Mark Minasi's Windows 2000/NT Newsletter

Issue #9 December 2000

To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.

What's Inside

News

Hi --

Sorry I missed last month and that this month will be short, but I've been spending every waking minute (when not traveling) working on expanding the Mastering Windows 2000 Server book for the Third Edition -- the copy is all due by 15 December and there's only two more chapters to go.  (Before you ask, it's slated to appear in late February 2001.)  And speaking of traveling, I've had the chance to speak at some great conferences since the last newsletter.  Comdex Vegas was its usual nightmarish self, but the crowds for the Windows 2000 track were fantastic.  Host George Spalding kindly gave me the chance to do two general sessions (Active Directory and DNS) and the audience was great.  While it was a smaller crowd (200 people), Fastlane's DM/World conference in Toronto was great too.  While at the conference, which was held in the Four Seasons, I met actor Martin Short in an elevator -- but didn't recognize him, and just assumed that anyone in the hotel was a computer geek.  He was awfully gracious when he explained that no, he wasn't a network admin or marketeer from Fastlane, but instead was a movie actor and was talking to me because he just assumed that I was a fan and had recognized him.  (Clearly I've got to get out more often...)

Writing the Third has given me the chance to drill down into some of the internals of 2000 networking that I'd not had time for previously; in this month's Tech Tips, I include a few of the things that I've picked up along the way, as well as Yet Even More Stuff On RIS.

If you visit the Web site, I hope you'll notice that it's a bit snappier than before.  After three months of waiting, Verizon finally got around to hooking up our new faster frame relay.  Also, some of you may have not received the past two newsletters, because our slow frame relay was causing DNS to duke it out with the mail server for bandwidth, leading to dropped mail.  With hope that won't happen this time and won't become a problem again until we get to 15,000-20,000 subscribers, and we're only to 6,000 after 11 months, so I figure we're safe for a while.

While I was busy writing, Jennifer was busy scheduling.  We're inaugurating a busy public seminar schedule for next year because the first few Windows 2000 public seminars went so well, but I guess I might as well tell you about them...

I'm Teaching in Austin, Denver, Chicago, Kansas City, Atlanta, Tampa, Detroit and Minneapolis, With More Cities On the Way

The Philadelphia and Los Angeles public seminars were a big hit.  The attendees were uniformly pleased; you can see their reviews at www.minasi.com/2krevs.htm.  I'm about to go do the DC class and it's got the biggest attendance of the three, up to 30 people.  Many thanks to all who attended!

Those three pilot classes have gone so well that we're scheduling a series of classes for late Winter/early Spring of 2001:

You can find the outline for the seminar at www.minasi.com/w2koutln.htm and the exact schedule of times and locations for seminars at www.minasi.com/pubsems.htm

Jennifer is also hard at work trying to find hotels for Seattle, Portland OR, San Jose, Irvine, New York, Boston, Toronto and Ottawa for April/May.  We haven't announced locations there yet because it's a surprisingly difficult challenge finding hotels that will take small seminars like this, believe it or not.  Apparently most hotels won't give you the right time of day unless you're also booking a bunch of sleeping rooms.  We still can't take American Express apparently because the bank with our "merchant account" is out to lunch.  I'm a bit of a tyro when it comes to setting up this e-commerce stuff, so if any credit card/merchant bank/secure server-expert has the patience to help me figure this out I'd appreciate it, and thanks in advance!

I'm also looking into running a session in London if there's enough interest (the one in the UK, not the one in Canada), but that involves a bit more arranging.  More as we know it.

The city voting poll is still at www.minasi.com/pickcity.htm; please consider casting a vote for a city there.

Mastering Windows 2000 Professional, 2nd Edition is Printed

Okay, I goofed up.  But now it's fixed.  When it seemed a few years ago that Microsoft was positioning 2000 to replace Windows 9x altogether (something which never actually happened), Sybex and I decided to pitch the Mastering Windows 2000 Professional book to the range of beginner to intermediate user.  So the first edition of Mastering Windows 2000 Professional was a bit, well, elementary.  Of course, by the time Microsoft shipped 2000 Pro, the story had changed and I realized that the book should be aimed more towards the veteran Windows 9x or NT 4.0 user who's looking for an intermediate-to-advanced book for power users and help desk people.  So we ripped out most of the first edition and threw it away, resulting in a roughly 60-percent-new Second Edition.  You can find it at Amazon or wherever you buy tech books -- but be sure that you get the second edition!  And ignore the Amazon reviews, the Amazon guys just copied the reviews from the first edition.

New 2000-Compatible Toys

This month I've found myself having to buy some hardware odds and ends and wanted to report that I've found some terrific stuff that is 100 percent Win2K compatible -- which makes it even better.

