----------------------------------------------- NOV-SAP.DOC -- 19980306 -- Info on NetWare SAPs ----------------------------------------------- Feel free to add or edit this document and then email it back to faq@jelyon.com Subject: SAP listing Hex SAP Description --- --------------- 0000 Unknown 0001 User 0002 User Group 0003 Print Group 0003 Print Queue 0004 File Server 0005 Job Server 0006 Gateway 0007 Print Server 0008 Archive Queue 0009 Archive Server 000A Job Queue 000B Administration 000F Novell TI-RPC 0017 Diagnostics 0020 NetBIOS 0021 NAS SNA Gateway 0023 NACS Async Gateway 0024 Remote Bridge (Routing Service) 0026 Bridge Server 0027 TCP/IP Gateway 0028 Point to Point (Eicon) 0029 Eicon Gateway (3270 Gateway) 002A ?? (CHI Corp) 002C PC Chalkboard 002D Time Synchronization Server 002E Archive Server 002E SMS Target Service Agent 0045 DI3270 Gateway 0047 Advertising Print Server 0048 TCP/IP Gateway (Micom Interlan) 004A NetBlazer Modems 004B Btrieve VAP V5.0 004C NetWare SQL VAP 004D Xtree network version 0050 Btrieve VAP V4.11 0052 QuickLink? (Cubix) 0053 Print Queue User 0055 ARCserve VAP (netware 2.x) 0058 Multi-Point X.25 (Eicon) 0060 STLB/NLM ? 0064 ArcServe 0066 ArcServe v3.0 0072 WANcopy Utility 0078 Backup of some type ? 007A TES-Netware for VMS 0092 Emerald Tape Backup Server 0092 WATCOM Debugger 0095 DDA OBGYN ? 0098 NetWare Access Server 009A Named Pipes Server 009B Netware Access Server 009E Portable Netware 009E SunLink NVT 009F Progress DataBase (Progress Software) 00A1 Powerchute 00AC Compaq IDA Status Monitor 00AA LAWserve 0100 PIPE STAIL ? 0102 Lan Protect 0103 Oracle SQL Server 0107 Netware 386 0107 Remote Console 010F Novell SNA Gateway 0112 Print Server HP 0114 CSA MUX (f/Communications Executive) 0115 CSA LCA 0116 CSA CM 0117 CSA SMA 0118 CSA DBA 0119 CSA NMA 011A CSA SSA 011B STATUS 011E CSA APPC 0126 SNA TEST SSA Profile 012A CSA TRACE 012B Netware for SAA 012E IKARUS virus scan utility 0130 Communications Executive 0133 NSS Domain 0135 NNS Profile 0137 NNS Print Queue 0137 Netware 386 Print Queue 0138 NNS Domain Scheme Descriptor 0141 LAN Spool Server (VAP) 0142 Aladdin Knowledge 0143 Optical Drives of some sort ? 0152 IRMALAN Gateway 0154 Named Pipe Server 0166 Netware Management 0168 Intel PICKIT Comm Server 0168 Intel CAS Talk Server 0173 Compaq 0174 Compaq SNMP agent 0175 Compaq 0180 XTree Server 0189 Xtreee 018A ? 01B0 GARP Gateway (Net Research) 01B1 Bindview (Lan Support Group) 01BC Microsoft NT SNA Server 01BF Intel LanDesk Manager 01CA AXTEC ? 01CB Shiva NetModem/E 01CC Shiva LanRover/E 01CD Shiva LanRover/T 01D8 Castelle FAXPress Server 01DA Castelle LANPress Print Server 01DC Castille FAX/XEROX 7033 Fax Server 01F0 LEGATO 01F5 LEGATO 0233 NMS Agent 0237 NMS IPX Discovery 0238 NMS IP Discovery 023A LABtern 023B ? 023C MAVERICK ? 023E ? 023F ? 024E Netware Connect 026A Network Management Services (NMS) 026B Time Syncronization (Netware 4.x) 0278 Directory Server (Netware 4.x) 0302 Firefox Novix NLM 0304 Novell SAA Gateway 030A Gallacticom BBS 030C Intel Netport2/HP Jet Direct?/HP Quicksilver 0320 Attachmate Gateways 0327 Lanworks MSD Bootprom NLM 0328 WATCOM SQL server 0335 MultiTech Systems Multisync Comm Server 0343 Performance Technology Instant Internet 0355 Arcada Backup Exec 0358 MSLCD1 ? 0361 Sentinal dongle for AutoCAD 13 0363 ? 037E ? 037F ViruSafe Notify 0386 HP Bridge 0387 HP Hub 0394 NetWare SAA Gateway 039B Lotus Notes 03B7 Certus Anti Virus NLM 03C4 ArcServe v4.0 (Cheyenne) 03C7 LANSpool 3.5 (Intel) 03D7 Lexmark printer server 03D8 Lexmark XLE printer server 03DD Banyan ENS for Netware Client NLM 03DE Gupta SQLbase Server v5.x NLM 03E1 SCO Unixware 03E4 SCO Unixware 03FC Intel Netport ? 03FD ? 0414 Kyocera 0429 Site Lock Virus (Brightworks) 0433 Synoptics 281x Advanced SNMP agent 0448 Oracle 044C ARCserver 5.01 0457 Canon GP55 ? 045A QMS Printers 045B Dell SCSI Array (DSA) Monitor 0474 ? 0475 ? 0491 NetBlazer Modems 04B0 CD-Net from Meridian Inc 0513 Emulux NQA ? 0520 Site Lock Checks (Brightworks) 0529 Site Lock Checks (Brightworks) 052D Citrix OS/2 App server 0535 Tektronix 0536 Milan ??? 056B IBM 8235 modem server 056C Shiva LanRover/E Plus 056D Shiva LanRover/T Plus 0580 McAfee's NetShield anti-virus 05BA Compatible Systems Routers 0621 IBM AntiVirus NLM 0640 Microsoft Exchange 067B Microsoft File and Printer Sharing 4 NW Networks - Workgroup Master 067C Microsoft File and Printer Sharing 4 NW Networks - Workgroup Backup 076C Xerox 079B Shiva LanRover/E 115 079C Shiva LanRover/T 115 0B29 Site Lock (Brightworks) 0C29 Site Lock Applications (Brightworks) 0C2C Licensing Server 2380 LAI Site Lock 238C Meeting Maker 4808 Site Lock Server (Brightworks) 5555 Site Lock User (Brightworks) 6312 Tapeware 6F00 Rabbit Gateway (3270) 8002 Netport Printers (Intel) LANprot 8008 WordPerfect Network Version 8099 ? 809A ? 81F0 ? 