Vol 2, No 2 - 1/27/00

Technical Stuff

NOS Showdown in Network World Magazine
Did you see the article? Confused by the results? Would you like to make a comment, or see some of the comments being made about the event? You can try going directly to http://www.nwfusion.com/cgi-bin/WebX.cgi?forum-14@^62113@ or start at www.nwfusion.com and follow one of the multiple links there to the NOS Showdown forum.

NetWare Cluster Services for NetWare v5.x
A minor upgrade is in the works! Check the new features and fixes in the attached document.

Moving Newer NetWare Utilities to Older Servers (or vice versa)
As a network administrator, you may want to move newer NetWare utilities to older servers, or you may want to copy these utilities to a local drive on a workstation. LOGIN.EXE and NDIR.EXE are two such popular utilities. However, before you move these utilities, you should know which unicode files should be moved as well. For most utilities, you can get this information simply by running the utility itself using the /VER parameter (for example, PCONSOLE /VER). Most utilities will generate the needed support files in this way. If a .MSG file for the utility exists, you should copy that file as well.

GroupWise 5.5 and ``mailto:`` hyperlink
With GroupWise 5.5, no C3PO is needed, it's just a bit of extra work to set up Navigator correctly. Add the following 2 lines to your prefs.js file---

     user_pref("mail.altmail_dll", "navmapi32.dll");
     user_pref("mail.use_altmail", true);

You also need to make sure that you have the navmapi32.dll file in your Netscape program folder. You can get this file by installing the Navigator only version of the browser.

NetWare 5.1 client feature (for mobile users especially)
You've been in this boat - you fire up your machine, don't authenticate, but then because of your printer settings, you get a couple of login prompts (Office 2000 is really bad about this). Well, it turns out that in the NetWare 5.1 clients, there are some registry settings that you can manually create that will make it so that your default printers don't try to authenticate to NDS until you try to print. For mobile users - this is very nice. This applies to Client32 ver 3.2 and Client v4.7 (for NT).

For Windows 95B or later
On Windows 9x operating systems, under normal circumstances, if you login to the local workstation, but do not login to NetWare, you will be prompted to login to NetWare once by the (i.e. QMS) print provider and once by the NDPS print provider if you have any NetWare printers installed. There are two registry setting options that affect the login dialog box appearances on Windows 9x:

1. If you set "HKLM\SOFTWARE\Novell\Print\Never Login\Never Login" to a value of 1, the print provider will never bring up the NetWare login dialog. Print jobs will succeed, but you will find that the printer has gone offline. To get the print job to the printer, you must login to NetWare, and then manually turn the printer online by opening the Printers folder, right-clicking on the Printer, and toggling the Print Offline menu item to the online state.
2. If you leave the default setting "HKLM\SOFTWARE\Novell\Print\Never Login\UseDialupSettings" at a value of 1, the print provider will attempt to use the setting "Logon to network" of your current dialup connection. It will set the Never Login value so it corresponds to the dialup connection setting. NOTE: This functionality is only available on Windows 95B or later.

1. If you set "HKLM\SOFTWARE\Novell\Print\Delay Login\Delay Login" to a value of 1, because the print provider knows which printer ports belong to it, it will tell Windows that the printer is ours, even though we are not authenticated. Then, it will wait until an action is detected that requires authentication before popping up the NetWare login dialog box.
2. If you set "HKLM\SOFTWARE\Novell\Print\Never Login\Never Login" to a value of 1, the print provider will never bring up the NetWare login dialog and print jobs sent prior to authenticating will fail with the error "Error writing to \\TREE\QUE.context: A write fault occurred on the network. Do you wish to retry or cancel the job?"

Troubleshooting NDS for NT
What do you do if your NT server crashes, you're using NDS for NT, and you want to relink your NT domain with the NDS tree and Domain object without manually re-creating the domain users and remigrating them?

If you have a Backup Domain Controller in the domain that has NDS for NT installed on it, you're in luck. All you have to do is promote the BDC to a PDC, rebuild the original PDC, and demote the second PDC when the original comes back online. If you don't have a BDC in your domain, things get rougher. First, you'll have to reinstall NT on the server using an emergency recovery disk for that specific server. (This is important because the SID identifier for the server has to be the same as it was originally.) Next, install NDS for NT and place the new domain object in a temporary Organizational Unit. Make sure you use the same name for the new domain and server that you used originally. Delete the domain object and SAMMIG.EXE dated 4/17/98 or later. (If yours is older, contact Novell Technical Support.)

