The Mole #3: Technical Answers from Inside Microsoft - Static Ports, Windows NT Printers on UNIX, Logon Script, NT Disaster Recovery

  • Article

March 1, 1999

Editors Note The questions and answers below are from the Inside Microsoft column that appears regularly on the TechNet Web site (https://www.microsoft.com/technet). To find out how to submit questions of your own, see the end of this article or go tohttps://www.microsoft.com/technet/community/columns/insider/default.mspx.

The TechNet Mole provides expert answers from deep within Microsoft to questions from IT professionals. The third installment focuses on these issues:

  • Mapping Static Ports/Microsoft Exchange Server with Proxy Server 2.0

  • Sharing Microsoft Windows® NT Printers on a UNIX System

  • Windows NT Logon Script for a Mixed Environment

  • Windows NT Disaster Recovery to an Unlike Server

On This Page

Mapping Static Ports for Internet Mail Delivery Using Microsoft Exchange Server with Proxy Server 2.0
Sharing NT Printers on a UNIX System: Foiling Format Control
NT Logon Script for a Mixed Environment
Strictly Unofficial: NT Disaster Recovery to an Unlike Server
Got Questions? Mail the Mole

Mapping Static Ports for Internet Mail Delivery Using Microsoft Exchange Server with Proxy Server 2.0

Dear Mole,

I have a question about Outlook® Web Access setup. I want my client to connect to proxy server and check their email. What will be the best way to do the setup behind Proxy Server 2.0? My LAN setup is like this:

  • Internet Exchange Server 5.5, Service Pack 1 only. Have Internet mail connector installed, two network cards, one connects to the LAN and the other to the Internet.

  • Proxy Server 2.0 Server with IIS 4.0 and Outlook Web Access installed. Exchange Server with all mailboxes Internal LAN

I read somewhere that I need to change some setting on Proxy to make it work.

Tanweer

Dear Tanweer,

Here's what happens. With your firewall (packet filter) in place, Microsoft Exchange Server connects to the client at a static port (135), but then reassigns the client two random ports for communicating with the Directory Service and the Information Store (which is where the mailboxes are). Using random ports, mail is only delivered…well, randomly.

For your client to receive Internet email more predictably, you need to force the Exchange Server to map the DS and IS to the same ports all the time. This involves editing the Registry, a daring action that we at Microsoft recommend only after issuing the following warning: Be careful! Follow directions exactly! You do so at your own risk. If the instructions below do not make sense to you, don't do it! (Sorry about that, but it's one of those legal things we have to make sure we cover—very unmole-ish, but required.)

Okay, now that you're warned, here's what you do to force static mapping of TCP/IP ports. (Note that your computer must be restarted for these changes to take effect.)

Configuring the Directory Service

  1. Start Registry Editor (Regedt32.exe).

  2. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

    System\CurrentControlSet\Services\ MSExchangeDS\Parameters

  3. Add the following entry for the Microsoft Exchange Directory service:

    TCP/IP port REG_DWORD 
 DATA: <port number to assign>

Note: DO NOT assign ports immediately above the 1023 range*****

Configuring the Information Store

  1. Go to the following subkey:

    System\CurrentControlSet\Services\ MSExchangeIS\ParametersSystem

  2. Add the following entry for the Information Store:

    TCP/IP port REG_DWORD 
 DATA: <port number to assign>

Note: DO NOT assign ports immediately above the 1023 range*****

Configuring the System Attendant

In order to Administer an Exchange Server across a firewall, the Microsoft Exchange System Attendant should be configured to use a specific RPC port as well.

  1. Under the HKEY_LOCAL_MACHINE subtree, go to the following subkey:

    SYSTEM\CurrentControlSet\Services\ MSExchangeSA\Parameters

  2. Add the following Registry value:

    TCP/IP port

    as DWORD value, specifying the port to be used. The RADIX should be set to decimal when entering the value.

  3. Quit Registry Editor.

Note: The DWORD value should be in decimal.

*****This ONLY has to be changed on the computer running Microsoft Exchange Server. Clients always connect to port 135, the RPC Endpoint Mapper, and then ask what ports they should use for the Directory and Information Store Services.

After this, you will need to configure the packet filter (or firewall) to allow TCP connections to be made to these ports as well as to port 135.