85BE Cisco Enhanced IGRP routing protocol 8888 WordPerfect Network Version / Quick NW Mgt 9000 ? B6A8 Ocean Isle Reachout Remote Control F11F Sitelock (Brightworks, what is this crap?) F1FF SiteLock F503 SCA-NT ? FBFB TopCall III fax server FFFF Wildcard (Any service) SAP Reply 0 RIP 1 Echo 2 SAP Unsolicited Response 4 SAP Request 17 Propagate Packet** 20 ** Most often NetBIOS The service types within a SAP packet are: Description Service Type (Hex) ----------- ------------------ 0003 Get Nearest Service 0001 General Service query 0004 Nearest Service Response 0002 General Service Response [Thx Borsodi Gabor, Henno Keers, David Lott & Stephen Bruce] ------------------------------ Date: Wed, 21 Feb 1996 17:03:39 -0500 From: Daniel Tran <dtran@UCLA.EDU> Subject: Re: Turn off SAPS? >We have three Netware 4.1 and one 4.01 (different tree) servers at our >location. Only one (one of the 4.1's) needs to SAP over the WAN. How would I >stop the other servers from SAPing (reducing our WAN traffic)? Thanks! NLSP - ipxrt???.exe for netware 4.1. ipxrt3.exe is a similar thing for netware 3.x. ------------------------------ Date: Thu, 22 Feb 1996 23:08:54 -0800 From: Virendra Rode <rstephen@CHAPMAN.EDU> Subject: Re: Turn off SAPS? >We have three Netware 4.1 and one 4.01 (different tree) servers at our >location. Only one (one of the 4.1's) needs to SAP over the WAN. How would I >stop the other servers from SAPing (reducing our WAN traffic)? Thanks! Run INETECFG and select the interface and go to Protocol section and turn off SAP or RIP, which ever suites your site. ------------------------------ Date: Sun, 28 Apr 1996 02:28:32 -0700 From: Virendra Rode <rstephen@NEXUS.CHAPMAN.EDU> Subject: Re: DOS client32 & trumpet winsock >I still can't get the tcp/ip to go, Richards net.cfg makes me think >that he's using Lan Workplace which I don't have. When nwip loads, >it finds the bootp server, and gets the right IP details. Then it says: > >Netware IP: Request for common Parameters from NWIP Server timed out. >Netware IP: Cannot contact any of 3 known DSS Servers >Netware IP: Initialization Failed. > >It then fails to find the netware server & stops. When I load IPX >before tcpip, it gives the same errors, but complains that IPX >shouldn't be load first, but then allows login under IPX. > >What's a DSS server? Should I have one? DSS is used for forwarding SAP frames. The DSS implementation depends on the protocol implementation. In your case you will need to implement the DSS. Read Netware/IP documentation. ------------------------------ Date: Mon, 6 May 1996 08:42:01 +0200 From: Henno Keers <Mailbox@ICE.NL> Subject: Re: Novell communcations problems >- Help! - Novell 4.1 after installing some new router hardware at a couple >of sites(one with a hardware failure, one new site to add to WAN). >Currently we have 1- 4.1 server per site, and one site with an add'l 3.11 >server. The symptoms are: >- 680 and 625 errors on partition sync on Novell - these are DS >communications errors between servers at sites where new routers >have been installed and servers at sites where old routers are present >- time sync is working but is not as clean as is should be...loosing sync >on occasion after so many polling loops and then re-establishing You need to pass SAP (Service Advertising Protocol) packets: 0004 (file server) 002d (time server) 026d (NDS time server) 0278 (NDS synch) >- when using Rconsole from an "old" router site to a "new" router site I >can access the server but the connection is not very stable This could mean: - Bad comm's (consult your leased line telco company) - Mixed versions of rspx.nlm and rconsole.exe - Broken routers >- displaying servers and networks on the console shows everything as it >should be >- I cannot login to a server from site to site (either direction) or map a >drive to it where there is new router hardware...the only exception to >this has been logging in across a WAN link to a NW 3.11 server w/ Netx... You didn't show us the network topology & layout but I presume you have a router misconfigured in the path. >- I have tryed using netx to 4.1 with no luck and have messed around >with many settings on the workstations 'net.cfg' with VLM's(eliminating >packet burst, minimizing packet size, eliminating packet signature, various >elements that would not be used in a conection to a 3.11 server) >anything beyond just viewing the file structures and other NDS >components results in "network connection has been lost". I was able to >successfully time sync. and merge NDS trees without any errors, but the >new partition would not sync. up afterward. Show me your net.cfg. >- IPX ping from Novell to Novell is clean. Some techs. I have spoken with >believe we are loosing packets, mostly likely where fragmentation has >occurred. TCP/IP works fine, but I was informed that the IPX/SPX is more >timing critical and timing may be an issue. >- We are using Synoptics multimedia routers, 3800. Serial 3806 and >Ethernet 3803. The routers are running different version of software(9.0, >9.1 and 10.0) but we have been assured that this would not be a >problem!?? Some thoughts: 1) Ouch. The 3800 is equal to a Cisco 4000, and IOS 9.0x is ancient. I strongly suggest that you upgrade to at least 10.x or better 11.x. This could imply memory (RAM and flash) upgrades. Take a look at www.BayNetworks.COM and www.Cisco.COM. 2) Take a close peek at the config's of all routers, you might want to let us take a look at them, a simple access list with some SAP filters on the wrong place could be the culprit. 