Remote Access Service (RAS) Entries

The RemoteAccess subkey is created in the Registry when you install RAS on a server, using the Network icon in Control Panel. The default values in RemoteAccess and its subkeys work well for all Windows NT operations such as copying files, using network resources, and sending and receiving electronic mail. However, for some systems, you may want to adjust individual parameters to suit your particular performance and security needs.

Initially, there are no value entries in the Registry for the Remote Access subkey or its subkeys until you add them with new settings. (The only exception is EnableNetbiosGateway, the NetBIOS parameter.) Unlisted value entries are set to their default values, as described in this section.

For information on Remote Access configuration files and other parameters, see Appendix B, "Configuration Files," in the Windows NT Remote Access Service Administrator's Guide.

The subkeys under the Remote Access subkey in HKEY_LOCAL_MACHINE
\SYSTEM\CurrentControlSet\Services\ include the following:

See also WanNameQueryRetries in "NBF (NetBEUI) Transport Entries," earlier in this chapter.

Remote Access Parameters Subkey Entries

The Parameters subkey for Remote Access has the following Registry path:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\RemoteAccess\Parameters

For changes to take effect, you must stop and restart the Remote Access service. The functions and settings of these value entries are as follows:

AuthenticateRetries REG_DWORD 0 to 10

Sets the maximum number of unsuccessful retries allowed if the initial attempt at authentication fails.

Default: 2

AuthenticateTime REG_DWORD 20 to 600 seconds

Sets the maximum time limit within which a user must be successfully authenticated. If the client does not initiate the authentication process within this time, the user is disconnected.

Default: 120 seconds

CallbackTime REG_DWORD 2 to 12 seconds

Sets the time interval that the server waits before calling the client back when the Callback feature has been set. Each client communicates the value of its own callback time when connecting to a Remote Access server. If this value is not communicated (that is, if the client does not communicate a value for the callback time, as with Remote Access 1.0 and 1.1 clients), the value of the CallbackTime parameter becomes the default.

Default: 2 seconds

EnableAudit REG_DWORD 0 or 1

Determines whether Remote Access auditing is turned on or off. If this feature is enabled, all audits are recorded in the Security event log, which you can view using Event Viewer.

Default: 1 (enabled)

NetbiosGatewayEnabled REG_DWORD 0 or 1

Caution Do not change this value in Registry Editor, because various network bindings must also be changed. This parameter should only be changed by using the RAS Setup program.

Makes the server function like a NetBIOS gateway, allowing clients to access the LAN. If disabled, remote clients can access only the resources on the Remote Access server in a point-to-point connection; dial-in users cannot see the network or access network resources.

Default: 1 (enabled)

RAS NetBIOSGateway Subkey Entries

The Registry path for these entries is the following:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\RemoteAccess\Parameters

AutoDisconnect REG_DWORD 0 to 1000 minutes

Sets the time interval after which inactive connections are terminated. Inactivity is measured by lack of NetBIOS session data transfer, such as copying files, accessing network resources, and sending and receiving electronic mail. You may want to set this value to 0 seconds if clients are running NetBIOS datagram applications. Setting this value to 0 turns off AutoDisconnect.

Default: 20 minutes

DisableMcastFwdWhenSessionTraffic REG_DWORD 0 or 1

Allows NetBIOS session traffic (for example, Windows NT-based applications) to have priority over multicast datagrams (such as server messages). In other words, multicast datagrams are transferred only when there is no session traffic. Unless you're using an application that depends on multicast datagrams, leave this parameter enabled.

Default: 1 (enabled)

EnableBroadcast REG_DWORD 0 or 1

Determines whether broadcast datagrams are forwarded to remote workstations. Broadcast datagrams are not often useful and take up too much bandwidth on a slow link. Unless you're using an application that relies on broadcast datagrams, leave this parameter disabled.

Default: 0 (disabled)

EnableNetbiosSessionsAuditing REG_DWORD 0 or 1

Enable this parameter to record in the event log the establishment of NetBIOS sessions between the remote clients and the LAN servers. Enable this parameter to track the NetBIOS resources accessed on the LAN.

Default: 0 (disabled)

MaxBcastDgBuffered REG_DWORD 16 to 255

Sets the number of broadcast datagrams that the gateway buffers for a client. If you're using an application that communicates extensively through multicast or broadcast datagrams, increase this parameter so that the Remote Access server can deliver all datagrams reliably.

