IPX/SPX (NetWare) Issues

 

SAP advertisement kills IPX routing, poses security problems

Automatic frame type detection doesn't always work.

Where can I get [info on] Novell's Client32?

Why do Win95 clients crash my NetWare 3.x servers?

How do I enable Long File Name support on a NetWare server?

How do I disable Long File Names on a Win95 client so I can use a server without LFN support?

Can I get NetWare broadcast messages (like "low on disk space") on Win95?

Can I send NetWare messages with Win95?

Should I use NETX, VLMs, Microsoft's Client, or Novell's Client32?

Where can I get Microsoft's NDS Client for NetWare 4.x and bug fixes?

User-level access control doesn't work over IPX NWServer.

DISPLAY Command in Login Script Displays Incorrect Characters.

INCLUDE/DISPLAY Login Script Commands Do Not Accept UNC Paths.

NetWare login script processor (NWLSPROC) can't handle lower-case drive letters.

Cannot load TSRs in NetWare login scripts.

Cannot Connect to NCP Server Without SAP Advertising Enabled.

Commas Not Recognized in NetWare Logon Scripts.

How to Configure Windows 95 for Use with NASI.

NetWare login might not work if machine name=login name.

How do I make RPRINTER work?

How to prevent anyone from accessing my entire hard drive?

What new (July 1992) login script commands are not recognized by Win95?

Bug storing NetWare passwords unencrypted?

What about Personal NetWare and NetWare Lite?

MS Client for NetWare Does Not Synchronize Time with Server

Can Win95 log on to password-protected NetWare accounts without user intervention or knowledge?

How come I lose mapped drives after a while, and how can I stop it?

Can't rename files/directories using NETX under Win95.

How can I boot Win95 from a NetWare server on a machine sans hard drive?


index top end <-->

B.1. SAP advertisement kills IPX routing, poses security problems

Date: Wed, 10 Jan 96 15:12:00 -0800
From: Rich Graves <[email protected]>

Win95 can be configured to masquerade as a NetWare server/router. This will cause rather severe problems in many situations. See the brief description of the problem at http://rcr.csun.edu/ntg/win95.html#novell. The CSUN page does not detail the steps to steal NetWare passwords with Win95, but it's not hard to imagine. I believe InfoWorld, Communications Week, PC Week, and most other trade publications covered the issue as long as nine months ago, but Microsoft has not fixed the problem.

Another good explanation of the problem is at http://www-leland.stanford.edu/~llurch/win95netbugs/IPX-SAP-Bug.txt.

One of Microsoft's developers wrote a rather lengthy and only somewhat misleading response to this issue. It is saved at http://www-leland.stanford.edu/~llurch/win95netbugs/MS-SAP-Response.txt. The Windows 95 product manager told me on November 9th that this should be considered the official Microsoft position on the SAP problem.

Unfortunately, in public, Microsoft only acknowledges, by way of a highly misleading press release, a "Server Name Conflict Issue." By this they mean that if someone accidentally or intentionally names a Win95 box masquerading as a NetWare server (which Novell considers a copyright violation, by the way) the same as a real NetWare server, the server won't work. This is actually but a small subset of a larger problem.

Update 01/10/96 thanks to Scott McArthur: Microsoft Knowledge Base article Q130943 partially addresses this problem in a long footnote. They might improve the documentation further in the future. I suggest searching the Microsoft Knowledge Base for the latest "clarifications" from Microsoft.


index top end <-->

B.2. Automatic frame type detection doesn't always work.

Date: Thu, 07 Dec 95 10:15:00 -0800
From: Rich Graves <[email protected]>

Microsoft acknowledges that the frame type used for IPX/SPX packets must be set manually because the default "Automatic" frame type detection does not always work. Most commonly this happens on very quiet or very busy multiprotocol networks.

You need to open IPX/SPX Compatible Protocol/Properties/Advanced and select it manually. There is a picture at http://www-dccs.stanford.edu/NetConsult/Win95Net/ipxprops.jpg.


index top end <-->

B.3. Where can I get [info on] Novell's Client32?

Date: Wed, 27 Dec 95 14:56:00 -0800
From: Rich Graves <[email protected]>

Official information on Novell's Client32 NetWare Client for Windows 95, which replaces Microsoft's client, is available at http://netwire.novell.com/home/client/client32/. At this writing, the last update to the publicly available software was posted in early December. Officially registered beta sites probably receive incremental updates.

