• When you install this release candidate of Windows Server 2008 on a domain controller running Windows Server 2008 Beta 3, the Netlogon service may fail to start.
  
  To correct this, when the installation is complete, open a command prompt and run the following commands:
  
  sc config netlogon depend= lanmanworkstation/lanmanserver
  
  then
  
  net start netlogon
  
  then
  
  net start w32time
  
  
• If the primary domain controller role has never been hosted by a domain controller running Windows Server 2008 and you have never performed a normal (not staged) read-only domain controller (RODC) installation, pre-creation of an RODC account with the Active Directory® Users and Computers snap-in will fail.
  
  To avoid this, do any one of the following:
  
  
  • Transfer the primary domain controller role to one of the servers running Windows Server 2008 and allow the groups to replicate before you pre-create the RODC account.
    
    
  • Use the command prompt to pre-create the RODC account with the following command:
    
    dcpromo.exe /createDCaccount /replicaDomainDNSname:<domain_name>
    
    

  Note

  Do not use the /replicationSourceDC option.

  • Perform a full promotion of an RODC, and then pre-create the RODC account.
    
    
• If your Active Directory database and log files are placed in any of the following directories, ensure that the volume has at least twice the space used by the database and log files available before you install this release of Windows Server 2008:
  
  
  • %SystemRoot%
    
    
  • %ProgramFiles%
    
    
  • %SystemDrive%\Program Files
    
    
  • %ProgramFiles(x86)%
    
    
  • %SystemDrive%\build
    
    
  • %SystemDrive%\InstalledRepository
    
    
  • %ProfilesFolder%
    
    
  • %ProgramData%
    
    
  • %SystemDrive%\Documents and Settings
    
    
  If your Active Directory database and log files are not in any of the directories listed above, follow these steps before you install this release of Windows Server 2008.
  
  

To prepare before upgrading

1. Copy the full contents of the Windows Server 2008 installation image to a shared network resource.

2. Find the file Offline.xml (in the Sources directory of the installation image) and open it with a text editor.

3. Delete the following lines in the file:

   Line 434: <pattern type="File">%DSA_WORKING_DIR%\* [*]</pattern>

   Line 435: <pattern type="File">%DATABASE_LOG_FILES_PATH%\* [*]</pattern>

4. Save and close the Offline.xml file.

5. Start the Windows Server 2008 installer from the shared network resource.

To move the Active Directory database and log files

1. Restart the computer and enter the Directory Services Restore Mode by pressing F8 while the computer starts.

2. Move the Active Directory database and log files to a subdirectory at least one level beneath the root directory of a local drive.

3. Use Regedit.exe to find this registry key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters

4. Change the DSA Database File value to the new path from Step 2. For example, x:\ntds.

5. Change the DSA Working Directory value to the new path from Step 2. For example, x:\ntds\logs.

• If your Active Directory Federation Services (AD FS)–enabled Web server running Windows Server 2008 Beta 3 is currently configured to host a Windows NT® token-based application, Windows NT token-based applications may fail after the upgrade to the release candidate is complete because a registry key value is not preserved.
  
  If this occurs, and you expected the value UseS4u in the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ifssvc\Parameters\ to be set, use Regedit.exe to verify that it is present and has the expected value (0 or 1).
  
  
• If your AD FS–enabled Web server running Windows Server 2003 R2 is currently configured to host a Windows NT token-based application, then you need to manually configure Internet Information Services (IIS) after the upgrade to the release candidate of Windows Server 2008 is complete.
  
  To correct this, manually re-enable AD FS for each affected application.
  
  

To re-enable AD FS

1. Open the IIS Manager snap-in for Microsoft Management Console (MMC).

2. In the console tree, click the Windows NT token-based application.

3. In the center pane, double-click Authentication.

4. In the Authentication pane, right-click AD FS Windows Token-Based Agent and then click Enable.

• This issue affects Windows Server 2008 Datacenter and Windows Server 2008 Enterprise.
  
