Resolving Windows XP SP2—related application compatibility problems
Published: October 10, 2005
Since Microsoft Windows XP Service Pack 2 (SP2) was released in 2004, newsgroups and other online communities began reporting broken applications and problems managing Windows XP systems. The reality, however, is that SP2 broke very few applications—especially applications designed for Microsoft Windows 2000 and later—and had minimal impact on Windows XP systems management.
In this column, I examine ways in which SP2 affects Windows XP systems management and applications running on SP2 computers. In particular, I focus on five of the more common types of compatibility problems:
| • | Remote management and Remote Assistance problems |
| • | Problems with antivirus software |
| • | Printing problems |
| • | Problems accessing FTP sites |
| • | Problems with non-Microsoft applications |
I also suggest how these types of problems arose and describe or reference solutions and workarounds to resolve them.
Remote management and Remote Assistance problems
Shortly after deploying SP2 on my own network, I tried to use the Microsoft Group Policy Management Console (GPMC) to run the Group Policy Results wizard remotely so that I could verify that certain Group Policy settings had been applied to my Windows XP computers. When I tried to run the wizard, however, it couldn’t connect to those computers that had SP2 installed. Abandoning the wizard, I then tried to use the Computer Management console to manage those computers, but that didn’t work either.
A quick search of the Microsoft Knowledge Base revealed the article, "You receive an "Access denied" or "The network path was not found" error message when you try to remotely manage a computer that is running Windows XP Service Pack 2," which indicated that my problem was actually not a problem at all but rather "by design." With SP2, Windows Firewall is configured by default to block TCP port 445, which means that remote computers can’t connect to computers running SP2 to manage them.
This approach illustrates a fundamental problem with trying to secure networked computers—namely, the more secure your computers are, the more difficult it becomes to administer them. True, blocking TCP port 445 can help defeat rogue administrators on your network. But think about all the legitimate administrators who were frustrated because they couldn't remotely administer their computers after installing SP2 on them. Fortunately, the workaround is easy: Simply open the TCP port on your SP2 computers.
To open the TCP port on a stand-alone computer in a workgroup
1. | On your SP2 computer, open a command prompt. |
2. | Type netsh firewall set portopening tcp 445 smb enable, and then press ENTER. |
If your computer belongs to a domain, use Group Policy instead of the Netsh command. (This procedure is described in Method 3 of the Knowledge Base article mentioned above.) Enable the policy setting named "Windows Firewall: Allow remote administration exception," and configure it so that only computers that have legitimate IP addresses on your network can connect remotely to your SP2 computers to administer them.
Note: For a good description of how to add port and program exceptions to Windows Firewall, see the Cable Guy article, "Manually Configuring Windows Firewall in Windows XP Service Pack 2." For more detailed steps for opening ports, including how to use Netsh to add exceptions from the command line, see the Microsoft Knowledge Base article, "Troubleshooting Windows Firewall settings in Windows XP Service Pack 2."
Another remote-management problem that arises after SP2 installation is that the default Windows Firewall configuration blocks offers of Remote Assistance to these computers. This behavior is documented in the Microsoft Knowledge base article, "Windows XP SP2 Firewall blocks offers of Remote Assistance," which also provides steps for resolving the problem.
Problems with antivirus software
Several problems can arise with older antivirus software running on Windows XP SP2–based computers. These problems can range from antivirus programs failing to scan computers properly, to loss of functionality for Microsoft Internet Explorer, Outlook Express, and other Windows components. Fortunately, you can avoid most of these problems by following correct procedure.
Step 1: Check the software vendor's Web site
If our antivirus software vendor has identified any special compatibility problems between the antivirus software and SP2, you'll find information and specific instructions on their Web site. For example, Symantec has a special section of their Web site dedicated to SP2 issues: You should read this information carefully if you use Symantec's products.
Step 2: Install antivirus software after SP2 installation
If you haven't yet installed antivirus software on your computer, don't install it until after you have upgraded the computer to SP2.
Step 3: Disable installed antivirus software until SP2 installation is complete
If the antivirus software you're running is SP2 compatible, disable the antivirus program before you install SP2 on that computer. Enable it again after the upgrade is complete. See this newsgroup thread for more information.
Important: Before you disable your antivirus program, make sure its signature files are current, then use the program to perform a full scan of your hard disk drive. Many reported problems associated with installing SP2 actually arose not from SP2 itself, but from installing a service pack on systems that were already infected with viruses, Trojans, and the like. You must make sure that your system is clean before installing any service pack or update! (For more information, see Charlie Russel's "Getting and Installing Windows XP Service Pack 2.")
Printing problems
I've also run across occasional reports of problems printing from computers on which SP2 is installed. These issues are typically the result of incompatible printer drivers. You can usually resolve them by downloading the latest version of the driver for your model of print device from the printer vendor's Web site.
Problems accessing FTP sites
Another fairly common issue I see on discussion boards concerns FTP programs not working after SP2 installation. FTPplanet.com is a popular blog that includes discussion boards on which users can post their questions about FTP programs. FTPplanet.com has a page devoted to SP2 issues. FTPplanet.com also links to threads listing many helpful suggestions and workarounds.
For example, many users complained that one popular FTP client—WS_FTP—stopped working after they installed SP2, and they couldn't connect to public FTP servers to download files. One user found a solution by disabling passive FTP transfers in the WS_FTP configuration settings (this solution varies with the FTP client version). However, Ipswitch, the makers of WS_FTP, have a more helpful solution and an explanation of the cause in a knowledge base article on their Web site. The solution involves adding the FTP client program to the program exceptions list for Windows Firewall. This allows the FTP client to "listen" for ephemeral inbound connections from the FTP server.
Problems with non-Microsoft applications
Besides antivirus and FTP programs, some other non-Microsoft applications, including earlier network backup programs, peer-to-peer clients, streaming media programs, and online games (see Joel Durham's "How Windows XP Service Pack 2 Affects Gaming"), don't work on computers running SP2. Other categories of applications are described in the Microsoft Knowledge Base article, "Some programs seem to stop working after you install Windows XP Service Pack 2." You can resolve most of these problems simply by adding the appropriate exception to the port or program list for Windows Firewall. The Knowledge Base article just mentioned describes these workarounds.
There are also some older applications (and a few new ones) as documented in the Microsoft Knowledge Base article "Programs that are known to experience a loss of functionality when they run on a Windows XP Service Pack 2-based computer" that just won't work with SP2 and for which Microsoft doesn't offer a workaround. If you run any of the programs listed, however, don't despair—check the vendor's Web site to see whether a fix is available. If not, you might have to upgrade to a later version of the application or change to a similar but compatible application from a different vendor.
Follow best practices
Let me end with a quick summary of some best practices for avoiding or resolving application compatibility problems. These practices apply to installing not only SP2 but also any service pack or update:
| • | Always run a full virus scan on your system before installing any service pack or update. This simple step will likely prevent 80 percent of potential application compatibility issues. |
| • | Always check the vendor Web sites for your installed non-Microsoft applications before installing any service pack or update. This step will typically provide you with fixes and workarounds to solve most of the remaining 20 percent of compatibility problems, or it may require you to upgrade to a later version of the vendor's application, wait for a fix to be released before updating your system, or (as a last resort) switch to a different vendor's product. |
