============================================================================== Microsoft Windows XP Peer-to-Peer Update Release Notes For Windows XP Home Edition, Service Pack 1, Windows XP Professional, Service Pack 1, and Windows XP Tablet PC Edition.* February 2003 ============================================================================== (C)2003 Copyright Microsoft Corporation. All rights reserved. This document contains important information about the Microsoft(r) Windows XP Peer-to-Peer Update. Before installing the Windows XP Peer-to-Peer Update, please review this entire document. It contains critical information to ensure proper installation and use of the product. ------------------------------------------------ How to use this document ------------------------------------------------ You can view the Release Notes file on-screen in Windows Notepad. To print the Release Notes file, open it in Notepad or another word processor, and then on the File menu, click Print. ----------------- Contents ----------------- 1. SYSTEM REQUIREMENTS 2. MICROSOFT WINDOWS XP PEER-TO-PEER UPDATE OVERVIEW 3. INSTALLING AND UNINSTALLING THE WINDOWS XP PEER-TO-PEER UPDATE 3.1 Who should install Windows XP Peer-to-Peer Networking Update 3.2 How to install the Windows XP Peer-to-Peer Networking Update 3.3 How to uninstall the Windows XP Peer-to-Peer Networking Update 4. USING THE OPTIONAL WINDOWS XP PEER-TO-PEER NETWORKING COMPONENT 4.1 Overview of Windows Peer-to-Peer Networking component 4.2 How to enable the optional Windows Peer-to-Peer Networking component 4.3 How to disable the optional Windows Peer-to-Peer Networking component (without uninstalling the entire update) 5. USING THE INTERNET PROTOCOL VERSION 6 (IPV6) TEREDO NAT TRAVERSAL TECHNOLOGY 5.1 Overview of Internet Protocol Version 6 Teredo NAT Traversal Technology 5.2 Configuring the Teredo client 6. NATs AND INTERNET PROTOCOL VERSION 6 (IPV6) TEREDO INTEROPERABILITY 6.1 NAT devices that have been tested and are known to work with Teredo 6.2 NAT devices that can be configured or updated to work with Teredo 7. INTERNET PROTOCOL VERSION 6 (IPv6) INTERNET CONNECTION FIREWALL (ICF) 7.1 IPv6 Internet Connection Firewall Overview 7.2 How to manually enable the optional IPv6 ICF component 7.3 How to disable the optional IPv6 ICF component (without uninstalling the entire update) 8. KNOWN ISSUES 8.1 Incorrect firewall settings affect IPv6 connectivity 8.2 Timing errors affect IPv6 connectivity 8.3 After hibernation, a computer loses its Teredo address 8.4 After hibernation, a computer loses IPv6 connectivity 8.5 IPv6 Internet Connection Firewall install state recorded improperly 8.6 Guest account cannot use a peer-to-peer application ---------------------- 1. System Requirements ---------------------- You can install the Windows XP Peer-to-Peer Networking Update on any computer running Windows XP Home Edition, Service Pack 1, Windows XP Professional, Service Pack 1, and Windows XP Tablet PC Edition. --------------------------------------------------------------- 2. Microsoft Windows XP Peer-to-Peer Update Overview --------------------------------------------------------------- The Windows XP Peer-to-Peer Networking Update and optional Windows Peer-to-Peer Networking component provide a framework for peer-to-peer applications to communicate from computer to computer directly through NATs and over the Internet. When the Windows XP Peer-to-Peer Networking Update is installed, the IPv6 protocol is updated, and an IPv6-capable firewall is available to protect your computer from unwanted IPv6 traffic. For more information, see section 7.2 How to install the optional IPv6 ICF component. The optional Windows Peer-to-Peer Networking component is also provided with the Update, and can be installed using the instructions in section 4.2 How to install the optional Windows Peer-to-Peer Networking component. ---------------------------------------------------------------------------- 3. Installing and Uninstalling the Windows XP Peer-to-Peer Update ---------------------------------------------------------------------------- When you install the Windows XP Peer-to-Peer Networking Update, the IPv6 protocol is updated. If IPv6 is already installed on your computer, the protocol is updated and the Internet Connection Firewall (ICF) for IPv6 is installed, though no ports are opened in the firewall by default. For information on how to open ports in the IPv6 ICF, see section 7, INTERNET PROTOCOL VERSION 6 (IPv6) INTERNET CONNECTION FIREWALL (ICF). If you want to use an application with Peer-to-Peer functionality, you can install the optional Windows Peer-to-Peer Networking component. 