  If your server running Windows Server 2003 R2 is not configured to use ASP.NET 2.0 for its IIS default Web site, the Federation Service component may fail when it is installed after upgrading to Windows Server 2008.
  
  To avoid this, enable ASP.NET 2.0 for the default Web site before you upgrade to Windows Server 2008.
  
  If this has already occurred, manually add an extension handler for the .asmx extension.
  
  

To add the .asmx extension handler

1. Open the IIS Manager snap-in for MMC.

2. In the console tree, click the AD FS application.

3. In the center pane, double-click Handler Mappings.

4. Find the handler for the .asmx extension, select it, and then remove it.

5. In the right pane, click Add Script Map.

6. In the Add Script Map dialog box, enter the following parameters:

Request Path	*.asmx
Executable	C:\windows\microsoft.net\framework\v2.0.50727\aspnet_isapi.dll
Name	WebServiceHandlerFactory-ISAPI-2.0

Note

The path to enter for Executable may differ if your Windows® directory is in a different location.

• This issue affects Windows Server 2008 Datacenter and Windows Server 2008 Enterprise.
  
  If you have the Federation Service Proxy installed on a server running Windows Server 2003 R2 and then upgrade to Windows Server 2008, the Federation Service Proxy may stop servicing requests.
  
  To correct this, open the IIS Manager snap-in on the Federation Service Proxy computer and change the physical path.
  
  

To change the AD FS physical path

1. Open the IIS Manager snap-in.

2. In the console tree, double-click Sites, double-click Default Web Site, and then click adfs.

3. In the right pane, click Basic Settings.

   In the Edit Application dialog box that opens, change Physical path to the following, and then click OK: %windir%\SystemData\ADFS\sts

If you choose to register a service connection point in Server Manager, the incorrect service connection point is registered. You may receive errors indicating a failure to determine the certificate hierarchy.

To avoid this, choose the "register later" option during installation.

If this has already occurred, use the Active Directory® Rights Management Services (AD RMS) snap-in in the Microsoft® Management Console (MMC) to remove the service connection point and then register it again.

If you upgrade a computer running Windows Server 2003 that has Microsoft .NET Framework 2.0 installed to this release candidate, subsequent installation of the Application Server role or Microsoft .NET Framework 3.0 will fail.

This issue does not affect computers running Windows Server 2003 that already have .NET Framework 3.0 or .NET Framework 2.0 with Service Pack 1. It does not affect clean installations of this release candidate.

To avoid this, install .NET Framework 3.0 or .NET Framework 2.0 with Service Pack 1 before you upgrade to this release candidate.

If this has already occurred, edit the Machine.config file as follows:

Edit the Machine.config file

1. Navigate to the following file: %windir%\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config

2. Open the Machine.config file in a text editor, find the <system.web> section, and add the following entry under that section:

   <section name="protocols" type="System.Web.Configuration.ProtocolsSection, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" allowDefinition="MachineToWebRoot" />

Note

On 64-bit computers, make the same change to the additional Machine.config file located in %windir%\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config.

• Do not use the -backuptarget option with the wbadmin delete systemstatebackup command. If you have saved backups to multiple locations and then use the -backuptarget option to delete the backup from one location, the backups will be deleted from all locations.
  
  If you must specify the backup destination and need to delete specific backups, use the file system (the del command or Windows Explorer) instead of the -backuptarget option to delete the folder containing the backup file.
  
  
• In some instances, if you started or completed migrating domain controllers to the Windows Server 2008 functional level using Distributed File System Replication (DFS Replication) and then perform a system state recovery using Windows Server Backup, parts of the SYSVOL directory can inadvertently be recovered authoritatively, which results in data loss.
  
  To prevent this, perform the following steps before you initiate a recovery from any backup that was made after migration started.
  
  

To safely restore the backup

1. Stop the NTFRS and DFSR services. For authoritative recovery, proceed with steps 2-5. For non-authoritative recovery, skip to steps 6-9. Then proceed with steps 10-12.

2. If you need an authoritative recovery, use Regedit.exe to find the registry key HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Restore\.

