Download presentation
Presentation is loading. Please wait.
Published byPercival Palmer Modified over 9 years ago
1
11 TROUBLESHOOTING Chapter 12
2
Chapter 12: TROUBLESHOOTING2 OVERVIEW Determine whether a network communications problem is related to TCP/IP. Understand how TCP/IP client configuration problems can affect computer performance. List the reasons why a DHCP client might fail to obtain an IP address from a DHCP server. List the reasons a DNS client might experience name resolution failures, might supply incorrect information, and might be unable to resolve names for which it is not the authority. Determine whether a network communications problem is related to TCP/IP. Understand how TCP/IP client configuration problems can affect computer performance. List the reasons why a DHCP client might fail to obtain an IP address from a DHCP server. List the reasons a DNS client might experience name resolution failures, might supply incorrect information, and might be unable to resolve names for which it is not the authority.
3
Chapter 12: TROUBLESHOOTING3 OVERVIEW (continued) Use TCP/IP tools to isolate a router problem. Check an RRAS installation for configuration problems. Troubleshoot static and dynamic routing problems. Determine the location of an Internet access problem. Use TCP/IP tools to isolate a router problem. Check an RRAS installation for configuration problems. Troubleshoot static and dynamic routing problems. Determine the location of an Internet access problem.
4
Chapter 12: TROUBLESHOOTING4 OVERVIEW (continued) Understand client configuration problems and router, NAT, and proxy server problems that can interrupt Internet access. List possible causes of IPSec policy mismatches. Describe the functions of the IP Security Monitor and the Resultant Set of Policy (RSoP) snap-ins. Understand client configuration problems and router, NAT, and proxy server problems that can interrupt Internet access. List possible causes of IPSec policy mismatches. Describe the functions of the IP Security Monitor and the Resultant Set of Policy (RSoP) snap-ins.
5
Chapter 12: TROUBLESHOOTING5 TROUBLESHOOTING TCP/IP ADDRESSING Isolating TCP/IP problems Troubleshooting client configuration problems Isolating TCP/IP problems Troubleshooting client configuration problems
6
Chapter 12: TROUBLESHOOTING6 ISOLATING TCP/IP PROBLEMS Many problems can cause what appears to be a TCP/IP error when in fact the underlying hardware or network infrastructure is at fault. Determine if there is a problem with the physical configuration of the system by attempting to access the network using a different protocol. Check physical elements, such as networking cabling, and hardware devices, such as hubs, switches, and routers. Many problems can cause what appears to be a TCP/IP error when in fact the underlying hardware or network infrastructure is at fault. Determine if there is a problem with the physical configuration of the system by attempting to access the network using a different protocol. Check physical elements, such as networking cabling, and hardware devices, such as hubs, switches, and routers.
7
Chapter 12: TROUBLESHOOTING7 TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS Duplicate IP addresses are a cause of many problems on networks that use static IP address configuration. Attempting to connect a system to the network with a duplicate IP address will prevent the system from communicating on the network. Implementing DHCP all but eliminates issues with IP address conflicts. Duplicate IP addresses are a cause of many problems on networks that use static IP address configuration. Attempting to connect a system to the network with a duplicate IP address will prevent the system from communicating on the network. Implementing DHCP all but eliminates issues with IP address conflicts.
8
Chapter 12: TROUBLESHOOTING8 INCORRECT SUBNET MASKS Two systems on the same physical network segment with two different subnet masks will be unable to communicate. Use ipconfig /all to determine that the correct subnet mask values have been configured. Configuring IP addressing via DHCP should eliminate subnet mask addressing conflicts. Two systems on the same physical network segment with two different subnet masks will be unable to communicate. Use ipconfig /all to determine that the correct subnet mask values have been configured. Configuring IP addressing via DHCP should eliminate subnet mask addressing conflicts.
9
Chapter 12: TROUBLESHOOTING9 INCORRECT DEFAULT GATEWAY ADDRESSES An incorrect default gateway address will prevent communication with systems on other subnets or networks. Use ipconfig /all to view the configured default gateway address. An incorrect default gateway address will prevent communication with systems on other subnets or networks. Use ipconfig /all to view the configured default gateway address.
10
Chapter 12: TROUBLESHOOTING10 NAME RESOLUTION FAILURES Ensure that a name resolution failure is not due to a connectivity problem. Attempt to connect to the target system using an IP address instead of a host name. Examine name resolution methods such as the HOSTS file, DNS server configurations, LMHOSTS file, or WINS for possible problems. Ensure that a name resolution failure is not due to a connectivity problem. Attempt to connect to the target system using an IP address instead of a host name. Examine name resolution methods such as the HOSTS file, DNS server configurations, LMHOSTS file, or WINS for possible problems.
