because of a problem with its Client for NetWare Networks and Service for NetWare Directory Services (MSNDS) network clients. A fix will be available in the next service pack.
MAKING YOUR NAL WINDOW ESCAPE-PROOF
One of the nice things about the Novell Application Launcher is that you can replace your user's regular Windows 95 or Windows 3.x desktop with a NAL window. From the NAL window, you can control what applications your users can and can't use. You don't have to worry about them running programs they shouldn't or snooping around the network.
The NAL window isn't escape-proof, however. If your user invokes the Task Manager, either by minimizing the NAL window and double-clicking the desktop or by pressing Ctrl-Esc, he or she can click File and Run from Task Manager and run programs either locally or on the network--or even invoke a copy of DOS.
To prevent this, either delete or rename TASKMAN.EXE on your users' workstations. Then they won't be able to use this back door and sneak out of the NAL window.
NDPS PRINT JOBS SPOOL FILES
What happens to print jobs when you send them to your networked printers? When you send an NDPS print job, NetWare spools it to a .PA directory (on the SYS volume) that is associated with the Printer Agent for the printer in question. If you want to know the name and full path of the directory, at the server console, go to the NDPS Manager Available Options menu, choose Printer Agent List, and then choose the Printer Agent for the appropriate printer. Finally, choose Information, and you'll see an entry for Job Spool Location toward the bottom of the screen.
TROUBLESHOOTING FOR NDS FOR NT
What do you do if your NT server crashes, you're using NDS for NT, and you want to relink your NT domain with the NDS tree and Domain object without manually re-creating the domain users and remigrating them?
If you have a Backup Domain Controller in the domain that has NDS for NT installed on it, you're in luck. All you have to do is promote the BDC to a PDC, rebuild the original PDC, and demote the second PDC when the original comes back online. If you don't have a BDC in your domain, things get rougher. First, you'll have to reinstall NT on the server using an emergency recovery disk for that specific server. (This is important because the SID identifier for the server has to be the same as it was originally.) Next, install NDS for NT and place the new domain object in a temporary Organizational Unit. Make sure you use the same name for the new domain and server that you used originally. Delete the domain object and SAMMIG.EXE dated 4/17/98 or later. (If yours is older, contact Novell Technical Support.)
SAMMIG will detect that the migrated domain no longer exists and allow you to browse the tree for the original domain. It will then update the NT registry to point to the original domain and regrant user access to the domain. Reboot the NT server, and everything should be fine.
PROBLEMS WITH NETADMIN
Do you have a large NDS tree? Have you noticed problems running NETADMIN? With large NDS trees, NETADMIN sometimes reports that it has run out of memory. This is due to a limitation in DOS. If the NDS container has more than 1,250 objects, reduce it. Novell recommends never going over 1,250 objects per NDS container and per NDS partition. With large numbers of objects, the DOS buffers become overrun and the program can't handle it. You have two ways to fix the problem:
- Don't use the DOS NETADMIN to manage your NDS tree; use the Windows versions instead. Windows 95 and NT handle program buffers much better than DOS.
- Reduce the number of objects in the NDS container in which the problem occurs.
DISPLAYING ADMIN RIGHTS IN NETWARE 4.x
If you're administering a NetWare network for the first time and don't know who has Admin rights, you can quickly find out by using the NLIST command. In the PUBLIC directory of your server, type
NLIST USER WHERE "Security Equal To" EQ "Admin"
You'll then see a list of all of the users in your NDS tree with Admin rights. You can view other NLIST search commands by typing
NLIST /?
FIXING NETWARE 4 WITH THE SUPPORT PACK
If you're running Novell's NetWare 4, you'll be interested in downloading and applying the latest fixes and updates, which are available in Support Pack 7. Support Pack 7 contains updates for all services contained in Novell's NetWare 4.11 and NetWare 4.2 products. Novell released this support pack to provide a group of fixes that were all tested together; the company emphasizes that you should not install individual files from the support pack. You can order the Support Pack 7 CD from the Novell support Web site at
http://support.novell.com/csp/
or you can download the file nw4sp7.exe from
http://support.novell.com/cgi-bin/search/toptid.pl?100
NETWARE 4 SUPPORT PACK 7
Novell has released the new NetWare 4 Support Pack 7. You'll find this update in the file nw4sp7a.exe on the Novell Support site. This file contains updates for all services included in the NetWare 4.11 and NetWare 4.2 products. The support pack provides a bundle of fixes that are all tested together, and installing individual files from the support pack is not recommended. These files have undergone component testing, core OS testing, and integration testing with other Novell products. You can order the support pack CD at
http://support.novell.com/csp/
or visit the Novell Support Web site and look for the file at
http://support.novell.com/misc/patlst.htm
CHANGING A SERVER NAME ON NETWARE 4.1X
Need to change the name of a server on your 4.1x network? Here are the quick and easy steps:
Make sure that NDS is synchronized correctly (SET DSTRACE=ON).
Change the file server name in AUTOEXEC.NCF of the server.
Down the server.
On another server, do a RESET ROUTER.
Wait five minutes, then reboot the server that has been renamed.
Check DSTRACE again to make sure NDS is synchronized.
Go into NETADMIN/NWAdmin to rename volume objects associated with the server.
THE LATEST NETWARE 4.11 YEAR 2000 FIXES
Are your NetWare 4.11 servers ready for the New Year? To be sure, you should download and apply the latest version of Novell's Y2K patches for 4.11. You'll find them in the file 411y2kp2.exe at the following URL:
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/inw411/411y2kp2.exe
SPECIAL PATCH FOR NETWARE 4.11
Novell has identified a problem that you may experience on your NetWare 4.11 servers. The problem occurs when an application running on Windows 95/98 workstations opens the same file multiple times on the same connection and then closes it. Novell says that with the Novell client on Windows 95/98, the file is not being closed out correctly when it closes on multiple opens. Ultimately, if this is allowed to continue, the server will run out of resources and hang. To resolve this issue, Novell has released a patch for NetWare 4.11 and 4.2. You can download the patch in the file revfhrft.exe, found on the Novell support Web site at
http://www.pcworld.com/r/tw/1%2C2061%2Ctw-nn1008%2C00.html
NDS UPDATE FOR NETWARE 4.11
If you're planning on mixing NetWare 4.11 and NetWare 5 servers in the same tree, there's an important step you need to take to avoid problems. The older versions of some critical files won't mix well. To address this potential problem, Novell recently released update versions of these critical files, which include DS.NLM v6.02, DSREPAIR.NLM v4.62, DSMERGE.NLM v1.63, DSMAINT.NLM v4.96, NDSMGR.EXE v1.25, DSVIEW.NLM v1.05, and ROLLCALL.NLM v4.10. You need to download and install these files, found in the file DS411P.EXE on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
NDS UPDATE FOR NETWARE 4.11 AND 4.2
Novell has released an update to Novell Directory Services for your NetWare 4.11 and 4.2 servers; this update addresses two problems. First, DS could monopolize too many sockets under heavy load. Modifications were made so that DS does not take too many sockets. Second, there was a memory leak problem in which IP, IPX, and AFP were bound on the server. Both problems are fixed with this update. Also, enhancements were made to DSRepair to recognize schema changes made to NDS. You'll find the update file named ds411s.exe on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
NDS FOR INTRANETWARE FIX
Novell recently identified some potential problems you may face when installing NetWare 4.11 and 5 servers into the same Directory Services Tree. To avoid these problems, you should download and install the NDS Update patch found on Novell's Web site at
http://support.novell.com/cgi-bin/search/patlstdownload?file=/pub/updates/nwos/inw411/ds411l.exe
This update contains the following files:
DS.NLM v5.99a
DSREPAIR.NLM v4.56
DSMERGE.NLM v1.63
DSMAINT.NLM v4.96
NDSMGR.EXE v1.25
DSVIEW.NLM v1.05
ROLLCALL.NLM v4.10
NETWARE 4.2 YEAR 2000 PATCH
Attention NetWare 4.2 administrators! Novell has posted an additional year 2000 patch for your version of NetWare. This patch fixes a problem with the UIMPORT.EXE tool, which fails to create expiration dates properly for both passwords and accounts when the dates are greater than 1999. Novell states that none of the year 2000 issues addressed by this update pose any threat to the network or to data integrity. You can find additional information about Novell's Y2K fixes at
http://www.novell.com/year2000
For the patch described above, look for the file 42y2kp1.exe on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
BEFORE YOU UPGRADE TO NETWARE 5.0...
