Presentation is loading. Please wait.

Presentation is loading. Please wait.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Similar presentations


Presentation on theme: "11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand."— Presentation transcript:

1 11 TROUBLESHOOTING Chapter 12

2 Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand how TCP/IP client configuration problems can affect computer performance.  List the reasons why a DHCP client might fail to obtain an IP address from a DHCP server.  List the reasons a DNS client might experience name resolution failures, might supply incorrect information, and might be unable to resolve names for which it is not the authority.  Determine whether a network communications problem is related to TCP/IP.  Understand how TCP/IP client configuration problems can affect computer performance.  List the reasons why a DHCP client might fail to obtain an IP address from a DHCP server.  List the reasons a DNS client might experience name resolution failures, might supply incorrect information, and might be unable to resolve names for which it is not the authority.

3 Chapter 12: TROUBLESHOOTING3 OVERVIEW (continued)  Use TCP/IP tools to isolate a router problem.  Check an RRAS installation for configuration problems.  Troubleshoot static and dynamic routing problems.  Determine the location of an Internet access problem.  Use TCP/IP tools to isolate a router problem.  Check an RRAS installation for configuration problems.  Troubleshoot static and dynamic routing problems.  Determine the location of an Internet access problem.

4 Chapter 12: TROUBLESHOOTING4 OVERVIEW (continued)  Understand client configuration problems and router, NAT, and proxy server problems that can interrupt Internet access.  List possible causes of IPSec policy mismatches.  Describe the functions of the IP Security Monitor and the Resultant Set of Policy (RSoP) snap-ins.  Understand client configuration problems and router, NAT, and proxy server problems that can interrupt Internet access.  List possible causes of IPSec policy mismatches.  Describe the functions of the IP Security Monitor and the Resultant Set of Policy (RSoP) snap-ins.

5 Chapter 12: TROUBLESHOOTING5 TROUBLESHOOTING TCP/IP ADDRESSING  Isolating TCP/IP problems  Troubleshooting client configuration problems  Isolating TCP/IP problems  Troubleshooting client configuration problems

6 Chapter 12: TROUBLESHOOTING6 ISOLATING TCP/IP PROBLEMS  Many problems can cause what appears to be a TCP/IP error when in fact the underlying hardware or network infrastructure is at fault.  Determine if there is a problem with the physical configuration of the system by attempting to access the network using a different protocol.  Check physical elements, such as networking cabling, and hardware devices, such as hubs, switches, and routers.  Many problems can cause what appears to be a TCP/IP error when in fact the underlying hardware or network infrastructure is at fault.  Determine if there is a problem with the physical configuration of the system by attempting to access the network using a different protocol.  Check physical elements, such as networking cabling, and hardware devices, such as hubs, switches, and routers.

7 Chapter 12: TROUBLESHOOTING7 TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS  Duplicate IP addresses are a cause of many problems on networks that use static IP address configuration.  Attempting to connect a system to the network with a duplicate IP address will prevent the system from communicating on the network.  Implementing DHCP all but eliminates issues with IP address conflicts.  Duplicate IP addresses are a cause of many problems on networks that use static IP address configuration.  Attempting to connect a system to the network with a duplicate IP address will prevent the system from communicating on the network.  Implementing DHCP all but eliminates issues with IP address conflicts.

8 Chapter 12: TROUBLESHOOTING8 INCORRECT SUBNET MASKS  Two systems on the same physical network segment with two different subnet masks will be unable to communicate.  Use ipconfig /all to determine that the correct subnet mask values have been configured.  Configuring IP addressing via DHCP should eliminate subnet mask addressing conflicts.  Two systems on the same physical network segment with two different subnet masks will be unable to communicate.  Use ipconfig /all to determine that the correct subnet mask values have been configured.  Configuring IP addressing via DHCP should eliminate subnet mask addressing conflicts.

9 Chapter 12: TROUBLESHOOTING9 INCORRECT DEFAULT GATEWAY ADDRESSES  An incorrect default gateway address will prevent communication with systems on other subnets or networks.  Use ipconfig /all to view the configured default gateway address.  An incorrect default gateway address will prevent communication with systems on other subnets or networks.  Use ipconfig /all to view the configured default gateway address.

10 Chapter 12: TROUBLESHOOTING10 NAME RESOLUTION FAILURES  Ensure that a name resolution failure is not due to a connectivity problem.  Attempt to connect to the target system using an IP address instead of a host name.  Examine name resolution methods such as the HOSTS file, DNS server configurations, LMHOSTS file, or WINS for possible problems.  Ensure that a name resolution failure is not due to a connectivity problem.  Attempt to connect to the target system using an IP address instead of a host name.  Examine name resolution methods such as the HOSTS file, DNS server configurations, LMHOSTS file, or WINS for possible problems.