Default: 32

MaxDgBufferedPerGroupName REG_DWORD 1 to 255

Sets the number of datagrams that can be buffered per group name. Increasing this value buffers more datagrams per group name but also takes up more virtual memory.

Default: 10

MaxDynMem REG_DWORD 131072 to 4294967295

Sets the amount of virtual memory used to buffer NetBIOS session data for each remote client.

Because the Remote Access server is a gateway between the slow line and the LAN, data is stored (buffered) in its memory when coming from the fast line (LAN) before it is forwarded to the slow line (asynchronous line).

The Remote Access server minimizes the usage of the system's physical memory by locking only a minimal set of pages (about 64K per client) and making use of virtual memory (up to MaxDynMem) to buffer the rest of the data. So, as long as there is enough space on the hard disk to expand PAGEFILE.SYS, you can increase this value if needed.

If you have an application with a LAN (fast) sender and an asynchronous (slow) receiver, and if the sender is sending more data at a time than the Remote Access server can buffer in MaxDynMem, the Remote Access server tries to apply a form of NetBIOS level flow control by not submitting NCB.RECEIVE on the session until it has enough buffer space to get incoming data. For this reason, if you have such an application, you should increase your NetBIOS SEND/RECEIVE time-outs so that the fast sender can keep pace with the slow receiver.

Default: 655350

MaxNames REG_DWORD 1 to 255

Sets the number of unique NetBIOS names each client can have, with a limit of 255 names for all clients together.

Remote clients running Windows NT and Windows for Workgroups may need as many as seven or eight names each. To accommodate these workstations, set the MaxNames value to 8 and reduce the number of ports on the Remote Access server. If you have Windows NT or Windows for Workgroups clients dialing in to servers running Remote Access version 1.1 or earlier, set this parameter to 8 or greater.

Default: 255

MaxSessions REG_DWORD 1 to 255

Sets the maximum number of simultaneous NetBIOS sessions each client can have, with a limit of 255 sessions for all clients together. If you have multiple clients connecting simultaneously with each running 4 or 5 sessions, decrease the value of this parameter so that the total number of sessions does not exceed 255.

Default: 255

MultiCastForwardRate REG_DWORD –1 (disabled); 0 to 32,676 seconds

Governs the multicasting of group name datagrams to all remote workstations. This parameter filters datagrams sent on group names by forwarding them at a specified time interval.

The value –1 disables forwarding. The value 0 guarantees delivery of group name datagrams. The value n forwards datagrams every n seconds, when 1£n£32,676.

If the EnableBroadcast parameter is set to 0, broadcasts are not forwarded even if the MultiCastForwardRate parameter is set to a positive number (in this case, only multicast datagrams are forwarded). The line becomes overloaded. If MultiCastForwardRate is set to –1, broadcasts are still not forwarded even if EnableBroadcast is set to 1. See also EnableBroadcast.

To save bandwidth for session traffic, filter the datagrams. However, if you have an application based on multicast datagrams, set this parameter to 0. This value guarantees delivery of all datagrams sent on group names from the LAN to the remote client.

Default: 5

NumRecvQueryIndications REG_DWORD 1 to 32

Allows a Remote Access client to initiate multiple network connections simultaneously. If a remote client is running a NetBIOS application that does multiple NCB.CALL commands simultaneously, increase this parameter to improve performance.

Default: 3

RcvDgSubmittedPerGroupName REG_DWORD 1 to 32

Determines the number of NetBIOS commands of the type Receive Datagram that can be submitted simultaneously per group name on the LAN stack. Keep this setting as small as possible to minimize the amount of memory consumed by system resources. Each datagram command received locks about 1.5K of physical memory in the system.

Default: 3

RemoteListen REG_DWORD 0 to 2

Sets the remote NCB_LISTEN capability.

Value

Meaning

0

Disables a client's ability to post NCB_LISTEN for any NetBIOS name. Because every remote listen posted consumes one session, setting this parameter to 0 saves sessions.

1

Messages. Allows clients to post NCB_LISTEN on Windows NT ServerWindows NT Server message aliases only. If a remote client is running the Messenger service, it can then receive messages from LAN users, printers, and the like.