3.1 Who should install Windows XP Peer-to-Peer Networking Update You need to install the Windows XP Peer-to-Peer Networking Update only if you have software that requires it or if you wish to develop against the Windows Peer-to-Peer Networking infrastructure. 3.2 How to install the Windows XP Peer-to-Peer Networking Update You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 1. Open the folder to which you have downloaded the file netpack.exe. 2. Double-click netpack.exe to install the Windows XP Peer-to-Peer Networking Update. After installation, you must reboot your computer to apply changes. Note: This is a pre-release version of 810007: Windows XP Peer-to-Peer Update, which updates various networking components. Installing any other networking update may break the functionality of the 810007 update and may result in your networking subsystem not functioning. Microsoft recommends uninstalling 810007 prior to installing any newer networking updates. In addition, installing subsequent networking updates prior to the final release of 810007 may result in the Peer-to-Peer functionality ceasing to function properly. To restore functionality, you may uninstall the other networking update and re-install 810007, but this may leave your system vulnerable to security issues addressed in the subsequent updates. 3.3 How to uninstall the Windows XP Peer-to-Peer Networking Update You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 1. Click Start, click Control Panel, and then double-click Add or Remove Programs. 2. Click Change or Remove Programs, and then click Windows XP Peer-to-Peer Update. 3. Click Remove. --------------------------------------------------------------- 4. Using the Optional Windows XP Peer-to-Peer Networking Component --------------------------------------------------------------- 4.1 Overview of Windows Peer-to-Peer Networking component The Windows XP Peer-to-Peer Networking Update and optional Windows Peer-to-Peer Networking component enable the following technologies: Windows Peer-to-Peer Networking Name Resolution: The Peer Name Resolution Protocol (PNRP) Name Space Provider provides an API that enables peer-to-peer resolution of names to endpoints (IPv6 address/port number). Windows Peer-to-Peer Networking Graphing: Graphing enables efficient multipoint communication among a tightly coupled set of peers. Graphing enables applications to leverage/plug in their own security models and name resolution mechanisms. Windows Peer-to-Peer Networking Grouping: Grouping is the security layer provided by default on top of a graph. The security layer defines the security model behind group creation, invitation, and connection to the group. In addition, Grouping leverages PNRP as the name resolution protocol - and enables multiple applications to share the same graph. Windows Peer-to-Peer Networking Identity Manager: Identity manager enables creation of Peer-to-Peer identities to be used in PNRP and Grouping. 4.2 How to enable the optional Windows Peer-to-Peer Networking component You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. Before you can install the optional Windows Peer-to-Peer Networking component, you must first install the Windows XP Peer-to-Peer Networking Update according to the instructions in section 3.2 above. 1. Open Add or Remove Programs in Control Panel. 2. Click Add/Remove Windows Components to start the Windows Components wizard 3. Click the scroll bar until "Networking Services" is visible, and then click "Networking Services". Click Details. 4. In the Networking Services dialog box, select the Peer-to-Peer checkbox. 5. Click OK, then click Next. The optional Peer-to-Peer component is installed. 6. When you are prompted to do so, click Finish. Note: If IPv6 and the IPv6 ICF are not enabled, the optional Windows Peer-to-Peer Networking Component will enable them. In addition, the optional Windows Peer-to-Peer Networking component automatically opens ports 3587 and 3540 in the IPv6 ICF. 4.3 How to disable the optional Windows Peer-to-Peer Networking component (without uninstalling the entire Update) 1. Open Add or Remove Programs in Control Panel. 2. Click Add/Remove Windows Components to start the Windows Components wizard 3. Click the scroll bar until "Networking Services" is visible, and then click "Networking Services." Click Details. 4. In the Networking Services dialog box, uncheck the Peer-to-Peer checkbox. 