11 Chapter 12: TROUBLESHOOTING11 TROUBLESHOOTING DHCP PROBLEMS  Failure to contact a DHCP server  Failure to obtain an IP address  Failure to obtain correct DHCP options  Failure to contact a DHCP server  Failure to obtain an IP address  Failure to obtain correct DHCP options

12 Chapter 12: TROUBLESHOOTING12 FAILURE TO CONTACT A DHCP SERVER  On non-APIPA-capable systems, an IP address of 0.0.0.0 will be assigned by the system.  On systems that support APIPA, an address in the 169.254 range will be assigned by the system, provided connectivity to the network can be established.  For DHCP servers on different subnets, relay agents will be required to forward DHCP broadcasts across routers.  On non-APIPA-capable systems, an IP address of 0.0.0.0 will be assigned by the system.  On systems that support APIPA, an address in the 169.254 range will be assigned by the system, provided connectivity to the network can be established.  For DHCP servers on different subnets, relay agents will be required to forward DHCP broadcasts across routers.

13 Chapter 12: TROUBLESHOOTING13 FAILURE TO OBTAIN AN IP ADDRESS  Check the configuration of the DHCP scopes on the server.  Ensure that the DHCP server has a scope for each of the subnets it is designed to service.  Ensure that sufficient IP addresses are available within the scope to service requests.  Check the configuration of the DHCP scopes on the server.  Ensure that the DHCP server has a scope for each of the subnets it is designed to service.  Ensure that sufficient IP addresses are available within the scope to service requests.

14 Chapter 12: TROUBLESHOOTING14 FAILURE TO OBTAIN CORRECT DHCP OPTIONS  If a system is able to obtain an IP address but cannot connect to a remote system, the default gateway specified in the scope may be incorrect.  Server scope options apply to all scopes on the DHCP server. Scope options are specific to each scope.  If a system is able to obtain an IP address but cannot connect to a remote system, the default gateway specified in the scope may be incorrect.  Server scope options apply to all scopes on the DHCP server. Scope options are specific to each scope.

15 Chapter 12: TROUBLESHOOTING15 TROUBLESHOOTING NAME RESOLUTION  Troubleshooting client configuration problems  Troubleshooting DNS server problems  Troubleshooting client configuration problems  Troubleshooting DNS server problems

16 Chapter 12: TROUBLESHOOTING16 TROUBLESHOOTING CLIENT CONFIGURATION PROBLEMS  Commence name resolution troubleshooting only after verifying the correct operation of TCP/IP.  Use ipconfig /all to determine that at least one valid DNS server is configured.  Verify connectivity to that server using Ping.  Commence name resolution troubleshooting only after verifying the correct operation of TCP/IP.  Use ipconfig /all to determine that at least one valid DNS server is configured.  Verify connectivity to that server using Ping.

17 Chapter 12: TROUBLESHOOTING17 TROUBLESHOOTING DNS SERVER PROBLEMS  Non-functioning DNS servers  Incorrect name resolutions  Outside name resolution failures  Non-functioning DNS servers  Incorrect name resolutions  Outside name resolution failures

18 Chapter 12: TROUBLESHOOTING18 NON-FUNCTIONING DNS SERVERS

19 Chapter 12: TROUBLESHOOTING19 TROUBLESHOOTING INCORRECT NAME RESOLUTIONS  An incorrect name resolution occurs when a host address is resolved to the wrong IP address.  Incorrect name resolutions can be caused by  Incorrect resource records  Failure of dynamic updates  Zone transfer failures  An incorrect name resolution occurs when a host address is resolved to the wrong IP address.  Incorrect name resolutions can be caused by  Incorrect resource records  Failure of dynamic updates  Zone transfer failures

20 Chapter 12: TROUBLESHOOTING20 TROUBLESHOOTING OUTSIDE NAME RESOLUTION FAILURES

21 Chapter 12: TROUBLESHOOTING21 TROUBLESHOOTING TCP/IP ROUTING  Isolating router problems  Troubleshooting the Routing and Remote Access configuration  Troubleshooting the routing table  Isolating router problems  Troubleshooting the Routing and Remote Access configuration  Troubleshooting the routing table

22 Chapter 12: TROUBLESHOOTING22 ISOLATING ROUTER PROBLEMS  Three primary tools are used for isolating router problems:  Ping.exe  Tracert.exe  Pathping.exe  Three primary tools are used for isolating router problems:  Ping.exe  Tracert.exe  Pathping.exe