3) Get on the Cisco Mailing list by sending a message to: Cisco-Request@spot.colorado.edu Send your questions to: Cisco-l@spot.colorado.edu ------------------------------ Date: Sat, 23 Mar 1996 09:31:40 -0500 From: Debbie Becker <dbecker@clark.net> Subject: Re: NDS errors >I have recently added two servers as replicas in our partition of the >tree. The servers are connected to the SAME cable segment (thin >ethernet) in the following order; > > __________________________________ > | | | | > A B C D > >D is the server with the master replica and the cable is terminated >here. Server A can connect to D with no problem and vice-versa. But, >when servers B and C are involved, we keep getting "Unable to >communicate with server ...." errors at the server consoles, and >also -625 errors in dstrace. This causes synchronization problems >with the NDS. I have ensured that there are no cabling problems. > >The servers we have problems with (B and C) have PCI cards installed >- servers A and D do not. Is there any known problems with PCI cards? >Or, could the fact that we only have 16Mb of RAM installed in these >two servers have an effect. Or, could it be that I need to change >some of the Communication settings at the console (such as max >packet receive buffers)? -625 error is a TRANSPORT_FAILURE error which indicates an inability to communicate across the network. Check for SAP filtering of DS SAP types of 26B and 278. Check cabling, LAN card and LAN drivers. This error is almost always a LAN issue. Occasionally, a change of server name, move of server object, or change in internal IPX number can cause this error. If you think one of these may be your problem, run DSREPAIR with the option to repair network addresses on the source server to check the internal IPX of the target server -- the change may not have been completed successfully. ------------------------------ Date: Tue, 2 Jul 1996 07:05:07 -0600 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: Does SAP make traffic a lot on the network? & NDS >I've two questions about netware. >1. How much traffic does SAP make trffic on the network? I wondef if it >could be a cause of traffic in a LAN or WAN? RIP/SAP broadcasts do generate a lot of traffic. Routing protocol NLSP, from Novell in file ipxrt3.exe, generates less and is recommended for congested links whether local or remote. >2. I've 22 Netware servers on my network. They've their own directory >tree and our network load is very heavy. Of course, our router enable >IPX protocol to get into my netwrk from overseas. Now, I'm considering >merging all directory trees into one directory. Can I reduce a traffic? >In a point of SAP, which one environments have a less SAP? >Does anybody know about it? The more coupling of directories at each end of a WAN link then the more traffic will occur between them to stay in synchronization. NDS updates do not use IPX RIP/SAP; they use their own kinds of packets. To quickly analyze traffic before you make strategic changes to your network please put a packet monitor on selected wires to measure what is there. A good monitor for IPX work is Novell's Lanalyzer for Windows product (runs on a Win 3.1 / Win95 client machine). Joe D. ------------------------------ Date: Fri, 22 Nov 1996 19:04:54 -0600 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: MS Networking coexisting with Netware >On Fri, 22 Nov 1996 10:36:41 -0600, Joe D wrote: >> MS file and print sharing over IPX results in emission of SAP >>type 4 (NW file server) packets from the MS machine. > I thought (based solely on my reading of win95sap.txt) that SAP >type 4 only applied to Sharing For *NW* Networks, and that it is >disabled by default. Win95 pcs do not turn up with NLIST SERVER, >workgroup masters DO show on file server console with DISPLAY >SERVERS, however. > If it does apply to ... Sharing for *MS* Networks as well, then WfW >pcs doing peer-to-peer could also cause considerable trouble for NW >operations. (Yes?) It applies to Novell Networking. MS networking means NetBIOS over some transport mechanism, most often 802.2 frames (NetBEUI is the name for that combination). If NetBIOS is run over IPX then the NetWare routers may have to be instructed to bridge those Type 20 packets because NetBIOS is a non-routable arrangement. The only reason I can think of for running MS NetBIOS stuff over IPX is to burrow through NetWare routers, and one may wish to think twice about letting broadcast material spread over the site. Locally we say use NetBEUI or RFC-NetBIOS, non-routable and routable, respectively. One way or the other users can still form their collections. >> It isn't a NW file server, does not perform those duties worth a >>darn, is based on reverse engineering of NW 2.x, puts optional >>"redirection of traffic" into the hands of individual users. > > "Redirection of traffic"? This sounds interesting. How does it work? >What are the implications? Bad new is the implication. It means a user can load an MS program which tries to relay traffic to a NW server selected by that user. Needless to say, this is all in the hands of the user, and what the traffic redirector understands is probably primative. I can't give you a detailed background on the program. But I can say I took this whole SAP matter to the trade rags (out of exasperation) a year and a half ago, and it got attention and confirmation. Pop quiz: when did Win95 get released? Pop answer: 24 Aug 95, less than 1.5 years ago. >> Rather than read more words we can suggest adding a packet monitor >>to the wire and perform some local experiments. > > I'll do that. Any clues as to what to look for besides SAP >originating from File Sharing PC(s)? How can I pin down/verify >redirection of traffic? Just have a look and you'll see what's there. I suggest contacting MS for their Win95/NT components, the names of which I don't recall. A ready tell-tale is SLIST, er, pardon me, NLIST server /B. If an MS object appears there then it's a SAP Type 4, a fake NetWare file server. >> And, MS IPX networking by being NW 2.x style makes the "server" >>appear one hop closer to things than NW 3/4 servers which have an >>internal node (number 1). Guess what effect that might have on >>routing IPX traffic. Joe D. > > Yes, I know: Clients booting does a GNS, gets a reply from a *very* >close "server", attaches, and finds no way to go on from there. >Black Hole, tough luck. MS Win *must not* be