Novell recommends that you verify the following details before installing a 5.0 server into an existing 4.10/4.11 tree. First, all NetWare 4.10 servers should have DS 5.15 or higher (DS410N.EXE from the Minimum Patch List located at support.novell.com). Second, all NetWare 4.11 servers should have DS 6.00 or higher (IWSP6.EXE service pack located at support.novell.com). Third, all NetWare 4.10/4.11 servers must have DSRepair v 4.59 (or higher).
NETWARE 5 EVALUATION OR DEMO LICENSE INSTALL/UNINSTALL
A warning to those who have installed the NetWare 5 evaluation or demo license on a server: Don't attempt to remove your NetWare 5 evaluation or demo license from the server/tree. If you do, you won't be able to reinstall the license, because evaluation and demo licenses can be installed into the same server only once. Even if you removed the tree and created a new one, you still wouldn't be able to use the same license--NetWare Licensing Services, not Directory Services, tracks the installation of licenses.
NETWARE 5 FIXES
Novell recently released an update to its service pack for NetWare version 5. This file contains fixes for additional problems identified since the previous release, including updates for all services contained in NetWare 5. One of the more significant fixes--an update to NDS--is also available as a separate download. This NDS patch file updates NDS, versions 7.23 to 7.24, correcting an obscure synchronization issue. You'll find both files--nw5sp1a.exe (the newest service pack) and nw5nds1.exe (the NDS update) on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
NOVELL RELEASES NETWARE 5 SUPPORT PACK 4
Novell NetWare 5 Support Pack 4 fixes a number of problems in thread.nlm. This includes a bug that sometimes causes the system to hang while unloading, or that causes a thread.nlm problem when the system unloaded admserv.nlm. Support Pack 4 fixes other known bugs as well. To download the patch, visit Novell's home page at
http://www.novell.com
or check out the support document at
http://support.novell.com/cgi-bin/search/tidfinder.cgi?2955278
NETWARE 5 UPGRADE UTILITY
Upgrading from NetWare 4.x to 5? If so, you may be interested in a utility that eases the upgrade process. Novell provides the NetWare 5 Accelerated Upgrade utility, a text-based utility you can use to quickly upgrade your NetWare 4.1x server to NetWare 5. With this utility, you can perform the upgrade without having to be at the server console and without installing a CD-ROM drive on the server.
For more information on this upgrade utility, check out the following page on the Novell Web site:
http://www.novell.com/download/#NetWare/intraNetWare
NETWARE 5 AND THE POWER OF ZEN
Z.E.N.works, Novell's desktop management tool suite, is designed to help reduce the overall cost of ownership for your workstations by reducing the time you spend managing the systems and making them more efficient for the end-users. NetWare 5 includes a Z.E.N.works Starter Pack, providing you the chance to try it out on your network. Z.E.N.works helps you automate time-consuming tasks such as application and operating system updates or upgrades. You can take over someone's system across the network, saving you the time normally spent running around the office from workstation to workstation. It's a suite of tools worth checking out.
For more information on Z.E.N.works, visit the Z.E.N.works area of the Novell Web site at
http://www.novell.com/products/nds/zenworks
NETWARE 5--ENHANCED NDS
Novell's new NetWare 5 makes management easier with the integration of the Domain Name Servers (DNS) and Dynamic Host Configuration Protocol (DHCP) into the Novell Directory Services (NDS). NetWare 5 provides the benefits of NDS (centralized management, replication, fault tolerance) to industry-standard DNS/DHCP utilities. This should reduce the amount of time you spend administering IP names and addresses.
DNS/DHCP Services also supports Dynamic DNS, allowing for dynamic updates of host names based on changing IP addresses. It includes a Java-based management application that allows you to monitor, configure, and manage the DNS and DHCP services in NDS. It also easily imports existing DNS and DHCP data into NDS.
NETWARE 5--IMPROVED BACKUP FEATURE
NetWare 5 includes a new and improved backup utility. This new utility is protocol-independent, adds multiple and repetitive scheduling, and supports the Windows 95-based GUI utility and autoloader. It also takes advantage of NDS by allowing central management to back up jobs across the network
NETWARE 5--NDS FOR NT
NT domains using NDS? Is it possible? Yes, with Novell's NDS for NT (available for NetWare 5 as a separate product). NDS for NT lets you manage NT domains and Microsoft BackOffice through NDS, providing a single login, single point of administration, and full NT application support for mixed NetWare and NT networks. NDS for NT should save you time and money when managing and administering a mixed NetWare/NT Server network and simplify the deployment of NT Server applications.
For more information, visit
http://www.novell.com/products/nds/nds4nt/index.html
NETWARE 5.0 COMMUNICATION FEATURES MIGRATION STRATEGIES CONFERENCES
Novell provides a series of seminars at its Utah facility that focuses on the most important issues you'll face in supporting Novell products. One example is the IP seminar, a one-day course that covers advanced IPX/SPX to IP migration strategies during the migration to NetWare 5. This course is an advanced course and explains tools and techniques for troubleshooting communication issues. For more info on this Novell seminar, visit the following Novell URL:
http://support.novell.com/additional/advtt/us/nw.htm
NETWARE TOOLBOX
Looking for useful shareware, freeware, utilities, and tools for Novell NetWare? If so, make your first stop Dave's Novell Shareware Web site. You'll find an extensive selection of utilities and tools for every version of NetWare. It's a well-organized catalog of useful shareware and freeware. If you have a utility or tool you'd like to share, you can list it free on this site. Check out this NetWare toolbox at
http://www.novellshareware.com/index.shtml
NETWARE Y2K PATCHES
While all new Novell products come fully Y2K compliant, many of their older products require some assistance to claim compliance. Novell has assembled a table of all of its products that lists which are already compliant and which need updates or patches. Be sure to check all of your Novell products, not just your server software. You'll find this comprehensive list on the Novell Web site at the following address:
http://www.novell.com/year2000
NEW UPGRADE WIZARD V2.3
Are you planning to upgrade from NetWare 3.x to 4.x with NDS? If so, you should be aware of Novell's Upgrade Wizard, an easy-to-use utility for upgrading your existing NetWare 3 bindery and file system across the wire to an existing NDS Directory. The Upgrade Wizard makes it easy to migrate your NetWare 3 bindery and file system, providing a simple GUI interface. Many tasks are as easy as dragging and dropping an object from one location to another. You'll find the Upgrade Wizard in the file UPGWZ23.EXE on the Novell Web site at
http://support.novell.com/cgi-bin/search/toptid.pl?100
NOVELL AND Y2K?