SAMMIG will detect that the migrated domain no longer exists and allow you to browse the tree for the original domain. It will then update the NT registry to point to the original domain and regrant user access to the domain. Reboot the NT server, and everything should be fine.

Update to the Electronic Incident Service
Did you know you can submit requests for Tech Support on-line? Did you know you can check the status of an existing incident? Or update the incident? All of this without having to listen to the Novell Support Connection disk jockey?? The long-awaited upgrade to the Electronic Incident Service, including the online Incident Reports, is now complete! There is a new URL; however, the best way to hit Electronic Incidents is still to go to Novell Support Connection (http://support.novell.com) and click the Electronic Incident link on the main index (left). The new direct URL is http://support.novell.com/servlet/incident. The new Electronic Incident Service includes several key upgrades:

1. The user interface for individual PIN-holders logging or updating their own incidents is redesigned. More complete status information is provided the header, including the current Severity level of the call. The full history follows with an "Update" link.
2. Contacts who are authorized to view company-wide information ("Authorized Contacts") have a much richer selection of analytical incident reports to run. Run reports of incidents by Severity or by Contact; run reports of all open incidents or only those "Awaiting Customer Action." Sort company-wide these reports in various ways: Incident, Status, Severity.
3. Authorized Contacts may not only view the current list of authorized PIN-holders but also may now update contact information online. The updates you provide are e-mailed to our database maintenance team.

Debugger Tip
Once you have entered the debugger, enter a .p (#.p). This will give you a list of all processes, including the one that was running when you entered the debugger. If your server locks up, or seems to stop and you break into the debugger 6 times and all 6 times you notice that some 3rd party software is always the one running when you do a .p, you might want to disable this for a while and see if the problem goes away.

Cool URLs

Great Reading
Have you missed previous editions of this newsletter? Want to read them? Thanks to the CINUG (Central Iowa Network Users Group), they have posted them all at http://www.cinug.net/nov_blast.html... (I guess you've already found it :-) )

Cool Web Site
If you're looking for the latest in security vulnerabilities or other bugs, SecurityFocus.com has the goods. What used to be BugTraq at Geek-Girl.com, has been folded into the new site, and organized into nice, neat little sections. They also have a very complete list of free security related tools for you to choose from including the "Anti-Antisniff sniffer".

COMPUTER ASSOCIATES WARNS OF A NEW VARIANT OF THE NEWAPT WORM CALLED NEWAPTd <http://www.ca.com/press/2000/01/newapt_d.htm>
Computer Associates International, Inc. yesterday warned computer users of a worm called "NewApt.D," a new variant belonging to the NewApt family of Win32 worms. The worm uses e-mail and executable attachments to propagate from one computer to another. This worm has been reported in the wild. The original NewApt worm was first detected in December 1999.

Virus Alert: COMPUTER ASSOCIATES DISCOVERS A NEW WORM CALLED Plage2000 <http://www.ca.com/press/2000/01/plage2000.htm>
Computer Associates International, Inc. today warned computer users of a new worm called Plage2000 which could threaten computer email systems as well as eBusiness infrastructures. This worm has been reported to be in the wild by CA customers. CA's antivirus research team is analyzing this worm and will provide more details as they are determined

SMTP E-Mail Relay Feature
One of the strengths of GroupWise and some other e-mails systems is that they can relay e-mail for their users. One of the weaknesses of GroupWise and other e-mail systems is that they can relay e-mail....There is little security associated with this feature. With the e-mail relay feature on, your system is susceptible to be used by a spammer. This means the spammer directs thousands, if not millions, of e-mail messages to your relay, which then resends to e-mails, with your address as the originator. YOU then become pegged as a spammer. There is a web site for an organization called Open Relay Behavior-modification System (ORBS), www.orbs.com... They maintain a list of companies that have themselves open to being used by spammers. If you want to find out how to shut your system off, visit http://maps.vix.com/tsi....

The Other Guys Corner....

Microsoft Active Directory and Windows 2000

4. DID YOU KNOW that Wands/Active Directory requires changing a corporation's existing DNS infrastructure, including DNS server platform? Are you currently running DNS on non-Wands servers? Are you willing to change or move DNS onto this untested platform?
5. DID YOU KNOW that Wands DNS server will CRASH just about every non-Microsoft DNS server in existence? Only the very, very latest versions of BIND (which aren't widely deployed) won't crash when interacting with a Wands server.
6. DID YOU KNOW that you cannot grant file/print/directory rights to an AD organizational unit? Many of our NDS customers are currently using this NDS feature; are you willing to lose this functionality in the move to AD?

