11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW Determine whether a network...
-
Upload
percival-palmer -
Category
Documents
-
view
218 -
download
0
Transcript of 11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW Determine whether a network...
Chapter 12: TROUBLESHOOTING 2
OVERVIEW
Determine whether a network communications problem is related to TCP/IP.
Understand how TCP/IP client configuration problems can affect computer performance.
List the reasons why a DHCP client might fail to obtain an IP address from a DHCP server.
List the reasons a DNS client might experience name resolution failures, might supply incorrect information, and might be unable to resolve names for which it is not the authority.
Chapter 12: TROUBLESHOOTING 3
OVERVIEW (continued)
Use TCP/IP tools to isolate a router problem.
Check an RRAS installation for configuration problems.
Troubleshoot static and dynamic routing problems.
Determine the location of an Internet access problem.
Chapter 12: TROUBLESHOOTING 4
OVERVIEW (continued)
Understand client configuration problems and router, NAT, and proxy server problems that can interrupt Internet access.
List possible causes of IPSec policy mismatches.
Describe the functions of the IP Security Monitor and the Resultant Set of Policy (RSoP) snap-ins.
Chapter 12: TROUBLESHOOTING 5
TROUBLESHOOTING TCP/IP ADDRESSING
Isolating TCP/IP problems
Troubleshooting client configuration problems
Chapter 12: TROUBLESHOOTING 6
ISOLATING TCP/IP PROBLEMS
Many problems can cause what appears to be a TCP/IP error when in fact the underlying hardware or network infrastructure is at fault.
Determine if there is a problem with the physical configuration of the system by attempting to access the network using a different protocol.
Check physical elements, such as networking cabling, and hardware devices, such as hubs, switches, and routers.
Chapter 12: TROUBLESHOOTING 7
TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS
Duplicate IP addresses are a cause of many problems on networks that use static IP address configuration.
Attempting to connect a system to the network with a duplicate IP address will prevent the system from communicating on the network.
Implementing DHCP all but eliminates issues with IP address conflicts.
Chapter 12: TROUBLESHOOTING 8
INCORRECT SUBNET MASKS
Two systems on the same physical network segment with two different subnet masks will be unable to communicate.
Use ipconfig /all to determine that the correct subnet mask values have been configured.
Configuring IP addressing via DHCP should eliminate subnet mask addressing conflicts.
Chapter 12: TROUBLESHOOTING 9
INCORRECT DEFAULT GATEWAY ADDRESSES
An incorrect default gateway address will prevent communication with systems on other subnets or networks.
Use ipconfig /all to view the configured default gateway address.
Chapter 12: TROUBLESHOOTING 10
NAME RESOLUTION FAILURES
Ensure that a name resolution failure is not due to a connectivity problem.
Attempt to connect to the target system using an IP address instead of a host name.
Examine name resolution methods such as the HOSTS file, DNS server configurations, LMHOSTS file, or WINS for possible problems.
Chapter 12: TROUBLESHOOTING 11
TROUBLESHOOTING DHCP PROBLEMS
Failure to contact a DHCP server
Failure to obtain an IP address
Failure to obtain correct DHCP options
Chapter 12: TROUBLESHOOTING 12
FAILURE TO CONTACT A DHCP SERVER
On non-APIPA-capable systems, an IP address of 0.0.0.0 will be assigned by the system.
On systems that support APIPA, an address in the 169.254 range will be assigned by the system, provided connectivity to the network can be established.
For DHCP servers on different subnets, relay agents will be required to forward DHCP broadcasts across routers.
Chapter 12: TROUBLESHOOTING 13
FAILURE TO OBTAIN AN IP ADDRESS
Check the configuration of the DHCP scopes on the server.
Ensure that the DHCP server has a scope for each of the subnets it is designed to service.
Ensure that sufficient IP addresses are available within the scope to service requests.
Chapter 12: TROUBLESHOOTING 14
FAILURE TO OBTAIN CORRECT DHCP OPTIONS
If a system is able to obtain an IP address but cannot connect to a remote system, the default gateway specified in the scope may be incorrect.
Server scope options apply to all scopes on the DHCP server. Scope options are specific to each scope.
Chapter 12: TROUBLESHOOTING 15
TROUBLESHOOTING NAME RESOLUTION
Troubleshooting client configuration problems
Troubleshooting DNS server problems
Chapter 12: TROUBLESHOOTING 16
TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS
Commence name resolution troubleshooting only after verifying the correct operation of TCP/IP.
Use ipconfig /all to determine that at least one valid DNS server is configured.
Verify connectivity to that server using Ping.
Chapter 12: TROUBLESHOOTING 17
TROUBLESHOOTING DNS SERVER PROBLEMS
Non-functioning DNS servers
Incorrect name resolutions
Outside name resolution failures
Chapter 12: TROUBLESHOOTING 19
TROUBLESHOOTING INCORRECT NAME RESOLUTIONS
An incorrect name resolution occurs when a host address is resolved to the wrong IP address.
Incorrect name resolutions can be caused by Incorrect resource records
Failure of dynamic updates
Zone transfer failures
Chapter 12: TROUBLESHOOTING 21
TROUBLESHOOTING TCP/IP ROUTING
Isolating router problems
Troubleshooting the Routing and Remote Access configuration
Troubleshooting the routing table
Chapter 12: TROUBLESHOOTING 22
ISOLATING ROUTER PROBLEMS
Three primary tools are used for isolating router problems: Ping.exe
Tracert.exe
Pathping.exe
Chapter 12: TROUBLESHOOTING 23
USING PING.EXE
Ping the computer’s loopback address (127.0.0.1).