allowed to advertize >SAP 4, that's aggreed. And Cisco routers can reply on behalf of NW server-less wires, drawing a helping server's name from the list it knows of, either fixed or round robin. So the influence of the fake servers can spread further than might be realized at first. As I've said, we simply forbid MS products advertizing as NW servers. It's enforced by disconnecting ports on managed hubs, plus the usual people to people meetings. Client32 makes that job easier by not allowing the situation to occur on clients so equipped. Joe D. P.S. Just to be sure we are all reading from the same script, this is not a MS bashing thread. It's simply dealing with an unwanted and unnecessary impediment to sane networking. If vendor X were to reuse a SAP ident assigned to vendor Y, and at least one were important to us, a similar situation would have occurred. ------------------------------ Date: Mon, 25 Nov 1996 20:08:35 -0600 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: MS Networking coexisting with Netware -Reply I've lost the original message, but there was a question about NT servers showing up in NW console DISPLAY SERVERS listings yet not on NLIST server /B listings. This has to do with SAP type 4 false advertizing by Microsoft products. DISPLAY SERVERS lists all service objects (everything sending IPX SAPS of any description). We see this readily by noticing familiar names of print boxes, file servers, UPS systems, tape backup schemes, and a GREAT deal more. Both DISPLAY SERVERS and DISPLAY NETWORKS are useful to perform periodically to see who's talking on your radio and to nail offenders to the gateway door. NLIST server /B or SLIST show only the type 4 objects, NW file servers. Joe D. ------------------------------ Date: Sat, 22 Feb 1997 10:03:03 +0200 From: Patrick Medhurst <pmedhurs@CTCC.GOV.ZA> Subject: Re: Device type table of some sort >>Does anyone know of a list of device types (ie HP printers are of device >>type 030c, Synoptics hubs are device type 0433) and their descriptions? http://www.novell.com/corp/programs/ncs/toolkit/download/saps.txt [Floyd: This file is 140KB!!! but does not appear to be a superset of the SAPs listed in this document] ------------------------------ Date: Mon, 24 Feb 1997 15:45:49 -0600 From: Darwin Collins <dcollins@fastlane.net> To: netw4-l@ecnet.net Subject: Re: 230 users and 109 printers >You may not like the performance hit with the mode set to >'remote printer'. It's a matter of balance or money vs. performance. How much of hit is there with Netware 4's PSERVER? I remember hearing the same thing with the older Netware 3 PSERVER, but was told that its 'not much' of a factor with 4x. Also, reduces SAP traffic (Remote printers don't SAP, whereas queue servers do every 30 seconds) so may have a side-benefit. ? One item, that made us use some 'remote printers' is that it made it possible to keep some older Castelle JetPress cards working. (they don't like 4x's bindery emulation) --------- Date: Tue, 25 Feb 1997 14:00:13 -0600 From: "Kevin McIntosh" <powertek@hia.net> To: <netw4-l@ecnet.net> Subject: Re: 230 users and 109 printers With HP JetDirects you can set the SAP intervals on your remote print servers. Using print server mode greatly reduces the load on your server for print services. ------------------------------ Date: Thu, 24 Jul 1997 14:39:54 +0100 From: Petr Jaklin <3net@3NET.ANET.CZ> Subject: Re: SAP filtering >Does someone successfully implemented SAP filtering on WAN? What >scenario was used - close all SAPs but x,y,z or close all IPX >addresses but x,y,z? > >What I want is that users from one side of router could login to >servers on other side but couldn't use any other services - printing, >btrieve, rconsole etc. And of course I want NDS traffic including time >sync alive. Yes, I have WAN on our & leased lines. All routers are 3Com's NetBuilders. Because there are loops, I decided to use NLSP on whole WAN. All (NetWare) LAN servers work in RIP/SAP only. On all local router interfaces are receive policy (= filter), so only *:000000000001:0004 // FileServer *:*:004B // Btrieve *:*:0107 // RConsole and where is NW 4.x also *:*:0278 // DirectoryServer *:*:026B // TimeSynchro are allowed. It means <network>:<MAC-address>:<SAP type>. So only FileServer, Btrieve and RConsole (and DS tree and timesynchro for 4.x) SAPs are allowed. That MACaddr 000000000001 for FileServer-SAP is because W95-creatures faking NW servers. I had over 800 SAPs cycling through WAN and have only 84 now ! But this is only filter on "Yellow pages", not service disabling. For instance you can run Rconsole to remote server even with filtered-out SAP. You only need to know internal network number. It may be similar with other services. You must install true packet filter, looking inside apropriate protocol, to disable some service. ------------------------------ Date: Mon, 27 Oct 1997 15:48:49 -0600 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: SAP Router configuration error detected. >Change your Network addresses to the same thing for both servers. This >is done by either editing AUTOEXEC.NCF (use INSTALL.NLM) or using >INETCFG if your server is so equipped. > >BTW: you can set these numbers to anything you like. I find the defaults >particularly hard to remember. We usually set the Network addresses to >200h for ethernet 802.2 frametype and 300h for ethernet 802.3. This >saves a lot of time! >SAP Router configuration error detected. >Node 080007ffd8de () claims network adress 001A1B52 should be AED8366C ><snip> ---------- Folks will benefit with a more structured IPX name and number