



 |
Troubleshooting and Configuring the Windows NT/95 Registry
-20-
Troubleshooting and
Configuring Networking Registry Settings
Making networking work well is one of the most difficult functions in the realm
of computing. Most of the time, the difficulty is due to the sheer number of variables.
The problems are usually related to difficulty in getting connected, or the lack
of performance, but the symptoms may mask the real problems. Many times, the error
indicates that the domain controller cannot be found or a timeout error has occurred
in accessing files on the network.
The biggest challenge, then, is isolating the actual problem, and then fixing
it. At times, that is "easier said than done." Some of the problems and
their fixes are described in this chapter.
SOLUTIONS: In
Windows 95, when I set my system to use User Level access, and I log on to the NT
domain, it still comes up and asks me what my Windows password is. Isn't one enough?
If you set the system right, it is. You can quickly set the system so it will use
the password you gave for domain logon for Windows logon as well. To set that, you
will need to disable the password caching for Windows 95. In HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\Policies\Network, add a new DWORD
value called DisablePwdCaching, and set it to 1.
This will also work if the user is logging on to a NetWare network. Then the network
logon function will relay the password to Windows 95 for its logon.
SOLUTIONS: I
recently upgraded from Windows for Workgroups to Windows 95. I use only TCP/IP protocols,
and my system hangs every time I try to connect to another computer. What is wrong?
Upgrading from WFW running the 32-bit TCP/IP stack adds an unsupported value to the
Registry. Remove the value, and your system should work just fine. When you upgraded,
an entry in the SYSTEM.INI file created the EnableRouting value
in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP key. Remove
the value, remove the line EnableRouting=1 in the SYSTEM.INI file,
and restart your system. It should give you TCP/IP access then.
As you can see, the situations can get quite complex. Making systems connect,
particularly when different types of networks are involved, can be very challenging.
SOLUTIONS: We merged two NetWare networks
together and I want to connect to both, but I cannot see the systems that are from
the old network. What should I do? If you connect your NT Workstation to more than
one NetWare network, each using a different frame type, or if the one NetWare network
is bound to more than one frame type, your system may not see all the systems on
the network. To see all the systems on the network, your card must be set to more
than one frame type. You may enter as many types as are currently on your networks.
Change the PKType value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NWLinkIpx\NetConfig\network_card. PKType is a REG_MULTI_SZ
entry, and the possible values for PKType are shown in Table 20.1. Check
with your administrator for the correct frame types.
Table 20.1. Possible values for PKTType.
Value |
Frame Type |
0 |
Ethernet II |
1 |
Ethernet 802.2 |
2 |
Ethernet 802.3 |
3 |
Ethernet SNAP |
4 |
ARCnet |
ff |
Auto Detect |
If the value is set to ff, as shown in Figure 20.1, remove the ff
setting. If ff is left in the Registry, it ignores all the specified settings,
and the change is ineffective.
Figure
20.1. The Multi-String
Editor with automatic frame type set for NWLink.
Because it is a multiple string value, you can set the PKType parameter
to as many values as necessary. (See Figure 20.2.) Each of the entries for a frame
type should be on its own line in the Multi-String Editor dialog box.
Figure
20.2. Enter each
of the types on a separate line.
Don't use REGEDIT.EXE to make this change because it involves a REG_MULTI_SZ
entry. To activate this change, restart the system. The Workstation looks for all
of the listed frame types and responds to systems that are using them.
Using a TCP/IP network involves many components. If any of those components doesn't
work correctly, you will have problems. In all cases, compromises must be made. Microsoft
attempts to make the systems meet the needs of the widest audience. Those choices
might not be the ones you would make. Some of those standard functions, even working
correctly, will cause problems in a non-standard environment. Such is the case with
the next question.
