Making networking work well is one of the most difficult functions in the realm of computing. Most of the time, the difficulty is due to the sheer number of variables. The problems are usually related to difficulty in getting connected, or the lack of performance, but the symptoms may mask the real problems. Many times, the error indicates that the domain controller cannot be found or a timeout error has occurred in accessing files on the network.
The biggest challenge, then, is isolating the actual problem, and then fixing it. At times, that is "easier said than done." Some of the problems and their fixes are described in this chapter.
SOLUTIONS: In Windows 95, when I set my system to use User Level access, and I log on to the NT domain, it still comes up and asks me what my Windows password is. Isn't one enough? If you set the system right, it is. You can quickly set the system so it will use the password you gave for domain logon for Windows logon as well. To set that, you will need to disable the password caching for Windows 95. In HKEY_LOCAL_MACHINE\Software\ Microsoft\Windows\CurrentVersion\Policies\Network, add a new DWORD value called DisablePwdCaching, and set it to 1.
This will also work if the user is logging on to a NetWare network. Then the network logon function will relay the password to Windows 95 for its logon.
SOLUTIONS: I recently upgraded from Windows for Workgroups to Windows 95. I use only TCP/IP protocols, and my system hangs every time I try to connect to another computer. What is wrong? Upgrading from WFW running the 32-bit TCP/IP stack adds an unsupported value to the Registry. Remove the value, and your system should work just fine. When you upgraded, an entry in the SYSTEM.INI file created the EnableRouting value in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\MSTCP key. Remove the value, remove the line EnableRouting=1 in the SYSTEM.INI file, and restart your system. It should give you TCP/IP access then.
As you can see, the situations can get quite complex. Making systems connect, particularly when different types of networks are involved, can be very challenging.
SOLUTIONS: We merged two NetWare networks together and I want to connect to both, but I cannot see the systems that are from the old network. What should I do? If you connect your NT Workstation to more than one NetWare network, each using a different frame type, or if the one NetWare network is bound to more than one frame type, your system may not see all the systems on the network. To see all the systems on the network, your card must be set to more than one frame type. You may enter as many types as are currently on your networks. Change the PKType value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\NWLinkIpx\NetConfig\network_card. PKType is a REG_MULTI_SZ entry, and the possible values for PKType are shown in Table 20.1. Check with your administrator for the correct frame types.
Table 20.1. Possible values for PKTType.
Value Frame Type 0 Ethernet II 1 Ethernet 802.2 2 Ethernet 802.3 3 Ethernet SNAP 4 ARCnet ff Auto Detect
If the value is set to ff, as shown in Figure 20.1, remove the ff setting. If ff is left in the Registry, it ignores all the specified settings, and the change is ineffective.Figure 20.1. The Multi-String Editor with automatic frame type set for NWLink.
Because it is a multiple string value, you can set the PKType parameter to as many values as necessary. (See Figure 20.2.) Each of the entries for a frame type should be on its own line in the Multi-String Editor dialog box.Figure 20.2. Enter each of the types on a separate line.
Don't use REGEDIT.EXE to make this change because it involves a REG_MULTI_SZ entry. To activate this change, restart the system. The Workstation looks for all of the listed frame types and responds to systems that are using them.
Using a TCP/IP network involves many components. If any of those components doesn't work correctly, you will have problems. In all cases, compromises must be made. Microsoft attempts to make the systems meet the needs of the widest audience. Those choices might not be the ones you would make. Some of those standard functions, even working correctly, will cause problems in a non-standard environment. Such is the case with the next question.
SOLUTIONS: When I am not connected to my network, my notebook always seems to take extra time to boot. Any ideas why? If your system uses WINS for name resolution, every system that boots needs to find the WINS server. If your laptop is not connected to the network, it will not find the WINS server, and will time out eventually. The WinsDownTimeout parameter sets the amount of time NBT waits before trying to use another WINS server. Most networks using WINS have two WINS servers, a primary and a secondary, that keep track of computer names on the network. If a system cannot find the primary WINS server, it searches for the secondary one. If it cannot find that, it does not use any name-recognition functions, and TCP/IP networking is significantly hampered. Luckily, that's OK when you're not connected, and the default is much more than enough in most cases if you are connected. The value name to add is WinsDownTimeout, a REG_DWORD entry, in the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters key. The data is time in milliseconds, and the range of the data is 1000-0xFFFFFFFF, with a default of 15,000 (15 seconds). Set it lower, and the logon process when the laptop is not connected to the network is much faster.
One of the great misconceptions in the computer business is that of "unlimited." There are only a very, very few times when that is actually true. Normally, when the term unlimited is used to describe functions, it means that the numbers are so great that you would normally never hit them. The next situation is an example of the unlimited term being used a little too loosely. It is, in fact, nowhere near unlimited.
