enterprise

Good Notes written by Pang-Chieh Chou whose Site is unfortunately down hence my posting these notes here.

NT 4.0 Server in the Enterprise Notes

By Pang-Chieh Chou, http://www.hal-pc.org/~pchou

Study Materials for the Enterprise Exam:

Microsoft TechNet, Implementing Directory Services Using MS Windows NT Server - Part 1 & 2

Microsoft TechNet, Performance Analysis and Optimization of MS Windows NT Server, Part 1 & 2

NT 4.0 Server CD: Online Books, Concepts & Planning

NT 4.0 Server CD: Online Books, Networking Supplement

Windows NT 4.0 Network Administration, Microsoft Press

Windows NT Technical Support, Microsoft Press

Trusts

Trust relationships is the most important area on the Enterprise exam.

Go to Trust Tutorial

===============================================================

Server Service Configuration Settings

To configure the server service for a particular type of server, use the Server option under Services in the Network program in Control Panel.

-For up to 10 client connections, click Minimize Memory Used.

-For up to 64 client connections, click Balance.

-For a file and print server, click Maximize Throughput for File Sharing.

-For an application server, click Maximize Throughput for Network Applications.

-For a domain controller, click Maximize Throughput for Network Applications.

-For a WINS server, click Maximize Throughput for Network Applications.

The amount of memory allocated to the Windows NT Server service (for such resources as InitWorkItems, MaxWorkItems, RawWorkItems, MaxPagedMemory, MaxNonPagedMem, ThreadCountAdd, BlockingThreads, MinFreeConnections, and MaxFreeConnection) differs dramatically based on your choice.

(Reference: Microsoft TechNet, Performance Analysis and Optimization of MS Windows NT Server, Part 2)

======================================================================

Planning to Avoid Slow WAN Links

To avoid logon traffic across slow WAN links, the network administrator should place BDC's where logon activity is taking place. BDC's placed on each side of a WAN link minimize logon validation traffic across the WAN link.

(Reference: Microsoft TechNet, Performance Analysis and Optimization of MS Windows NT Server, Part 2)

======================================================================

Synchronization of User Account Database of BDC's with PDC over a WAN Link

The Net Logon Service controls the user account database synchronization process. When synchronization occurs, the PDC announces that there are changes in the database. The BDC's then ask the PDC to send the changes. If the PDC and BDC's are on opposite sides of a WAN link, this communication would lead to traffic across the slow WAN link. However, the network administrator can control certain aspects of the synchronization process through several items in the NT registry under

\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Replication Governor: defines a percentage which controls the size of data transferred on each call to the PDC and the frequency of those calls; default is 100; For WAN link, reducing the Replication Governor to say, 50, will reduce the size of data transferred to half and also halve the frequency of the data transfers.

Pulse: defines in seconds the time, after which the BDC's will be sent a pulse; default is 5 minutes; For WAN links, increasing the pulse to say, one hour, means that the BDC's will be sent a pulse once every hour;

Pulse Concurrency: defines the maximum number of BDC's that the PDC will notify at a time; since the BDC's will respond by requesting database changes, increasing the Pulse Concurrency will increase the load on the PDC; default is 20; For WAN links, decreasing the Pulse Concurrency will decrease the load on the PDC but will possibly increase the time required before all BDC's receive database changes

==============================================================

System Policy for Users and Groups

When multiple system policies apply to a user, a system policy specific for the user overrules a system policy for a group that the user is a member of. If multiple group system policies apply to a user, the policies are applied in the order specified in the Group Priority dialog box.

(Reference: NT 4.0 Server CD, Online Books, Concepts and Planning, Chapter 3)

======================================================================

NT RAS Security

Password Encryption

When NT and 95 clients negotiate a PPP connection to an NT RAS Server, the password authentication method will always be MS-CHAP. This method of authentication is the highest security possible for password authentication. The password will be encrypted. (Reference: Microsoft Knowledge Base article Q136634; NT 4.0 Online Books, Networking Supplement Ch. 7)

Data Encryption

While passwords are encrypted by default when NT RAS Server communicates with an NT client, data encryption is an option that the administrator must set up. To accomplish this, select "Require Microsoft encrypted authentication" as well as "Require data encryption" in the Network Configuration dialog box on the NT RAS server.

(Reference: Microsoft Knowledge Base article Q136634, "you can optionally enable 'Require data encryption' "; NT 4.0 Online Books, Networking Supplement Ch.7, Data Encryption, "For installations where total security is required, the RAS administrator can force encrypted communications.")