Do you have Novell products as a vital part of your IT infrastructure? If so, you'll be interested in Novell's level of concern and commitment to the Year 2000 situation. You'll be relieved to know that all current versions of Novell products have completed the Project 2000 validation process and are Year 2000 ready, including NetWare 4.11, NetWare 3.2, GroupWise 5.2, GroupWise 4.1, ManageWise 2.5, Border Manager, Fast Cache and other major products. For more information on the Y2K compliance of these products, or for patches for older products, visit the Novell Year 2000 area of its Web site at
http://www.novell.com/year2000
FIXING YOUR NOVELL CLIENT FOR WINDOWS NT
Having trouble with your Windows NT workstations running Novell's Client for NT? If so, you should check out the latest update to the Client--version 4.6. The patched client addresses a host of issues, including:
- Automatic install with "unattended.txt" file option; the process hangs
- Cannot execute programs from Start/Run when using DNS names path
- Cannot browse directories when opening a connection to server
- Client drops mapping a drive in a DOS box using a DNS name
- Remote control option is not in the custom install of the 95 and NT clients
- Unattended installation with NWIP-protocol gets error
- Selected server or tree could not be found (error message)
- Database locked error with Business Works and NT client
- IE4 Dr. Watson error with Zen-installed printers
- Login screen pops up on Terminal Server
You'll find the new client in the file nt46sp1.exe at
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/nwclients/nt46sp1.exe
NOVELL CLIENT SERVICE PACK 2
Novell recently released a Service Pack that contains updates for the English version of Novell Client 3.1 for Windows 98 and Windows 95. Service Pack 2 addresses a lengthy list of problems, including the following:
- Files close incorrectly on server
- Program can't send e-mail via IPX/IP GW in Nwclient 3
- Password synchronization between NetWare and MS networking fails
- Disappearing printers
- CMD will not work on certain computers
- DNS will not work if DHCP lease is expired
- Application can't launch using STARTRUN
- Server runs out of memory due to multiple file opens
The list goes on. You can download the Service Pack in the file 9531sp2.exe from the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
NOVELL CLIENT V4.5X FOR WINDOWS NT PATCH
Novell has released a patch kit for the Novell Client v4.5x for Windows NT. This patch addresses several known problems you may experience with the Client, such as:
- NT AutoLogon is incompatible with NWIP
- The NetWare Client for NT shows USERWHO in banner
- A simultaneous login hangs Terminal Server/Metaframe
- The semaphore is not released when using the API NWClosesemaphore
- NT Client and NAL loads slowly (remote replica)
- DOS error 5 is encountered during network startup. Timeout and access are denied to tsinst.ovr
You can download the patch file named nt451p1.exe from the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
NW V4.6 FOR WINDOWS NT SERVICE PACK 1
Having trouble with the Novell Client Version 4.6 for Windows NT? If so, you need to be aware of a recently released service pack for this client--Service Pack 1. This service pack contains updates that address a host of known problems with the Novell Client Version 4.6 for Windows NT, including
- During an automatic install with the unattended.txt file option, the process "hangs."
- You can't execute programs from Start/Run when using a DNS name path.
- You can't browse directories when opening a connection to the server.
- The client drops mapping a drive in a DOS box using a DNS name.
- The remote control option doesn't appear in the custom installation of the Windows 95 and NT clients.
- An unattended installation with the NWIP-protocol results in an error.
You'll find the service pack in the file nt46sp1.exe on the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
NOVELL CLIENT SERVICE PACK 2
Novell has released a service pack that contains updates for the English version of Novell Client v3.1 for Windows 98 and Windows 95. This service pack--Version 2--addresses several problems, including the following:
- Files close incorrectly on the server
- Users can't send email with IPX/IP GW in Nwclient3
- Password synchronization between NetWare and MS networking fails
- Disappearing printers
- CMD will not work on certain computers
- DNS will not work if DHCP lease is expired
- Application can't be launched using STARTRUN
- The server runs out of memory because of multiple file opens
You can download the service pack in the file 9531sp2.exe from the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
NOVELL CLIENT FOR WIN95/98 SERVICE PACK
Novell continuously posts updates to its client files, providing revisions and fixes for known issues. If you're using the Novell Client v3.1 for Windows 95/98, you'll want to download the latest service pack for this client--Service Pack 1 for the Novell Client v3.1 for Windows 95/98. This service pack addresses all known issues discovered since the release of the client, including these problems:
- Disappearing printers
- CMD will not work on certain computers
- DNS will not work if DHCP lease is expired
- Application cannot be launched using STARTRUN
- Client tries only the first address from a list of IPs
- Volumes cannot be accessed when opening from Start
You can download this service pack--9531sp1.exe--from the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
NOVELL DIRECTORY SERVICES CONFERENCES
Novell provides a series of seminars at its Utah facility that focuses on the most important issues you'll face in supporting Novell products. One example is the NDS seminar, a three-day conference that focuses on the differences between NDS on NetWare 4.11 and NetWare 5.0. Discussion topics include the following:
- Interoperability issues with NDS on NetWare 4.11 and NetWare 5.0
- NDS Maintenance
- NDS Manager
- NDS Troubleshooting
This course is targeted toward NDS administrators and seating is limited to 60 people. For more info on this Novell seminar, visit the following Novell URL:
http://support.novell.com/additional/advtt/us/ds.htm
NOVELL'S LATEST CD-ROM SUPPORT FILES
NetWare 3.12 and 4.x administrators will want to download and apply the latest updates to the CD-ROM support files found in CDUP5A.EXE on the Novell Web site. This file contains the latest CDROM and supporting files, last updated in August.
The new features and fixes you'll find include:
- Illegal characters were passed to the DOS name space when converting from the MAC name space.
- Ncopy would not copy the resource fork using a DOS client.
- Error messages on console about the Bundle Bit when AFP is rebuilding the desktop for Mac clients.
- NWPA layer was fixed to correct an issue on NetFrame machines.
- The command CD DIR would provide incorrect file and directory names.
- The Escape key did not escape from the CD DIR command as prompted.
- Lowers CPU utilization during indexing and subsequent IO activity.
- Provides faster volume mounts.
- Corrects a problem during large file copies where the copy would slow down dramatically.
To download CDUP5A.EXE, visit the Novell Web site at the following URL:
http://support.novell.com/cgi-bin/search/patlstfind.cgi?2940403
SLOW ACCESS FROM NOVELL'S CLIENT FOR WINDOWS NT
Are you noticing a slowdown when loading applications on a workstation that isn't connected to the network? When you use the Novell IntraNetWare Client for Windows NT, applications sometimes load very slowly if the workstation isn't connected to the network. Using the Microsoft Client for NetWare, the client's performance is fine. The problem is that the application attempts to get printer information from the printers installed on the workstation. As a workaround, type
NET STOP SPOOLER
at a command prompt on your workstation. The client stops printing from functioning, and the applications can no longer query the print services.
This command is only temporary. After you restart the workstation, you'll have to re-enter the command if you disconnect from the network.