SOLUTIONS: I got an error that there were not enough connections at the server for me to connect. I didn't know there was a limit. If you get an error that says the system was unable to find a free connection and couldn't connect to another system, you may need to expand the number of connections available at the server to each user. In the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\LanmanServer\Parameters key, add a new value name called MaxFreeConnections, a REG_DWORD entry. The range of the data is from 2 to 8. Normally, it is between 2 and 4 as the default, depending on the configuration of the system. Set it to 8 to provide the best connection performance.
Connection challenges seem to go up even more radically when you add in the phone lines and RAS. There are additional functions in the software that need to be set correctly, and also you have to deal with other outside influences related to line quality and connections.
Add the Internet, and then you get even more variables. The Internet is a great tool, but the same factors that make it great, make it uncontrollable and more difficult to use. No one has complete control, and though there are a significant number of "standards," there is still a lot of room for difference. The next problem is an illustration of that.
SOLUTIONS: I seem to be having more and more trouble connecting to sites on the Internet from my NT Workstation. Is it just traffic, or am I doing something wrong? With the Internet getting more and more congested, you may receive timeout errors if the time it takes to connect to the target system is too long, or if the number of hops is too great. To increase the number of hops available or to increase the time before error, make this Registry change. Edit the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\
Parameters key, and change the data in the value called DefaultTTL. The range of entries is 1-255 with the default at 32. If you are experiencing a significant number of timeout errors while connected to servers in the Internet, increase this number. 64 should be sufficient to eliminate nearly all the errors you have.
Dial-Up Networking is a fabulous tool that greatly standardized the way people connect with Windows 95 and NT. Prior to that, using communications programs was cumbersome at best. DUN isn't perfect now either, but it is a lot easier than the alternatives used to be. Getting the actual connection is also not the only problem you might encounter.
SOLUTIONS: I am dialing into my office network from my home, and I am having trouble getting a logon completed. The RAS server is on a different segment than my Domain controller. Do I need to move my domain controller or my RAS server? You don't need to move either; you can just make a Registry change to the RAS server. Because the amount of time it takes to connect to the network through a dial-up router is longer than the time NetLogon will wait, the user often gets an error message that says he has been logged on using cached account information. He can still connect to his shares and the printers, but it takes extra time to regenerate the connection the first time each is used. If he is able to connect normally, he is lucky. The router must have had an open line ready and waiting. By default, NetLogon sends out three broadcast/multicast <1C> frames looking for the PDC or BDC at five-second intervals. That adds up to only about 15 seconds, but the dial-up router may take as long as 30-60 seconds, sometimes more. If the dial-up router cannot make the connection before NetLogon times out, the system must use cached information for validation. Fix this by extending the delay. This does not affect normal performance; it simply extends the NetLogon wait time if necessary. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetLogon\
Parameters key, edit the ExpectedDialupDelay value. Enter the data in total seconds, and each of the three frames will be broadcast in about one-third of the time. The recommended value to enter is 60. If you find that it still doesn't connect, you can extend it.
A dial-up connection is actually no different than any other network connection in the way that systems are addressed. It is simply another network connection. It has all the same requirements as any other connection, with logon, authorization, security, and so on. Some of the functions that might happen to the client may be different, based on the location of the client. For example, not all messages and all broadcasts will go to a client connected by modem. This is set up that way to preserve bandwidth on the modem connection.
SOLUTIONS: Every time I dial into my RAS server, I get the error No logon server was available to validate your password. One or more services may not be available across the network. Why can't I log on to my NT domain? If you use NWLink as your primary protocol to dial in to an NT network with RAS, you may not be able to be validated because the NetBIOS broadcasting functions are disabled by default. The logon request is not broadcast, and no logon is available. The only functions available to you are those from Workgroup-connected machines not participating in the domain security. Other functions also may not be available, even if you are connected. The real culprit is the forwarding of IPX type 20 packets between the remote RAS client through the RAS server to other servers on the network that use NetBIOS functions. At the RAS server, change the HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\NwlnkIpx\Parameters key by editing the DisableDialinNetbios value. Table 20.2 shows the options available.
Table 20.2. Broadcast options using RAS and DisableDialinNetbios.
Settings Broadcasts 0 Client to RAS server to network and back 1 (default) Client to RAS server only 2 Network to RAS server to client only 3 All IPX type 20 broadcasts disabled
Set this to zero (0), and you can easily connect to the network. The only downside to this setting is that other broadcasts from the network go down your connection as well.