First Windows 2000 Virus Found
<http://www.fsecure.com/news/2000/20000112.html> - F-Secure Corporation, a leading provider of centrally-managed, widely distributed security solutions, today announced the discovery of the first Windows 2000 virus. Windows 2000 is the upcoming new operating system from Microsoft, due to be released next month. The new virus is called Win2K.Inta or Win2000.Install. It appears to be written by the 29A virus group. It operates only under Windows 2000 and is not designed to operate at all under older versions of Windows

Upcoming Novell Events  (www.novell.com/events)

eOpportunity Tour
Novell and several partners, including IBM Netfinity and Lucent, will start a tour January 25th going through March 10th -a FREE eOpportunity Tour where industry leaders present real solutions for real eBusiness and show you how to:

• Integrate directory technology into your eBusiness model
• Build a reliable, secure eBusiness platform
• Select the network hardware and software to best power your eBusiness solution
• Integrate voice and data for your eBusiness application
• Improve your competitive position with the right eTools

• NetWare 5.1
• NDS eDirectory
• NDS Corporate Edition
• ZENworks
• IBM NetFinity Servers
• IBM WebSphere
• Lucent's RealNet Rules Policy Manager and QIP
• Lucent's Cajun switches / DEFINITY ECS

Reseller Events
Omaha Mar 2, 2000 Omaha Marriott, 9am-12pm
Des Moines Mar 3, 2000 Embassy Suites, 101 E Locust, 9am-12pm

End User Events
Omaha Mar 2, 2000 Omaha Marriott, 1pm-4pm
Des Moines Mar 3, 2000 Embassy Suites, 101 E Locust, 1pm-4pm

See http://www.novell.com/channel/etour/ to sign up for either reseller or end user.

Brainshare 2000 * March 26-31 * Salt Lake City
Register before Feb 18th and save $200 - visit the Web site at www.novell.com/events/brainshare

Brainshare on Tour
Sound new?? The title is- it used to be TechShare... Look for the BSOT session schedule soon. Planned dates are:

• Minneapolis June 7-8, 2000
• Kansas City June 29-30, 2000

Advanced technical Services Mastery Training filling fast
Due to overwhelming demand, Novell has more than doubled the number of dates and cities originally planned for the Mastery Training series. To register, or to obtain a current list of open classes, visit http://support.novell.com/additional/advtt/us/mastery.

Mastery Training- ZENworks

• Kansas City Feb 8-9, 2000

Mastery Training- NDS

• Kansas City Feb 10-11, 2000
• Minneapolis Mar 7-8, 2000

Product/Technology Updates
     none scheduled (will probably be in February)

Users Groups:

Be sure to visit and support your local NetWare/Network users group-

NNUG, Nebraska NetWare Users Group, Omaha,
meets second Tuesday of each month
     www.nui-omaha.org

LANUG, Lincoln (NE) Area NetWare Users Group
meets third Tuesday of each month
     members.aol.com/thomstarr/lanug

CINUG, Central Iowa Network Users Group, Des Moines,
meets third Wednesday each month
     www.cinug.net

Dubuque (IA) forming now....
will meet on the second Thursday of each month, starting February 10, 2000. As a snow date, use Thursday February 17, 2000. Contact Skip Hefel (skipper@myrealbox.com) for more information.

Sales Stuff----

None this time...

Administration Information:
If you do NOT want to continue to receive this e-mail blast, please send an e-mail to jbezy@novell.com, with 'unsubscribe e-mail blast' (without the quotes) in the subject line, and you will be removed from the list.

If other people in your organization not directly receiving this e-mail blast wish to do so, have them send an e-mail to jbezy@novell.com, with 'subscribe e-mail blast' (without the quotes) in the subject line, and they will be added to the list.

Disclaimer:
Information contained herein is provided as-is. Opinions are those of the author and may or may not be the same as those of Novell, and are definitely NOT attributable to Novell unless otherwise noted.

John Bezy
Novell Systems Engineer
Iowa/Nebraska
ph: (402) 291-1808
fax: (402) 291-4529
jbezy@novell.com