Information about Windows Server 2003 Service Pack 1 (SP1)
© 2005 Microsoft Corporation. All rights reserved.
How to Use These Notes
Welcome to the release notes for the Microsoft® Windows Server™ 2003 operating systems. These release notes contain important information that was not available when the documentation for Windows Server 2003 was written. These release notes apply to the following operating systems:
-
The Itanium-based versions of Windows Server 2003
-
Windows Server 2003, Standard Edition
-
Windows Server 2003, Enterprise Edition
-
Windows Server 2003, Datacenter Edition
-
Windows Server 2003, Web Edition
Release notes that start with a list of products apply only to the products that are listed with the note. All other notes apply to all of the operating systems previously listed.
In addition to this file, you should read several other files in the \Docs folder on your operating system DVD:
-
Read1st.htm contains release notes that you should read before you install a Windows Server 2003 operating system.
-
Setup files contain important information about the installation process.
You can find additional information at the Web sites that are listed at the end of this document.
Applications
16-bit applications
Products: Itanium-based versions of Windows Server 2003
These products do not support most 16-bit applications.
Most 32-bit applications that use 16-bit Microsoft ACME Setup versions 2.6, 3.0, 3.01, and 3.1 and InstallShield versions 5.x install correctly.
No 32-bit applications that are installed by other 16-bit setup programs are supported. If you try to install one of these applications, the message "\Setup.exe is not a valid Win32 application" appears, and the setup program closes without installing or starting the application.
32-bit device drivers
Products: Itanium-based versions of Windows Server 2003
These products do not support 32-bit device drivers. Applications that depend on 32-bit device drivers will not function correctly and might cause an error during installation or operation. Most 32-bit antivirus programs are affected and should not be installed on computers that are running these products.
If Windows does not start after you attempt to install a 32-bit driver, start the computer using the last known good configuration as follows:
-
Restart the computer.
-
When the message "Please select the operating system to start" appears, press F8.
-
Press an arrow key to highlight Last Known Good Configuration, and then press ENTER.
-
Press an arrow key to highlight an operating system, press ENTER, and follow the instructions.
Note: |
---|
Completing this procedure provides a way to recover from problems such as a newly added driver that is incorrect for your hardware. It does not solve problems caused by drivers or files that are corrupted or missing. When you start the computer using the last known good configuration, only the information in the registry key HKLM\System\CurrentControlSet is restored. Any changes that you have made in other registry keys remain. |
Internet Explorer and 32-bit Web components
Products: Itanium-based versions of Windows Server 2003
The 64-bit version of Internet Explorer will not load 32-bit Web components from Microsoft, such as the MSN® Money Ticker, or 32-bit Web components from companies other than Microsoft. To load these components, use the 32-bit version of Internet Explorer.
To open the 32-bit version of Internet Explorer, click Start, click All Programs, and then click Internet Explorer (32-bit).
Microsoft Agent
Products: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition (32-bit version only)
These products provide in-box support for Speech Application Programming Interface (SAPI) version 5.0 engines and programs. To avoid loss of functionality in Microsoft Agent applications that use SAPI version 4.0 speech input and/or output engines, you must install SAPI version 4.0a run-time support and then reinstall the SAPI version 4.0 speech engines, even if they were working with Microsoft Agent before you upgraded. To install SAPI version 4.0a run-time support, click
Microsoft Exchange Server
Products: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition (32-bit version only); Windows Server 2003, Datacenter Edition (32-bit version only)
You cannot install Exchange Server 2000 on a server that is running a Windows Server 2003 operating system.
For information about installation requirements for Exchange Server 2003 in domains running Windows Server 2003 operating systems, see the
Change and Configuration
Redirection of new account locations to organizational units
To simplify domain management, you should redirect the default locations for newly created user and computer accounts from the common name to organizational units within the domain. You must redirect these locations if you want to apply Group Policy settings. For details about how to redirect these locations, see article 324949, "Redirecting the Users and Computers Containers in Windows Server 2003 Domains" in the
Clustering
Modifying a cluster security descriptor
Products: Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition
To modify the cluster security descriptor on a cluster that is running either of these products, you must use Cluster Administrator on a server that is running one of these products or that is running a product in the Windows 2000 Server family with Service Pack 2 or Service Pack 3. If you try to use a server that is running a product in the Windows 2000 Server family or a product in the Windows 2000 Server family with Service Pack 1, the following message appears when you try to save changes:
"Access to the cluster can be granted/denied only to domain users and groups. Please use the Security tab to remove the local users or groups."
For more information, see article 812875, "You Cannot Administer the Cluster Security Descriptor by Using the Cluster Administration Utility" in the
Upgrading clusters from Windows NT Server 4.0
Products: Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition
If you upgrade a cluster from Microsoft Windows NT® Server 4.0 to one of the listed products, you cannot, by default, save changes to a cluster security descriptor.
If you are editing a descriptor using Cluster Administrator, the following error message appears when you try to save your changes:
"The SYSTEM account must always have access to the cluster. Please use the Security tab to add the SYSTEM account."
If you are editing a descriptor using the cluster.exe command-line utility, the following message appears when you try to save your changes:
"The SYSTEM account must always have access to the cluster. Please grant access to the SYSTEM account."
To resolve this issue, see article 812876, "Clusters That Are Upgraded from Windows NT 4.0 Do Not Contain the System SID in the Security Descriptor" in the
Note: |
---|
To upgrade from Windows NT Server 4.0 to a Windows Server 2003 operating system, Service Pack 5 or Service Pack 6a must be installed first. |
Using Network Load Balancing Manager through a firewall
To use Network Load Balancing Manager to manage servers through a firewall, you must set up your Distributed Component Object Model (DCOM) to use a specified range of ports and then configure the firewall to allow traffic through those ports as described in the white paper, "Using Distributed COM with Firewalls" on the
If you do not follow these procedures, the error message "The RPC server is unavailable" or "Host unreachable" will appear.