convention, not to mention using only ONE frame kind for IPX on the backbone (hint: prefer Ethernet_II). Please see paper UTAHSTD.TXT in directory misc on netlab2.usu.edu or in the list's fine web browsable FAQ (see netlab1.usu.edu). This is a very widely adopted standard on the matter, and it really works. Joe D. ------------------------------ Date: Wed, 19 Nov 1997 12:43:43 -0600 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: Printer SAPs >>Our HP Jetdirect cards default to a 60 second SAP broadcast. I want to >>change it to a longer time period. What is the maximum I can set it >>without the server purging SAP table of this HP Jetdirect server? Where >>in 4.11 is the parameter to show the time period to purge these tables? >>Our network is pretty stable with few additions as far as servers go, >>but we keep getting broadcast storms. > >There is a great set of articles by Laura Chapell in the past three issues >of "NetWare Connections" on this very topic. Since Ms. Chapell is the >proverbial "expert" on the subject, I would like to see if she has the >answer first. > >See http://www.novell.com/nwc for further details. --------- We can provide some answers here, however. SAPs involve distance from places by the time they appear in routing tables (what's announced to other servers). If a SAP announcement is missing then the router software gracefully ages out the SAP entry, by increasing its network distance by one unit. That way the info is present but apparently not as reachable. It does this again on the next consequetive miss and so on, until finally the network distance reaches 16 units. 16 is basically the edge of the knowable universe, termed "countable infinity." Thus one could have 15 minute gaps and still barely survive. But, there is no free lunch. Changes in network distance can trigger routing update packets. This is clearly the case when a long lost device, at distance 13 and growing, suddenly reappears at distance 2. That news generates a trigger to spread the good word. There is a saying in the routing work which goes "Good news travels quickly, bad news travels slowly" and we see it here. Routing changes certainly cause admin busy work in the routing tables of each router, hear disk drive churn and cpu cycles evaporate when computing minimal length routes. We can readily see these count up to infinity and drop situations. Use the console and watch the distance to servers. Turn off a server and keep watching. The distance will go up by one on each one minute cycle until the object vanishes. Display routers is the normal command. Thus, the recommendation is to not tinker with SAP update intervals. If there are broadcast storms then certainly solve them. But printer SAPs are not the cause of nor a serious component of such storms. Braindamaged hubs may well be, as has happened here massively. Measure what's happening before twisting the knobs blindly, and similar cautious advice. Joe D. ------------------------------ Date: Wed, 26 Nov 1997 10:29:20 +1000 From: Jean-Marc Annonier <annonierj@AUSTPLANNERS.COM.AU> Subject: SAP: DO NOT change your IPX # !! Finally, I've fixed my BTRIEVE/SAP problem. Guess what ? When you restart your server with the -na option for maintenance, you are required to enter manually a server name and an IPX internal number. Well, if we all enter the correct server name, how many of us enter the actual IPX number written in tha AUTOEXEC.NCF file ? You probably do like me and type something like 456 as it's not really important and next time you restart the actual number will be used. I say: DON'T !!! Last saturday, I've replaced my INW4.11 server's main board and applied IWSP4a right after, everything went smoothly, for once ... everything ? Not really. Of course, I restarted using the -na option and entered 456 instead of FF231196, checked everything was Ok and restarted normally. Then I couldn't talk to my Btrieve and SSQL servers anymore !! Status 95. I took me TWO days to find out what was going on: hardware ? IWSP4 ? Drivers ? No ... ANSWER: Unless you use IPXRTR later than 27-3-97, if you change manually your internal IPX #, then next time you restart, your server will SAP advertise using this manual #, and your services (Btrieve, SSQL, Pserver, Remote) will advertise using the IPX # declared in the autoexec.ncf. Results: BTRIEVE and SSQL return status 95 and PSERVER looses some printers. This one was VERY nasty. The exact description of the problem is in Novell document #2923405. Solutions: always use the same internal IPX# or use a recent IPXRTR. PS: Don't do like me: never do a major hardware and software upgrades at the same time, if something goes wrong, you don't know what (except that in that case, it was for a third reason). PSS: SSQL4 on a Pentium II 233 is a beauty. ------------------------------ Date: Thu, 1 Jan 1998 15:58:11 -0500 From: Novell-List Depot <nov-list@DART.ORG> Subject: Netbasic scripts I wrote a small NLM that simply listens to SAP traffic to determine if devices are 'up' or 'down'. On the internet-type stuff, I am sending a PING packet. It will only work with 4.11 (with TCN04a), but, its (free) available. It basically, will write a HTML output file. (myself, have it running at http:/207.86.10.38/nchkstat.htm) ------------------------------ Date: Wed, 4 Feb 1998 09:46:09 -0500 From: CHENGD1 <CHENGD1@WESTAT.COM> Subject: Re: SAP type of 0640 Socket 400D >I have a Win95 Compaq DeskPro (using the onboard Netflex-3 NIC) that is >displaying it's Windows95 'Computer Name' in a DISPLAY SERVERS listing >on a Netware server. I have checked the PC to insure that