11
Chapter 12: TROUBLESHOOTING11 TROUBLESHOOTING DHCP PROBLEMS Failure to contact a DHCP server Failure to obtain an IP address Failure to obtain correct DHCP options Failure to contact a DHCP server Failure to obtain an IP address Failure to obtain correct DHCP options
12
Chapter 12: TROUBLESHOOTING12 FAILURE TO CONTACT A DHCP SERVER On non-APIPA-capable systems, an IP address of 0.0.0.0 will be assigned by the system. On systems that support APIPA, an address in the 169.254 range will be assigned by the system, provided connectivity to the network can be established. For DHCP servers on different subnets, relay agents will be required to forward DHCP broadcasts across routers. On non-APIPA-capable systems, an IP address of 0.0.0.0 will be assigned by the system. On systems that support APIPA, an address in the 169.254 range will be assigned by the system, provided connectivity to the network can be established. For DHCP servers on different subnets, relay agents will be required to forward DHCP broadcasts across routers.
13
Chapter 12: TROUBLESHOOTING13 FAILURE TO OBTAIN AN IP ADDRESS Check the configuration of the DHCP scopes on the server. Ensure that the DHCP server has a scope for each of the subnets it is designed to service. Ensure that sufficient IP addresses are available within the scope to service requests. Check the configuration of the DHCP scopes on the server. Ensure that the DHCP server has a scope for each of the subnets it is designed to service. Ensure that sufficient IP addresses are available within the scope to service requests.
14
Chapter 12: TROUBLESHOOTING14 FAILURE TO OBTAIN CORRECT DHCP OPTIONS If a system is able to obtain an IP address but cannot connect to a remote system, the default gateway specified in the scope may be incorrect. Server scope options apply to all scopes on the DHCP server. Scope options are specific to each scope. If a system is able to obtain an IP address but cannot connect to a remote system, the default gateway specified in the scope may be incorrect. Server scope options apply to all scopes on the DHCP server. Scope options are specific to each scope.
15
Chapter 12: TROUBLESHOOTING15 TROUBLESHOOTING NAME RESOLUTION Troubleshooting client configuration problems Troubleshooting DNS server problems Troubleshooting client configuration problems Troubleshooting DNS server problems
16
Chapter 12: TROUBLESHOOTING16 TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS Commence name resolution troubleshooting only after verifying the correct operation of TCP/IP. Use ipconfig /all to determine that at least one valid DNS server is configured. Verify connectivity to that server using Ping. Commence name resolution troubleshooting only after verifying the correct operation of TCP/IP. Use ipconfig /all to determine that at least one valid DNS server is configured. Verify connectivity to that server using Ping.
17
Chapter 12: TROUBLESHOOTING17 TROUBLESHOOTING DNS SERVER PROBLEMS Non-functioning DNS servers Incorrect name resolutions Outside name resolution failures Non-functioning DNS servers Incorrect name resolutions Outside name resolution failures
18
Chapter 12: TROUBLESHOOTING18 NON-FUNCTIONING DNS SERVERS
19
Chapter 12: TROUBLESHOOTING19 TROUBLESHOOTING INCORRECT NAME RESOLUTIONS An incorrect name resolution occurs when a host address is resolved to the wrong IP address. Incorrect name resolutions can be caused by Incorrect resource records Failure of dynamic updates Zone transfer failures An incorrect name resolution occurs when a host address is resolved to the wrong IP address. Incorrect name resolutions can be caused by Incorrect resource records Failure of dynamic updates Zone transfer failures
20
Chapter 12: TROUBLESHOOTING20 TROUBLESHOOTING OUTSIDE NAME RESOLUTION FAILURES
21
Chapter 12: TROUBLESHOOTING21 TROUBLESHOOTING TCP/IP ROUTING Isolating router problems Troubleshooting the Routing and Remote Access configuration Troubleshooting the routing table Isolating router problems Troubleshooting the Routing and Remote Access configuration Troubleshooting the routing table
22
Chapter 12: TROUBLESHOOTING22 ISOLATING ROUTER PROBLEMS Three primary tools are used for isolating router problems: Ping.exe Tracert.exe Pathping.exe Three primary tools are used for isolating router problems: Ping.exe Tracert.exe Pathping.exe
23
Chapter 12: TROUBLESHOOTING23 USING PING.EXE Ping the computer’s loopback address (127.0.0.1). Ping the computer’s own IP address. Ping the IP address of another computer on the same LAN. Ping the DNS name of another computer on the same LAN. Ping the computer’s designated default gateway address. Ping computers on another network that are accessible through the default gateway. Ping the computer’s loopback address (127.0.0.1). Ping the computer’s own IP address. Ping the IP address of another computer on the same LAN. Ping the DNS name of another computer on the same LAN. Ping the computer’s designated default gateway address. Ping computers on another network that are accessible through the default gateway.