More challenges come up because of the limitations imposed on Dial-Up Networking. Making the correct settings to create a workable, balanced environment can be a real challenge.
SOLUTIONS: How can I make my browsing better when I dial in to the network? With a dial-up connection, if you are having difficulty seeing computer names, network shares, or printers during browsing, you may need to change this parameter. This tip extends the routing of broadcasts from remote clients across routers, extending throughout the entire network. It also allows broadcasts to extend to the remote client from the network. Without this, browsing may not work. Change the NetBiosRouting value in the HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\NWlnkRip\Parameters key. The default is 0 to reduce traffic. That is like turning off someone's drinking water so they don't drown. Some traffic is necessary to make networking work. Table 20.3 shows the other available values.
Table 20.3. NetBiosRouting possibilities.
Settings Results 0 Do not forward broadcasts 2 Forward NetBIOS packets from remote client to LAN 4 Forward NetBIOS packets from LAN to remote client 6 Two-way forwarding of NetBIOS packets Change the data, and choose 2, 4, or 6, depending on your needs.
Traffic is another consideration in connecting to a network by modem. The bandwidth issue is always present, and until that's solved, we will have to deal with challenges like the next one.
SOLUTIONS: Why do I keep getting errors when I am copying data from my server across my dial-up connection? Moving data from the very fast LAN to the relatively (and sometimes horribly) slow RAS-connected client can force a number of problems. If the RAS client cannot keep up, the packets are discarded and must be re-transmitted. To solve the problem, RAS uses some physical memory (about 64KB per client) and also part of its paging file as a buffer. Unless the paging file and the amount of space allocated for RAS are sufficient, there will be errors. Reliability is also a concern. If the sender on the LAN sends more data than can be buffered, RAS kicks in with a NetBIOS flow control. This can cause communication errors to occur. Expand the size of the buffer on the RAS server to improve performance and increase reliability. To expand the size, change the MaxDynMem value in the HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\RemoteAccess\Parameters\NetbiosGateway key. The range of the data is 131,072-4,294,967,295 bytes. The default value is 655350 (640KB) per client connection. The minimum (128KB) is ridiculously small, and 4GB may be just a bit excessive. Choose something in between, and type it as bytes. After you restart the RAS service, have the clients reconnect, and their data transfer performance will be better.
There are only so many connections you can make to one NT server with RAS. The actual maximum is 256 connections. Unfortunately, there are not that many that you can use. The next question relates to that very problem.
SOLUTIONS: When I dial in to my network, and try to connect to all the shares I need, I get error messages that say I cannot connect because there are no more available connections. What should I do? All RAS clients together can have a total of 255 simultaneous NetBIOS sessions. Each client has a maximum number of sessions, but the active number is what is calculated in that 255. For example, if 10 remote clients connected and each one was using 25 sessions, the eleventh would only be able to use five sessions. Each session may be a connection to a printer, a share, and so on. To correct this problem, you can have some of the clients connect to another RAS server, or you can limit the number of sessions available to each user. If you want to limit the number of connections each user can have, you can change HKEY_LOCAL_MACHINE\SYSTEM\ CurrentControlSet\Services\RemoteAccess\Parameters\NetbiosGateway.The value to edit is MaxSessions, and the range of the data is 1-255 sessions per connected client, with the default at 255. Set it at 16, and 16 users can simultaneously be connected, never running into the limit. One easy way to calculate the value is to divide 255 by the number of available RAS connections and set that as the maximum. Past the maximum, new sessions temporarily disconnect the oldest sessions. The oldest item would still show in the lists, but when activated, it would take a little longer to actually connect.
If you had the maximum 256 connections to the network, none of the clients could actually connect to printers or shares. All of the connections would be taken just by connecting to the server.
SOLUTIONS: When I dial in to my RAS server, I hear the modem make all the funny sounds it makes during the connection, I log on, and then I get an error, Unable to connect to shares. When you are connecting over a dial-up router or RAS server, the time required to connect is often more than the system can wait for. Increasing the NetLogon parameter was discussed earlier in this chapter. Use ConnectMaxTimeout to change the timeout for connections to shares. Increase the value, and the system pauses to overcome delays in connecting to shares across the remote connection. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\
Parameters key, the timeout value is entered in ConnectMaxTimeout as a number of seconds. The default is 45 (seconds), and you can set it anywhere from
0-400.
The expansion of your business sometimes requires you to have multiple connections to the Internet. Those connections each need their own IP address and domain name. Getting those names is critical to multiple Internet domain functions and success on the Internet as a server.