SOLUTIONS: When
I am not connected to my network, my notebook always seems to take extra time to
boot. Any ideas why? If your system uses WINS for name resolution, every system that
boots needs to find the WINS server. If your laptop is not connected to the network,
it will not find the WINS server, and will time out eventually. The WinsDownTimeout
parameter sets the amount of time NBT waits before trying to use another WINS server.
Most networks using WINS have two WINS servers, a primary and a secondary, that keep
track of computer names on the network. If a system cannot find the primary WINS
server, it searches for the secondary one. If it cannot find that, it does not use
any name-recognition functions, and TCP/IP networking is significantly hampered.
Luckily, that's OK when you're not connected, and the default is much more than enough
in most cases if you are connected. The value name to add is WinsDownTimeout,
a REG_DWORD entry, in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters
key. The data is time in milliseconds, and the range of the data is 1000-0xFFFFFFFF,
with a default of 15,000 (15 seconds). Set it lower, and the logon process
when the laptop is not connected to the network is much faster.
One of the great misconceptions in the computer business is that of "unlimited."
There are only a very, very few times when that is actually true. Normally, when
the term unlimited is used to describe functions, it means that the numbers are so
great that you would normally never hit them. The next situation is an example of
the unlimited term being used a little too loosely. It is, in fact, nowhere near
unlimited.
SOLUTIONS: I
got an error that there were not enough connections at the server for me to connect.
I didn't know there was a limit. If you get an error that says the system was unable
to find a free connection and couldn't connect to another system, you may need to
expand the number of connections available at the server to each user. In the HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\LanmanServer\Parameters key, add a new value name
called MaxFreeConnections, a REG_DWORD entry. The range of the
data is from 2 to 8. Normally, it is between 2 and 4
as the default, depending on the configuration of the system. Set it to 8
to provide the best connection performance.
Connection challenges seem to go up even more radically when you add in the phone
lines and RAS. There are additional functions in the software that need to be set
correctly, and also you have to deal with other outside influences related to line
quality and connections.
Add the Internet, and then you get even more variables. The Internet is a great
tool, but the same factors that make it great, make it uncontrollable and more difficult
to use. No one has complete control, and though there are a significant number of
"standards," there is still a lot of room for difference. The next problem
is an illustration of that.
SOLUTIONS: I
seem to be having more and more trouble connecting to sites on the Internet from
my NT Workstation. Is it just traffic, or am I doing something wrong? With the Internet
getting more and more congested, you may receive timeout errors if the time it takes
to connect to the target system is too long, or if the number of hops is too great.
To increase the number of hops available or to increase the time before error, make
this Registry change. Edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
Parameters key, and change the data in the value called DefaultTTL.
The range of entries is 1-255 with the default at 32. If you are experiencing
a significant number of timeout errors while connected to servers in the Internet,
increase this number. 64 should be sufficient to eliminate nearly all the
errors you have.
Dial-Up Networking is a fabulous tool that greatly standardized the way people
connect with Windows 95 and NT. Prior to that, using communications programs was
cumbersome at best. DUN isn't perfect now either, but it is a lot easier than the
alternatives used to be. Getting the actual connection is also not the only problem
you might encounter.
SOLUTIONS: I
am dialing into my office network from my home, and I am having trouble getting a
logon completed. The RAS server is on a different segment than my Domain controller.
Do I need to move my domain controller or my RAS server? You don't need to move either;
you can just make a Registry change to the RAS server. Because the amount of time
it takes to connect to the network through a dial-up router is longer than the time
NetLogon will wait, the user often gets an error message that says he has
been logged on using cached account information. He can still connect to his shares
and the printers, but it takes extra time to regenerate the connection the first
time each is used. If he is able to connect normally, he is lucky. The router must
have had an open line ready and waiting. By default, NetLogon sends out
three broadcast/multicast <1C> frames looking for the PDC or BDC at
five-second intervals. That adds up to only about 15 seconds, but the dial-up router
may take as long as 30-60 seconds, sometimes more. If the dial-up router cannot make
the connection before NetLogon times out, the system must use cached information
for validation. Fix this by extending the delay. This does not affect normal performance;
it simply extends the NetLogon wait time if necessary. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\
Parameters key, edit the ExpectedDialupDelay value. Enter the data
in total seconds, and each of the three frames will be broadcast in about one-third
of the time. The recommended value to enter is 60. If you find that it still
doesn't connect, you can extend it.
