Friday, April 08, 2005

FYI Support Issues

Here are some Novell Support issues that you may want to be aware of.

1. NW 6.5 SP3 was released on March 10. (Open Enterprise Server also released March 10)

2. For me and many support engineers, memory tuning issues have been a top issue since NetWare 6.0 SP5 and NetWare 6.5 SP2. There are three memory documents that you need to be aware of:

a. New and latest memory document by Ed Liebing - includes NW 6.5 SP3 features PLEASE READ before deploying NW6 SP3!
Understanding Memory through the NetWare Remote Manager Utility for NetWare 6.5 SP3

b. Memory fragmentation issues TID 10091980 (NetWare 6.0 SP5, NetWare 6.5 SP2)

c. Memory Fragmentation and Tuning TID 10096649

3. Issue with NW 6.5 SP3 upgrade and McAfee Anti Virus SW Server.exe is not getting extracted and installed.
TID 10097030

4. iManager 2.5 issues, troubleshooting TID 10097089

5. Novell Client support for MS Windows XP SP2
TID 10094642

a. Other Windows XP SP2 issues
iPrint slow and Win XP SP2

Support for Windows XP SP2 on ZENworks for Desktops

More information from Microsoft on Windows XP SP2:
Microsoft has published the following notes regarding the Windows Firewall:

- When a computer initiates a TCP connection to a remote computer, Windows Firewall allows TCP traffic to the port from which the TCP connection was initiated only from the Internet Protocol (IP) address to which the TCP connection was initiated. (Would ostensibly apply to all use of NCP over IP by the Novell Client, which is always via TCP. i.e. Would argue against ever having to open anything regarding port 524 on the local workstation firewall.)

- When a computer sends UDP packets, Windows Firewall allows UDP to the port from which the UDP packets were sent from any IP address for 90 seconds. (The Novell Client unicasting an SLP Directory Agent would typically fit that description, as would DNS queries and ICMP Echo requests.)

- Unicast responses to multicast and broadcast traffic are allowed through Windows Firewall for 500 milliseconds if the responses are to the port from which the multicast traffic was sent and are from IP addresses on the same subnet as the computer. A setting in the firewall controls this behavior, which is enabled by default for the firewall's other profile. (The Novell Client multicasting for SLP Directory Agents or directly for Service Agents would fit in this category.)

For the source of this information, visit the Microsoft Security Developer Center

Novell does not have any additional information regarding time periods and values around UDP and multicast.

These notes may help explain why some customers might actually see issues and require explicit configuration (e.g. because they're using SLP via multicast and the reply takes more than 500ms or must come from another segment through multicast-forwarding routers) while others do not (because the workstations are unicasting DAs or DNS servers).

1 comment:

James Gosling said...

Hi Bucky, great blog. I've just recently posted a piece in my blog about "Netware Memory Tuning - TIDs & Tools" which might be of interest to some of your readers, it brings together bits and pieces that I have found useful, you can find it at anyway, keep up the good work.