Release notes for Windows Server 2003 Service Pack 1

This article includes the release notes for Microsoft Windows Server 2003 Service Pack 1 (SP1).

The release notes that are included in this article address late-breaking issues that were not addressed in the release notes that are included in the Microsoft Windows Server 2003 product installation CD that includes integration with SP1. This article also lists Microsoft Knowledge Base articles that document other important information about Windows Server 2003 for the release notes.

Before you download and install Windows Server 2003 SP1, review the topics in this document for information that is pertinent to your system’s configuration. For more information about the issues that are resolved in Windows Server 2003 SP1, click the following article number to view the article in the Microsoft Knowledge Base: For more information about the updates to the Windows Support Tools that are included in Windows Server 2003 SP1, click the following article number to view the article in the Microsoft Knowledge Base: For more information about how to obtain the latest Windows Server 2003 service pack, click the following article number to view the article in the Microsoft Knowledge Base: For more information about updated deployment tools for Windows Server 2003 SP1, click the following article number to view the article in the Microsoft Knowledge Base:

Setup

Hard disk space requirements for Windows Server 2003 Service Pack 1

For more information about hard disk space requirements for Windows Server 2003 SP1, click the following article number to view the article in the Microsoft Knowledge Base:

Known issues

Network issues that affect TCP/IP and RPC traffic across firewall or VPN

After you install Windows Server 2003 Service Pack 1 (SP1), you may experience issues that affect server-to-server communication for TCP/IP traffic or remote procedure call (RPC) traffic across firewall or virtual private network (VPN) products in rare and specific network configurations.

This issue can affect domain replication and other connectivity. When you deploy Windows Server 2003 SP1, we recommended that you monitor domain controller replication to make sure that your domain controllers are not affected by this issue. For more information, including hotfix availability, click the following article numbers to view the articles in the Microsoft Knowledge Base:

The UI for the installation does not appear after the service pack files are extracted

When you try to install Windows Server 2003 SP1, you may experience the following issue:

After you start the installation of Windows Server 2003 SP1, and the service pack files are extracted, a user interface (UI) for the installation does not appear. However, you can see in Task Manager that the installer file (Update.exe) and the following file are running:Note In the name of the second file, the processor placeholder represents either "x86" or "ia64," depending on the version of Windows Server 2003 that you are running. The language placeholder represents the three-digit language code. For example, if you install the English version of Windows Server 2003 SP1 on a 32-bit Windows Server 2003-based computer, the name of this file will appear as follows:This issue may occur if you have insufficient system resources to complete the installation of the service pack. To resolve this issue, take one or both of the following actions:

• Examine the amount of free hard disk space on your computer. If the amount of free hard disk space on your computer is less than 700 megabytes (MB), free more hard disk space. Ideally, you should free as much as 2 gigabytes (GB) of hard disk space.
  
  Note For more information about how to determine the amount of free disk space, see the "Determine how much space is available on a disk" topic in Windows Server 2003 Help.
• Increase the paging file size to at least 500 MB. To do this, follow these steps:
  1. Click Start, click Run, type sysdm.cpl in the Open box, and then click OK.
  2. Click the Advanced tab.
  3. In the Performance area, click Settings.
  4. Click the Advanced tab.
  5. In the Virtual Memory area, click Change.
  6. In the Drive list, click the drive that contains the paging file whose size you want to change.
  7. Under Paging file size for selected drive, type a new paging file size of at least 500 MB in the Initial size (MB) box or in the Maximum size (MB) box, and then click Set.
     
     Note The maximum paging file size must be larger than or equal to the initial paging file size.
  8. Click OK three times.

The incorrect HAL may be applied if your computer uses a custom HAL

If you use the integrated (slipstream) product CD to install only Windows Server 2003 SP1 on an x86-based computer that already has Windows Server 2003 installed, the incorrect hardware abstraction layer (HAL) may be applied to the computer. This issue may occur on an x86-based computer that uses a custom HAL, such as a HAL for large or partitionable x86-based computers or for x86-based fault-tolerant computers. This issue may cause your computer to operate incorrectly or to fail after you install Windows Server 2003 SP1 and then restart your computer.