A dial-up connection is actually no different than any other network connection
in the way that systems are addressed. It is simply another network connection. It
has all the same requirements as any other connection, with logon, authorization,
security, and so on. Some of the functions that might happen to the client may be
different, based on the location of the client. For example, not all messages and
all broadcasts will go to a client connected by modem. This is set up that way to
preserve bandwidth on the modem connection.
SOLUTIONS: Every
time I dial into my RAS server, I get the error No logon server was available
to validate your password. One or more services may not be available across the network.
Why can't I log on to my NT domain? If you use NWLink as your primary protocol to
dial in to an NT network with RAS, you may not be able to be validated because the
NetBIOS broadcasting functions are disabled by default. The logon request is not
broadcast, and no logon is available. The only functions available to you are those
from Workgroup-connected machines not participating in the domain security. Other
functions also may not be available, even if you are connected. The real culprit
is the forwarding of IPX type 20 packets between the remote RAS client through the
RAS server to other servers on the network that use NetBIOS functions. At the RAS
server, change the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\NwlnkIpx\Parameters
key by editing the DisableDialinNetbios value. Table 20.2 shows the options
available.
Table 20.2. Broadcast options using RAS and DisableDialinNetbios.
Settings |
Broadcasts |
0 |
Client to RAS server to network and back |
1 (default) |
Client to RAS server only |
2 |
Network to RAS server to client only |
3 |
All IPX type 20 broadcasts disabled |
Set this to zero (0), and you can easily connect to the network. The only
downside to this setting is that other broadcasts from the network go down your connection
as well.
More challenges come up because of the limitations imposed on Dial-Up Networking.
Making the correct settings to create a workable, balanced environment can be a real
challenge.
SOLUTIONS: How
can I make my browsing better when I dial in to the network? With a dial-up connection,
if you are having difficulty seeing computer names, network shares, or printers during
browsing, you may need to change this parameter. This tip extends the routing of
broadcasts from remote clients across routers, extending throughout the entire network.
It also allows broadcasts to extend to the remote client from the network. Without
this, browsing may not work. Change the NetBiosRouting value in the HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\NWlnkRip\Parameters key. The default is 0
to reduce traffic. That is like turning off someone's drinking water so they don't
drown. Some traffic is necessary to make networking work. Table 20.3 shows the other
available values.
Table 20.3. NetBiosRouting possibilities.
Settings |
Results |
0 |
Do not forward broadcasts |
2 |
Forward NetBIOS packets from remote client to LAN |
4 |
Forward NetBIOS packets from LAN to remote client |
6 |
Two-way forwarding of NetBIOS packets |
Change the data, and choose 2, 4, or 6, depending on
your needs.
Traffic is another consideration in connecting to a network by modem. The bandwidth
issue is always present, and until that's solved, we will have to deal with challenges
like the next one.
SOLUTIONS: Why
do I keep getting errors when I am copying data from my server across my dial-up
connection? Moving data from the very fast LAN to the relatively (and sometimes horribly)
slow RAS-connected client can force a number of problems. If the RAS client cannot
keep up, the packets are discarded and must be re-transmitted. To solve the problem,
RAS uses some physical memory (about 64KB per client) and also part of its paging
file as a buffer. Unless the paging file and the amount of space allocated for RAS
are sufficient, there will be errors. Reliability is also a concern. If the sender
on the LAN sends more data than can be buffered, RAS kicks in with a NetBIOS flow
control. This can cause communication errors to occur. Expand the size of the buffer
on the RAS server to improve performance and increase reliability. To expand the
size, change the MaxDynMem value in the HKEY_LOCAL_MACHINE\SYSTEM\Current
ControlSet\Services\RemoteAccess\Parameters\NetbiosGateway key. The range of
the data is 131,072-4,294,967,295 bytes. The default value is 655350 (640KB)
per client connection. The minimum (128KB) is ridiculously small, and 4GB may be
just a bit excessive. Choose something in between, and type it as bytes. After you
restart the RAS service, have the clients reconnect, and their data transfer performance
will be better.
