NT Stung Again by Y2K Bug

Microsoft considered SP5 to be the final word in Year 2000 fixes for Windows NT 4.0. Despite Redmond’s attempt to exterminate the problem, Y2K bugs keep popping up.

Microsoft considered Service Pack 5 (SP5), released at the end of May, to be the final word in Year 2000 fixes for Windows NT 4.0. Despite Redmond’s attempt to exterminate the problem, Y2K bugs keep popping up. The latest glitch prompted the company to issue yet another Y2K patch for installation over SP4 and SP5.

The patch has been folded into SP6, which has been in beta testing since July and is scheduled for release in October. "All versions of Windows NT will be maintained compliant with SP4," the last major feature upgrade, a Microsoft spokesperson says.

The problems addressed with this latest patch include a century date issue with the Net User command line security utility for setting log-in times. As a result, network administrators may have difficulty setting user log-in times after the new year. A glitch in the News Network Transfer Protocol (NNTP) server incorrectly converts two-digit years coming in from messaging clients.

In addition, SP5 does not change the real-time clock date setting in systems not in a daylight-saving time zone, or those with multiprocessor kernels. A separate compliance issue was discovered in Outlook Express, which must be addressed with a patch for Internet Explorer 4.0.

The new patches are scheduled for release on Microsoft's Web site before the end of September. The hot fixes can be applied to systems with SP3, SP4 or SP5 installed. An update is also available for Windows NT 3.51 SP5.

These Y2K problems are relatively minor and will not disrupt systems, but the patches represent an ongoing headache for companies with zero-tolerance Y2K policies, says Kevin Weaver, vice president and co-founder of Infoliant Corp. (www.infoliant.com), which tracks Y2K compliance issues in software and hardware products. For example, in terms of the security log-in feature, "some companies don't ever restrict people, so they wouldn't care,'" Weaver says. But many larger organizations are exercising due diligence in fixing every issue that crops up, he explains. "A Fortune 500 [company] may have rolled out SP5 in June, but suddenly has to touch 250 more servers, incurring added cost and downtime." Also, companies now in a lock-down mode in terms of software installations want to make as few changes to the system as possible. "Sometimes, it's a bigger risk to apply a patch that might introduce some other non-Y2K-related system instability. But they have to react to it," Weaver says.

Last-minute patches of this nature are not limited only to Windows NT systems, he adds. "There's been new service packs out for various Novell products," Weaver points out. "Computer Associates routinely comes out with patches. The various versions of Unix -- IBM's AIX and HP-UX -- also have had patches in the last six months."

Microsoft, on a positive note, tends to provide clear explanations about the purpose of the patches -- a rarity in this industry. "Microsoft has done a good job of explaining exactly what the issues are and who they might affect," Weaver says. "I give Microsoft credit for disclosing way more than you ever wanted to know. Other companies aren't as specific with the problems and send out a patch without telling you exactly what's fixed on their software."

Aside from already identified problems, SP6 will not include further Y2K updates, the Microsoft spokesperson says. Some of the issues SP6 will address include memory problems in remote access server, blue-screen-of-death problems, and a DNS fix.

Ready for the Date Change?

The latest delta report from Infoliant Corp. (www.infoliant.com), a company that tracks Y2K compliance in software and hardware, finds that many popular off-the-shelf products for enterprise, network and desktop systems are not ready for the date change. During the months of July and August, for example, Infoliant tracked changes to the compliance status of more than 600 products from major IT manufacturers, including Computer Associates Int’l Inc., Novell Inc., SAS Institute Inc., Mackinney Systems, Adobe Systems Inc., Lotus Development Corp., and Autodesk Inc.

Fifty eight percent of these changes in July and 43 percent in August were "negative," meaning the manufacturer discontinued Y2K support or confirmed previously unknown Y2K issues. This is higher than the 33 percent average for this year, and was unexpected at such a late time when Y2K project teams are nearing the final stages of their remediation efforts. Seventeen percent of the changes in July resulted from manufacturers explicitly refusing to test certain products.

"Since we started tracking this information in 1997, we've reported status changes on over 3,400 products, nearly 2,500 of which occurred in these first seven months of 1999," says Kevin Weaver, vice president and co-founder of Infoliant. "The numbers for this July are two-thirds higher than the average month in 1998. We've been doing this for two years now, and the changes we've seen during the first seven months of 1999 are twice the total number of changes in the preceding year and a half."