UPDATES FOR NOVELL'S CLIENT FOR WINDOWS 95/98
Novell recently released a service pack to address a few issues with its Novell Client v3.1 for Windows 95/98. The service pack fixes the following problems you may experience when using the client:
Disappearing printers
CMD will not work on certain computers
DNS will not work if DHCP lease is expired
Application cannot be launched using STARTRUN
Client tries only the first address from a list of IPs
Volumes cannot be accessed when opening from Start
Novell notes on its support site that your NetWare 4.11/4.2 servers will require an update before you can install this client service pack. The server update is located in the NetWare 4 Support Pack 7. You'll find the Client Support Pack in the file 9531sp1.exe at
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/nwclients/9531sp1.exe
DISABLING NOVELL SPLASH SCREEN
To disable the Novell splash under W4WG:
Edit:
NETWARE.INI
Find:
[Options]
Add the following:
disableLogo=1
End result will be:
[Options]
disableLogo=1
NOVELL SUPPORT CONNECTION CD
Novell has a wealth of information on its Web site to assist you in troubleshooting and maintaining your Novell networks. However, you don't always have access to the Internet to get the help you need. Fortunately, Novell provides a great deal of that information on its Support Connection CD. The Novell Support Connection CD, updated monthly, provides the latest files, patches, drivers, and technical information you need. For more information on the product and details on how to subscribe, check out the following Novell site:
http://support.novell.com/additional/nsc-prodinfo.htm
NOVELL'S SUPPORT LIFE CYCLE
To help you keep up with which Novell products are still supported by Novell and which are no longer supported, Novell publishes the Novell Support Life Cycle. This Life Cycle defines the duration and levels of support customers can expect to receive as products move through their life cycle, assisting you in the management of support needs and future software upgrades. Novell classifies its product in four categories--Shipping, Maintenance, Mature, and Discontinued. You'll find this valuable information on the Novell Web site at
http://support.novell.com/lifecycle/
NOVELL TECHNICAL SUPPORT TRAINING CBTs
Looking for additional training to sharpen your Novell skills? Novell offers computer-based training courses for Novell Directory Services and BorderManager. You can run these CBTs from the CD or load them on your network for easy access. The CBTs are only $89.95 (CNEs get a discount!), and you can try them before you buy. For more info on these CBTs, including ordering details, visit the following Novell URL:
http://support.novell.com/additional/advtt/cbt.htm
WHICH VERSION OF NWADMIN?
Confused about all the versions of NWADMIN.EXE and which one you should use? Follow these guides:
NWADMN3X.EXE is the NW 4.11 version for Windows 3.x.
NWADMN95.EXE is the NW 4.11 version for Windows 95.
NWADMNNT.EXE is the NW 4.11 version for Windows NT.
The NetWare 4.11 version will also work with earlier NetWare 4 versions, but they don't support MHS or the "old style" of user templates. In a mixed NetWare 4.10/4.11 environment, user templates can be used without a problem.
NWADMIN DISPLAYS OLD VOLUME NAMES
If you've planned your network design carefully, you should rarely need to change volume names on the server. However, there may come a time when you must. Note: If you use INSTALL.NLM to rename volumes, NWADMIN will continue to display the old volume names because INSTALL.NLM does not update the NDS. However, NWADMIN obtains information on volume objects from the NDS.
You can solve this problem by using DSRepair. After loading DSRepair, choose Advanced Options, then select Check Volume Objects and Trustees. DSRepair will report the number of volumes that have been renamed and update the NDS. NWADMIN will now display the new volume names.
NWPA.NLM AND CDROM.NLM UPDATES
To add support for SFT3, Novell recently released an update to the NWPA (NetWare Peripheral Architecture) files, including the latest HAMs, CDMs, and CDROM.NLM for v3.12, v3.2, and v4.x. The NWPA.NLM, NWPAIO.NLM, NWPAMS.NLM, NBI.NLM, and CDROM.NLM files are the same revisions as those found in Support Pack 6a for NetWare 4.11. The HAMs and CDMs included in this download are the latest certified and release versions available at this time. This download kit is provided to allow 4.10 and 3.x customers to take advantage of the NWPA architecture. This update fixes problems including changes made to the frontend. The command line parser was also fixed to allow more than 256 characters in the command line string. You can download the update file nwpaup1a.exe from the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
ODI V3.3 UPDATE
Novell recently released an update to its ODI Specification--Version 3.31. This update affects several support modules such as NBI, MSM, and TSM for Novell NetWare file servers. This ODI update adds support for Hot Plug PCI and for removing a single instance of a driver. You can get the full details and download the update in a file named odi33g.exe on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
ONSITE ADMIN PRO
Are you looking for an easy-to-use administration tool to help you work on servers from any workstation? Onsite Admin Pro is a Multi-Server Analysis, Maintenance, and Configuration tool for NetWare servers. Using this utility, you can monitor, analyze, update, and configure multiple servers from any workstation. Onsite Admin Pro can distribute NLMs, files, console commands, and SET parameters to multiple servers at the same time. It also includes extensive reporting capabilities. You can download and test the beta version of Onsite Admin Pro from the Novell Web site. Look for the file ONSITB5B.EXE at the following Web address:
http://support.novell.com/products/nw5/patches.htm
PACKET BURST AND WINDOWS 98 CLIENT FOR NETWARE
You still may experience a few lingering problems from your Windows 98 workstations. For example, if you run Windows 98 with the Microsoft Client for NetWare on a NetWare 3.12 or 4.01 server and packet burst is turned on, you may have some problems. According to Microsoft, these problems also affected Windows 95. The company advises that you get the patch file PBURST.EXE from Novell at
http://support.novell.com
CORRECTING PAGE FAULT ERRORS
Are you experiencing Page Fault errors on your NetWare 4.1/4.11 server? If so, here are a few tips for resolving these errors. First, add the following in the server AUTOEXEC.NCF:
SET Read Fault Notification = On
SET Read Fault Emulation = On
SET Write Fault Notification = On
SET Write Fault Emulation = On
Make sure that you have the latest LAN driver versions and the latest disk driver versions. Finally, if you continue to see Page Fault errors (without Abend), contact the manufacturer of your NIC and disk controller to obtain the latest available driver versions.
ENHANCING PERFORMANCE
When you install NetWare on most high-end server systems that use RAID 5 and advanced disk drive technologies, NetWare automatically enables the Read After Write Verification setting. Since most of these manufacturers provide this capability within the drive, you can turn off this setting to increase performance. To do this, you'll alter the SET command from your NetWare server console.
PHYSICAL SECURITY
One of the most often overlooked aspects of network security is the physical. You can spend a lot of time maintaining password lists and regulating rights and permissions and other administrative tasks. However, if you don't restrict physical access to your server(s), you're leaving a huge gap in your security efforts. Keep the server under lock and key. If the server is at a site where there is a data center (mainframes, midranges, etc), put it in the same room and treat it like the big boxes. Access to the server's room should be controlled minimally by key access, preferably by some type of key card access, which can be tracked.
HELP WITH PING
PING is your best friend when troubleshooting TCP/IP connections. Unfortunately, on your Windows NT workstations, the usual method of getting command line help doesn't work with PING. For example, when you type
HELP PING
at a command prompt, Windows NT displays the following error message:
"This command is not supported by the help utility. Try 'ping /?'."
Then, when you type
ping /?
Windows NT displays:
"Bad IP address /?."
However, you can get command line option help! Just type
ping or ping -?
at a command prompt to display the options.
PLANNING YOUR NETWARE SERVER SETUP--PART 1 OF 7
While Novell has continued to focus on making the installation of NetWare servers a more streamlined and intuitive process, a bit planning can still make the process easier. The obvious planning factors include the number of users you'll support. An often-overlooked factor is how many applications will be running from the server and what load will they create. This not only includes commonly shared applications, but also applications such as e-mail/groupware, backup software, and anti-virus applications. These are CPU and memory hungry applications, which means you'll need to design your server to have enough processing power, disk space, and memory to handle the load.