it isn't >running MS or Netware File & Print services and it is not. It also >broadcasts it's name regardless if any Netware client (MS or Novell >Netware Clients) are loaded or not. > >By viewing the broadcasted SAP type for this device, IPXCON reports it's >SAP type of 0640 and Socket 400D. > >I am, unable to find out what SAP type this is as all of the SAP lists >that I can find on Novell's site only list SAP types up to 0300. > >Has anyone seen this SAP type before or experienced Compaq DeskPro's >broadcasting in this manner (without File/Print services active)? I have seen this problem with NT 4.0 servers broadcasting SAP 640, and there is a Hotfix RPCSS.EXE that fixes this. Is there an NT box on your network? ------------------------------ Date: Thu, 26 Feb 1998 10:27:12 +0200 From: Mike Glassman - Admin <admin@IAA.GOV.IL> Subject: Sapmon utility Anyone used the Sapmon utility that Novell talks about in the lates AppNotes? Available at: http://developer.novell.com/research/downloads.htm named SAPMON12.EXE. --------- Date: Thu, 26 Feb 1998 14:08:26 -0800 From: Randy Richardson <randy@INTER-CORPORATE.COM> Subject: Re: sapmon - correction >Sorry, that is http://developer.novell.com/research/downloads.htm and >not the way I typed before. You were asking about SAPMon. It's very helpful when reducing SAP traffic on WANs. It works with Client32. You can test it by popping into RConsole, or by typing ":Reset Router" at the NetWare console. ------------------------------ Date: Fri, 6 Mar 1998 10:25:55 -0700 From: Joe Doupnik <JRD@CC.USU.EDU> Subject: Re: Win95 file sharing for netware/SAPs (long) To make sure folks do understand the situation below is reproduced the MS reply on running their software over IPX. Note: if an MS client advertises as a NW file server (SAP type 4) then users can (and very often will) access it as their default router. It is one hop closer to them than real servers because it has no internal node. Once trapped users are at the will of what that MS client station has running and how it is configured: the net is now out of your control. Don't let it happen on your wires. Uptodate readers may wish to skip this message. Joe D. --------------- As astute readers are aware, Windows 95 has the ability to advertize itself with IPX SAP (service advertizing protocol) packets on the wire when file/printer services are shared peer to peer. Such SAPs say the machine is offering NetWare file services, and it shows up in SLIST etc. Much has been said privately on the situation, and the matter has been taken up in the trade publications a number of times. To clarify what Windows 95 does I asked a member of the development team at MS to comment upon the subject, and he has kindly done so in the attached document. I suggest you read it and think about the matter as it pertains to your site. I am posting this message as informational, not to argue a position. Aaron has given permission to reproduce the document intact. Joe D. -------------- ----TEAR HERE---- I am one of the developers that worked on developing Microsoft File and Print Services for Netware Networks for Windows 95, not to be confused with FPNW for Windows NT. In order to clear up some confusion over how File and Print Services for Netware Networks works and some problems administrators should look out for when running this service, I have written the following technical note. I hope this information helps clear up some confusion and addresses some administrators concerns. This is NOT an official Microsoft document. Microsoft makes no claim to the completeness or accuracy of the information contained herein. Aaron Ogus (aarono@microsoft.com) Windows 95 File and Print Services for Netware Networks ======================================================= 1. Terminology NWSERVER - Component that provides Microsoft File and Print Sharing for Netware Networks. NWREDIR - The Microsoft requester for accessing Netware Servers and NWSERVER peer services using the NCP protocol. VSERVER - Component that provides Microsoft File and Print Sharing for Microsoft Networks using the SMB protocol. VREDIR - The Microsoft Redirector used to access NT WFW, LAN MANAGER and Windows 95 network servers using the NCP protocol. SMB - Server Message Block. An application level protocol for communicating between a client and server computer. Can be thought of as a hard wired RPC mechanism with fixed fields and command codes. SMB runs over many different transport protocols including: NetBIOS, IPX, IP NCP - Netware Core Protocol. Like SMB, only the definition of fields is different. NCP has clasically only been run over IPX but recently has been hosted on IP in Netware implementations. SAP - Service Advertising Protocol. A protocol that defines a packet format for adveristing services available in a service provider. SAPs are repeated every minute on the network. Bindery - a Database on a Netware server that can be used to access the list of available services on the network. Also may store User, Group or Application specific information. NSCL - Netware Services Client. A component used to discover NWSERVERS and real Netware servers regardless of the advertising mechanism they use. This component also controls advertising for NWSERVER whether using SAP or the browse model. Pass through server - NWSERVER validates users against the user database on a true netware server. The server must support the Bindery NCPs. If it is a Netware 4.x server it must have bindery emulation turned ON. The pass through server must also have an account called WINDOWS_PASSTHRU setup on it. This account only