3. Create a new REG_SZ value for this key with the name SYSVOL and data authoritative.

4. Find the registry key HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\.

5. Create a new REG_DWORD value for this key with the name BurFlagsand and data D4.

6. If you need a non-authoritative recovery, use Regedit.exe to find the registry key HKLM\SYSTEM\CurrentControlSet\Services\DFSR\Restore\.

7. Create a new REG_SZ value for this key with the name SYSVOL and data non-authoritative.

8. Find the registry key HKLM\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\.

9. Create a REG_DWORD value for this key with the name BurFlagsand and data D2.

10. In either case, find the registry key HKLM\SYSTEM\CurrentControlSet\Control\BackupRestore\KeysNotToRestore.

11. Create a new REG_MULTI_SZ value for this key with the name SYSVOL Recovery and the following data:

    CurrentControlSet\Services\DFSR\Restore\SYSVOL

    CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags

12. Perform the system state recovery operation.

The Microsoft Customer Experience Improvement Program (CEIP) is turned on by default. If you do not want to participate in the CEIP, you can change the settings.

To change CEIP settings

1. In Control Panel, click System and Maintenance, and then click Problem Reports and Solutions.

2. In the Task list, click Change settings.

3. Change the settings.

For information about the CEIP and the data that is transmitted to Microsoft, see http://go.microsoft.com/fwlink?linkid=52095. For the CEIP privacy statement, see http://go.microsoft.com/fwlink?linkid=52097.

Some recent computers may not recognize ExpressCard or PCI Express devices if they are removed and reinserted while the computer is on.

To avoid this, do not remove and reinsert these devices while the computer is on.

If you have such a device that is not recognized, try the following: turn off the computer, insert the device, and then turn on the computer.

This issue affects servers that do not have a video card installed—for example, servers used for remote administration.

If the Autologon feature is enabled, the Initial Configuration Tasks page and Server Manager may stop responding.

To avoid this, disable Autologon for servers that do not have a video card installed.

If the Initial Configuration Tasks page has already stopped responding, close the dialog box and restart the page by running Oobe.exe from a command prompt.

If Server Manager has already stopped responding, close the dialog box and restart Server Manager from the Start menu.

Once the computer has entered Sleep, the display may not automatically turn on again when you press the power or sleep buttons to wake the computer. To turn the display on again, move the mouse or press a keyboard key.

IPv6-only applications that use transition addresses (that is, addresses other than native IPv6) may not function over virtual private networks, including Remote Access Service (RAS).

To avoid this, configure RAS servers to provide native IPv6 addresses only.

• If you install the Single Instance Storage (SIS) filter driver feature and then attempt to install SQL Server 2005, the SQL Server 2005 installation will fail.
  
  To prevent this, restart the computer after installing the SIS filter driver feature and before installing SQL Server 2005.
  
  
• After you have installed SQL Server 2005 SP2 Reporting Services on Windows Server 2008, you must manually configure Reporting Services. For detailed steps, see article 936302 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=88894).
  
  
• If you have installed a named instance of a SQL Server 2005 SP2 cluster on a computer running Windows Server 2008, connections to this named instance from computers running Windows Vista or Windows Server 2008 may fail.
  
  To avoid this, use a TCP port or pipe name in the connection string, or configure the firewall so that all client applications are exceptions.
  
  For more information, see article 936302 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkID=88894).
  
  

If you upgrade a server running Windows Server 2008 Beta 3 that has shared storage disks (including Fibre Channel, iSCSI, SCSI, or Serial Attached SCSI (SAS), as well as systems with iSNS Server installed) to this release candidate of Windows Server 2008, shared disks may not be visible.

To avoid this, install QFE 8859 from the Microsoft Connect Web site (http://go.microsoft.com/fwlink/?LinkID=101496) before you install this release candidate.

This issue affects Windows Server 2008 Standard, Windows Server 2008 Enterprise, Windows Server 2008 Datacenter, and Windows Web Server 2008.