SOLUTIONS: I want to allow multiple domain names on my Internet Information Server. The names are set with the IP addresses in the DNS server, the IP addresses are set on the cards, and yet I still cannot get connections to it other than the first domain name I set. Did I miss something? Yes, you did. You need to make a Registry change on top of the other things you did. Your ISP may assign multiple domain names in the DNS (Domain Name Service) server to connect to your server. Each of those domain names has an independent IP address. You can have all of those addresses on the same card, using the same outside connection, simultaneously. This enables your single Web server to service multiple companies or domain names, looking like separate servers to each. Set up RAS to connect to your ISP with one of the IP addresses. Add all the other IP addresses to your network adapter. Set up the first address, including the subnet mask, with Control Panel | Network | Protocols | TCP/IP. Select Advanced to add the remaining IP addresses and corresponding subnet masks. Then, change the Registry to allow all packets to come through the RAS connection. When a packet has the correct IP address in the header, the client connects to the Web server. Find HKEY_LOCAL_MACHINE\SYSTEM\Current ControlSet\Services\RasArp\Parameters. Add a value named DisableOtherSrcPackets, as a REG_DWORD value, and set this at 0 to allow the connections.
In addition to Windows and DOS machines, you can also have Macintosh systems connect to your NT server, and participate in the network. However, there is no native NT client for the Macintosh, so the normal Macintosh client is used, and the information is translated at the NT server. The Services for Macintosh are included with NT Server, and expand the capabilities of your network. If there were a native NT client that could be loaded onto the Macintosh client, the built-in challenges in Services for Macintosh would just go away. Hopefully, Apple will release it soon. Unfortunately, even though the native client performed well during Beta testing, the release date is unknown.
SOLUTIONS: I connect to a Windows NT network with my Macintosh, and when I do a File Find command on my system, looking for a file on the server, my system seems to hang, and everyone else's does, too. When the search is done, everything goes back to normal. Do I just have to live with this? No, you don't just have to live with it. Macintosh computers use a special command called CatSearch to do the File Find. That CatSearch may make all the systems appear to hang if there are a lot of Macintosh clients on the network, or there are a lot of files the search has to go through. Support for the AFP CatSearch command was added in Windows NT 3.51. This command is used so the Macintosh client asks the server to do the search, instead of performing the search of the Macintosh volume itself. CatSearch instructs Windows NT to look through all directories and files, based on the specified search parameters. When the search is performed at the root of a Macintosh volume with many directories, subdirectories, and files, it can delay the processing of requests from other Macintosh clients and the Macintosh clients will appear to stop responding while they wait for their request to be processed. You can disable the CatSearch function for a particular Macintosh volume on the NT Server by adding Service Pack 2 (or higher), and then make a Registry change. The key to change is in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\MacFile\Parameters\Volumes. Edit the value for the volume where you want to disable CatSearch (each volume has a value). Add DisableCatsearch=1 to the end of the list, as shown in Figure 20.3. Exit the Registry editor, and then stop and restart Services for Macintosh.
Figure 20.3. Removing the CatSearch function for a particular Macintosh volume.
Be aware that disabling may make your searches even slower, if you are not careful with your requests. Instead of searching everything on the entire volume, you may want to narrow your search. The search will be faster, and everyone's performance will go up.
Sometimes things just bug you, and they feel like a little pebble in your shoe. The passwords for Dial-Up Networking are just like that. No matter how many times you enter the password, and tell DUN to save it, it never seems to be saved. It's frustrating.
SOLUTIONS: I hate it. No matter how many times I tell my system to save my password when I am making a Dial-Up Networking connection from Windows 95, it doesn't save it. Why not? I can appreciate your feelings, because it drives a lot of people crazy. The problem can be caused by any of the following situations:
This can easily happen after making a change to your Access Control functions in the Networking Control Panel applet, or if you change the name of the workgroup, or if you log on to a different domain. Ensure that password caching is enabled in the HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\Policies\Network key. If password caching is disabled, the DisablePwdCaching value will be set to 1. If the key was not there, or was set to 0, remove Dial-Up Networking, and then reinstall it. Create a new password (.PWL) file by deleting the one based on your username (username.PWL). Also delete the RNA.PWL file if it is on your computer and then restart your computer. When the Enter Network Password or Welcome To Windows dialog box appears, type the password that you normally use, and then click OK. When you are prompted to confirm the password that you entered, type the password again in the Confirm New Password box, and then click OK. The password list for your username and the RNA.PWL file will be recreated on your system. Then, Dial-Up Networking should remember your password correctly.
The Registry controls all of the devices that are used in networking, and all the settings for Windows NT and 95 to use features and functions of many different types of networks. With the correct settings, it should work just as Microsoft designed it. With the extra options in this chapter, you can make it work the way you want it to.
© Copyright, Macmillan Computer Publishing. All rights reserved.