needs BINDERY access. Overview -------- Windows 95 suppports 2 types of file and print services. One using SMB, for Microsoft and IBM type networks and one using NCP, for Netware networks. Although the SMB server (VSERVER) could be run on a Netware network to provide peer services, it requires that the clients load an additional redirector. This can be a significant memory and performance hit on smaller 4 Mbyte machines. In an effort to provide peer services for Netware networks on par with those for SMB networks we decided we should provide a service that uses the NCP protocol to provide peer services in order to avoid the extra memory overhead. There are many problems associated with running many (>1000) NCP servers on a network. Some of these problems are related to problems with the SAP advertising scheme used by Netware 2.x Netware 3.x and Netware 4.x. Future versions of Netware will replace this mechanism with NLSP, a new protocol that does not suffer from many of the problems associated with SAP. In order to avoid the SAP advertising problems, NWSERVER uses its own name resolution and service advertising mechanism. By default this is the mode that NWSERVER is configured in. NWSERVER also allows the user to reconfigure it to use SAP advertising. This allows VLM and NETX clients to access the peer server, as well as Windows 95 clients running the Microsoft Client for Netware (NWREDIR). This note will discuss the problems with SAP advertising and also describe the "other" advertising mechanism used in Windows 95. It will also discuss problems you may enounter if you turn SAP advertising ON on an NWSERVER. SAP advertising =============== Every Netware server (not running NLSP) advertises itself and its services on the network every minute. It does so by send a SAP packet to the broadcast address. All other servers and routers listen for these packets and accumulate them in their internal tables. The SAP broadcasts are restricted to the segment (subnet) they are broadcast on. In order to allow the entire network to "see" all the services available, the routers repeat SAPs seen on one subnet to the other subnets they route between. The upshot of this scheme is that every SAPing SERVER causes SAP packets to be broadcast across the ENTIRE IPX network. Also each entry must be remembered by every router and every server on the network. Although this system works quite well for a small number of servers (less than 1000), as the number grows larger the bandwidth requirements and resource requirements in servers and routers get very large. NWSERVER Browse Model ===================== On a large network (such as the Microsoft Network) that contains in excess of 15,000 peer servers it would not be practical to use SAP advertising as the method of advertising server services. Instead Microsoft has created a component called NSCL that is used to implement browsing for large Netware networks. Each Windows 95 computer is assigned to a workgroup. A workgroup is a collection of related computers. The relationship of computers in a workgroup is casual. That is they could be arranged geographically, or functionally. The only important thing is that the computers are grouped. When an NWSERVER starts up, it registers its name and workgroup with NSCL. NSCL looks at the workgroup name and attempts to find the "master" for the workgroup. It does this by searching the default Netware server's bindery. If it finds no workgroup master in the Bindery it elects itself master and advertises itself using SAP. Any client coming up subsequently in the workgroup will find this server registered as the browse master by scanning its' default server's bindery. (There is a recovery mechanism if the master goes down but this is beyond the scope of this document). Say NSCL found the browse master. It will then send the browse master a packet describing itself. In this way the browse master will accumulate the list of servers in the workgroup. This scheme reduces the SAP overhead from 1 SAP entry per server to 1 SAP entry per workgroup. (2 for large workgroups because a backup master will be elected). Clearly then it is critical that workgroup names be meaningful and co-ordinated. If every server has its own workgroup the SAP overhead will be just as bad as if every server were advertising. When a Windows 95 client is asked to attach to a server on a Netware network, say the server RED_311 the NSCL component first scans the bindery of the default Netware server to find out if it is searching for a server that SAPs as SAP type 0004 (the server SAP type). We commonly refer to these as flat servers since they appear at the top level of the browse list when browsing the entire network. If the server to attach to is NOT found in the flat list then a request is sent to the browse master for the workgroup to see if it can resolve the name to an IPX address. If this fails, a broadcast is sent to all workgroup masters (using the type 20 IPX packet) to resolve the name. If this query fails it is assumed that the requested server does not exist. It should be noted that browse masters and backups DO NOT USE TYPE 0004 SAP. The masters SAP using SAP type 0x067B, backups use 0x067C. It should be stressed that this is the default and RECOMMENDED configuration for running NWSERVER. In this mode there should be no VLM/NETX interaction issues with running the peer services on a large network. ***If type 20 packets are not propogated through routers you will be unable to attach to NWSERVER machines not in your workgroup that are across a router. VLM and NETX startup ==================== At