Description of the Encryption Settings

In the Network Configuration dialog box for the NT RAS Server, you will find these possible settings for encryption:

"Allow any authentication including clear text" authenticates the client using any method requested by the client. NT clients will always negotiate encrypted passwords using MS-CHAP. Some third party clients might be able to negotiate only clear text (password not encrypted).

"Require encrypted authentication" authenticates clients that request the MS-CHAP, DES, or SPAP authentication methods. This method will negotiate encrypted passwords for some third party clients.

"Require Microsoft encrypted authentication" uses the MS-CHAP authentication method and encrypts passwords. This method is always used when NT RAS server negotiates with an NT client. If you wish to encrypt data as well, you must select "Require data encryption." (Reference: Microsoft Knowledge Base article Q136634)

==============================================================

Migration Tool for Netware

The above tool enables you to transfer objects from NetWare servers to NT servers. The following information will be migrated :

User accounts
Group accounts
Account permissions where applicable
Directory structures
Files

The following information will not migrate:

Passwords
Printer server and queue information
User-defined objects

Migration Tool for NetWare has the following requirements:

Can be used to migrate only to NT servers that function as PDC's or BDC's
NWLink and GSNW must be installed on the NT server running the Migration Tool and the server being migrated to
Files and folders' permissions are preserved only if transferred to an NTFS partition

Handling Username Conflicts

By default, if a username already exists on the NT server's domain, that username will not be transferred from NetWare. In addition, passwords are not migrated. In order to have control over this process, you can use a mapping file. Each line in the mapping file has the following format:

Old_username, new_username, password

(Reference: NT 4.0 Online Books, Networking Supplement, Ch. 14)

=================================================================

DHCP

A host is a computer or device in a TCP/IP network. Just as each house in a neighborhood has a unique address, each host is uniquely identified by its IP address.

In order to communicate with other hosts in the network, a host needs to have an IP address. This IP address may be assigned manually by typing in the IP address in the TCP/IP Properties configuration box. However, manually configuration of IP addresses can lead to errors such as mistyping addresses and using duplicate IP addresses.

A solution would be to have a server automatically assign each host an IP address. This type of server is called a DHCP server. The process of configuring a client with an IP address involves communication between the server and the client in the form of DHCP packets. The process starts with a client requesting an IP address and ends with the DHCP server acknowledging the success of the assignment of the IP address.

Because DHCP packets are sent as broadcasts, Network Monitor may be used to analyze the DHCP packets.

If a DHCP client and DHCP server are separated by a router, then a DHCP Relay Agent is used to forward requests from the client to the server. The DHCP Relay Agent, which resides on the same subnet as the DHCP client, has the IP address of the DHCP server.

Having DHCP servers on both sides of a WAN link can reduce the traffic across the slow link.

=================================================================

WINS and DNS

IP addresses consists of only numbers and can be difficult to remember. Instead of IP addresses, a computer may be identified by a name instead. In Microsoft networks, NetBIOS names of 15 definable characters are used to identify computers. In TCP/IP networks, host names of up to 256 charcters are used to identify the host.

When users issue commands to communicate with other computers, they usually use the NetBIOS names or hosts names of the destination. However, in a TCP/IP network, the names must be translated into the corresponding IP addresses before communication can occur. A database containing computer names listed with corresponding IP addresses can be used.

A WINS server resolves NetBIOS names to IP addresses. A DNS server resolves host names to IP addresses. WINS and DNS servers answer the question, "What is the IP address of the computer with this name?"

Having WINS servers on both sides of a WAN link can reduce traffic across the slow link. However, what would happen if the WINS server on one side of a WAN link contains entries in its database which the WINS server on the other side of the WAN link does not? Then a computer on one side of the WAN link might not be able to communicate with a computer on the other side of the WAN link.

Replication between WINS servers ensures that names and IP addresses are registered in all WINS servers involved in an internetwork. Replication between WINS servers on two sides of a WAN link does contribute to traffic across the slow link. Configuring the WINS servers on two sides of a WAN link for pull replication can help minimize this replication traffic since you can configure replication to occur at low usage times such as during the night.

(A push partner send notification to its replication partners that it has database changes when a set number of changes have occurred. A pull partner requests database changes from its replication partners at specified time intervals.)

WINS servers and clients communicate directly with each other without the use of broadcasts. Broadcasts can lead to "storms" in network traffic. WINS servers and non-WINS clients can communicate with each other through a WINS proxy. The WINS proxy forwards requests from the non-WINS client to the WINS server.