PLANNING YOUR NETWARE SERVER SETUP--PART 2 OF 7
After you've determined the number of users and types of applications that your server will support, you'll need to determine the amount of memory for the server--a critical factor in planning that significantly affects the performance of the server. To help you make this decision, Novell offers several memory calculators on its Consulting Toolkit Web page. As in the past, the general rule is the more memory you have in your server, the better it will perform.
PLANNING YOUR NETWARE SERVER SETUP--PART 3 OF 7
Another factor you should keep in mind while designing and planning your network involves hardware and software selections. First, you need to ensure that the hardware you choose is Novell certified. On the software side, you need to ensure that any third-party applications you choose are Novell certified as well. To do this, you can refer to Novell's DeveloperNetYes Tested and Approved Web page for the certification list and bulletins. Verifying certification of your hardware and software selections ensures compatibility and availability of the drivers you'll need to have a smooth installation. To access the page, check out this URL:
http://www.developer.novell.com/sitemaps/yes.html
PLANNING YOUR NETWARE SERVER SETUP--PART 4 OF 7
NDS planning is another critical step in the installation of your NetWare server. This is a process you don't want to just jump in to. You'll need to preplan your NDS setup, choosing appropriate names and structure. There's plenty of help available to you, such as Technical Information Documents and other support documents, in the wealth of resources available on the Novell site. If you aren't experienced with NDS design, you should consider getting assistance from a local Novell consulting service. NDS design is complex and proper planning is essential.
PLANNING YOUR NETWARE SERVER SETUP--PART 5 OF 7
After you've determined the number of users and types of applications that your server will support, you'll need to determine the amount of disk space you'll need for the server--another critical factor in planning that significantly affects the performance of the server. For example, you need to plan for sufficient space on the SYS volume of the server, ensuring that you'll never run out of space (a major problem!). As with memory calculations, you need to consider the types and size of applications you plan to run from the server. These applications will require minimum disk space not only for storage but also for temp files and caching. For example, Novell states that if you're going to use its Z.E.N. Works product, you should allocate as much SYS volume space as possible since many new objects and stream files will be created. Plan for the future and plan big!
PLANNING YOUR NETWARE SERVER SETUP--PART 6 OF 7
So you've planned your installation and you're ready to go. Do you have the latest hardware drivers for the components in your server? Do you have the latest patches and updates for your version of NetWare? You should take the time to verify that you have the latest files you'll need for a successful installation. You'll find the latest drivers on the Web at the manufacturers' sites and the latest Novell patches and fixes on the Novell site.
The time you spend will be worth the effort.
PLANNING YOUR NETWARE SERVER SETUP--PART 7 OF 7
You've completed your server installation! Now, you're ready to access the server from your workstations. Did you plan ahead and ensure that you have the latest available client software? You can check for the latest client software versions on the Novell Web site--they're all available for download, including VLM version 1.21, Client32 for Windows 95/98 version 3.01, and Client for Windows NT version 4.50.
PREVENTING CONNECTION TO UNDESIRED SERVERS
Having trouble with workstations that connect to undesired or unwanted servers? There are several factors that affect how your workstations connect to servers, such as routing device configuration, the number of hops, device name, and the workstation's NetWare client configuration. Here are a few things you can do to ensure that workstations connect to the right servers:
First, verify that you have the latest client version installed on your workstations. You may also want to specify a frame type, since if the client auto-detects a frame type other than the one that the desired server is using, it won't be able to communicate with the desired server. You can also either remove or change the default server in NWADMIN. Any of these steps may help you ensure that your workstations connect to the correct servers the first time.
PROBLEMS MOVING LICENSE CERTIFICATES
Novell recently identified a problem you may experience on your NetWare 5 servers. Specifically, if you're running NW5 and you use the NLS Manager to move the license certificate from a lower to a higher container, you'll receive an error message such as
"err_expected_identifer (fffffebc)".
The problem occurs because the NDS has to notify every server that the license certificate has now moved to a higher or lower location in the tree. If you don't have SETUPNLS.NLM loaded on the server, it can't respond appropriately, resulting in the error. To avoid the problem, make sure you load SETUPNLS.NLM on the server before you try to move the license.
PROTECTING YOUR ROAMING PROFILES
In a previous tip, we told you about roaming profiles that you can create when using the NT Client for NetWare. If you're using this client, you should be aware of a potential problem. As we explained, your user profiles are saved to the network and changed to roaming profiles for use from any workstation. However, they are saved with no access restrictions, meaning that any user with NetWare Read and File Scan access to the directory containing the profile can download and use that user profile. If the user also has Write, Modify, and Erase access, they can change the user profile and save those changes to the network. The best way to protect these profiles is to grant only Read and File Scan access to those users who'll be using that particular profile or by using mandatory profiles.
QUICK NETWORK ADAPTER INFORMATION
Can you get everything you want to know about your network adapter with one command? Well, maybe not everything, but certainly some valuable information when you need it quick. On your Windows 95/98/NT workstations, just type
IPCONFIG /all
at a command prompt. IPCONFIG will display the card description, physical address, IP address, subnet mask, and more.
QUICKLY VIEWING CONNECTIVITY STATUS INFORMATION
Wouldn't it be great if you could view the status on a list of devices connected to your network? And wouldn't it be great to have the information displayed in an HTML file that you could view from a Browser on any system? You can do so using the freeware utility found in the file NchkStat.ZIP. This NLM periodically polls SAP network devices such as NetWare servers and print servers, and it will ping your IP-enabled devices. The results are available in an HTML output file. For more information and to download this utility, visit the following Web site:
http://www.fastlane.net/homepages/dcollins/
CENTRAL REPLICA REPOSITORY SERVER
Does it make sense to have a single server be responsible for all replicas? In some cases, the answer is yes. For example, having a central server makes backing up the NDS tree easier, allowing you to back up the entire tree from one server. Also, tree walking on the central server is faster both on external or subordinate references. However, in other cases, a single replica server may not be the best solution. For example, the single server will have to communicate to all servers in the tree that hold any type of replica. It will be updating replicas, sub ref time stamps, external reference backlinks, etc., on every server. This server will have to receive all updates made in the tree (such as object creations, deletions, modifications, login time stamps, etc.), which means that every change in the network will be replicated to this single server. Weigh the options carefully as you plan your network.
REPLICA TYPES WITHIN NDS
NDS has four types of replicas--Master, Read/Write, Read Only, and Subordinate--each designed for specific purposes. Here's a brief description of each.
The Master replica is a writable replica that can also handle partition operations--only one master replica per partition. Only one partition operation is valid at any time for a partition, and the master enforces that requirement.
The Read/Write replica is a writable replica that, like the master, can be updated from the client. Both read/write and masters are valid for login and authentication requests.
The Read Only replica cannot be changed from the client, getting updated only with the changed data in the replica from another read/write or master. This replica cannot be used for bindery emulation because there must be a writable replica on the server for bindery users.
The Subordinate replica is a replica of the partition root, which includes the replica list (ring). As a child partition, it will reside on every server that holds a copy of the parent partition, but not of itself.
RESPONSE TO NEAREST SERVER
Bringing up a 4.x server and workstations trying to attach to it.
Setting the server to not respond to "get nearest server" should have fixed the problem, although you'll still have to set preferred servers on the clients that will be using the 4.1 server.
Take a look at your net.cfg files on the machines running VLMs. You may find under the dos requestor section that the netware protocol setting is:
netware protocol = nds bind
This statement instructs the client to look for NDS hosts first. If you have a 4.1 server out there and the client can "see" it, the client will attach to it. If you set the netware protocol to:
netware protocol = bind nds
your clients will probably find the server they have been finding before you brought the 4.1 server up.