Ping the computer’s own IP address. Ping the IP address of another computer on
the same LAN. Ping the DNS name of another computer on
the same LAN. Ping the computer’s designated default
gateway address. Ping computers on another network that are
accessible through the default gateway.
Chapter 12: TROUBLESHOOTING 24
USING TRACERT.EXE
Like Ping, allows you to verify that a remote system is available on the network
Reports on every hop between source and destination and reports the time taken to complete the round trip
Allows you to identify the point on the journey at which the problem exists
Chapter 12: TROUBLESHOOTING 25
USING PATHPING.EXE
Traces a path to a particular destination and displays the names and addresses of the routers along the path
Reports packet loss rates at each of the routers on the path
Useful for diagnosing issues where data loss or transmission delays are being experienced
Chapter 12: TROUBLESHOOTING 26
TROUBLESHOOTING THE ROUTING AND REMOTE ACCESS SERVICE CONFIGURATION (RRAS) Verify that the Routing and Remote Access
Service is running.
Verify that routing is enabled.
Check the TCP/IP configuration settings.
Check the IP addresses of the router interfaces.
Chapter 12: TROUBLESHOOTING 27
TROUBLESHOOTING THE ROUTING TABLE
Troubleshooting static routing
Troubleshooting dynamic routing
Chapter 12: TROUBLESHOOTING 30
TROUBLESHOOTING INTERNET CONNECTIVITY
Determining the scope of the problem
Diagnosing client configuration problems
Diagnosing NAT and proxy server problems
Diagnosing Internet connection problems
Chapter 12: TROUBLESHOOTING 31
DETERMINING THE SCOPE OF THE PROBLEM
Try to reproduce the Internet connectivity error and note the results.
Determine if the problem is a general connectivity issue or is confined only to Internet access.
Determine the source of the issue and troubleshoot as appropriate.
Chapter 12: TROUBLESHOOTING 32
DIAGNOSING CLIENT CONFIGURATION PROBLEMS
Check the basic TCP/IP configuration parameters.
Check that the default gateway configuration is correct.
Check that the router acting as the default gateway is configured to forward Internet traffic properly.
Chapter 12: TROUBLESHOOTING 33
DIAGNOSING NAT AND PROXY SERVER PROBLEMS
Check the TCP/IP configuration on all interfaces of the system acting as a NAT or proxy server.
Ensure that the NAT implementation is configured to work with the unregistered IP addresses you have assigned to the client computers.
Verify that the proxy server is not blocking access because of an authentication failure or a policy restriction.
Chapter 12: TROUBLESHOOTING 34
DIAGNOSING INTERNET CONNECTION PROBLEMS
If the Internet access router is a system other than that acting as the NAT or proxy server, check the configuration and physical connectivity.
If you have WAN hardware such as CSU/DSU, cable modem, or external ISDN adapters, cycle the power on those devices.
Contact your ISP to determine if they are aware of a problem or can assist in diagnosing and correcting your problem.
Chapter 12: TROUBLESHOOTING 35
TROUBLESHOOTING DATA TRANSMISSION SECURITY
Troubleshooting policy mismatches
Using the IP Security Monitor snap-in
Using the Resultant Set of Policy snap-in
Examining IPSec traffic
Chapter 12: TROUBLESHOOTING 36
TROUBLESHOOTING POLICY MISMATCHES
Incompatible IPSec policies or policy settings can be a common source of problems.
Policy mismatches are recorded in the Security log of Event Viewer.
Current policy settings can be viewed via the Security Monitor snap-in or the Resultant Set of Policy snap-in.
Chapter 12: TROUBLESHOOTING 40
CHAPTER SUMMARY
Duplicate IP addresses can cause both of the computers involved to malfunction.
An incorrect subnet mask makes the computer appear to be on a different network, preventing LAN communications.
When a Windows Server 2003 DHCP client fails to make contact with a DHCP server, the client computer uses APIPA to assign itself an IP address.
Chapter 12: TROUBLESHOOTING 41
CHAPTER SUMMARY (continued)
Ping.exe, the most basic TCP/IP connectivity testing tool, uses ICMP Echo messages to determine if another system on the network is functioning properly.
Tracert.exe is a command line tool that can help
you locate a nonfunctioning router on the network.
Pathping.exe is a tool that sends large numbers of test messages to each router on the path to a destination and compiles statistics regarding dropped packets.
Chapter 12: TROUBLESHOOTING 42
CHAPTER SUMMARY (continued)
For an RRAS router to use either Routing Information Protocol (RIP) or OSPF, you must install the routing protocol and select the interfaces over which it will transmit messages.
If a Windows Server 2003 DNS server computer is accessible from the network but is not resolving names, the DNS Server service might not be running.
An incorrect default gateway address or a malfunctioning default gateway router can hinder Internet connectivity while leaving local communications intact.
Chapter 12: TROUBLESHOOTING 43
CHAPTER SUMMARY (continued)
NAT routers and proxy servers have network interfaces just like client computers, and they must have correct TCP/IP client configuration parameters.
If no other components are at fault, the Internet access router or the WAN connection to the ISP might be the cause of an Internet connection problem.
The IP Security Monitor snap-in displays information about the IPSec policy currently in effect on a particular computer, as well as IPSec statistics.