To work around this issue, contact your system vendor or the OEM to verify that a custom HAL is required. Also, examine the internal file name properties of the HAL that is currently being used to determine whether the HAL is provided by Microsoft or by the OEM. To do this, follow these steps:

1. Click Start, click Run, type %windir%\system32 in the Open box, and then click OK.
2. In the System32 folder, locate and then right-click the Hal.dll file, and then click Properties.
3. Click the Version tab.
4. In the Other version information area, click Company in the Item name list.
5. View the value in the Value box.
   • If the company name displayed is "Microsoft Corporation," the HAL is provided by Microsoft. In this case, there is no risk in installing Windows Server 2003 SP1 by using the integrated product CD.
   • If the name of a system vendor or of an OEM is displayed, the computer may require a custom HAL to work correctly with Windows Server 2003 SP1. In this case, contact your system vendor or the OEM for information about whether your system requires a custom HAL and about where to download the HAL for your computer that will work with Windows Server 2003 SP1. Also, request instructions from your system vendor or from the OEM about how to install the HAL file so that you will not lose functionality or experience a failure after the update is complete and your computer restarts.

System administration

The Windows Server 2003 Administration Tools Pack

In the Help documentation for Itanium-based versions of Windows Server 2003, the Windows Server 2003 Administration Tools Pack (Admin Pack) is referred to as Adminpak.msi. However, the actual file name on the product CD is Wadminpak.msi. Therefore, to install the Windows Server 2003 Admin Pack, you must locate the Wadminpak.msi file on the 64-bit product CD and then run it.

Active Directory

Install replica From Media (IFM)

Windows Server 2003 domain controllers without Service Pack 1 (SP1) should not be installed by using the Install replica From Media (IFM) method if the backup is taken from a Windows Server 2003 SP1 domain controller.

• You can install a new Windows Server 2003 domain controller without SP1 by using IFM if the backup is taken from a Windows Server 2003 domain controller without SP1.
• You can install a new Windows Server 2003 SP1 domain controller using IFM if the backup is taken from a Windows Server 2003 SP1 domain controller or a Windows Server 2003 domain controller without SP1.

Note We do not support or recommend cross-platform IFM promotions. Using a system state backup of a 32-bit DC to IFM-promote a 64-bit DC, or vise-versa, is not supported.

General

Issues with the Multilingual User Interface Pack (MUI)

All users of the Multilingual User Interface Pack (MUI) should download the English version of Windows Server 2003 SP1. However, there are some updates in Windows Server 2003 SP1 that affect the MUI experience. To resolve these issues, you must install the MUIs for the affected components when these MUIs become available.

• For all versions of Windows Server 2003, SP1 includes Microsoft Windows Media Player 10 and the Security Configuration Wizard. After you install Windows Server 2003 SP1, these components will be in English. To locate the MUI that is to be used to localize the user interface for the Security Configuration Wizard, visit the following Microsoft Web site:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=24e68457-3140-4c28-888b-e174457cf9bf&DisplayLang=en
• If you are running a 32-bit version of Windows Server 2003, SP1 does not include the localized versions of the Microsoft Universal Audio Architecture (UAA) High Definition Audio driver. You can use the English version of this driver instead.
• Some Help files have been updated and will appear in English after you install Windows Server 2003 SP1.
• To locate the MUI that is to be used to localize the user interface for these components, visit the following Microsoft Web sites:
  Windows Media Player 10: http://www.microsoft.com/downloads/details.aspx?FamilyID=02106bdb-b012-4327-96cb-73937ae00667&DisplayLang=en
  Security Configuration Wizard: http://www.microsoft.com/downloads/details.aspx?FamilyID=24e68457-3140-4c28-888b-e174457cf9bf&DisplayLang=en
• To resolve this issue, visit the following Microsoft Web site to install the Help update MUI for Windows Server 2003 SP1:
  http://www.microsoft.com/downloads/details.aspx?FamilyID=249018A7-9397-4368-A04B-4FB33E14B17C&DisplayLang=en

Hardware

Data transfer by using NSC IrDA devices

If you are using a National Semiconductor Corporation (NSC) Infrared Data Association (IrDA) device with Plug and Play (PnP) ID 6001 on a 32-bit version of Windows Server 2003, you may not be able to use the device for data transfer. In this case, the default IrDA infrared transceiver that is selected for the NSC IrDA device might not match the actual hardware. This mismatch causes data transfers to fail.