For a detailed discussion of configuring Proxy Server with Microsoft Exchange, consult these Knowledge Base Articles.

  • 181420: How to Configure Exchange or Other SMTP with Proxy Server

  • 178532: XFOR—Configuring Exchange Internet Protocols with Proxy Server

Following the steps should ensure that mail regularly reaches your client. It is impossible; however, to guarantee that the mail you receive will be worth reading.

Sharing NT Printers on a UNIX System: Foiling Format Control

Dear Mole,

I have a question in regards to sharing NT printers for a Unix system. I am running NT 4.0 and have a UNIX server running Seimens Nixdorf V5. I am having trouble sending print jobs to my NT printer. The print job works well for straight text but the graphic overlay will not work. The overlay is escape characters that seem to print as if they were text. Any ideas?

K. Gilliam

Dear K.G.,

Being in the spy business, the words "overlay" and "escape" along with "subterfuge", "inside" and "information" are always on the top of my mind so I think I can help you this one.

The Windows NT LPD (Line Printer Daemon) Service follows the RFC1179 specification. This states that the LPR (Line Printer Remote) client must tell the LPD server how to handle the print job. If the client formats the job, it must send the "l" control character to instruct the LPD server to print the job without any alteration.

Some LPR clients cannot be configured to send different control characters and always send an "f". This control character instructs Windows NT to assign a data type of TEXT and to use the printer driver to create a new print job that prints the text of the original job on the page. In the case of a postscript job, the new print job prints the original job's PostScript code on the page.

When a formatted job prints from a Line Printer Remote (LPR) client to a Windows NT computer that is running the Line Printing Demon (LPD) services, PCL or PostScript codes are printed instead of a properly formatted document.

The LPD service can be reconfigured to ignore the format control command from the LPR client and always assign the RAW datatype. To configure SimulatePassThrough for all printers in Windows NT 4.0 and assign the RAW datatype, regardless of the control file contents, here's what you do, immediately after you take a moment to contemplate the seriousness of editing the Registry (see the warnings above).

Run Registry Editor (REGEDT32.EXE).

From the HKEY_LOCAL_MACHINE subtree, go to the following key:

\SYSTEM\CurrentControlSet\Services\LPDSVC\Parameters

On the Edit menu, click Add Value. Add the following:

Value Name: SimulatePassThrough

Data Type: REG_DWORD
Data: 1

Note: The default value is 0, which informs LPD to assign datatypes according to the control commands.

For a more detailed explanation of the Windows NT LPD Server and other possible remedies for this issue, please refer to the following Microsoft Knowledge Base articles:

  • 124735: How Windows NT LPD Server Implements LPR Control Characters

  • 132460: Troubleshooting Windows NT Print Server Alteration of Print Jobs

  • 168457: Configuring Individual Printers to Passthrough LPR Print Jobs

NT Logon Script for a Mixed Environment

Dear Mole,

What is the preferred way to create a "Login Script" access control scenario on NT4.0 or 5.0 servers to insure that all of your users are on the same "page" with the same network mappings/drive letters and access rights... again we tend to do this with our NetWare Servers and was wondering how to control this in NT4.0 and NT5.0 as I don't see any server side login scripting capability. We would like to go 100% NT on the Server side with mixed NT, W95 and perhaps W98 clients, however we are currently locked into the NetWare netx and VLM 1.21 Client logins and need a simple way to transition out of a NetWare environment while still maintaining "Login Script" like secure login and access control to our servers.

Michael D. Russo, CareGroup Information Security Risk Manager

Hey, Michael:

Are we talking lock down here? Rest assured, you can keep your system secure, no matter how varied your clients are. (Security's a subject close to the heart of any worthy mole.)

What you want is also called a "logon script" in NT. You will need to make a DOS batch file that has tests for the OS that is running, because the logon script, stored on the Netlogon share point of all domain controllers, will execute on all clients.

The script can use the NET USE command for Windows clients to map a standard drive letter to a share point, and you can use the NetWare commands to do the same if the client is logging onto NT but needs to attach to the NetWare server with a standard drive letter. All you really need to do is to work on your scripting skills, because these--both the skills needed and scripting capabilities-- will be greatly expanded with the Windows Script Host in Windows 2000.