23 Chapter 12: TROUBLESHOOTING23 USING PING.EXE  Ping the computer’s loopback address (127.0.0.1).  Ping the computer’s own IP address.  Ping the IP address of another computer on the same LAN.  Ping the DNS name of another computer on the same LAN.  Ping the computer’s designated default gateway address.  Ping computers on another network that are accessible through the default gateway.  Ping the computer’s loopback address (127.0.0.1).  Ping the computer’s own IP address.  Ping the IP address of another computer on the same LAN.  Ping the DNS name of another computer on the same LAN.  Ping the computer’s designated default gateway address.  Ping computers on another network that are accessible through the default gateway.

24 Chapter 12: TROUBLESHOOTING24 USING TRACERT.EXE  Like Ping, allows you to verify that a remote system is available on the network  Reports on every hop between source and destination and reports the time taken to complete the round trip  Allows you to identify the point on the journey at which the problem exists  Like Ping, allows you to verify that a remote system is available on the network  Reports on every hop between source and destination and reports the time taken to complete the round trip  Allows you to identify the point on the journey at which the problem exists

25 Chapter 12: TROUBLESHOOTING25 USING PATHPING.EXE  Traces a path to a particular destination and displays the names and addresses of the routers along the path  Reports packet loss rates at each of the routers on the path  Useful for diagnosing issues where data loss or transmission delays are being experienced  Traces a path to a particular destination and displays the names and addresses of the routers along the path  Reports packet loss rates at each of the routers on the path  Useful for diagnosing issues where data loss or transmission delays are being experienced

26 Chapter 12: TROUBLESHOOTING26 TROUBLESHOOTING THE ROUTING AND REMOTE ACCESS SERVICE CONFIGURATION (RRAS)  Verify that the Routing and Remote Access Service is running.  Verify that routing is enabled.  Check the TCP/IP configuration settings.  Check the IP addresses of the router interfaces.  Verify that the Routing and Remote Access Service is running.  Verify that routing is enabled.  Check the TCP/IP configuration settings.  Check the IP addresses of the router interfaces.

27 Chapter 12: TROUBLESHOOTING27 TROUBLESHOOTING THE ROUTING TABLE  Troubleshooting static routing  Troubleshooting dynamic routing  Troubleshooting static routing  Troubleshooting dynamic routing

28 Chapter 12: TROUBLESHOOTING28 TROUBLESHOOTING STATIC ROUTING

29 Chapter 12: TROUBLESHOOTING29 TROUBLESHOOTING ROUTING PROTOCOLS

30 Chapter 12: TROUBLESHOOTING30 TROUBLESHOOTING INTERNET CONNECTIVITY  Determining the scope of the problem  Diagnosing client configuration problems  Diagnosing NAT and proxy server problems  Diagnosing Internet connection problems  Determining the scope of the problem  Diagnosing client configuration problems  Diagnosing NAT and proxy server problems  Diagnosing Internet connection problems

31 Chapter 12: TROUBLESHOOTING31 DETERMINING THE SCOPE OF THE PROBLEM  Try to reproduce the Internet connectivity error and note the results.  Determine if the problem is a general connectivity issue or is confined only to Internet access.  Determine the source of the issue and troubleshoot as appropriate.  Try to reproduce the Internet connectivity error and note the results.  Determine if the problem is a general connectivity issue or is confined only to Internet access.  Determine the source of the issue and troubleshoot as appropriate.

32 Chapter 12: TROUBLESHOOTING32 DIAGNOSING CLIENT CONFIGURATION PROBLEMS  Check the basic TCP/IP configuration parameters.  Check that the default gateway configuration is correct.  Check that the router acting as the default gateway is configured to forward Internet traffic properly.  Check the basic TCP/IP configuration parameters.  Check that the default gateway configuration is correct.  Check that the router acting as the default gateway is configured to forward Internet traffic properly.

33 Chapter 12: TROUBLESHOOTING33 DIAGNOSING NAT AND PROXY SERVER PROBLEMS  Check the TCP/IP configuration on all interfaces of the system acting as a NAT or proxy server.  Ensure that the NAT implementation is configured to work with the unregistered IP addresses you have assigned to the client computers.  Verify that the proxy server is not blocking access because of an authentication failure or a policy restriction.  Check the TCP/IP configuration on all interfaces of the system acting as a NAT or proxy server.  Ensure that the NAT implementation is configured to work with the unregistered IP addresses you have assigned to the client computers.  Verify that the proxy server is not blocking access because of an authentication failure or a policy restriction.