Unlike some other computer companies, Novell has posted a reasonably open and honest FAQ. The only publicly discussed problem I don't see is that Client32 appears to be incompatible with Microsoft's NET command when run in a DOS box. This can be a major bummer if you use multiple network protocols.


index top end <-->

B.4. Why do Win95 clients crash my NetWare 3.x servers?

Date: Wed, 27 Dec 95 14:59:00 -0800

There have been many reports of Win95 clients causing NetWare servers to crash. [email protected] says computer magazines in the Netherlands are urging people not to install Win95 for this reason. Several things can cause this problem:

  1. Packet Bursts. The problem often isn't Win95, per se, but the packet burst mode that it supports by default. Older servers can't handle packet bursts, a late 3.12/4.0 performance enhancement.
  2. There are two ways to resolve the problem of packet bursts:
    1. Get the file pburst.exe from Novell's BBS or Internet servers and install the patch on your server.
    2. Disable packet burst on the Win95 clients by adding the following to system.ini:
    3. [nwredir]
      supportburst=0
  3. Old .LAN Driver. I have been told that an old network interface card driver (.LAN) on the server might also cause this problem. As could a 386/486 server that's just too, well, old to handle the demands of your fancy new Pentiums running Win95. Loading NetWare's VLMs on a hot new Pentium would cause the same problem. (If you ignored Novell's documentation of this problem, that is; Novell is pretty quick to document and patch known problems with its products.)
  4. VM Swapfile on Server. By default, server installations of Win95 put the virtual memory swap file on the server, which strikes me as monumentally stupid. The University of Arkansas banned Win95 machines from their network for some time because this feature caused several NetWare servers to get overloaded and crash.
  5. Record Lock Overflow. Certain very poorly written applications, such as Microsoft Access, can lock up any kind of server with record locks. Please see question E.11. for information on this bug in Microsoft Access.


index top end <-->

B.5. How do I enable Long File Name support on a NetWare server?

Date: Tue, 10 Oct 1995 20:00:00 GMT
From: ClubWin dude Ramesh and Rich Graves <[email protected]>

Just install the OS/2 namespace. This requires NetWare 3.12 or a patched 3.11. Most of the time, it seems to work. If Win95 clients crash your server or something, remove the OS/2 namespace and see the next question. I am not a CNE! Don't ask me!.

Because of a little bug, Win95 will not use long file names on 3.11 servers when you use Policy Editor to tell it to do so. The easier workaround is to add the following to system.ini:

     [nwredir]
     SupportLFN=2

For more information on this problem, see article Q137275 in the Microsoft Knowledge Base.

Because of another bug, you will probably need to apply the os2opnfx.nlm patch. One place to get it is ftp://ftp.novell.com:/pub/netware/nwos/nw311/311ptd.exe. The ReadMe for this patch says:

OS2OPNFX NLM
1409 02-02-93  7:10a

This patch allows a user to use the "TYPE" command to view a file even
though SCAN file rights have not been granted.  Without this patch, if the
user is granted all rights but the SUPERVISOR and SCAN file rights
(including Read) the file still cannot be "TYPE"ed.  This patch fixes this
problem. 

[Um... yes. I'm sure it does. I don't think I want to know why Win95 cares.]


index top end <-->

B.6. How do I disable Long File Names on a Win95 client so I can use a server without LFN support?

Date: Thu, 07 Dec 95 10:15:00 -0800
From: Rich Graves <[email protected]>

Contributions by [email protected] (Ramesh Viswanathan) and [email protected].

If you run POLEDIT (it's on the CD in admin\apptools\poledit) and open the registry, you can then go to Local Computer, Network, Microsoft Client for Netware Networks, and turn off use of long names on the server.

Alternatively, add the following to system.ini:

     [nwredir]
     SupportLFN=0


index top end <-->

B.7. Can I get NetWare broadcast messages (like "low on disk space") on Win95?

Date: Wed, 27 Dec 95 15:02:00 -0800
From: Rich Graves <[email protected]>

Contributions by Don Zimmer ([email protected]) and "ClubWin" member [email protected] (Ramesh Viswanathan)

By default, Win95 machines using Microsoft's 32-bit NetWare client do not receive NetWare broadcast messages. Novell recommends using their software instead.

You could also put WINPOPUP.EXE in your Startup folder. However, there's apparently no way to remove WINPOPUP from the task list or to stop users from quitting it.

Several people have also complained that WINPOPUP doesn't work for them, though we haven't been able to determine why. Please mail me if you have insight into this problem.

Novell's Client32 resolves this problem (and introduces some others).


index top end <-->

B.8. Can I send NetWare messages with Win95?