2

All. Enables NCB_LISTEN for all remote client NetBIOS names, allowing clients to run NetBIOS server applications. This setting allows all clients to function as NetBIOS servers on the network.


It is best to leave the RemoteListen parameter set to the default, 1 (messages). Allowing NCB_LISTEN capability on remote clients can significantly drain system resources and therefore is not recommended.

If the RemoteListen parameter is set to 2, Remote Access posts an NCB_LISTEN on all NetBIOS names of Remote Access clients. Because the average Windows NT ServerWindows NT Server workstation has about seven or eight NetBIOS names assigned to it, the total number of NetBIOS names for which an NCB_LISTEN would be posted is 7 or 8 * 64 (the maximum number of clients per Remote Access server), which exceeds the 255 maximum.

Default: 1 (messages)

SizWorkBufs REG_DWORD 1024 to 65536

Sets the size of work buffers. The default setting is optimized for the server message block (SMB) protocol, the protocol between the workstation and the server running on the Windows NT ServerWindows NT Server system.

Default: 4500

RAS AsyncMAC Subkey Entries

The Registry path for these entries is the following:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\AsyncMacn\Parameters

For changes to take effect, you must restart the computer.

MaxFrameSize REG_DWORD 576 to 1514

Determines the maximum frame size. Use smaller frames for noisy links. A lower setting sends less data per frame, slowing performance. Do not change this parameter for previous versions of the Remote Access service. The value is negotiated between the server and Windows NT clients.

Default: 1514

RAS PPP Subkey Entries

The Registry path that contains entries for the Point-to-Point Protocol (PPP) service is the following:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman\PPP

ForceEncryptedPassword REG_DWORD Boolean

This is a server-side parameter only. It is used to force the use of the Crypto-Handshake Authentication Protocol while authenticating clients. This means that the cleartest password will not get sent on the wire during authentication.

Default: 1 (enabled)

MaxConfigure REG_DWORD Number

Indicates the number of Configure-Request packets sent without receiving a valid Configure-Ack, Configure-Nak or Configure-Reject before assuming that the peer is unable to respond.

Default: 10

MaxFailure REG_DWORD Number

Indicates the number of Configure-Nak packets send without sending a Configure-Ack before assuming that the configuration in not converging.

Default: 10

MaxReject REG_DWORD Number

Indicates the number of Config-Rejects sent before assuming that the PPP negotiation will not converge.

Default: 5

MaxTerminate REG_DWORD Number

Indicates the number of Terminate-Request packets sent without receiving a Terminate-Ack before assuming that the peer is unable to respond.

Default: 2

Additional PPP entries are found in the following subkey:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasman\PPP
\IPCP

PriorityBasedOnSubNetwork DWORD 0 or 1

Local and remote subnets are part of the same network number range. By default, RAS forwards packets over the RAS link when the two interfaces belong to the same network. RAS forwards packets based on the subnet number and lets you see this machine on the LAN even when called in over RAS if this value is set to 1.

Default: 0

RAS RasHub Subkey Entries

The Registry path for the RasHub subkey is the following:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasHub\Parameters

For changes to take effect, you must restart the computer.

The subkeys RasHub01 and RasHub02 show, for example, that this installation of Remote Access is configured for two COM ports. In configuring ports, you can determine whether clients have access to the Remote Access server only (point-to-point connection) or to the network.

NetworkAddress REG_SZ " xxxxxx"

Reassigns the first four bytes of the 6-byte IEEE address. For example, for the address "03-1F-2C-81-92-34" only the first four bytes are looked at.

Some applications depend on an IEEE adapter address being available. However, because the Remote Access Service uses modems (not real Ethernet adapters), it does not have an IEEE Ethernet address per se. This parameter lets you manually set an IEEE adapter address for Remote Access adapter bindings where applications demand it.

RAS RasMan Subkey Entries

The Registry path for the RasMan subkey is the following:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Parameters

Logging REG_DWORD 0 or 1

Turns on information tracking for the modem using the DEVICE.LOG file. Set this value to 1 if you have modem problems that you cannot solve following documented procedures in the Microsoft Windows NT Remote Access Administrator's Guide. Logging begins the next time you dial in to connect through RAS. You do not need to restart your computer for the DEVICE.LOG file to be created.