To work around this issue, use Device Manager to choose an alternative transceiver value. To choose an alternative transceiver value, follow these steps.

Note Using this workaround does not guarantee that the NSC IrDA device will work.

1. Click Start, click Run, type devmgmt.msc in the Open box, and then click OK.
2. Under Infrared Devices, right-click the NSC IrDA device, and then click Properties.
3. Click the Advanced tab.
4. In the Property box, click Infrared Transceiver A.
5. In the Value list, click a different value for Infrared Transceiver A.
6. Click OK to close the NSC IrDA Properties dialog box.
7. Try to use the NSC IrDA device. If the device does not work, repeat this procedure, but select a different transceiver value in step 5.

If this workaround does not work, contact the OEM to obtain an updated basic input/output system (BIOS) for your computer.

Applications

Windows Server 2003 Service Pack 1 application compatibility

For more information about Windows Server 2003 SP 1 application compatibility, click the following article number to view the article in the Microsoft Knowledge Base:

The Microsoft .NET Framework version 1.1

The Microsoft .NET Framework is built into all products in the Windows Server 2003 family except for the 64-bit versions.

The 32-bit version of the .NET Framework 1.1 is supported by 64-bit versions of Windows Server 2003 with SP1 and can be installed for 32-bit applications that are running on 64-bit versions of Windows operating systems. The 32-bit version of the .NET Framework 1.1 takes advantage of the Windows on Windows 64 (WOW64) 32-bit subsystem.

To install the .NET Framework 1.1, use Windows Update, or visit the following Microsoft Web site to download the .NET Framework 1.1 redistributable package:To install the Microsoft .NET Framework 1.1 Service Pack 1, use Windows Update, or visit the following Microsoft Web site to download the service pack:

Important performance and scalability information

If a 32-bit version of the .NET Framework is installed on a 64-bit Itanium-based computer, applications that are created for the 32-bit version of the .NET Framework will bind and run against it. Therefore, applications that are created by using the .NET Framework 1.1 run only in a 32-bit process within the WOW64 compatibility environment. Because of the design of x86 emulation for the Itanium processor family and for the WOW64 subsystem, applications are restricted to execution on one processor.

Single-processor execution and x86 emulation reduce the performance and scalability of 32-bit .NET Framework applications that are running on Itanium-based computers. We recommend that applications that are using the .NET Framework 1.1 be used for interactive client applications. For .NET Framework applications that demand high performance and scalability, such as high-load ASP.NET applications, we do not recommend this environment. We suggest that software developers instead evaluate the .NET Framework version 2.0. To increase performance and scalability, the .NET Framework 2.0 includes 64-bit support for Itanium-based computers.

Microsoft Exchange Server

You cannot install Microsoft Exchange 2000 Server on a computer that is running a version of Windows Server 2003. For information about installation requirements for Microsoft Exchange Server 2003 in domains that are running Windows Server 2003, visit the following Microsoft Web site:

Security

Authentication fails when the FQDN does not match the local computer name

Windows Server 2003 SP1 includes a loopback check security feature that is designed to help prevent reflection attacks on your computer. Therefore, authentication fails if the FQDN or the custom host header that you use does not match the local computer name. You can work around this problem by modifying the registry.