I managed to lose my Palm Vx while in Toronto so I needed a new Palm (yup, I'm still kicking myself; how could I have lost a Vx?  Maybe that Martin Short guy picked it up, yeah that's it).  I figured I'd give a color Palm a try and picked up a Handspring Prism.  Imagine my happiness when I saw that (1) it syncs with USB -- far faster than serial ports -- and (2) the USB stuff works under 2000.  Yay!  Also, I needed a CD burner and I'm lazy, so I didn't feel like opening up my system to install an IDE burner.  I found an HP8230e USB burner at my local Office Depot and found that it works wonderfully on 2000 -- but only on 2000 Pro (grumble grumble).  Finally, I needed a Firewire (IEEE 1394 device to connect to my mini-DV cameras (I have this pipe dream that I'm going to be able to videotape my seminar and figure out how to sell it over the Web, but please don't mail me about it, as I haven't yet got a clue how to do it without having the content show up on Napster or Scour.)  A visit to the Dazzle web site (www.dazzle.com) showed me that they now support my Dazzle Digital Video creator (a fantastic product) and now sell a PCMCIA Firewire board for $99 from their site.  I got one it works without a hitch on 2000.  I only mention these toys -- I mean equipment -- because it's the time of year when you're looking for that special Christmas/Chanukah gift for the techie in your life, so it seemed the right month...

We Exceeded 6,000 Subscribers!

I'm very proud to note that we're got more than 6100 readers.  (Or at least, we do until I do this mailing and get the usual 200 "the mail server never heard of these people" messages, prompting me to delete them from the database.)  Thanks for the support and please consider passing this along to a colleague so that she/he might decide to join up!  And if you're inclined to, drop me a line to tell me if you're liking or not liking this newsletter.

Tech Tips

This month, a couple of things that I discovered in the process of writing the new 100+ pages on DNS that are going into the third edition, and yet another RIS tip.

Windows 2000 and DNS:  DNS client caching and negative caching

Windows 2000's DNS client does a pretty neat new thing:  it caches DNS names and IP addresses.  If you're sitting at an NT 4.0 system or a Wintendo box and browse www.microsoft.com and then browse it again an hour later, then your workstation will ask your local DNS server to resolve www.microsoft.com to an IP address twice.  But a 2000 Pro workstation (or server) won't do that, as it caches the results of name resolutions.  You can see what DNS names and addresses your system currently knows by typing "ipconfig /displaydns."

Adding caching on the DNS client was a good move on Microsoft's part precisely because, recall, 2000 uses DNS as NT used WINS, as the basic workhorse naming system. There are probably servers in your network that your workstation communicates with all the time; relieving the local DNS servers of having to resolve and re-resolve the names lightens the burden on those servers and reduces network chatter. 

Once in a while, however, you'll want the DNS client to forget what it's learned. For example, suppose you'd built the simple bowsers.com DNS system, but misspelled "bigdog" as the machine, accidentally mis-keying it as "bgidog" or something like that. You then sit down at some other machine and type "ping bigdog.bowsers.com" and the your system tells you that there's no machine by that name. You realize the error and go over to bgidog, renaming it to bigdog and rebooting it. You go over to your workstation and try another "ping bigdog.bowsers.com," but it still tells you that there's no such system. Huh? You fixed the silly thing -- now what's wrong? 

What's wrong is called "negative caching." The DNS client not only caches the successes, it also caches the failures, remembering any failed name resolution attempts for five minutes. So if you wait a few minutes more, then "ping bigdog.bowsers.com" will work. But who wants to wait? You can alternatively tell your system to forget all of its cached entries with this command: ipconfig /flushdns And if you decide that five minutes is too long or too short a period to remember failed name resolutions, you can change that. Just look in the Registry in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters to find the value entry named NegativeCacheTime. It's a value in seconds. 

Windows 2000 and DNS:  when do dynamic DNS clients re-register, and do they need to?

Dynamic DNS (DDNS) largely replaces WINS as the premier "keeper of the names" in a Windows 2000-based network.  As with WINS, DDNS doesn't require you to punch in the names and IP addresses of the systems on your network.  Instead, those systems introduce themselves to the DDNS server by "registering" -- that's the term -- their name records with their local DDNS server.  So DDNS is like WINS -- but how much like it, I wondered?  In a few ways, as it turns out.

First of all, you may recall that when WINS accepts a name registration from a computer, it puts a time/date stamp on that registration and then "forgets" the information after a certain amount of time.  I was surprised to discover that DDNS (or, at least, W2K's implementation of DDNS) doesn't do that by default.  If you register a record with a DDNS server, then that record never goes away.  You can make the DDNS server get rid of old records by enabling a process called "scavenging," but it's not on by default, and is just a bit non-intuitive to set up, as it requires you to turn it on in three different places. 