After you install Remote Server Administration Tools for Windows Media Services on a computer running Windows Vista, the Windows Media Services snap-in for MMC may not be able to access a remote server running the Streaming Media Services role in Windows Server 2008. You might receive error codes 0x80070005, 0x800706BA, or both.

To correct this, create access permissions for Remote Server Administration Tools and enable an exception for Windows Management Instrumentation (WMI) in Windows Firewall on the server.

To create access permissions

1. On the server, open Component Services. (Click Start, click Run, and then type dcomcnfg.)

2. In the Component Services console tree, under Component Services, right-click the local computer (My Computer), and then click Properties.

3. On the COM Security tab, in the Access Permissions area, click Edit Limits.

4. In the Access Permission dialog box, on the Security tab, click ANONYMOUS LOGON.

5. In the Permissions for ANONYMOUS LOGON area, make sure that the Allow Remote Access check box is selected.

To enable the firewall exception

1. On the server, open Windows Firewall. (Click Start, click Run, and type firewall.cpl.)

2. In Windows Firewall Settings, on the Exceptions tab, select the Windows Management Instrumentation (WMI) check box.

This issue affects Windows Server 2008 Standard, Windows Server 2008 Enterprise, and Windows Server 2008 Datacenter.

If you are using Windows Server 2008 Terminal Services RemoteApp™ (TS RemoteApp) and have made RemoteApp programs available by using Windows Server 2008 Beta 3, the list of RemoteApp programs and settings in TS RemoteApp Manager is not preserved when you upgrade to this release candidate of Windows Server 2008.

To preserve the settings, use the Export RemoteApp Settings option in TS RemoteApp Manager to export the RemoteApp programs and settings to a file. After you upgrade the server to this release candidate of Windows Server 2008, use the Import RemoteApp Settings option to import the file and to restore the settings. If you upgraded the server before exporting the settings to a file, you will have to add the list of RemoteApp programs and configure the deployment settings manually in TS RemoteApp Manager.

This issue affects the 64-bit editions of this release.

Some computers that have Trusted Platform Module (TPM) enabled may not start after installing this release. The computer stops responding while displaying the progress bar.

Some models known to be affected are Dell OptiPlex, Dell Latitude, and Dell Precision computers that do not have the latest BIOS installed.

To avoid this issue, before you install this release, first disable BitLocker Drive Encryption (if it is enabled), and then disable TPM in the BIOS.

To disable BitLocker Drive Encryption

1. Using an account that has administrative credentials, Click Start, click Control Panel, click Security, and then click BitLocker Drive Encryption.

2. From the BitLocker Drive Encryption page, find the volume on which you want BitLocker Drive Encryption turned off, and click Turn Off BitLocker Drive Encryption.

3. From the What level of decryption do you want dialog box, click Disable BitLocker Drive Encryption.

To disable TPM

1. Restart the computer and during the boot process, use the appropriate key (often F2) to enter the BIOS. For details, check the information that came with your computer.

2. In the BIOS, navigate to the TPM Security entry. Click Off, press ENTER, press ESC, and then select Save Changes and Exit.

   Note

   If you had BitLocker Drive Encryption enabled, the computer will enter the recovery mode and you must enter the 48-digit BitLocker password or use a BitLocker recovery key.

Note

If your computer is affected by this issue, you will not be able to use BitLocker Drive Encryption with TPM on the computer until an updated BIOS is available from the OEM.

If have already encountered this issue, restart the computer and disable TPM in the BIOS using the procedure above.

Certain default values for W32Time registry keys have changed starting with this release of Windows Server 2008. If you are upgrading a domain controller from a previously released version of Windows Server 2008, the old default values may not be updated and could cause disruptive time variations in the domain.

To avoid this, correct the registry key values manually.