24
Chapter 12: TROUBLESHOOTING24 USING TRACERT.EXE Like Ping, allows you to verify that a remote system is available on the network Reports on every hop between source and destination and reports the time taken to complete the round trip Allows you to identify the point on the journey at which the problem exists Like Ping, allows you to verify that a remote system is available on the network Reports on every hop between source and destination and reports the time taken to complete the round trip Allows you to identify the point on the journey at which the problem exists
25
Chapter 12: TROUBLESHOOTING25 USING PATHPING.EXE Traces a path to a particular destination and displays the names and addresses of the routers along the path Reports packet loss rates at each of the routers on the path Useful for diagnosing issues where data loss or transmission delays are being experienced Traces a path to a particular destination and displays the names and addresses of the routers along the path Reports packet loss rates at each of the routers on the path Useful for diagnosing issues where data loss or transmission delays are being experienced
26
Chapter 12: TROUBLESHOOTING26 TROUBLESHOOTING THE ROUTING AND REMOTE ACCESS SERVICE CONFIGURATION (RRAS) Verify that the Routing and Remote Access Service is running. Verify that routing is enabled. Check the TCP/IP configuration settings. Check the IP addresses of the router interfaces. Verify that the Routing and Remote Access Service is running. Verify that routing is enabled. Check the TCP/IP configuration settings. Check the IP addresses of the router interfaces.
27
Chapter 12: TROUBLESHOOTING27 TROUBLESHOOTING THE ROUTING TABLE Troubleshooting static routing Troubleshooting dynamic routing Troubleshooting static routing Troubleshooting dynamic routing
28
Chapter 12: TROUBLESHOOTING28 TROUBLESHOOTING STATIC ROUTING
29
Chapter 12: TROUBLESHOOTING29 TROUBLESHOOTING ROUTING PROTOCOLS
30
Chapter 12: TROUBLESHOOTING30 TROUBLESHOOTING INTERNET CONNECTIVITY Determining the scope of the problem Diagnosing client configuration problems Diagnosing NAT and proxy server problems Diagnosing Internet connection problems Determining the scope of the problem Diagnosing client configuration problems Diagnosing NAT and proxy server problems Diagnosing Internet connection problems
31
Chapter 12: TROUBLESHOOTING31 DETERMINING THE SCOPE OF THE PROBLEM Try to reproduce the Internet connectivity error and note the results. Determine if the problem is a general connectivity issue or is confined only to Internet access. Determine the source of the issue and troubleshoot as appropriate. Try to reproduce the Internet connectivity error and note the results. Determine if the problem is a general connectivity issue or is confined only to Internet access. Determine the source of the issue and troubleshoot as appropriate.
32
Chapter 12: TROUBLESHOOTING32 DIAGNOSING CLIENT CONFIGURATION PROBLEMS Check the basic TCP/IP configuration parameters. Check that the default gateway configuration is correct. Check that the router acting as the default gateway is configured to forward Internet traffic properly. Check the basic TCP/IP configuration parameters. Check that the default gateway configuration is correct. Check that the router acting as the default gateway is configured to forward Internet traffic properly.
33
Chapter 12: TROUBLESHOOTING33 DIAGNOSING NAT AND PROXY SERVER PROBLEMS Check the TCP/IP configuration on all interfaces of the system acting as a NAT or proxy server. Ensure that the NAT implementation is configured to work with the unregistered IP addresses you have assigned to the client computers. Verify that the proxy server is not blocking access because of an authentication failure or a policy restriction. Check the TCP/IP configuration on all interfaces of the system acting as a NAT or proxy server. Ensure that the NAT implementation is configured to work with the unregistered IP addresses you have assigned to the client computers. Verify that the proxy server is not blocking access because of an authentication failure or a policy restriction.
34
Chapter 12: TROUBLESHOOTING34 DIAGNOSING INTERNET CONNECTION PROBLEMS If the Internet access router is a system other than that acting as the NAT or proxy server, check the configuration and physical connectivity. If you have WAN hardware such as CSU/DSU, cable modem, or external ISDN adapters, cycle the power on those devices. Contact your ISP to determine if they are aware of a problem or can assist in diagnosing and correcting your problem. If the Internet access router is a system other than that acting as the NAT or proxy server, check the configuration and physical connectivity. If you have WAN hardware such as CSU/DSU, cable modem, or external ISDN adapters, cycle the power on those devices. Contact your ISP to determine if they are aware of a problem or can assist in diagnosing and correcting your problem.