There are only so many connections you can make to one NT server with RAS. The
actual maximum is 256 connections. Unfortunately, there are not that many that you
can use. The next question relates to that very problem.
SOLUTIONS: When I dial in to my network,
and try to connect to all the shares I need, I get error messages that say I cannot
connect because there are no more available connections. What should I do? All RAS
clients together can have a total of 255 simultaneous NetBIOS sessions. Each client
has a maximum number of sessions, but the active number is what is calculated in
that 255. For example, if 10 remote clients connected and each one was using 25 sessions,
the eleventh would only be able to use five sessions. Each session may be a connection
to a printer, a share, and so on. To correct this problem, you can have some of the
clients connect to another RAS server, or you can limit the number of sessions available
to each user. If you want to limit the number of connections each user can have,
you can change HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\RemoteAccess\Parameters\NetbiosGateway.The
value to edit is MaxSessions, and the range of the data is 1-255 sessions
per connected client, with the default at 255. Set it at 16, and
16 users can simultaneously be connected, never running into the limit. One easy
way to calculate the value is to divide 255 by the number of available RAS connections
and set that as the maximum. Past the maximum, new sessions temporarily disconnect
the oldest sessions. The oldest item would still show in the lists, but when activated,
it would take a little longer to actually connect.
If you had the maximum 256 connections to the network, none of the clients could
actually connect to printers or shares. All of the connections would be taken just
by connecting to the server.
SOLUTIONS: When
I dial in to my RAS server, I hear the modem make all the funny sounds it makes during
the connection, I log on, and then I get an error, Unable to connect to shares. When
you are connecting over a dial-up router or RAS server, the time required to connect
is often more than the system can wait for. Increasing the NetLogon parameter
was discussed earlier in this chapter. Use ConnectMaxTimeout to change the
timeout for connections to shares. Increase the value, and the system pauses to overcome
delays in connecting to shares across the remote connection. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\
Parameters key, the timeout value is entered in ConnectMaxTimeout as
a number of seconds. The default is 45 (seconds), and you can set it anywhere
from
0-400.
The expansion of your business sometimes requires you to have multiple connections
to the Internet. Those connections each need their own IP address and domain name.
Getting those names is critical to multiple Internet domain functions and success
on the Internet as a server.
SOLUTIONS: I
want to allow multiple domain names on my Internet Information Server. The names
are set with the IP addresses in the DNS server, the IP addresses are set on the
cards, and yet I still cannot get connections to it other than the first domain name
I set. Did I miss something? Yes, you did. You need to make a Registry change on
top of the other things you did. Your ISP may assign multiple domain names in the
DNS (Domain Name Service) server to connect to your server. Each of those domain
names has an independent IP address. You can have all of those addresses on the same
card, using the same outside connection, simultaneously. This enables your single
Web server to service multiple companies or domain names, looking like separate servers
to each. Set up RAS to connect to your ISP with one of the IP addresses. Add all
the other IP addresses to your network adapter. Set up the first address, including
the subnet mask, with Control Panel | Network | Protocols | TCP/IP. Select Advanced
to add the remaining IP addresses and corresponding subnet masks. Then, change the
Registry to allow all packets to come through the RAS connection. When a packet has
the correct IP address in the header, the client connects to the Web server. Find
HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\RasArp\Parameters.
Add a value named DisableOtherSrcPackets, as a REG_DWORD value,
and set this at 0 to allow the connections.