5. Click OK, then click Next. The optional Peer-to-Peer component is uninstalled. 6. When you are prompted to do so, click Finish. Note: If IPv6 ICF is enabled, the optional Windows Peer-to-Peer Networking component automatically closes ports 3587 and 3540 when it is disabled. --------------------------------------------------------------------------------------------------------------- 5. Using the Internet Protocol version 6 (IPv6) Teredo NAT Traversal Technology --------------------------------------------------------------------------------------------------------------- 5.1 Overview of Internet Protocol version 6 Teredo NAT Traversal Technology Internet Protocol version 6 (IPv6) is the next generation internet protocol that enables communication across a diverse set of networks. IPv6 Teredo is a transition technology that allows automatic IPv6 tunneling between hosts that are located across one or more IPv4 NAT devices. IPv6 traffic from Teredo hosts can flow across NATs because it is sent encapsulated in an IPv4 UDP message. If the NAT supports UDP port translation, then the NAT supports Teredo. The exception is a "symmetric" NAT, which is unsupported, but today is rarely deployed (for more information on specific devices and Teredo see Section 6 of this guide). Microsoft's IPv6 Teredo implementation is based on the Internet Engineer Task Force’s Internet Draft version 8, named: "Teredo: Tunneling IPv6 over UDP through NATs." Teredo will enable other hosts on the internet to communicate directly with your computer. The purpose of this is to enable direct communication between peer clients on the internet. This does not mean you are insecure; for more information on the Internet Connection Firewall v6 included in the Windows XP Peer-to-Peer Networking Update please see Section 7 of this guide. 5.2 Configuring the Teredo client Your computer is automatically configured to enable the Teredo client after installing the Windows XP Peer-to-Peer Networking Update package. You should not need to configure your Teredo client in most situations. However, if for some unforeseen reason you need to change the settings of your Teredo client you may use the netsh command-line utility. Netsh allows you to locally or remotely display and/or modify the network configuration of a computer that is currently running. To configure a Peer-to-Peer client, you can use the context "interface ipv6" at the netsh prompt. To enter the "interface ipv6" netsh context: 1. Open Command Prompt. To open command prompt, click Start, point to All Programs, point to Accessories, and then click Command Prompt. 2. At the command prompt, type: netsh 3. At the netsh prompt, type: interface ipv6 Note: netsh commands can be abbreviated, as long as they are not ambiguous. For example, "netsh int ipv6" will also do the same as step 3 above. The IPv6 Teredo components in the Windows XP Peer-to-Peer Networking Update consist of the following: -- Teredo client: A host that knows how to obtain a Teredo address assignment, manage NAT mappings, and tunnel IPv6 traffic across the IPv4 Internet. Teredo clients and forwards NAT mapping initialization packets between Teredo clients and nodes on the IPv6 Internet. -- Teredo host-specific relay: A host that forwards packets between Teredo clients and IPv6 Internet nodes. Note: Only Teredo clients are currently supported in the Windows XP Peer-to-Peer Networking Update. The host-specific relay is configured automatically when required. IPv6 Internet nodes must run the Windows XP Peer-to-Peer Networking Update in order to provide a host-specific relay to reach back to the Teredo client, or use a public Teredo relay. Currently we are not aware of any public Teredo relays, so Teredo clients connecting to non-Windows XP Peer-to-Peer Networking Update compatible IPv6 hosts may not work without falling back to IPv4. You can use the following command at the "netsh interface ipv6" prompt to configure your Teredo client: Usage: set Teredo [[type]=disabled|client|server|default] [[servername=]||default] [[refreshinterval=]|default] Parameters: Tag Value type - Specifies one of the following values: disabled: Disable the Teredo service. client: Enable the Teredo client. server: Enable the Teredo server. servername - Specifies the name or IPv4 address of the Teredo server. refreshinterval - Specifies the Teredo client refresh interval (in seconds). Remarks: This command sets the Teredo service parameters. A 'default' argument to any of the parameters sets its value to a default configuration. Example: set