Paula Sharick, InstantDoc #26431, August 27, 2002

SP3 Upgrade Failure and a Bucketful of Bugs

More problems with SP3

 

SP3 Upgrade Failure
Several readers asked for assistance with a Windows 2000 Service Pack 3 (SP3) setup failure that produces the error message "An error in updating your system has occurred. When you click OK, Windows is not upgraded to SP3 and you can no longer install programs that use the Windows Installer (.msi packages)."

When this error occurs, any later attempts to use Windows Installer to install software (e.g., SP3, a Microsoft Office update, or any software that uses winstall technology) will produce a message that says "The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed...".

This failure occurs because the latest version of Windows Installer (version 2.0.2600.2), packaged with SP3, doesn't install or run on a system on which the Distributed COM (DCOM) default impersonation level is set to Anonymous. Even worse, after an SP3 installation fails, the system retains the SP3 version of Windows Installer, but the installer wonít function properly even if you restart the upgrade. To reinstall SP3 successfully, you need to change the DCOM impersonation level to Identify, and you need to delete the problem Windows Installer file (msisip.dll). To change the DCOM impersonation level, open a command prompt and type

dcomcnfg

If some objects aren't registered, the command will prompt you to register them. Then the utility displays the DCOM Configuration Properties window. Click the Default Properties tab, change the setting in the Default Impersonation field to Identify (click the down arrow for this field to view all valid settings), and click OK to exit.

To delete the problem Windows Installer file, locate and delete (or rename) the file %windir%\system32\msisip.dll. After taking this corrective action, you should be able to complete an SP3 upgrade. For more information, read the Microsoft article "Service Pack 3 Update Is Unsuccessful When DCOM Impersonation Level Is Set to Anonymous" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q324631.

SP3 Performance Monitor Hotfix for Non-English Versions
A bug in how Windows 2000 Service Pack 3 (SP3) updates Performance Monitor counters causes the counter names to display with unrecognizable characters at the end of each counter name. In addition, when you select a counter that you think is the correct one, Performance Monitor might not collect the statistics for this counter. This problem affects only non-English versions of SP3. For details, see the Microsoft article "Unrecognizable Characters Appear in Instance Names of Performance Counters or Incorrect Performance Data Is Collected After You Apply Windows 2000 Service Pack 3" at http://support.microsoft.com/default.aspx?scid=kb;en-us;q327384.

A Bucketload of Windows Explorer Bugs
Several postings indicate that Windows Explorer has several bugs that Service Pack 3 (SP3) doesn't correct. Because Windows Explorer is such a core component of the UI, I don't understand why Microsoft didnít delay SP3 until these fixes were ready to go. Hereís a list of the misbehaviors and bug fixes, all of which are available only from Microsoft Product Support Services (PSS).

Post-SP3 COM+ Hotfix Rollup 21
Microsoft released the Windows 2000 post-Service Pack 3 (SP3) COM+ hotfix rollup package on June 4, almost 2 months before SP3 went public. The rollup is not yet available for public download, but it is available directly from Microsoft Product Support Services (PSS). For more information, see the Microsoft article " INFO: Availability of Windows 2000 Post-Service Pack 3 COM+ Hotfix Rollup Package 21" at

http://support.microsoft.com/default.aspx?scid=kb;en-us;q324039

Network Connection Manager Security Hotfix
A newly discovered flaw in the Network Connection Manager applies to all versions of Windows 2000 including Service Pack 3 (SP3). Although the flaw is difficult to exploit, attackers can theoretically run code of their choice on the local machine with full system privileges. Microsoft Security Bulletin MS02-042 (MS02-042: Flaw in Network Connection Manager Can Cause Rights Elevation) indicates that the hotfix is a new version of the file netman.dll, which you can download at

http://www.microsoft.com/windows2000/downloads/critical/q326886/default.asp

This update is packaged with the standard hotfix installer, and you need to reboot to activate the hotfix after you install it.