35
Chapter 12: TROUBLESHOOTING35 TROUBLESHOOTING DATA TRANSMISSION SECURITY Troubleshooting policy mismatches Using the IP Security Monitor snap-in Using the Resultant Set of Policy snap-in Examining IPSec traffic Troubleshooting policy mismatches Using the IP Security Monitor snap-in Using the Resultant Set of Policy snap-in Examining IPSec traffic
36
Chapter 12: TROUBLESHOOTING36 TROUBLESHOOTING POLICY MISMATCHES Incompatible IPSec policies or policy settings can be a common source of problems. Policy mismatches are recorded in the Security log of Event Viewer. Current policy settings can be viewed via the Security Monitor snap-in or the Resultant Set of Policy snap-in. Incompatible IPSec policies or policy settings can be a common source of problems. Policy mismatches are recorded in the Security log of Event Viewer. Current policy settings can be viewed via the Security Monitor snap-in or the Resultant Set of Policy snap-in.
37
Chapter 12: TROUBLESHOOTING37 USING THE IP SECURITY MONITOR SNAP-IN
38
Chapter 12: TROUBLESHOOTING38 USING THE RESULTANT SET OF POLICY SNAP-IN
39
Chapter 12: TROUBLESHOOTING39 EXAMINING IPSEC TRAFFIC
40
Chapter 12: TROUBLESHOOTING40 CHAPTER SUMMARY Duplicate IP addresses can cause both of the computers involved to malfunction. An incorrect subnet mask makes the computer appear to be on a different network, preventing LAN communications. When a Windows Server 2003 DHCP client fails to make contact with a DHCP server, the client computer uses APIPA to assign itself an IP address. Duplicate IP addresses can cause both of the computers involved to malfunction. An incorrect subnet mask makes the computer appear to be on a different network, preventing LAN communications. When a Windows Server 2003 DHCP client fails to make contact with a DHCP server, the client computer uses APIPA to assign itself an IP address.
41
Chapter 12: TROUBLESHOOTING41 CHAPTER SUMMARY (continued) Ping.exe, the most basic TCP/IP connectivity testing tool, uses ICMP Echo messages to determine if another system on the network is functioning properly. Tracert.exe is a command line tool that can help you locate a nonfunctioning router on the network. Pathping.exe is a tool that sends large numbers of test messages to each router on the path to a destination and compiles statistics regarding dropped packets. Ping.exe, the most basic TCP/IP connectivity testing tool, uses ICMP Echo messages to determine if another system on the network is functioning properly. Tracert.exe is a command line tool that can help you locate a nonfunctioning router on the network. Pathping.exe is a tool that sends large numbers of test messages to each router on the path to a destination and compiles statistics regarding dropped packets.
42
Chapter 12: TROUBLESHOOTING42 CHAPTER SUMMARY (continued) For an RRAS router to use either Routing Information Protocol (RIP) or OSPF, you must install the routing protocol and select the interfaces over which it will transmit messages. If a Windows Server 2003 DNS server computer is accessible from the network but is not resolving names, the DNS Server service might not be running. An incorrect default gateway address or a malfunctioning default gateway router can hinder Internet connectivity while leaving local communications intact. For an RRAS router to use either Routing Information Protocol (RIP) or OSPF, you must install the routing protocol and select the interfaces over which it will transmit messages. If a Windows Server 2003 DNS server computer is accessible from the network but is not resolving names, the DNS Server service might not be running. An incorrect default gateway address or a malfunctioning default gateway router can hinder Internet connectivity while leaving local communications intact.
43
Chapter 12: TROUBLESHOOTING43 CHAPTER SUMMARY (continued) NAT routers and proxy servers have network interfaces just like client computers, and they must have correct TCP/IP client configuration parameters. If no other components are at fault, the Internet access router or the WAN connection to the ISP might be the cause of an Internet connection problem. The IP Security Monitor snap-in displays information about the IPSec policy currently in effect on a particular computer, as well as IPSec statistics. NAT routers and proxy servers have network interfaces just like client computers, and they must have correct TCP/IP client configuration parameters. If no other components are at fault, the Internet access router or the WAN connection to the ISP might be the cause of an Internet connection problem. The IP Security Monitor snap-in displays information about the IPSec policy currently in effect on a particular computer, as well as IPSec statistics.
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.