Date: Tue, 10 Oct 1995 20:00:00 GMT
From: Rich Graves <[email protected]>

Yes, you can, with WinPopup, provided that IPX/SPX is your default protocol. However, messages are limited to 38 characters, and there are other limits. See article Q120223 in the Microsoft Knowledge Base.


index top end <-->

B.9. Should I use NETX, VLMs, Microsoft's Client, or Novell's Client32?

Date: Wed, 27 Dec 95 15:06:00 -0800
From: Rich Graves <[email protected]>

Yes. Otherwise you won't be able to use NetWare servers. :-)

There is no authoritative answer to this question. It depends on which mix of bugs and features works best in your environment.

In a loosely "controlled" environment like mine, I have to support Microsoft's client, because it's the easiest to obtain and install, which means that people are going to use it anyway. Microsoft's client also seems to be the least likely to actually crash the Win95 machine. However, it is the most likely to crash your server.

You must use Novell's Client32 if you need one or more of the following features:


index top end <-->

B.10. Where can I get Microsoft's NDS Client for NetWare 4.x and bug fixes?

Date: Wed, 27 Dec 95 15:07:00 -0800
From: Rich Graves <[email protected]>

All publicly available updates to Windows 95 are available at the URL http://www.windows.microsoft.com/software/updates.htm. You'll want the NDS service, the shell update bug fix, and the security bug fix, for starters. Please note that Microsoft's politically correct term for these updates is "functionality enhancement."


index top end <-->

B.11. User-level access control doesn't work over IPX NWServer.

Date: Thu, 07 Dec 95 10:15:00 -0800
From: Rich Graves <[email protected]>

Win95's built-in peer-to-peer sharing capabilities don't work over the built-in IPX/SPX="compatible" protocol with share-level access control. You need to enable user-level access control with an NT or NetWare server for authentication. See article Q131354 in the Microsoft Knowledge Base.

In any case, you really shouldn't be sharing over IPX unless you really know what you're doing, because of the SAP problem, B.1. Sharing over SMB (NetBEUI or TCP/IP) is safer and faster.


index top end <-->

B.12. DISPLAY Command in Login Script Displays Incorrect Characters.

Date: Tue, 10 Oct 1995 20:00:00 GMT
From: Rich Graves <[email protected]>

If your Novell NetWare login script contains a DISPLAY command with a very long path, or uses an environment variable containing a very long path, some information may not be displayed correctly. An internal buffer is too small. Use a shorter path or environment variable. See article Q132763 in the Microsoft Knowledge Base.

Novell's Client32 resolves this problem (and introduces others).


index top end <-->

B.13. INCLUDE/DISPLAY Login Script Commands Do Not Accept UNC Paths.

Date: Tue, 10 Oct 1995 20:00:00 GMT
From: Rich Graves <[email protected]>

If you are using a NetWare login script, INCLUDE and DISPLAY commands in the login script that contain Universal Naming Convention (UNC) paths do not work. The named files are not run or displayed. See article Q135167 in the Microsoft Knowledge Base.

Novell's Client32 resolves this problem (and introduces others).


index top end <-->

B.14. NetWare login script processor (NWLSPROC) can't handle lower-case drive letters.

Date: Tue, 10 Oct 1995 20:00:00 GMT
From: Rich Graves <[email protected]>

If you are using NetWare login scripts that use lower-case drive letters, you need to capitalize them. See article Q132665 in the Microsoft Knowledge Base.

Novell's Client32 resolves this problem (and introduces others).


index top end <-->

B.15. Cannot load TSRs in NetWare login scripts.

Date: Wed, 27 Oct 1995 15:10:00 -0800
From: Rich Graves <[email protected]>

If you need this functionality, use Novell's VLMs or NETX. See article Q127794 in the Microsoft Knowledge Base.


index top end <-->

B.16. Cannot Connect to NCP Server Without SAP Advertising Enabled.

Date: Thu, 07 Dec 95 10:15:00 -0800
From: Rich Graves <[email protected]>

Microsoft acknowledges that this is a problem with Win95. See article Q130943 in the Microsoft Knowledge Base.

Do not turn on SAP, as Microsoft tells you to do, without considering the routing and security ramifications discussed in Section B.1.


index top end <-->

B.17. Commas Not Recognized in NetWare Logon Scripts.

Date: Tue, 10 Oct 1995 23:00:00 GMT
From: Rich Graves <[email protected]>

Microsoft recognizes this as a problem with Win95. You need to replace any commas in your login scripts with ANDs, or use Novell's drivers rather than Microsoft's. See article Q129145 in the Microsoft Knowledge Base.