(Reference: Microsoft Official Curriculum, TCP/IP on Windows NT 4.0)

=================================================================

Dynamic Routing (RIP)

In a TCP/IP with RIP (Routing Internet Protocol) -enabled routers, routers in the network exchange routes to known networks with each other. Routers automatically inform each other of any changes in routes. RIP uses distance-vector algorithms to determine routes based on hop counts between routers

(Reference: Microsoft Official Curriculum, TCP/IP on Windows NT 4.0)

=================================================================

IIS

Internet Information Server is a web server that works with NT Server 4.0. You must have the TCP/IP protocol installed on the server. The web server can host one or more web site domains. If you host more than one web domain, you must assign a unique IP address for each web domain. Therefore, you may have to assign multiple IP addresses to the server's network adapter card. In addition, within the IIS program, you must define a WWW virtual directory for each web domain that you host. This directory will appear to be a folder under NT explorer.

(Reference: IIS 2.0 Online Documentation)

==================================================================

Tools for Server Analysis and Optimization

Server Manager

View current connections, idle time on connection, share names in use

Performance Monitor

Monitor performance of NT servers and workstations

NT Diagnostics

Display current configuration of computer, such as processor, memory, disk, and network information

Task Manager

View, start, and stop applications and processes; view memory and CPU utilization

Network Monitor

Captures and views network traffic to and from computer for troubleshooting and traffic pattern planning

Response Probe

Applies controlled stress of a specific resource and observes the response; for determining maximum throughput and performance characteristics

Creating a Measurement Baseline

A measurement baseline is a collection of data that indicate how a system's resources are being used. To create a measure baseline, identify the resources that need to be measured. Then collect data regularly at all times, busy and slow times, for analysis of trends.

(Reference: Microsoft Official Curriculum, NT 4.0 Server in the Enterprise, NT 4.0 Workstation Resource Kit, Chapter 11)

=====================================================================

Performance Monitor Counters

Water pours out slower through a bottle's neck than out of a wide bucket.

Causes of Bottleneck

- device not being used efficiently

- device using other resources

- device too slow

- device does not have the capacity to handle the load

Sometimes a bottleneck may be caused by another bottleneck. Solving the initial bottleneck is essential to solving the other bottlenecks.

Determining Memory Bottlenecks

Insufficient RAM may result in excessive paging. Data must be written to and retrieved from the hard disk. Disk access times are measured in milliseconds (10 ^ -3) while RAM access time is measured in nanoseconds (10 ^ -9). Therefore, adding RAM can increase performance.

Pages/Sec measures the number of pages requested that were not immediately available in RAM.

Pages/Sec should be low (0-5). If not, add RAM.

Determining Disk Bottlenecks

I once tried all kinds of counters for disk performance and kept getting zeroes. What you must do to enable the collection of data on the hard disk is to type diskperf -y at the command prompt. Disk monitoring does require some processor overhead but this overhead is not very significant.

LogicalDisk counters monitor logical partitions of hard drives. LogicalDisk is useful for determining which partition is causing disk activity. PhysicalDisk monitors physical hard drives as a whole.

% Disk Time measures the percentage of time that the disk drive is busy servicing read and write requests.

% Disk Time should be low (under 75 %). If not, then monitor if paging is occuring. If excessive paging, then add more RAM. If paging is not excessive, then upgrade hard disks.

Determining Processor Bottlenecks

The processor on an application server is generally busier than that on a file and print server.

% Processor Time measures the percentage of time that the processor is busy.

% Processor Time should be consistently lower than 75 percent. If not find the process causing excessive processor time. Consider upgrading the processor, using additional processors, and splitting the load across multiple servers.
If the system has multiple processors, then monitor the counter "System: % Total Processor Time"

Determining Network Bottlenecks

Network Segment: % Network Utilization is the percent of network bandwidth in use for the local network segment.

If % Network Utilization is greater than 30 percent, then segment the network and limit the number of protocols in use.

(Reference: Microsoft TechNet, Performance Analysis and Optimization of MS Windows NT Server, Part 2)

=====================================================================

Network Monitor Filtering

Network Monitor captures traffic to and from a computer. Once data has been captured, you might want to analyze only certain aspects of all the data collected. A display filter can be set to show only the traffic from a certain address or traffic of only a certain protocol.

(Reference: NT 4.0 Server CD : Online Books, Concepts and Planning, Ch. 10)

=====================================================================

Fault Tolerance

The goal in a fault tolerance disk array is to guard against the loss of data in the hard disks;

Disk Striping without Parity (RAID 0; NOT FAULT TOLERANT)

improves read and write performance by spreading data among all disks in the stripe set but is NOT FAULT TOLERANT; if one disk fails, all data is lost

Mirror Sets (RAID 1)	Striping with Parity (RAID 5)
Supports FAT and NTFS	Supports FAT and NTFS
Requires two disks	Requires minimum of three disks
Has good read and write performance	Excellent read performance because data is distributed among several disks; Moderate write performance because parity information must also be written
Uses less system memory	Uses more system memory and processor overhead because parity information must be calculated by the processor
Can mirror system or boot partition	Cannot stripe system or boot partition
Break Mirror; delete partition; replace failed drive ; select free space and Establish Mirror set; restart when prompted	Replace failed drive; select free space; chose Regenerate; restart when prompted
	If one disk in the stripe set fails, data can be restored from parity information in the remaining disks. If more than one disk fails, you must restore the data from tape backup.