Teredo disable set Teredo client Teredo.ipv6.microsoft.com. 60 set Teredo server Teredo.ipv6.org. ---------------------------------------------------------------- 6. NATs and Internet Protocol Version 6 Teredo Interoperability ---------------------------------------------------------------- Teredo is an IPv6 technology designed to traverse NATs in order to provide end-to-end connectivity between IPv6 nodes. However, due to the design of some NATs, Teredo may or may not function properly. Sections 6.1 and 6.2 provide a list of devices that work or can be updated to work with Teredo. Due to the large amount of devices available in the market it is difficult to accurately list the devices that do not work. 6.1 NAT devices that have been tested and are known to work with Teredo - LinkSys BEFW11S4 v.1 - LinkSys BEFSR41 - LinkSys BEFSR1 - D-Link 713 with Firmware version 2.53b9 - NETGEAR RP614 - NETGEAR RP114 - NETGEAR MR314 - D-Link DI-704 - Windows XP Internet Connection Sharing 6.2 NAT devices that can be configured or updated to work with Teredo - D-Link DI-604 and D-Link DI-614 You may update the firmware of these devices to v2.10. For more information on this please visit the DLINK on the internet. - Microsoft Broadband Wireless Base Station - MN-500 To configure the Microsoft Broadband Wireless Base Station - MN-500 to work with Teredo, go to the Security configuration page and uncheck the box blocking transmission and receipt of ICMP messages. For more information, see the MN-500 documentation. ------------------------------------------------------------------------ 7. Internet Protocol Version 6 (IPv6) Internet Connection Firewall (ICF) ------------------------------------------------------------------------ 7.1 IPv6 Internet Connection Firewall Overview When you install the Windows XP Peer-to-Peer Networking Update, Internet Protocol version 6 (IPv6) and IPv6 Internet Connection Firewall (IPv6 ICF) are made available. When IPv6 is enabled on your system IPv6 ICF is automatically enabled for all network connections, providing protection for your system. IPv6 ICF is separate from and runs alongside of the IPv4 Internet Connection Firewall that is included with Windows XP. Because of this, IPv6 ICF configuration information and statistics are not visible as properties of connections in the Network Connections folder; only information about the IPv4 ICF are visible in the Network Connections folder. IPv6 ICF provides the following: -- Stateful filtering for outbound traffic. -- Unsolicited inbound traffic is automatically and silently dropped. -- Upon installation of the Windows XP Peer-to-Peer Networking Update, all inbound ports are blocked by IPv6 ICF. When you enable the optional Windows Peer-to-Peer Networking component (as described in section 3.2 above), TCP and UDP ports 3540 and 3587 are opened for inbound traffic. In addition, you can manually configure ports to accept unsolicited traffic from the network. For example, if you are hosting an IPv6-enabled Web server, you can configure IPv6 ICF to allow unsolicited IPv6 traffic on TCP port 80. -- You can configure Internet Control Message Protocol (ICMP) options. -- You can configure logging of dropped packets, successful connections, or both. Logging provides the ability to troubleshoot security and performance issues. More information on configuring IPv6 ICF can be found at: http://www.microsoft.com/technet/itsolutions/network/maintain/security/ipv6fw/default.asp 7.2 How to manually enable the optional IPv6 ICF component IPv6 ICF is automatically enabled when IPv6 is enabled. No additional action is required. However IPv6 ICF can be disabled as described in section 7.3 below. To manually enable IPv6 ICF, follow the steps below. You must be logged on as an administrator or a member of the Administrators group in order to complete this procedure. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure. 1. Open Add or Remove Programs in Control Panel. 2. Click Add/Remove Windows Components to start the Windows Components wizard 3. Click the scroll bar until "Networking Services" is visible, and then click "Networking Services." Click Details. 4. In the Networking Services dialog box, select the IPv6 Internet Connection Firewall checkbox. 5. Click OK, then click Next. The optional IPv6 ICF optional component is installed. 6. When you are prompted to do so, click Finish. 7.3 How to disable the optional IPv6 ICF component (without uninstalling the entire update) 1. Open Add or Remove Programs in Control Panel. 