Novell's Client32 resolves this problem (and introduces others).


index top end <-->

B.18. How to Configure Windows 95 for Use with NASI.

Date: Tue, 10 Oct 1995 23:00:00 GMT
From: Rich Graves <[email protected]>

You need to use ODI drivers. See article Q125425 in the Microsoft Knowledge Base.

Novell's Client32 resolves this problem (and introduces others).


index top end <-->

B.19. NetWare login might not work if machine name=login name.

Date: Mon, 2 Oct 1995 13:31:28 CST6CDT
From: Larry Field <[email protected]>

[email protected] (Larry Field) wrote:

>I'm using the Client for Netware as my primary logon client in Windows 95.  
>However when I dial-up and login to my network I'm not getting the login 
>script processed.  I can go into Network Neighborhood and see my drives and 
>directories on the network drive but I don't have any drive mappings, printer 
>assignments, etc.
>
>Any ideas how I can get the logon procedure to execute the login script?  I 
>have the box checked that says "Process login script" so I'm at a loss as to 
>why it's not processing.

Well I solved my own problem and here's the answer for anyone else
that experiences similar things.

My computer name in Control Panel | Network | Identification was the
same as my Netware logon name.  Once I changed this it processes the
login script and maps all the drives just fine.  I guess there's some
kind of conflict when the name of the machine and the logon id are the
same.

Larry Field
Sr. Systems Analyst
Texas A&M University


index top end <-->

B.20. How do I make RPRINTER work?

Date: Wed, 27 Dec 95 15:12:00 -0800
From: [email protected] (Gordon Fecyk)

I managed to get a WIn95 machine to act as RPRINTER using all 32-bit services and clients! I only managed to get this working on a NetWare 3.11 environment so far, but the same applies to NetWare 3.12. 4.0 & 4.1 users can wait for Novell to clean up their Client32...

First off... Win95's PRTAGENT (this is what it's called on the Win95 CD, under ADMIN\NETTOOLS\PRTAGENT) requires exclusive access to a NetWare print server object. This means you need to create one separate Print Server object on the NetWare server for each Win95 station acting as RPRINTER.

Here's what each print server object looks like:

Each object has only ONE PRINTER, which is Printer 0, named "Printer 0". Set this printer to be a "Remote Parallel" printer using LPT1. You can tell it to use IRQ7 if you want.

Tell this one printer to service a particular print queue. A NW 3.1x server handles 16 queues, so pick one of them for this printer, within this print server object, to service.

OK now that you have a unique print server object for each Win95 machine running PRTAGENT, go to the machine in question and install "Microsoft Print Agent for NetWare", by adding it as a "service" in the network control panel. Hit "Have disk" and go to ADMIN\NETTOOLS\PRTAGENT.

After installing it, reboot.

Then, go to the printers folder and select the printer driver you want to service the Print Server object in the NW server. Select the Print Server tab, select the NW server and the Print Server object to service.

[More details might also be available in the Resource Kit and in the win95netbugs list archive]


index top end <-->

B.21. How to prevent anyone from accessing my entire hard drive?

Date: Thu, 07 Dec 95 10:15:00 -0800
From: Rich Graves <[email protected]>

If you have a non-English-language version of Windows 95, you can't, unless you disable peer sharing and remote administration.

If you have the English-language version, get the patches from http://www.windows.microsoft.com/software/w95fpup.htm. Microsoft's clarification is incorrect (for starters, they didn't discover these problems; we know who pointed them out to them), but the patches appear to fix the problem.


index top end <-->

B.22. What new (July 1992) login script commands are not recognized by Win95?

Date: Fri, 13 Oct 1995 09:42:47 GMT0BST
From: Phil Randal <[email protected]>

[Just one of the liabilities of Microsoft refusing to participate in NetWare interoperability testing.]

The Microsoft Windows 95 Netware Client does not recognize the 
following two NetWare login script commands:

  NO_DEFAULT and SET_TIME
  
They were introduced in version 3.65 of login.exe for NetWare 3.11 in 
July 1992.  I haven't checked the semicolons at end of strings, but 
I'm almost willing to bet on it...

Here are the details from Novell's log365.doc dated July 20, 1992:

1) The current version of login does not recognize ;'s at the end 
of a string in the login script. (The ; is used for string 
concatenation.)

2) This version contains a NO_DEFAULT parameter to place in the
system login script.  If a user login script does not exist, the 
default login script will not be executed.

3) This utility also allows the user to specify if login.exe should
synchronize the workstation time with the file server time.  
Currently, login always synchronizes the workstation time with the 
file server time.  This new LOGIN.EXE allows the user to specify 
if this synchronization should occur by using a new command in the 
login script.   It is as follows: 

      SET_TIME [ON | OFF]

SET_TIME OFF will not synchronize workstation time with the file 
server when logging in.  