To correct the W32Time registry values

1. Using Regedit.exe, find this key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config

2. Change the data for the value MaxPosPhaseCorrection to 0x2a300.

3. Change the data for the value MaxNegPhaseCorrection to 0x2a300.

When you have upgraded domain controllers to this release of Windows Server 2008, any client computers that only support the Data Encryption Standard (DES) will not be able to establish a secure channel with Netlogon. As a result, installations and attempts to join the domain will fail, including Windows Deployment Services installations of Windows Vista, Windows XP, Windows Server 2003, Windows 2000, and Active Directory Migration Tool. In addition, non-Microsoft Server Message Block (SMB) and network-attached storage devices that do not support the Message-Digest algorithm 5 (MD5) standard will also fail to establish a secure channel.

To avoid this, upgrade all client computers and domain controllers to a Windows operating system that is not earlier than Windows 2000. Contact the vendor of any non-Microsoft SMB and network-attached storage devices to obtain a version that supports MD5.

If you must support DES, enable support for Windows NT 4.0 cryptography. When editing the Group Policy object, under Computer Configuration, navigate to Administrative Templates, and then navigate to and enable the Allow cryptography algorithms compatible with Windows NT 4.0 policy setting.

You cannot add drivers or packages to the Windows Preinstallation Environment (Windows PE) Boot.wim image for Windows Server 2008 from a computer running a Windows operating system earlier than Windows Vista.

To correct this, do either one of the following:

• Change the OEM Preinstallation Kit (OPK) so that you can add drivers to any Boot.wim. Copy the files Xmllite.dll and Cmiv2.dll (from the Sources directory of the setup image for x86-based computers) and paste them into the PETools folder of the OPK.
  
  
• Change Boot.wim so that you can add drivers to it using any OPK environment. Copy the files Xmllite.dll and Cmiv2.dll (from the Sources directory of the setup image for x86-based computers) and paste them into the following directory in the mounted Boot.wim: \Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.0.6001.16659_none_09328d3ac76aa5d0\.
  
  

Note

Use this directory beginning with "x86" even in Windows PE images for 64-bit versions of Windows Server 2008.

When you create a new key pair using the nCipher Hardware Security Module, you may receive an error.

To avoid this, install all current updates from nCipher and add RMS Service Account rights to the Kmdata folder.

To add account rights to the Kmdata folder

1. Using Windows Explorer, browse to the nFast\kmdata folder.

2. Right-click the Kmdata folder and click Properties.

3. Click the Security tab, click Edit, and then click Add.

4. Enter the name of the RMS Service Account.

5. In Group and user names, click the RMS Service Account name.

6. In Permissions for <RMS Service Account>, select Full Control.

7. Click Apply.

Windows Server® virtualization is available in this release of Windows Server 2008. To install this role, the computer must meet specific hardware and software requirements. For example, it is available only on a full installation of Windows Server 2008 Enterprise, for the "en-us" locale. For more information about configuration, usage considerations, and known issues, see the release notes for Windows Server virtualization (http://go.microsoft.com/fwlink/?LinkID=98821). For links to other information, see the role page on the Windows Server 2008 TechCenter (http://go.microsoft.com/fwlink/?LinkID=48557).

If you upgrade a computer running Windows Server 2003 that has Windows SharePoint® Services installed to this release candidate of Windows Server 2008, the search index may become corrupted.

To avoid this, run the following commands at a command prompt on any servers running Windows SharePoint Services before you start the installation:

sc config spsearch start= disabled

net stop spsearch

When you have completed the installation, restart the Windows SharePoint Services Search service with the following command:

sc config spsearch start= demand

If the search index has already been corrupted, reset the index by performing the following steps.

To reset the index

1. Open SharePoint Central Administration from the server running Windows SharePoint Services. (Click Start, click Administrative Tools, and then click SharePoint 3.0 Central Administration.)

2. On the Operations tab, click Services on server.

3. In the list of services, click Stop to stop the Windows SharePoint Services Search service.

4. In the warning dialog box, click OK. Wait for the operation to complete.

5. On the Services on Server page, click Start to start Windows SharePoint Services Search. The Windows SharePoint Services Search service settings page opens.

6. On the Windows SharePoint Services Search service settings page, scroll to the Search Database section and rename the Database Name. Scroll down and click Start. Wait for the operation to complete.

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, Windows NT, Windows Server, Windows Vista, and Active Directory are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.