Get nearest server is a function of how fast a given server can respond to a connect request, not a function of physical distance from the server. I've seen the same problem caused by bringing up a fast 3.x server on a multi-server network. Once you get the immediate fire put out, you might want to consider visiting all of your clients and making sure they have preferred server statements. If your users are logging into the server at the command line, a short term fix would be to train them to implicitly log into the server they wish to hit. Like thus:
Login goober/user1
Where goober is the server and user1 is the user account name for the user on server goober. If you execute the login command in the autoexec.bat, you'll still have to visit each workstation.
Depending on the complexity and layout of your network there may be other options like blocking ipx to the 4.1 server at a router or just taking the 4.1 server off the backbone until you can fix the clients.
Either way, sounds like it's gonna be a pain.
ROAMING PROFILES WITH THE NETWARE CLIENT FOR WINDOWS NT
Novell has added many new features to its NT Client for Windows NT. One of the most useful of the new features allows you to store roaming profiles for your users on your NetWare servers. Roaming profiles provide the user the same desktop regardless of the physical workstation being used. Here's how it works: The first time you log on to your workstation, you'll configure your user profile, including screen colors, program groups, icons, cursors, and other user-specific settings. Then, when you log off, NT automatically copies the user profile to the network, making it accessible when you log in from other Windows NT 4.0 workstations. You can download the latest NT Client from the Novell or Microsoft Web sites.
ROOT PARTITION REPLICATION CONSIDERATION--PART 1 OF 3
While it may sound like a good idea to place replicas of the root partition on all or most of your servers to speed up the tree walking/name resolution process, you should weigh the options carefully. Remember, there are tradeoffs in placement of the root partition. Multiple replicas may provide faster name resolution, but you may sacrifice performance on the WAN because of synchronization traffic. It can also cause administrative problems, since it requires that all servers stay in communication. For example, partition operatio s involving that partition would require that every server be up and reachable. If one of those many servers were down or unreachable, the administrator couldn't perform tasks such as creating a new partition or merging a partition with its parent.
ROOT PARTITION REPLICATION CONSIDERATION--PART 2 OF 3
Weigh the options carefully before you place replicas of the root partition on all or most of your servers to speed up the tree walking/name resolution process. Synchronization poses another problem with placing replicas of the root partition on most of your servers. Each of these servers holds the same replica list, requiring it to stay in constant communication with every other server. The time it takes to synchronize will increase drastically as the number of servers increases. To be safe, you should place replicas of the root partition only in each campus environment, hubs of the company, or key locations, but not on every server in those locations.
ROOT PARTITION REPLICATION CONSIDERATION--PART 3 OF 3
Before you place replicas of the root partition on all or most of your servers to speed up the tree walking/name resolution process, consider the options carefully. You may not want to place replicas of the root partition on all or most of your servers because of the effect on the NDS cleanup process, which executes when all synchronization has been successful. If one or more of your servers is down or unreachable, the cleanup processes won't run until all servers have been reached and synchronized to that time in the database. Again, instances of the root partition should be placed in each campus environment, hubs of the company, or key locations--but not on every server in those locations.
SECURING YOUR NETWORK--LOCK IT UP!
Network security is more critical than ever as our networks grow from internal to global. Network administrators spend a lot of time tightening and fine-tuning NetWare's many security features. However, one step that many neglect to take when considering network security is physical access to the servers. You can set up the tightest security possible, but if an employee or hacker can walk up to your server and down it or gain access, you're doomed.
Your servers should be accessible only to those who need physical access. Put your servers in a locked room. If your servers reside in a data center with other systems, you may even consider a lockable rack or cabinet. Some server boxes have locking covers, preventing access to the system drives. You may feel a little paranoid, but you can't be too safe. Lock it up!
SECURITY TIP: DON'T USE COMMON WORDS FOR PASSWORDS
A common trick of hackers is to run an application that attempts to break into your system by running a list of common words or an entire dictionary against your user ID and password. The best defense against this technique is to avoid using common words, names of places or people, or other easily guessed words. Don't use your family members' or pets' names, your job title, or anything that is commonly related to you. And, avoid putting your ID and password on anything near your computer, like sticky notes or bulletin boards. Sounds silly to some, but it's very common, and the hackers love it!
SECURITY TIP: DON'T USE YOUR REGULAR PASSWORD ON THE INTERNET
While surfing the Internet, you'll run in to many sites that require you to enter a username and password in order to access certain information. A good rule is never use your NetWare logon password to sign on to a Web site. By doing so, you take the chance of someone intercepting it and attempting to log into your system using your information. Just use something simple and totally unlike your regular password. It's the safe way to surf!
SECURITY TIP: FORCE A MINIMUM PASSWORD LENGTH
For hackers, the front door is the login screen. Your choice of passwords is their key in or their frustration. The shorter you make your password, the easier it is for hackers to guess. Make your password at least eight characters long--the maximum length you can type in a NetWare logon box is 14 characters. If you're a systems administrator, you can regulate the size that users make their passwords.
SECURITY TIP: USE COMPLICATED PASSWORDS
Make it hard for potential hackers to guess your password. Use passwords that contain characters from at least three of the following four groups: English uppercase letters (A-Z), English lowercase letters (a-z), Arabic numerals (0-9), and punctuation or other special characters.
NOVELL'S SELF-STUDY TRAINING PROGRAMS
Looking for additional training on the NetWare 4.11 to NetWare 5 Update? If so, you should check out the self-study program available from Novell. It is an excellent tool for Certified Novell Engineers (CNEs) because it is based on Novell's instructor-led Course 529 and prepares CNEs for the corresponding certification exam that will update their certification to NetWare 5. If you support and maintain NetWare networks, you will find this kit is extremely helpful in preparing you to migrate to NetWare 5. It is also a great on-the-job reference. For details, visit the Novell Education Web site at
http://education.novell.com/general/selfstudy.htm
SENDING KEYSTROKES MAKE EASY
Need to automate a procedure that requires your keyboard input to work unattended? If so, you'll be interested in the Novell utility StuffKey v1.0. StuffKey is an NLM that allows you to send keystrokes to any program on any screen. It gives you the ability to automate processes that would normally require your presence at the keyboard for input. You can download this free utility from the Novell Web site at the following address:
http://support.novell.com/misc/patlst.htm
LOST SERVER LICENSE DISKETTE
If you've lost the license diskette for your server, don't call NetWare's Technical Support Center. There's nothing the support center can do about it. Instead, call Novell's Customer Response Center at 888-321-4272.
RUNNING NETWARE 5 SERVERS IN A MIXED NETWARE ENVIRONMENT
Novell's NetWare 5 servers introduce enhancements to the NDS schema that previous versions of NDS for 4.1x don't understand, potentially causing problems between the versions. Novell instructs that you should update your 4.x servers to the latest version of NDS before introducing NetWare 5 into the network. You can get more details on the necessity of updating NDS in NetWare 5's online and printed documentation and on the Novell Web site at
http://www.novell.com/support/
SETTING PHYSICAL PACKET RECEIVE BUFFERS
NetWare stores incoming packets from each of the networks attached to a NetWare server in Receive Buffers. Normally, you set the Maximum Physical Receive Packet Size during the installation process according to the kind of network you're building. Per the Novell manuals, you would set this setting to 1524 bytes for Ethernet, 4540 bytes for Token-Ring and FDDI, and 618 bytes for Arcnet and LocalTalk. However, some products you buy may recommend a different setting to maximize performance. Make sure you don't overlook a special setting that may provide a performance boost.