That led to another question.  When would a DNS client computer try to re-register with a DDNS server?  As it turns out there are five events that trigger a DDNS registration:

 It looks as if there's no way to stop systems from re-registering with DDNS periodically.  That seems to imply that turning scavenging on would be a good idea -- as long as your systems are working so hard to keep their information on DDNS up to date, you might as well get DDNS to clear out the obsolete records!

Remote Installation Services:  handling post-2000 hardware

I hope I'm not boring you folks with this RIS stuff, but I just love the thing.  The more I know about it, the more I'm convinced that no office should be without at least one RIS server.  And I'm also convinced that every single new computer that I buy from this point on will include a PXE boot rom so that I can just boot to a RIS server and install a fresh operating system without even needing a boot floppy.

Anyway, I was doing a seminar at a Really Big Company (their standard contract doesn't let me name them) and we had a blast trying out different approaches to unattended installs.  But we couldn't get RIS to install on a really new IBM NetVista workstation, as the workstation had a new Intel Ethernet chip on its motherboard.  Apparently the chip is newer than Windows 2000, so RIS didn't have the drivers for the NIC.  Now, that shouldn't be a problem, as there's a command OEMPnPDriversPath that should allow RIS to use drivers created after 2000, and in general it works fine for sound cards and video boards.    

Apparently the story is a bit different if your new system needs a NIC driver. Supposing that this new computer can PXE boot, then it'll boot to the RIS server all right and Setup will start. But just a few minutes into the text mode Setup, you may see this message: 

The network server does not support booting Windows 2000. Setup cannot continue. Press any key to exit. 

You see, once Setup kicks in, it does a quick check to see if it can fire up your network card; for some reason, it won't use the TFTP transfer ability built into PXE to copy the Setup files. As the NIC is newer than the drivers that Setup knows about, Setup can't initialize the card, and stops. But wait -- what about that OEMPnPDrivers command? If you put the drivers for the new NIC into $OEM$ and pointed to them with OEMPnPDrivers, then Setup ought to be able to use those drivers, right? Well, not exactly. Windows 2000 likes its drivers digitally signed, and many sets of drivers don't come with digital signatures. You can work around that by adding this line to the RISTNDRD.SIF script: 

DriverSigningPolicy = Ignore 

Put that in the [Unattended] section. Then put the NIC drivers on the RIS server in $OEM$ as before, but Microsoft recommends a more specific procedure. Create a directory $OEM$\$1\Drivers\Nic and put the NIC drivers there. Create an OEMPnpDrivers command that looks like "OemPnpDriversPath = \Drivers\Nic" in the RISTNDRD.SIF file, and then you ought to be able to get RIS started on a system with a new NIC.

Conferences

January and February will be slow for Win2K conferences (but the classes start then) so if you can't attend a class then consider attending this conference:

TechMentor Orlando 6-8 February 2001

I've greatly enjoyed both of the TechMentor shows that I've attended -- there are some great speakers (and no, I don't mean me) and a really good crowd.  I've often found that the attendees are a better source of advice than the speakers in some cases.  They've asked me to do a general session called "The Best and Worst of Windows 2000," and it's a fun talk where you'll learn some undocumented stuff as well as hearing some gripes about Win2K -- but all with a smile, of course.  They've got me slated to do a talk on group policies, as well as new talk on automated rollouts called "Unattended Installations ... With Style."  Check it out at www.techmentorevents.com.

Bring Mark to your site to teach

I'm keeping busy doing Windows 2000 seminars, but I've still got time to visit your firm (although not in the year 2000; that's booked solid at this point, unfortunately).  In just two days, I'll make your current NT techies into 2000 techies.  Find out more at www.minasi.com/w2koutln.htm.

Until Next Month...

Have a safe holiday season.  (As for me, I'm going to keep the holiday safe by doing my Christmas shopping on the Web, so I'm not incited to commit homicide by shopping crowds, if you know what I mean.)  Please share this newsletter; I'd like very much to expand this newsletter into a useful source of NT/2000 information.  Please forward it to any associates who might find it helpful, and accept my thanks.  We are now at more than six thousand subscribers (heck, I didn't even know that many people read my books) and I aim to use this to get information to every single Mastering NT and 2000 Server reader. Thanks for letting me visit with you, and take care!  Many, many thanks to the readers who have mailed me to offer suggestions, errata, and those kind reviews.  As always, I'm at help@minasi.com.

To subscribe, visit http://www.minasi.com/nwsreg.htm. To unsubscribe, link to http://www.minasi.com/unsubs.htm. Visit the Archives at http://www.minasi.com/archive.htm.

All contents copyright 2001 Mark Minasi. You are encouraged to quote this material, SO LONG as you include this entire document; thanks.