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Certificate Services: Effects of security enhancements to the DCOM protocol

Windows Server 2003 SP1 introduces enhanced default security settings for the DCOM protocol. Specifically, SP1 introduces more precise rights that give an administrator independent control over local and remote permissions for launching, activating, and accessing COM servers. For more information about the DCOM security enhancements that are introduced by Windows Server 2003 SP1, see Changes to Functionality in Microsoft Windows Server 2003 Service Pack 1. To do this, visit the following Microsoft Web site:Windows Server 2003 Certificate Services provides enrollment and administration services by using the DCOM protocol. Certificate Services provides several DCOM interfaces to make these services available. For correct access and usage of these services, Certificate Services assumes that its DCOM interfaces are set to permit remote activation and access permissions. However, because of the enhanced default security settings for DCOM that are introduced by SP1, you may have to update these security settings to make sure of the continued availability of these services after you install SP1. The following information explains how to do this.

By default, all DCOM interfaces in Windows Server 2003 SP1 are configured to grant remote access permissions, remote launch permissions, and remote activation permissions only to administrators. However, when you upgrade to Windows Server 2003 SP1, security configuration changes are made to the global DCOM interface and to the CertSrv Request DCOM interface. These changes are made to enable Certificate Services to work correctly.

Note that any changes that have been made to the CertSrv Request DCOM interface security settings before the installation of SP1 will be lost. The SP1 installation procedure resets all previous security settings in the CertSrv Request DCOM interface to their default settings.

During the SP1 installation process, Certificate Services automatically updates the DCOM security settings as follows:

• CertSrv Request DCOM interface:
  • The Everyone security group is granted local and remote access permissions.
  • The Everyone security group is granted local and remote activation permissions.
  • The Everyone security group is not granted local or remote launch permissions.
• DCOM Computer Restriction Settings:
  • A new security group, CERTSVC_DCOM_ACCESS, is automatically created.
    
    If the certification authority is installed on a member server, CERTSVC_DCOM_ACCESS is a computer local group, and the Everyone security group is added to it.
    
    If the certification authority is installed on a domain controller, CERTSVC_DCOM_ACCESS is a domain local group. The Domain Users security group and the Domain Computers security group from the certification authority’s domain are added to it.
  • The CERTSVC_DCOM_ACCESS security group is granted local and remote access permissions.
  • The CERTSVC_DCOM_ACCESS security group is granted local and remote activation permissions.
  • The CERTSVC_DCOM_ACCESS security group is not granted local or remote launch permissions.
  Note that if the certification authority is installed on a domain controller, and the enterprise is made up of more than one domain, Certificate Services cannot automatically update the DCOM security settings for enrollees from outside the certification authority’s domain. Therefore, these enrollees will be denied enroll access to the certification authority.
  
  To resolve this issue, you must manually add the users to the CERTSVC_DCOM_ACCESS security group. Because the CERTSVC_DCOM_ACCESS security group is a domain local group, you can add only domain groups to it. For example, if users and computers from another domain, a domain named Contoso, have to enroll with the certification authority, you must manually add the Contoso\Domain Users group and the Contoso\Domain Computers group to the CERTSVC_DCOM_ACCESS security group.
  
  If any enrollees that should be authorized by the certification authority are denied authorization after the installation of SP1, you can have Certificate Services update the DCOM security settings again. To do this, run the following commands at the command prompt in the following order. Press ENTER after each command.
  1. certutil –setreg SetupStatus –SETUP_DCOM_SECURITY_UPDATED_FLAG
  2. net stop certsvc
  3. net start certsvc
  The DCOM_SECURITY_UPDATED_FLAG is an internal Certificate Services registry flag that indicates that the DCOM security settings were updated completely and successfully. Certificate Services checks this flag every time that it is started. The commands in the previous list reset the flag and then stop and start Certificate Services, causing it to update the DCOM security settings again.

Additional resources

• To learn more about Windows Server 2003 SP1, visit the following Microsoft Web site:
  http://technet2.microsoft.com/windowsserver/en/sp1.mspx
• To review the most recent application compatibility information and to find other products that are made for Windows, visit the following Microsoft Web site to view the Windows Catalog:
  http://www.windowsmarketplace.com/?WT.mc_id=0806_031
• To obtain the latest product updates, you can use Windows Update. To access Windows Update, visit the following Microsoft Web site:
  http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us