SUPERVISOR ACCOUNTS IN BINDERY MODE
A number of NetWare 3.x programs require the use of a supervisor account in Bindery mode. However, it's a potential hole in your security to provide this access on your 4.x server. The best way to handle this is to create a new container on the server, then create a supervisor account in this container. Finally, create a replica of a partition (containing this container) on the server. Creating this supervisor account creates an object named supervisor in the directory; however, this account won't be available as the server supervisor in the bindery services mode on the server. This process creates two distinct supervisor accounts--one for normal use and one for the program.
SUPERVISOR ACCOUNTS IN BINDERY MODE
Several NetWare 3.x programs require the use of a supervisor account in Bindery mode. However, providing this access on your 4.x server could put a hole in your security. The best way to handle this is to create a new container on the server, then create a supervisor account in this container. Finally, create a replica of a partition (containing this container) on the server. Creating this supervisor account creates an object named supervisor in the directory; however, this account won't be available as the server supervisor in the bindery services mode on the server. This process creates two distinct supervisor accounts--one for normal use and one for the program.
SWISS-ARMY KNIFE FILE MANAGEMENT TOOL
How would you like a tool that lets you search deleted or open files and monitor volume storage and usage? In addition, the same tool allows you to view bindery, connections, servers, and queues. What about performing tasks such as downing the server, setting time synch, and controlling logins? You'll find all of these features, plus a few others in RK NetPlus v2.5.4 NetWare File Management & Server Monitor, a shareware utility available from the following Web site:
http://www.novellshareware.com/
SYNCHRONIZING WORKSTATION TIME WITH SERVER TIME
Time synchronization occurs at two times. The first is when the shell or redirector makes a connection to a server (the NOT-LOGGED-IN connection, which gives you access to SYS:LOGIN). To disable this connection from setting your workstation's time, use SET STATION TIME = OFF in your NET.CFG.
The second time is during the login process. In the absence of a SET_TIME OFF command in any login script executed by the user, the workstation's time will be set to that of the fileserver. This command is supported in LOGIN.EXE, which ships with NetWare 3.12 and 4.x; you can download it from the usual places for earlier versions.
SIZING YOUR SYS: VOLUME
It used to be that when you created volumes for large hard drives on your NetWare servers, you'd use only a couple of hundred megabytes for the SYS: volume and then dedicate the rest to a data volume. As applications and utilities have grown, a small SYS: volume can cause you lots of headaches. If the SYS: volume fills up, your server may crash. As more and more products rely on NDS, they'll require more space on your SYS: volume as well. Novell suggests that you make a DOS partition big enough to store a coredump and some useful utilities, approximately 512MB. Make the rest of the space the SYS: volume. Add secondary hard drives for data, and mirror the SYS: volume for better protection.
CONFIGURING TCP/IP AS THE PRIMARY PROTOCOL
To reconfigure the Microsoft network device transport protocol to reduce the time it takes to discover new NetWare and Microsoft network devices, such as workstations and servers, try this trick from Novell.
Configure TCP/IP as the primary transport protocol for NetBIOS interface, server, and workstation. To do this, go to Control Panel/Network/Bindings, display the bindings for NetBIOS Interface by clicking on the + next to it, then highlight WINS Client (TCP/IP) and click on the Move Up button so that this option is first. Make sure that NWLink NetBIOS (this is IPX) is listed second.
Next, display the bindings for Server by clicking on the + next to it. Highlight WINS Client (TCP/IP) and click on the Move Up button so that this option is first. Make sure that NWLink NetBIOS is listed second and that NWLink IPX/SPX Compatible Transport is listed third.
Now, display the bindings for Workstation by clicking on the + next to it, then highlight WINS Client (TCP/IP) and click on the Move Up button so that this option is first. Make sure that NWLink NetBIOS (this is IPX) is listed second.
TUNING YOUR SERVICE PROCESSES
NetWare servers handle incoming service requests using service processes. These service processes are threads of execution that act as hosts to incoming service requests. Your 4.x is capable of allocating up to 1000 service processes. Normally, using the SET commands, you would set the Maximum Service Processes to 2-3 per connection. However, to improve performance, Novell recommends that you set the Maximum Service Processes to 1000, since if the server doesn't require additional service processes, it won't allocate them.
UPDATED MODULAR CLIB AND DSAPI
Novell has identified a variety of problems you may face when using the CLIB and DSAPI libraries. These problems include holes in THREADS.NLM that could cause an ABEND condition, problems when running GroupWise on an SFT3 system, and some minor Java problems. To resolve these and other known problems, Novell recently released new versions of the modular CLIB and DSAPI libraries. These libraries are for NetWare 4.10, NetWare 4.10 for OS/2, NetWare 4.10 SFT III, IntranetWare, IntranetWare for Small Business, NetWare 4.11, NetWare 4.11 for OS/2, NetWare 4.11 SFT III, and NetWare 4.11 SMP only.
You can download the file LIBUPI.EXE from the Novell Web site at the following address:
http://support.novell.com/misc/patlst.htm
UNDERSTANDING THE LOGIN SCRIPT HIERARCHY
Login scripts can prove difficult to troubleshoot. You'll have a great deal more success if you know where the login script text files are located and in which order the login scripts run.
If you're running a 3.1x network, you'll encounter three types of login scripts--system, user, and default login scripts. Here's the order in which NetWare executes these scripts: First, if a system login script exists, it executes first. Next, the user login script runs. If no user login script has been defined, a default login script will run.
You'll find the system login script in the SYS:PUBLIC directory in a file named NET$LOG.DAT. You can edit this file using any text editor. You'll find the user login script in the user's mail directory in a file named LOGIN.
AVOIDING USERNAME ERRORS WITH NDS FOR NT
If you use NDS for NT on your network to integrate your NetWare and Windows NT servers, you may have encountered the following error when trying to create a new user in User Manager for Domains on a domain that you've migrated:
"You specified a Username which is already in use by another user. Choose a Username which is not already in use by another user or group."
This error can occur if there's an NDS object in the "Default User Creation Context" of the NDS Domain Object with the same name as the NT user you are trying to create. This object can be any NDS object, not just a user or group. To avoid the error, make sure the new NT name for the user or group is unique for both the NT Domain and the NDS context.
VOLUME MONITORING UTILITY
For quick access to information about your NetWare volumes, you might consider using VGadget V1.1 from NetTech Australia. This utility provides you with a quick status summary of the volumes on your NetWare servers, including free space, total space, and percentage full. You can copy the data to the Clipboard for use in other programs. You also have the option of scanning all the servers you are connected to or scanning all the servers in a standard list. For more information on VGadget, visit the following Web site:
http://www.novellshareware.com/
TROUBLESHOOTING NETWORK ERRORS WITH WINDOW 95 SYSTEMS
If you're accessing NetWare 3.x and 4.0x servers from Windows 95 workstations, you may experience regular login problems. Packet burst processing most likely causes these problems. To work around them, you can comment out PBURST.NLM in your AUTOEXEC.NCF file. Unfortunately, you'll notice a performance hit across your routers and WAN links.
The best solution is to patch the server(s) with PBWANFIX.NLM, which is included in the PBURST.EXE patch file. Novell has addressed and fixed this problem in NetWare v4.1x and above.
IMPROVING PERFORMANCE WORKING WITH NT
If you're working with a mix of NT and NetWare, you probably are aware of the performance problems that can occur between these systems. Fortunately, you can improve the Microsoft network device transport protocol configuration to minimize the time necessary to discover new NetWare and Microsoft network devices (workstations, servers, and so on).
