Security Update for NT 4.0; Win2K SP2 Netlogon Problem

SP2 Netlogon and KDC Startup Errors
Windows 2000 Service Pack 2 (SP2) upgrades Win2K to high encryption (i.e., 128-bit encryption) and upgrades the cryptographic component rsaenh.dll to the 128-bit encryption version. If your copy of this crucial DLL is old, corrupt, or missing, you’ll encounter problems with the Netlogon and Kerberos Key Distribution Center (KDC) services at system startup. If you have a problem with the rsaenh.dll file, the Netlogon service might not start, instead recording Event Id: 5737 in the System log with a message indicating that an unexpected error occurred. Also, the KDC service might not start and might log Event ID: 7023 with a message indicating that service terminated with an error. Finally, Microsoft Internet Explorer (IE) might report a cipher strength of 0-bits, and you might not be able to browse secure Web sites.

You can eliminate the Netlogon and KDC service startup errors by placing a good copy of rsaenh.dll in winntsystem32. The SP2 version of rsaenh.dll is version 5.00.2195.2228, and the file size is 133,904 bytes. For more information, see Microsoft article Q303330.

Win2K, NT 4.0, and Win9x User Profiles
Microsoft article Q269378 describes the different ways that Win2K and other Windows OSs define and manage user profiles. When you log on to a Win9x computer, the system copies your user profile from your home directory to the local machine. When you log off, the system copies the user profile back to your home directory. The home directory is set in your user account on a Win2K Datacenter Server, Win2K Advanced Server (Win2K AS), Win2K Server, or NT 4.0 Server machine. The home directory path must be in the Universal Naming Convention (UNC) and must be created prior to the implementation. Win9x profiles don't support common groups or centrally stored Default User Profiles. Win9x stores profile registry information in the file user.dat, which isn't compatible or interchangeable with Win2K or NT 4.0's ntuser.dat files because the OS's registries are incompatible. You can store Win9x user profiles on Novell NetWare servers.

Win2K and NT 4.0 profiles share many similarities. Both platforms support local, roaming, and mandatory profiles. However, each OS stores the profile in a different location, a fact that you must be aware of when you upgrade NT 4.0 to Win2K. NT 4.0 stores profiles in the %systemroot%Profiles directory; Win2K stores profiles in the %systemdrive%Documents and Settings directory. However, when you upgrade NT 4.0 to Win2K, the user profile remains in the %systemroot%Profiles directory.

NT 4.0 manages duplicate account names by adding .000 to a profile's username and increments the suffix by one each time a different user with the same username logs on. Win2K manages duplicate account names by adding a suffix to the username of the profile. The suffix is either the name of the domain, if the user account is a domain account, or the name of the computer, if the user account is a local user account. If, by chance, another user with the same name from the same domain or computer logs on to the machine, Win2K adds a .000 suffix to the domain or computer name. If such a coincidence occurs again, Win2K increments the .000 by one.

-iinstalls Dr. Watson as the default program debugger

-qquiet mode (no sound or dialog box)

-gfor compatibility with old versions of WinDBG and NTSD

-p pidthe process id of the program to debug

-e event to signal for process attach

-?help