2. Click Add/Remove Windows Components to start the Windows Components wizard 3. Click the scroll bar until "Networking Services" is visible, and then click "Networking Services." Click Details. 4. In the Networking Services dialog box, unselect the IPv6 Internet Connection Firewall checkbox. 5. Click OK, then click Next. The optional IPv6 ICF optional component is uninstalled. 6. When you are prompted to do so, click Finish. --------------- 8. Known Issues --------------- Note: Each of these issues are scheduled to be fixed in a future release. 8.1 Incorrect firewall settings affect IPv6 connectivity Problem: Connectivity fails to two or more machines behind a NAT or no connectivity is established to IPv6 6to4 hosts that are external to a computer configured with NAT. Firewall settings for ICF for IPv4 or ICF for IPv6 are not set correctly. This can happen under the following circumstances: -- ICF for IPv4 is installed after ICF for IPv6 -- A new network adapter is installed -- A network adapter is changed Solution: Reset the computer as a Teredo client with the command "netsh interface ipv6 set Teredo client". This will refresh the firewall settings and provide connectivity. 8.2 Timing errors affect IPv6 connectivity Problem: Both a global IPv6 address (3ffe:831f::x) and a global 6to4 tunneling address (2002::) are present, which can cause connectivity problems. When timing errors occur with the use of both addresses, the local computer might function as though it is behind a NAT even when it is not behind a NAT. Solution: Run the following commands in sequence at a command prompt: netsh interface ipv6 set Teredo type=default netsh interface ipv6 set Teredo client Note: This solution does not persist across reboots. 8.3 After hibernation, a computer loses its Teredo address Overview: Hibernation is a state in which your computer shuts down to save power but first saves everything in memory on your hard disk. When you restart the computer, you resume from a state of hibernation and your desktop is restored exactly as you left it. Problem: When a computer goes into a state of hibernation, the Teredo client IPv6 address is not saved. Because of this, when a computer resumes from a state of hibernation, the Teredo IPv6 address is lost. Solution: Run the following command at a command prompt: netsh interface ipv6 set Teredo client 8.4 After hibernation, a computer loses IPv6 connectivity Overview: Hibernation is a state in which your computer shuts down to save power but first saves everything in memory on your hard disk. When you restart the computer, you resume from a state of hibernation and your desktop is restored exactly as you left it. Problem: When a computer returns from a state of hibernation, IPv6 connectivity is sometimes lost. Because of this, a computer will not be able to connect to other IPv6 peers. Solution: Reboot your computer. 8.5 IPv6 Internet Connection Firewall install state recorded improperly Overview: When an optional component is installed, its current install state is recorded in the "Networking Services" optional component dialog. Problem: Enabling the optional Peer-to-Peer component will also enable IPv6 and IPv6 Internet Connection Firewall. However, the IPv6 Internet Connection Firewall optional component listed under Windows Components, Networking Services remains unchecked even though it's actually enabled. This does not occur on platforms that already had IPv6 enabled prior to installing the Peer-to-Peer Update. Solution: Under Windows Components, Networking Services, IPv6 Internet Connection Firewall, mark the checkbox manually and press OK and Next. Now the IPv6 Internet Connection Firewall status reflects its true state. 8.6 Guest account cannot use a peer-to-peer application Overview: If you are logged on with guest credentials, you are unable to use the Windows Peer-to-Peer Infrastructure. Problem: In order to use the peer-to-peer infrastructure, the current user must have user credentials greater than guest. That is, limited user account or better on Windows XP Home Edition with SP1 and regular user account or better on Windows XP Professional Edition with SP1. Solution: Log on with user credentials greater than guest. Start the P2P services by opening a command prompt and executing the following command "net start p2psvc". ------------------------------------------------------------------- * Microsoft, Windows, Windows XP Home Edition, and Windows XP Professional Edition, and Windows XP Tablet PC Edition are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries/regions.