RRAS Upgrade for Windows NT Server 4.0 Hotfix Pack 2.0 Release Notes

This article was previously published under Q168469
This article has been archived. It is offered "as is" and will no longer be updated.
This article contains a copy of the Routing and Remote Access Upgrade forMicrosoft Windows NT 4.0 Server Hotfix Pack 2.0 Release Notes. Version 2.0has been replaced by version 3.0. Routing and Remote Access Upgrade forMicrosoft Windows NT 4.0 Server Hotfix Pack 3.0 is available at:NOTE: The above link is one path; it has been wrapped for readability.

You can find the original version at the following Microsoft ftp site:NOTE: The above link is one path; it has been wrapped for readability.

WARNING: If you install the original (archived) version of this hotfix after you apply the later version, your system may become unusable.Microsoft does not recommend you install the original hotfix after youapply the later version.

Routing and Remote Access Upgrade for Microsoft Windows NT 4.0 Server Hotfix Pack 2.0 Release Notes

Please use this document to address questions which may arise during theinstallation of this Routing and Remote Access Hotfix Pack 2.0 forMicrosoft Windows NT 4.0 Server.

  • Information on Installation

  • List of issues addressed

  • Known Problems

  • Fixes and Features included from Hotfix Update 1.0

Information on Installation

This Hotfix Pack requires that you already have Routing and Remote AccessService for Windows NT 4.0 Server installed on your system. Note that youmust first apply the Windows NT 4.0 PPTP Update before applying the RRAShotfix 2.0. For more information, please see the following article in theMicrosoft Knowledge Base:
167040 PPTP Performance Update for Windows NT 4.0 Release Notes
This release includes the features and fixes from Routing and Remote AccessHotfix Update 1.0 and is packaged in an auto-install format. Copy theHotfix to a temporary directory, and double-click the executable name ortype the executable name rrasfixi.exe for x86, or rrasfixa.exe for alpha at a command prompt to install.

The files can also be extracted from the Hotfix Pack without installingthem. To do this, copy the Hotfix to a temporary directory, and typerrasfixi /x or rrasfixa/x at a command prompt. After extracting the files, the Hotfix can be installed by typing hotfix at a command prompt.

To uninstall this update, type HOTFIX -Y fromthe directory you copied the files to.

Output of "HOTFIX -?":
   HOTFIX [-y] [-f] [-n] [-z] [-q] [-m] [-l]      -y Perform uninstall (only with -m or -q)      -f Force apps closed at shutdown      -n Do not create uninstall directory      -z Do not reboot when update completes      -q Quiet or Unattended mode with no user interface      -m Unattended mode with user interface      -l List installed hotfixes				

List of Issues Addressed

NT Issues Performance Issues:
  • This release includes an enhancement to TCP/IP that improves the performance of TCP-based applications over high latency networks, such as the Internet.
Routing Issues:
  • Added new Demand dial filters. You can now keep demand dial interfaces from dialing by setting filters using the Routemon.exe command with a new "Filtertype= Dial" option. The new syntax for this is the same for setting Input and Output filters using Routemon.exe, and can be seen by typing routemon ip set filter /? at a command prompt.

    The following is an example of the syntax used to prevent a demand dial interface from dialing:
    C:\>routemon ip add filter myremoterouter dial any

    C:\>routemon ip set filter myremoterouter dial forward

    NOTE: The first example above is one line; it has been wrapped for readability.

    For more information on using the Routemon.exe command to set filters, please see the Routing and Remote Access Administrator's Guide.

  • Added the capability to filter fragmented IP packets. Two registry keys control this functionality.
          HKEY_LOCAL_MACHINE\System|CurrentControlSet\IPFilterDriver      \Parameters      EnableFragmentChecking REG_DWORD						

    Setting this to 1 enables fragment checks
          DefaultForwardFragments REG_DWORD						

    Setting this to 0 causes the filterdriver to drop fragments if they do not match a previous header.

  • Changes were applied to the Router's Remote Authentication Dial-In User Service (RADIUS) client to address a duplicate Acct-Session-Id accounting problem, as well as an issue that caused the reversal of the FramedIPAddress returned from a RADIUS server. In addition, the RADIUS client now sends the NAS-Port-Type and Acct- Session-Time attributes.