Directory Services
Upgrade domain controllers running Windows 2000
When using the Active Directory administration tools that are included with Windows Server 2003 to access domain controllers in a Windows 2000 domain, you must upgrade the domain controllers to Windows 2000 Service Pack 3 or you must revert to the default client policy for Lightweight Directory Access Protocol on the computer where the Active Directory administration tools are installed.
For more information, see article 325465, "Windows 2000 Domain Controllers Require SP3 or Later When Using Windows Server 2003 Administration Tools," in the
Internet Services
Internet Information Services (IIS) 6.0
Products: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition; Windows Server 2003, Datacenter Edition
Because of increased security measures, the World Wide Web Publishing Service (WWW service) is not enabled by default in these products after you upgrade from the Windows 2000 Server family with IIS 5.0 unless you have completed one of these steps described for IIS 6.0 in read1st.htm (in the /Docs folder on the operating system DVD) before upgrading. If you did not complete the steps described, you can enable and start the WWW service by using the Services snap-in:
-
Click Start, point to Administrative Tools, and then click Services.
-
In the list of services, right-click World Wide Web Publishing Service, and then click Properties.
-
On the General tab, in the Startup type list, click Automatic, and then click OK.
-
In the list of services, right-click World Wide Web Publishing Service, and then click Start.
Ensure that all unnecessary IIS features have been removed or disabled and that the enabled features are configured with the highest security settings that your organization can support.
For more information, see the topics "What’s Changed" and "Security Best Practices" in IIS 6.0 Help.
UDDI Services
Products: Windows Server 2003, Standard Edition; Windows Server 2003, Enterprise Edition (32-bit version only); Windows Server 2003, Datacenter Edition (32-bit version only)
You cannot run SQLXML (XML support for Microsoft SQL Server 2000 databases) and Universal Description, Discovery, and Integration (UDDI) Services on the same computer because SQLXML requires Internet Information Services (IIS) 5.0 isolation mode and UDDI Services requires IIS 6.0 worker process isolation mode.
Do not install SQLXML and UDDI Services on the same computer.
Using IIS with Active Server Pages
The Windows Server 2003 operating systems do not support Active Server Pages that use the mail object Collaboration Data Objects for Windows NT Server (CDONTS.dll) if you perform a new installation. The Windows Server 2003 operating systems include Collaborative Data Objects for Windows 2000 (CDOSYS.dll), which replaces CDONTS.dll.
-
If you upgrade to a Windows Server 2003 operating system, Active Server Pages will use the existing CDONTS.dll file.
-
If you perform a new installation of a Windows Server 2003 operating system, you must copy CDONTS.dll from another computer to %windir%\system32 on the computer on which you performed the new installation.
Microsoft recommends that you upgrade your Active Server Pages to use the new object.
Network and Communications
POP3 servers
If you have configured a computer that is running a Windows Server 2003 operating system as a mail server, you should not stop and restart the Simple Mail Transfer Protocol (SMTP) virtual server that is specific to the server that is running the POP3 service from IIS Manager in the Microsoft Management Console. Instead, you should stop and restart the SMTP service, either by using Services Manager or by using command-line tools.
If you stop and restart the SMTP virtual server rather than the SMTP service, all e-mail from the Internet will generate and send a Non-Delivery Report (NDR), and all internal e-mail will be sent to the SMTP Badmail folder. The SMTP and POP3 services will appear to run correctly, and no error message will appear. To restore functionality, you must stop and restart the Internet Information Services (IIS) service as described in IIS 6.0 Help.
Security
Security restrictions on viewing Web pages and running executable files
The default settings in Internet Explorer are more restrictive in the Windows Server 2003 operating systems than in earlier versions of Windows. When you upgrade, any settings that do not match the new default settings will be overwritten. These changes decrease the exposure of your servers to attacks that are launched through Web content. However, users will not be able to view many Web pages correctly when using the default security settings. For users to see these Web pages correctly, you must explicitly grant access. In addition, users will not be able to run executable files from Universal Naming Convention (UNC) shared folders until you have added the shared computer to the Local intranet security zone in Internet Explorer.
For more information about security settings in Internet Explorer, see the online Help for Internet Explorer Enhanced Security Configuration on a computer that is running a Windows Server 2003 operating system:
-
Open Internet Explorer.
-
Click Help.
-
Click Enhanced Security Configuration.
Online Help includes instructions for changing the security settings in Internet Explorer. To change these settings, you must log on as a member of the Administrators group on the computer for which you want to change settings.
Software updates from the Web
Because of changes to default security settings in Internet Explorer, users might not be able to download updates from the Web to their computers. To download updates from the
For more information, see online Help for Internet Explorer Enhanced Security Configuration as described in the previous note.
Information about Windows Server 2003 Service Pack 1 (SP1)
This version of Windows Server 2003 includes SP1. When you install this version of Windows Server 2003, SP1 is automatically installed at the same time.
For additional release notes for Windows Server 2003 SP1, see article 889101 “Release Notes for Windows Server 2003 Service Pack 1," in the
For additional information about Windows Server 2003 SP1, see the
Additional Resources
To review the most recent hardware and application compatibility information and to find other products that Windows supports, see the
To obtain the latest product updates, see the
Copyright
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2005 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows NT, Active Directory, and MSN are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.