[Image] Tricks [Image] Traps Ask Dr. Bob Your NT Questions by Bob Chronister TIP: When you install a service pack, the installation can sometimes fail to properly update all the necessary files. The most common mismatch of new and old files involves ntoskrnl.exe and exhibits the following error: System Process--Driver Entry Point Not Found The \systemroot\system32\drivers\srv. sys device driver could not locate the entry point rtllsnamelegaldos8dot3 in driver ntoskrnl.exe? The following system events appear in the Event Viewer: Event ID: 2508 Source: Server Type: Error Description: The server service was unable to load the server driver. Event ID: 7023 Source: Service Control Manager Type: Error Description: The Server service terminated with the following error: The system cannot find the file specified. In such a case, the system did not upgrade properly and is trying to run srv.sys and the Windows NT 3.51 (Build 1057) ntoskrnl.exe. This attempt does not work. Copy the ntoskrnl.exe file from the NT 3.51 service pack to the %systemroot%\system32 directory. If the system is multiprocessor system (MPS)-compliant, copy and rename the ntkrnlmp.exe (multiprocessor kernel) file from the NT 3.51 service pack to the %systemroot%\system32 directory to overwrite the ntoskrnl.exe. Q: I have a bet with a friend. He tells everyone that you don't need boot.ini to boot to NT. I say no. This bet sounds like easy money to me, but knowing Microsoft, anything is possible. A: Don't bet a lot: Your friend is correct. However, the circumstances in which such a boot is possible don't occur often. If ntldr can't find boot.ini, the system defaults to booting from the %systemroot%\winnt directory (the default NT install directory). However, if you don't install NT to this default directory, the system won't find the files it needs for booting. Q: I'm having trouble getting the Schedule service to work across my network. I've tried everything, including the suggestions you published in March and July, with no luck. Any other ideas? A: Because the Schedule service doesn't run as a network user, a security violation can occur. You can fix this problem by creating a batch file that reads net use k: \\server\share /user:domain\account password ntbackup...(usualparameter list) net use k: /delete This solution presupposes that drive K is available. Running the Schedule service across an entire network is dangerous. Network administrators need to be aware that this solution involves the open posting of a password in the batch file. Q: I'm having problems with certain Explorer icons hanging. Does NT 4.0 cache icons? How can you tell? A: Problems with icons hanging are related to icon caching. You can use Explorer to delete the cached file in question, or you can clear the cache error. After you use NT Explorer/View/Options to enable Show all files, find the hidden ShellIconCache file in your %systemroot%\winnt directory. This file is for caching icons. On my system, the size of this file is 390KB. Delete it, and reboot. Q: I installed Service Pack 4 for NT 3.51. Now my TCP/IP printing doesn't work. What's the problem, and how can I fix it? A: The service pack has changed your spool and print permissions. Use File Manager to change these permissions in the %systemroot%\winnt\system32\spool and \printer directories so the Everyone group has change permissions. Q: If I set a modem to answer in Remote Access Service (RAS) mode, how can I use it for a different task? Do I need to buy software? A: You can try two approaches. First, you can go to Control Panel/Services, stop RAS, use the modem for your task, and restart the server when you are finished. Alternatively, you can write a batch file to automate the process: net stop remoteaccess drive:\directory\app_name.exe net start remoteaccess When you start this batch file, it will stop RAS and start your application. When you exit the application (which, in this example, is app_name.exe), the batch file will restart RAS. Q: When I install NT 4.0 Workstation, I can copy the files from the CD-ROM by running winnt /b from the \i386 directory. However, when I boot into NT, the system no longer sees the CD-ROM. What happened? A: Good question. NT 4.0's install process consists of various steps. Some people call the first step the text phase, but I call it the DOS phase. In this phase, the installer copies files to form a boot directory and an installation directory or to create boot floppies. At this point, the installation doesn't need any special drivers, and the system is running from the DOS drivers. When you reboot, however, you begin the GUI, or NTLDR, phase. Specific drivers must load, and if your CD-ROM drive doesn't meet ATAPI 1.2 specifications or has custom drivers, NT won't see the CD-ROM. (In general, this is not a problem with SCSI CD-ROMs.) Q: How can I install an application under Program Manager with NT 4.0? A: Actually, the answer to this question tells you how to make Program Manager the shell. Launch regedt32. exe, and select the hkey_local_machine window. Go to the \software\microsoft\windowsnt\currentversion\winlogon key, as you see in Screen 1. In this key, change the Shell value from explorer.exe to progman.exe. Reboot your PC. NT boots with the Program Manager shell. Install the application, and then note the program group and icon properties. Launch regedt32.exe, and set the shell back to explorer.exe. Reboot your PC. Re-create the menu group and program shortcuts you recorded before you rebooted. Although you can make Program Manager the permanent shell, Microsoft doesn't support it. Q: I'm getting the error message, "The procedure entry point ReinitializeCriticalSection could not be located in the dynamic link library kernel32.dll." How can I fix this problem? A: The error message is the result of an improperly copied url.dll. Try recopying url.dl_ from the \i386 directory on the NT 4.0 CD to your %systemroot%\winnt\system32 directory and expand it. The syntax to