  • Resolved issue that used to cause an Access Violation when adding a Virtual Interface right after configuring an Area under OSPF routing. Adjusted the RIP Authentication type to 2 instead of 1, per RFC 1388.

    NOTE: This update must be applied to all Routing and Remote Access routers if you are using RIP2 authentication.

  • Resolved issue which could cause Mprouter to hang when doing an "ipconfig /release".

  • Made a change that ensures that periodic RIP route updates resume each time a demand-dial interface is reactivated.

Known Problems in this Update

  • Although there is a checkbox in the Global IP Config dialog to enable/disable filtering, at this time the only functionality it has is to visually show you if any filters have been configured on your interface(s). Regardless, the filter driver is always enabled. In order to disable filtering on an interface, you must use the per interface option in the Interface IP Config dialog.

  • Even though the "Filtertype= Dial" option has been properly configured for a demand dial interface, it might still be possible for that interface to dial. This only occurs if you are pinging from the command line of the Routing and RAS server in which the demand dial interface is configured.

Fixes and Features Included from Hotfix Update 1.0

New Features Added in Hotfix 1.0:
  • Allowing PPP clients to connect without authentication.

    This can be accomplished by altering the default registry key as shown:
          HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman      \PPP\ForceEncryptedPassword						

    (DWORD) 3 allows the server to accept incoming PPP clients without authentication.

  • Using MS-CHAP with RADIUS authentication.

    In order to enable MS-CHAP with RADIUS authentication, you must add a registry value
          HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Rasman      \PPP\CHAP\OfferMSCHAP						

    and set it to (DWORD) 1.

    Once this is enabled every incoming PPP connection will be offered MS- CHAP, and MS-CHAP will be used to authenticate each PPP user against the RADIUS server that your RAS server is using.
List of Issues Fixed in Hotfix Update 1.0:

All bug fixes contained in this hotfix are listed below. You can query theMicrosoft Knowledge Base (KB) to find an article about a specific bug byusing the KB Qxxxxxx number that is assigned to the bug. The MicrosoftKnowledge Base can be found on the Microsoft Web site athttp://msdn.microsoft.com/support/.

KB# Brief Description
172290 Routing and Remote Access "Out of Buffers" Event Logs
176689 RRAS Requires hotfix when Using Proxy 2.0
173533 WinNT Radius Client Sends Incomplete Accounting Information
176506 Radius Accounting Only Logs One Entry for Multilink Client
173532 Radius Authentication Causes Access Violation in Mprouter.exe
172512 Routing and Remote Access Event ID 20100
176502 RAS Authentication Rechallenge Resets Compression Flag
176209 RAS or RRAS Server Fails to Answer Incoming Calls
167038 RAS Clients Run Winsock and RPC Applications Slowly
171061 RIP Does Not Advertise Zero Subnets
160517 RRAS May Decrement Local Static Route Metric
176082 RRAS Server Updates Link State Database but not Route Table
162834 RRAS Stops Routing After Encountering Zero Checksum
104296 RRAS Uses Larger MTU Than Other OSPF Routers

Information in this document is subject to change without notice and isprovided for informational purposes only. The entire risk of the use orresults of the use of this document remains with the user, and MicrosoftCorporation makes no warranties, either express or implied. The names ofcompanies, products, people, characters, and/or data mentioned herein arefictitious and are in no way intended to represent any real individual,company, product, or event, unless otherwise noted. Complying with allapplicable copyright laws is the responsibility of the user. No part ofthis document may be reproduced or transmitted in any form or by any means,electronic or mechanical, for any purpose, without the express writtenpermission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, orother intellectual property rights covering subject matter in thisdocument. Except as expressly provided in any written license agreementfrom Microsoft, the furnishing of this document does not give you anylicense to these patents, trademarks, copyrights, or other intellectualproperty.

(c) 1998 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, MS, Windows, Windows NT, are either registeredtrademarks or trademarks of Microsoft Corporation in the U.S.A. and/orother countries.

Other product and company names mentioned herein may be the trademarks oftheir respective owners.
4.00 rras

Article ID: 168469 - Last Review: 01/09/2015 06:55:14 - Revision: 1.1

  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • kbnosurvey kbarchive kbinfo KB168469