Windows NT uses Remote Procedure Call/Server Message Block (RPC/SMB) as the method of communicating between Microsoft networking devices (NT servers and workstations, Windows 95/98/3.1x, and DOS). RPC/SMB was written to use NetBIOS as a packet structure, and Microsoft networking devices can encapsulate these NetBIOS commands into one of three transport protocols: TCP/IP, IPX, or NetBEUI.
NetBEUI is the default transport protocol; even if all three transport protocols are present, a Microsoft networked device will default to NetBEUI first when attempting to locate a new network device. Once this request has timed out, it will then try the next transport protocol (the order is controlled in a registry key for Windows NT/95/98). This continues until it has located the network device or has tried all available transport protocols. Since NetBEUI is not routable, any attempt to find a network device that is across a router will fail. In the tips to follow, we'll share some solutions from Novell.
DISABLING NETBEUI
You can improve the Microsoft network device transport protocol configuration to minimize the time necessary to discover new NetWare and Microsoft network devices, such as workstations and servers. To do so, try this trick from Novell.
Disable or remove NetBEUI as a transport protocol. NetBEUI cannot be routed (although it can be bridged), and any attempt by a Microsoft network device to locate a target that is across a router will fail--but not before a two- to four-second timeout period.
To do this, go to Control Panel/Network/Protocols, highlight NetBEUI Protocol, and click on Remove. Click Yes to the message "This action will permanently remove the component from the system. If you wish to reinstall it, you will have to restart the system before doing so."
WINDOWS NT CLIENTS AND ROAMING PROFILES
In a previous tip, we told you about the NT Client for NetWare and its use of roaming profiles. Here's something you'll need to know when implementing NT Client on your workstations: The profiles for NT 3.51 and NT 4.0 are not interchangeable. The reason is that NT 3.51 uses a flat profile structure that is completely contained in a single file; NT 4.0 uses a number of subdirectories and two files called NTUSER.DAT and NTUSER.DAT.LOG in which to store the profile. For NT 4.0, you must store the profile on a NetWare server with name space loaded. The profile files are placed at the root of the profile directory structure.
WHY USE AN OBJECT ALIAS
As you know, NetWare lets you create aliases that represent objects in your NDS. Why should you bother with aliases? Actually, these little gems can make your tree structure a little easier for end users to use. For example, you can create an alias for a mobile user, placing it at the top of the tree. This will help the user during authentication. Since aliases contain very little data, replication traffic is limited to the name and the data for a pointer to the real object, so creating them takes little time. Or, you can place aliases of your most-accessed printers, print queues, servers, and server volumes in an easy to access container. Now, instead of scrolling through the tree trying to find an object, it's just a click or two away.
X.400 GATEWAY PATCH FROM NOVELL
Are you running Novell's X.400 NLM Gateway? If so, you'll be interested in downloading x400nlm1.exe, a new patch that addresses several problems and provides a few updates, including:
- Y2K fix: The gateway now converts two-digit years to four-digit years.
- Fixed abend in the X.400 gateway. Free called with a memory block that has an invalid resource tag.
- Fixed abend that occurred when receiving certain types of messages. The running process was ngwx400__P. The cause was a page fault processor exception.
- Corrected a daylight-saving time problem with the gateway. If an appointment was scheduled through the gateway within a daylight-saving time period, the time was off one hour. The time is now correct.
- Outbound status tracking now works correctly.
You'll find this patch on the Novell Technical Support Web site at
http://support.novell.com/misc/patlst.htm
Y2K FIXES FOR NETWARE CLIB
In its efforts to ensure year 2000 compliance, Novell has identified and addressed two potential Y2K problems you may face with its CLIB.NLM for NetWare 3.12 and 3.2. Available as a download in the file lib312b.exe, the updated CLIB files contain two fixes for Y2K issues. The problems involve applications that use the CTIME API returning the wrong day of the week after February 29, 2000, and an application that uses the API STRFTIME with the %Y parameter returning the century with a leading 1 (during 2000, it returns 100 instead of 00). You'll find the patch file on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
Y2K FIXES FOR NETWARE CLIB
The Y2K bug shows up in the most obscure places. In its efforts to ensure Y2K compliance, Novell has identified and addressed two potential Y2K problems you may face with its CLIB.NLM for NetWare 3.12 and 3.2. Available as a download in the file LIB312B.EXE, the updated CLIB files contain two fixes for Year 2000 (Y2K) issues, including a problem with the wrong day of the week being returned by applications that use the CTIME API after February 29, 2000, and a condition that may occur when an application using the API STRFTIME with the %Y parameter returns the century with a leading 1 (during 2000, 100 is returned instead of 00).
You'll find the patch file on the Novell Support Web site at
http://support.novell.com/misc/patlst.htm
PREPARING FOR Y2K: NETWARE 3.12 YEAR 2000 FIXES
If you're running Novell's NetWare 3.12, you should download and apply the Y2K patches for your version of NetWare. You can download these fixes in the file 312y2kp2.exe, available from the Novell support site. If you're running NetWare 3.2, you don't need this patch, since this release includes the updates found in this patch. To obtain the 3.12 Y2K patch, visit
http://support.novell.com/cgi-bin/search/download?/pub/updates/nw/nw32top/312y2kp2.exe
IS YOUR BTRIEVE COMPLIANT?
If you're running Btrieve on your NetWare network, check this out. Novell included Btrieve version 6.10c with NetWare v3.12, NetWare v3.2, and NetWare v4.10 and Btrieve version 6.10f with NetWare 4.11 and NetWare 5. Btrieve 6.10c and 6.10f have not been Year 2000 tested by Novell's testing partner, Pervasive Computing. However, Novell found no Y2K issues when it tested the Btrieve functionality.
As for Btrieve v6.15, it has been tested for Year 2000 compliance and the tests have turned up no limitations. Novell recommends upgrading if you have a version older than those listed above.
ZENWORKS 1.1 PATCHES
Novell recently released a patch kit for ZENworks 1.1. This kit contains fixes for the following issues:
- An attempt to update a file in use on Windows NT Workstation fails if the user is not a member of the Administrators group.
- Apps marked Force run, Run once, and Prompt distribution--the user is repeatedly prompted to rerun the application if the prompt is declined.
- NAL GPF on Windows 95/98 if Macro has more than 128 characters.
- GPF when distributing a Registry key with no value; Windows 3.x only.
- Search Drive in Drive/Ports fails.
- Remote Control, Ctrl-Alt-Del not possible with Unisys Aquanta DX.
- Zenrc32.exe and Invalid Page Fault in Module wm95api.dll.
- "Run Only Allowed Windows Application" fails if icon is delivered to the desktop.
- Windows 98 GPF/hang when exiting Application Explorer window.
- Windows NT Start Menu shows Common applications when Registry is set not to show them.
- Environment variables set in prelaunch script of an Application object are not set for the application executed.
You can download the patch kit in the file zw110p3.exe, on the Novell Support Web site at the following address:
http://support.novell.com/misc/patlst.htm
Z.E.N.WORKS CRITICAL FILES
For Z.E.N.Works to function properly on your Windows 95 or Windows NT systems, several DLL files must be present on the client computer. These files are transferred to the computer during the Z.E.N.Works client software installation. Each DLL relates to a specific Z.E.N.Works policy. The DLLs and their respective policies are as follows:
- WSREG.DLL--Workstation Registration
- WM95CSP.DLL--Computer System Policies
- WM95USP.DLL--95 User Policies
- WM95ROAM.DLL--Roaming Profiles
- WM95INV.DLL--Workstation Inventory Policies
- WM95PM.DLL--Desktop Preferences Policies