expand it is Expand URL.DL_ URL.DLL. Q: Can you explain the NT boot process? A: First, the system must initiate a specific set of variables that enable NT to load. This phase is the boot phase. The first part is Power On Self Test (POST). During POST, your system lists and loads hardware in the CMOS tables. Then the system scans your hard drive for the Master Boot Record (MBR), and the necessary programs run. NTLDR initializes and reads boot.ini to start the boot sequence. NTLDR first loads the flat memory model. Because NT is 32 bit, the maximum amount of memory available is 4GB of physical RAM. NTLDR then loads the file system drivers (FAT and NTFS by default) that read the hard drive. When NTLDR reads boot.ini, you see the boot options screen. Usually it brings up the option to load NT (perhaps several versions) and DOS if you dual boot. If you choose DOS, NTLDR passes control to bootsect.dos. If you choose NT, NTLDR loads the next module, ntdetect.com, which scans all associated hardware and passes the settings to the system hive in the Registry. NTLDR then loads ntoskrnl.exe and the boot kernel phase begins. During this time, four distinct events occur: kernel load, kernel initialization, services load, and Win32 subsystem startup. (This entire phase is the NT boot phase.) Kernel load. The kernel load begins when your system loads the kernel (ntoskrnl.exe), and then the Hardware Abstraction Layer (hal.dll). ntdetect.com generates the system hive, and NTLDR then loads the appropriate drivers into memory. (You notice this phase as the dots progress across the top of the screen.) Kernel initialization. During kernel initialization, your system initializes all the drivers loaded into memory. The system examines the system hive again and loads all necessary drivers (obviously, these drivers are high-level drivers and not kernel-mode drivers). The system saves the CurrentControlSet aspect of the Registry and generates a clone set. Then the system configures the hardware in the Registry. Services load. During the services load, your system starts the session manager (smss.exe) and executes the sequence of events the Bootexecute key in the Registry identifies. Typically, this sequence involves the autochk.exe application but can also involve a File Allocation Table (FAT) to NT File System (NTFS) conversion if you selected this option. Next the session manager sets the pagefile (the system generates a new pagefile every time NT boots). The system writes the CurrentControlSet to the Registry. Services load concludes when the Win32 subsystem loads. The Win32 subsystem. The Win32 subsystem starts with the Winlogon process (winlogon.exe). The system starts the Local Security Authority (an important security step), and you see NT's Ctrl-Alt-Del logon screen. When a user logs on successfully, the clone set becomes the last-known good set. Q: Can you explain the boot drive size limitation? I can't understand why the boot drive has to be smaller than other drives. A: On Intel-based computers, the BIOS controls the initial OS boot. After the system runs a POST and determines the hardware configuration, the system BIOS identifies the boot device. If the boot device is the hard disk, the BIOS reads the first physical sector on the MBR, and loads an image of the sector into memory. The BIOS then transfers execution to the MBR, and the program in the MBR runs. The MBR contains the partition table and a small amount of executable code. The executable code examines the partition table and identifies the active (or bootable) partition. The MBR then finds the active partition's starting location on the disk and loads an image of its first sector, the boot sector, into memory. The MBR then transfers execution to that boot sector image. The boot sector of the active partition depends on both the OS and the file system. With NT Workstation and NT Server, the boot sector has to locate the executable file, NTLDR, which continues the boot process. The BIOS INT 13 interface provides the only disk services available to the boot sector code at this stage of system boot up. The boot sector code must find NTLDR and file system data structures such as the root directory, the FAT in the case of an MS-DOS FAT volume or the Master File Table in the case of an NTFS volume. The size of this initial drive can't be more than 2GB, primarily because of FAT compatibility issues (for information about FAT drive size limitations, see Sean Daily, "NTFS vs. FAT," October.) After NT is running, it uses its SCSI drivers to interact directly with the disk without using the BIOS INT 13 interface (i.e., BIOS parameters aren't important). As a result, the boot disk is BIOS dependent, and the running disks are not. File Systems Issues FAT has an internal limit of 4GB because it uses 32-bit fields to store file sizes. NTFS uses 64-bit fields for all sizes, so its data structures can handle volumes up to 264 bytes (16 exabytes, or 18,446,744,073,709,551,616 bytes) long. This value is the theoretical limit for NTFS. Practical limits connected with the maximum allowable partition size limit the size of an NTFS partition to approximately 2TB. Because the 32-bit fields of the partition table refer to the number of sectors in the partition, disks with larger sector sizes translate into larger permissible partition sizes. Before NT 4.0, sector size was limited to a 4KB maximum. With 4KB sectors, NT can support a 16TB partition. With the newer 64KB sector limit, NT 4.0 can, in theory, support a 256TB partition (now, where can I find such a hard drive?). Q: When I try to get NT to use a shared printer on a Windows 95 box, nothing happens and I get strange error messages. What's the problem? A: You've probably password protected the Win95 printer share. Remove the password protection. ABOUT THE AUTHOR Bob Chronister is a contributing editor for Windows NT Magazine and president of Chronister Consultants in Mobile, Alabama. You can reach him at bob@winntmag.com.