Strictly Unofficial: NT Disaster Recovery to an Unlike Server

Dear Mole,

My question is about NT Server disaster recovery. Sure, anyone could backup an NT Server and restore it to a like server to recover from a disaster. But could you please tell me if there is a solution to restore to an "unlike" server in case of a disaster?

For example, if I backup a Compaq 7000 server that has a Smart/2 DH RAID controller with two 4.3GB hard drives configured in a RAID 1 configuration and five 9GB hard drives configured in a RAID5 configuration, how could I restore it to an HP server used to recover from a disaster that has an unknown (yet to be determined) RAID adapter with five 18GB hard drives configured in a RAID5 configuration.

I need to know how to do this to plan for true disaster recovery. If a data center burns down, you may be forced to use any type of server that is currently available. Some of your mission critical servers may be out of production and no longer available. I have been successful in implementing a restore to a different type of server, but not without over an hour spent Dissecting the Registry. When a disaster strikes, recovery time is of the utmost importance!

I'm sure anyone who has implemented and tested their disaster recovery plan would be interested in this solution.

Bob Stary, Enterprise Consultant - Entex Information Services

Dear Bob,

Your question is sticky, since the intent of the NTbackup program is to backup and restore between the same computer or nearly identical hardware configurations. Nothing said here is sacred text, or officially recommended procedure. Nor does Microsoft support it. To backup on one machine and then restore on another, you will have these major concerns:

  1. You will have to install Windows NT onto the new computer to the point of basic functionality.

  2. Partitions and Logical drives must be the same on the new computer, so have this information printed out from your original configuration. You will have to mimic the original structure on the new computer, and the partitions must be at least as large as the backed up computer's were.

  3. You should install SCSI, Fiber Channel, and other critical storage drivers that may be needed on any replacement computer onto the original computer, which will result in service failure startup messages. Set these drivers to disabled startup if this bothers you, but you must set them to their boot or system startup values before you backup the data. You do this in preparation for a restore onto a machine that may actually have these devices. It is quite possible that installing the "wrong" drivers on the original machine might impair the boot process or render the machine unbootable.

  4. Know tricks about the Registry makeup. If you use FAT for the boot partition or install a second NT installation to the target computer, you will be able to save the installed portions of the Registry that are hardware-dependent, and then copy them back to their rightful place in \%systemroot%\system32\config after you restore from the original backup made on the different machine.

  5. Work on understanding the HKEY_LOCAL_MACHINE \System \DISK Registry keys. You may need to delete this information from the target computer and recreate it by running Disk Administrator on the target computer or by using the seldom-mentioned and formerly restricted resource kit tool called FTEDIT.EXE.

  6. Know all of your disk array and RAID configuration tools for all hardware that you manage. It is a no-brainer that hardware RAID must be recreated in a way that looks similar to the new NT installation. Hardware RAID abstracts the disk details away from NT, so that NT has the logical view of a single spindle. If you use software RAID, your job becomes much more difficult to restore to a new machine, and you must work with the DISK Registry keys and FTEDIT.EXE, doing things that are far, far from Microsoft-supported activities.

The bottom line is that you must test these procedures on your redundant spares to determine which procedures will work for you. Anyone who has actually tried this realizes that recovery will be much easier and ultimately less expensive to a mission-critical enterprise datacenter if you have clustering software (such as Microsoft Cluster Server) and identical, redundant hardware available.

For more information on restoring Windows NT after replacing hardware, see the following Microsoft Knowledge Base articles:

  • 112019: Changing Primary Disk System After Installation

  • 130928: Restoring a Backup of Windows NT to Another Computer

  • 139822: How to Restore a Backup to Computer with Different Hardware

  • 139820: Moving or Removing Disks & Fault Tolerant Drive Configurations

  • 113976: Using Emergency Repair Disk With Fault Tolerant Partitions

I have to say again, you're on your own with this stuff. No guarantees. But do let Mole know how it all turns out.

Got Questions? Mail the Mole

Communicate with Mole at [closed account]. Send him your toughest questions. And if you think you have a better answer than Mole's, or a different one, send that along, as well. Please include the following:

  • Your name

  • Your title

  • Your company

  • Your email address

  • Your question/solution/compliment

Credits

Mole thanks Mark Wheatley (aka Dr. NT), Keith Van Hulle, John Braswell, Joe DiGiovanni, and Joe's Dad.