(Reference: Windows NT Technical Support, pages 240-250)

=========================================================

Troubleshooting

Common Boot Process Error Messages

- These are some messages that may be displayed while booting if certain files are missing

If the Ntldr file is missing,

BOOT: Couldn't find NTLDR

Please insert another disk.

If Ntdetect.com is missing,

NTDETECT V 4.0 Checking Hardware ...

NTDETECT failed

If Ntoskrnl.exe is missing, the following message appears after the Last Known Good prompt:

Window NT could not start because the following file is missing or corrupt:

\winnt root\system32\ntoskrnl.exe

Please re-install a copy of the above file.

However, the above error message may be caused by an incorrect boot.ini file. The path to the Windows NT files may be incorrect and therefore, winnt_root will not be found and the ntoskrnl.exe will not be found.

Creating a Windows NT Boot Disk (this is NOT the Emergency Repair Disk !)

If Windows NT fails to boot because of missing or corrupted files in the boot partition, a boot disk can be used to boot the system and restore the missing files to the hard disk. To make a boot disk, you must

Format a floppy disk under NT 4.0
Copy to the floppy these files: Ntldr, Ntdetect.com, Boot.ini and if existing, the Bootsec.dos or Ntbootdd.sys

If needed, boot the server with the Windows NT Boot Disk and copy the above files onto the hard disk. The Windows NT Boot Disk is NOT the Emergency Repair Disk (ERD).

Last Known Good Configuration

After a user successfully logs on to Windows NT, configuration information is written to the registry in a control set called the Last Known Good. If you are having problems with startup and have made device driver changes, do not log on. Choosing Last Known Good will enable you to start Windows NT because Last Known Good does not contain the new faulty device drivers.

Emergency Repair Disk (ERD) is NOT BOOTABLE

The Emergency Repair Disk can be used to restore a computer to running the state of the last Emergency Repair update. The disk can be used to repair missing or corrupt NT files and restore parts of the registry. The Emergency Repair Disk is unique to each machine; that is, two different machines will each require an Emergency Repair Disk made at that machine.

To create an ERD, insert a floppy disk and type rdisk

To create an ERD with SAM database and security information, type rdisk /s

The Emergency Repair process requires the three installation disks for Windows NT setup. If you do not have these diskettes, you can create them at ANY running server by typing winnt /ox

The Emergency Repair Process

To restore Windows NT on an Intel-based server,

Insert the first installation disk in the floppy drive and start the computer.
Type r when asked whether you want to install or repair files.
Insert the Emergency Repair Disk when propmted and follow the instructions.

Notice that you do NOT boot with the Emergency Repair Disk!

Recovering the Registry and System Partition

If you have mirror sets and one drive fails, the registry, boot and system partitions should be on the other disk.

Volume sets and striped sets (with or without parity) cannot contain the boot and system partitions. If you lose a hard drive that is not part of the volume sets or stripe sets and that drive contains the boot or system partition, then you have the following choices:

To restore the system partition and parts of the registry, use the Emergency Repair process.
To restore the boot partition, system partition, or the entire registry, restore from backup tape.

STOP Screen Errors (Blue Screen of Death; BSOD)

The stop screen can be intimidating but contains vital information for troubleshooting. You can examine the stop error code on the screen for details about what caused the server to crash.

In addition, you can configure the server to create a file called CrashDump that contains the stop screen and stop code for further analysis. To configure the server to write debugging information to a CrashDump file, go to > Control Panel > System > Startup/Shutdown. Select the appropriate box in the System Recovery section.

After the CrashDump file has been created, the Dumpexam utility can extract information from the CrashDump and create a text file from the information. This text file is used by Microsoft Technical Support personnel to determine the cause of the STOP Screen error.

Dumpchk is a utility that you can use to verify that a memory dump file has been created correctly.

Dumpflop is a utility that you can use to write a memory dump file to floppies. This is generally not efficient.

Dr. Watson

Dr. Watson is an application error debugger. It detects application errors, diagnoses the error, and logs the diagnostic information. Dr. Watson will start automatically if an application error occurs. To start Dr. Watson when there is no error, type drwatson and click on Help for further information.

=========================================================