In addition to Windows and DOS machines, you can also have Macintosh systems connect
to your NT server, and participate in the network. However, there is no native NT
client for the Macintosh, so the normal Macintosh client is used, and the information
is translated at the NT server. The Services for Macintosh are included with NT Server,
and expand the capabilities of your network. If there were a native NT client that
could be loaded onto the Macintosh client, the built-in challenges in Services for
Macintosh would just go away. Hopefully, Apple will release it soon. Unfortunately,
even though the native client performed well during Beta testing, the release date
is unknown.
SOLUTIONS: I
connect to a Windows NT network with my Macintosh, and when I do a File Find command
on my system, looking for a file on the server, my system seems to hang, and everyone
else's does, too. When the search is done, everything goes back to normal. Do I just
have to live with this? No, you don't just have to live with it. Macintosh computers
use a special command called CatSearch to do the File Find. That CatSearch may make
all the systems appear to hang if there are a lot of Macintosh clients on the network,
or there are a lot of files the search has to go through. Support for the AFP CatSearch
command was added in Windows NT 3.51. This command is used so the Macintosh client
asks the server to do the search, instead of performing the search of the Macintosh
volume itself. CatSearch instructs Windows NT to look through all directories and
files, based on the specified search parameters. When the search is performed at
the root of a Macintosh volume with many directories, subdirectories, and files,
it can delay the processing of requests from other Macintosh clients and the Macintosh
clients will appear to stop responding while they wait for their request to be processed.
You can disable the CatSearch function for a particular Macintosh volume on the NT
Server by adding Service Pack 2 (or higher), and then make a Registry change. The
key to change is in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MacFile\Parameters\Volumes. Edit the value for the volume where you
want to disable CatSearch (each volume has a value). Add DisableCatsearch=1
to the end of the list, as shown in Figure 20.3. Exit the Registry editor, and then
stop and restart Services for Macintosh.
Figure
20.3. Removing the
CatSearch function for a particular Macintosh volume.
Be aware that disabling may make your searches even slower, if you are not careful
with your requests. Instead of searching everything on the entire volume, you may
want to narrow your search. The search will be faster, and everyone's performance
will go up.
Sometimes things just bug you, and they feel like a little pebble in your shoe.
The passwords for Dial-Up Networking are just like that. No matter how many times
you enter the password, and tell DUN to save it, it never seems to be saved. It's
frustrating.
SOLUTIONS: I
hate it. No matter how many times I tell my system to save my password when I am
making a Dial-Up Networking connection from Windows 95, it doesn't save it. Why not?
I can appreciate your feelings, because it drives a lot of people crazy. The problem
can be caused by any of the following situations:
- Password caching is disabled.
- One or more of the files associated with Dial-Up Networking is missing or damaged
(you would get an error if this was the case).
- Your password list (.PWL) file is damaged.
- The RNA.PWL file (if it exists) is damaged.
This can easily happen after making a change to your Access Control functions
in the Networking Control Panel applet, or if you change the name of the workgroup,
or if you log on to a different domain. Ensure that password caching is enabled in
the HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\Policies\Network key. If password caching is
disabled, the DisablePwdCaching value will be set to 1. If the
key was not there, or was set to 0, remove Dial-Up Networking, and then
reinstall it. Create a new password (.PWL) file by deleting the one based
on your username (username.PWL). Also delete the RNA.PWL file if
it is on your computer and then restart your computer. When the Enter Network Password
or Welcome To Windows dialog box appears, type the password that you normally use,
and then click OK. When you are prompted to confirm the password that you entered,
type the password again in the Confirm New Password box, and then click OK. The password
list for your username and the RNA.PWL file will be recreated on your system.
Then, Dial-Up Networking should remember your password correctly.
Summary
The Registry controls all of the devices that are used in networking, and all
the settings for Windows NT and 95 to use features and functions of many different
types of networks. With the correct settings, it should work just as Microsoft designed
it. With the extra options in this chapter, you can make it work the way you want
it to.
|