this point a discussion of the startup process for VLM and NETX is in order: When a VLM or NETX client (Netware client) starts up, one of the first things it does is send out a "Get Nearest Server" request. Routers and servers will respond to this request by sending DIRECTED SAP packets to the starting node. The first response is accepted by the client, the client connects to this server and it becomes the default server. If a preffered server is specified, the client will then read the address of the preffered server out of the bindery of the default server and attempt to attach to that server and use it as the starting point for running LOGIN.EXE. Any server advertising as SAP type 0004 may become the default server. ***You should NEVER SPECIFY AN NWSERVER AS A PREFFERED SERVER. ***It is highly recommended that you specify a preffered server for a VLM or NETX client. ***It is highly recommended that you specify a preffered server for NWREDIR clients. NWSERVER SAP ADVERTISING ======================== NWSERVER will allow you to turn on SAP advertising. When this capability is turned on, the NWSERVER will advertise itself using SAP type 0004. This makes the server appear in the Netware SLIST and allows VLM and NETX clients to MAP drives and print to the NWSERVER. It also means that clients may attach to NWSERVER as the default server during the initialization process. ***You cannot LOGIN to an NWSERVER. When you turn on SAP advertising, NWSERVER will automatically share out a SYS volume which will correspond to the directory: WINDOWSDIR\NWSYSVOL, e.g. C:\WINDOWS\NWSYSVOL This directory will have the subdirectory LOGIN containing the file LOGIN.EXE. This directory will be given WORLD read access (anyone can access it for read regardless of being logged in). If a client is started on the network with no preffered server set it may wind up attached to the NWSERVER and find itself in this directory. Running the login program from this directory will log you into any real Netware server if specified. If not specified you will be logged into the NWSERVER's passthru server. If the NWSERVER's passthru server is down you must specify a server name to log into. e.g. Q:\LOGIN>LOGIN RED_311 This LOGIN program in the SYS volume of an NWSERVER will only run if the default server is an NWSERVER. If you are already logged into a Netware server you cannot run the LOGIN program off of an NWSERVER (it will fail). If you turn on SAP advertising on NWSERVER you should make sure of the following: 1. You must make sure that the pass through server that the NWSERVER uses for security validation is a reliable server. If it is not you may encounter the following problem when the pass through server is down. IFF a client starts up and has no preffered server set, and the pass through server is down for a SAPing NWSERVER the client MAY connect to the NWSERVER and the LOGIN command WILL fail if the LOGIN command does not specify a server. Remedy. If the client specifies the server to be logged into she should be able to log into the server. A non-specific login will continue to fail until the pass through server is back up. In this case the user will wind up logged into the passthru server. M:\SYS>LOGIN this may continue to fail M:\SYS>LOGIN RED_311 this will ALWAYS work if you wound up with a default NWSERVER. Remedy. If the client has a preffered server set it will never wind up with an NWSERVER as its default server. 2. You must make sure that SAPs are being propogated onto the network segments that NWSERVERs are running on. Some network configurations separate clients and servers on different subnets and configure the routers NOT to pass SAP information onto the client only subnet. If you do this any Netware server advertising type 0004 (including true Netware) will become a black hole on the network. It will be closer than any server on the server sub-net and thus the router will respond on the servers behalf to GetNearestServer requests from clients that are coming up on the client only subnet. Once the client is connnected to the server on the client only subnet it will be unable to connect to any server on the server subnet since the server it is attached to will not have the names and addresses of the server on the server net. THIS SHOULD BE AN EXTREMELY RARE CONFIGURATION. Unless you have some hot-shot network manager that is trying to play wierd games with the routers, this should not be a problem. 3. Make sure the name of the NWSERVER and the other Netware and SAPing NWSERVER on your network do not overlap. OTHER REMEDIES ============== On any large campus network we strongly recommend you use user profiles. With this you can disable SAP advertising for all NWSERVER's on the network or you can disable the NWSERVER service completely. Do not run SAP advertising. It is disabled by default. Modifications for future versions of NWSERVER ============================================= The following recommendations have already been made to avoid the above problems. We MAY implement some of these in future versions. 1. Don't allow the server to start if there is already a server with the same name. 2. If the passthru server is down, do not allow the NWSERVER's SAP Advertising to start. 3. Remove the SAP advertising control from the server control panel and banish it to an obscure registry setting so naive users do not turn it on accidentally. 4. Have the NWSERVER get its SAP information from the passthru server rather than accumulating it itself. This eliminates the "no SAPs on this segment problem" ---TEAR HERE--- ------------------------------