SET_TIME ON will cause the workstation time to synchronize with the 
file server time when logging in.  (default)


index top end <-->

B.23. Bug storing NetWare passwords unencrypted?

Date: Fri, 06 Oct 1995 11:25:30 -0800
From: Rich Graves <[email protected]>

Microsoft never acknowledged this bug, but they did fix it. The problem is that under circumstances that have not been isolated, .PWL files can be created that allow access to NetWare servers without even logging in. Among the people who have seen this are Stephen R. Davis <[email protected]> and Gary Flynn <[email protected]>.


index top end <-->

B.24. What about Personal NetWare and NetWare Lite?

Date: Tue, 10 Oct 1995 07:20:58 GMT
From: [email protected] (Ramesh Viswanathan)

Just ask Novell: http://netwire.novell.com/ServSupp/client/win95/pnwfaq.htm

Tijs Coumans claims the same basic instructions work for NetWare Lite, though Novell says they don't.


index top end <-->

B.25. MS Client for NetWare Does Not Synchronize Time with Server

Date: Sun, 15 Oct 95 09:28:23 -0700
From: Microsoft

See Microsoft Knowledge Base article Q136591, http://www.microsoft.com:80/KB/PEROPSYS/win95/Q136591.htm.


index top end <-->

B.26. Can Win95 log on to password-protected NetWare accounts without user intervention or knowledge?

Date: Wed, 1 Nov 1995 22:40:15 -0600
From: Eric Helfgott <[email protected]>

This is actually a very interesting bug in Win 95 which Microsoft denies the existence of. Win 95 can actually be configured to cache both the Windows and Netware passwords so that a user booting the system will automatically be logged onto a netware network need not type any password whatsoever - for Windows or Netware. If the .pwl files being generated are ~900 byes long versus the regular 600 bytes, your system is doing this. Naturally this bypasses any and all security of netware networks.

My system behaves this way; and I can actually use it to create .pwl files for other systems which bypass the netware security on those systems as well. Microsoft claims this only works for "null" netware passwords - which is simply not true, but the system must be tricked into generating these .pwl files. As proof, if you wish to have such a .pwl file please request so of me via Win 95 Netbugs and I'll generate one for you which does this.

To stop your system from generating these pwl files, just delete all of those in your Windows directory, and change the primary network logon to Windows and then back to Microsoft Client for Netware and your system will stop generating these security killers. I actually find the bug useful for PCs in secured areas which one may wish to remotely reboot using remote access software like Stac Electronic's Reachout. :)

Eric Helfgott
Systems Engineer
Drug Intervention Services of America, Inc.


index top end <-->

B.27. How come I lose mapped drives after a while, and how can I stop it?

Date: 7 Nov 1995 20:29:02 GMT
From: George Shaw

In the Control Panel,Power Icon, if you turn "Off" Power Management, the mappings seem to quit going away. Damned if I can figure out why this works, but it does.


index top end <-->

B.28. Can't rename files/directories using NETX under Win95.

Date: 29 Dec 1995 20:30:00 PST
From: Rich Graves <[email protected]>

Lloyd Williams and a dozen others have reported this. This is true. VLMs, Microsoft's Client for NetWare Networks, and Novell's Client32 do not have this problem. Novell doesn't really recommend using NETX nowadays anyway...


index top end <-->

B.29. How can I boot Win95 from a NetWare server on a machine sans hard drive?

Date: 29 Dec 1995 20:43:00 PST
From: Rich Graves <[email protected]>

It's not easy, but it can be done. See win95boo.txt and other files on JoeD's machine, netlab2.usu.edu. Look in the misc (not pub/misc) directory.

netlab2 is running Novell's brain-dead FTP server that does not support passive mode or many other modern niceties, so if your FTP client gives you an error message, try the UNIX or DOS command-line FTP clients.

Actually, since people seem to have trouble reading the above sentence, I'm now sort of mirroring these files, with JoeD's OK. The URL is http://www-leland.stanford.edu/~llurch/win95netbugs/From_JoeD/


All Rights Reserved by the author, Hans Klarenbeek

Windows95 (Win95-L) FAQ © 1998-7 PERMISSION:

Permission is granted freely to distribute this article in electronic form as long as it is posted in its entirety including this copyright statement. This article may not be distributed for financial gain. This article may not be included in any commerical collections or compilations without the express permision of the author, Hans Klarenbeek([email protected])