34 Chapter 12: TROUBLESHOOTING34 DIAGNOSING INTERNET CONNECTION PROBLEMS  If the Internet access router is a system other than that acting as the NAT or proxy server, check the configuration and physical connectivity.  If you have WAN hardware such as CSU/DSU, cable modem, or external ISDN adapters, cycle the power on those devices.  Contact your ISP to determine if they are aware of a problem or can assist in diagnosing and correcting your problem.  If the Internet access router is a system other than that acting as the NAT or proxy server, check the configuration and physical connectivity.  If you have WAN hardware such as CSU/DSU, cable modem, or external ISDN adapters, cycle the power on those devices.  Contact your ISP to determine if they are aware of a problem or can assist in diagnosing and correcting your problem.

35 Chapter 12: TROUBLESHOOTING35 TROUBLESHOOTING DATA TRANSMISSION SECURITY  Troubleshooting policy mismatches  Using the IP Security Monitor snap-in  Using the Resultant Set of Policy snap-in  Examining IPSec traffic  Troubleshooting policy mismatches  Using the IP Security Monitor snap-in  Using the Resultant Set of Policy snap-in  Examining IPSec traffic

36 Chapter 12: TROUBLESHOOTING36 TROUBLESHOOTING POLICY MISMATCHES  Incompatible IPSec policies or policy settings can be a common source of problems.  Policy mismatches are recorded in the Security log of Event Viewer.  Current policy settings can be viewed via the Security Monitor snap-in or the Resultant Set of Policy snap-in.  Incompatible IPSec policies or policy settings can be a common source of problems.  Policy mismatches are recorded in the Security log of Event Viewer.  Current policy settings can be viewed via the Security Monitor snap-in or the Resultant Set of Policy snap-in.

37 Chapter 12: TROUBLESHOOTING37 USING THE IP SECURITY MONITOR SNAP-IN

38 Chapter 12: TROUBLESHOOTING38 USING THE RESULTANT SET OF POLICY SNAP-IN

39 Chapter 12: TROUBLESHOOTING39 EXAMINING IPSEC TRAFFIC

40 Chapter 12: TROUBLESHOOTING40 CHAPTER SUMMARY  Duplicate IP addresses can cause both of the computers involved to malfunction.  An incorrect subnet mask makes the computer appear to be on a different network, preventing LAN communications.  When a Windows Server 2003 DHCP client fails to make contact with a DHCP server, the client computer uses APIPA to assign itself an IP address.  Duplicate IP addresses can cause both of the computers involved to malfunction.  An incorrect subnet mask makes the computer appear to be on a different network, preventing LAN communications.  When a Windows Server 2003 DHCP client fails to make contact with a DHCP server, the client computer uses APIPA to assign itself an IP address.

41 Chapter 12: TROUBLESHOOTING41 CHAPTER SUMMARY (continued)  Ping.exe, the most basic TCP/IP connectivity testing tool, uses ICMP Echo messages to determine if another system on the network is functioning properly.  Tracert.exe is a command line tool that can help you locate a nonfunctioning router on the network.  Pathping.exe is a tool that sends large numbers of test messages to each router on the path to a destination and compiles statistics regarding dropped packets.  Ping.exe, the most basic TCP/IP connectivity testing tool, uses ICMP Echo messages to determine if another system on the network is functioning properly.  Tracert.exe is a command line tool that can help you locate a nonfunctioning router on the network.  Pathping.exe is a tool that sends large numbers of test messages to each router on the path to a destination and compiles statistics regarding dropped packets.

42 Chapter 12: TROUBLESHOOTING42 CHAPTER SUMMARY (continued)  For an RRAS router to use either Routing Information Protocol (RIP) or OSPF, you must install the routing protocol and select the interfaces over which it will transmit messages.  If a Windows Server 2003 DNS server computer is accessible from the network but is not resolving names, the DNS Server service might not be running.  An incorrect default gateway address or a malfunctioning default gateway router can hinder Internet connectivity while leaving local communications intact.  For an RRAS router to use either Routing Information Protocol (RIP) or OSPF, you must install the routing protocol and select the interfaces over which it will transmit messages.  If a Windows Server 2003 DNS server computer is accessible from the network but is not resolving names, the DNS Server service might not be running.  An incorrect default gateway address or a malfunctioning default gateway router can hinder Internet connectivity while leaving local communications intact.

43 Chapter 12: TROUBLESHOOTING43 CHAPTER SUMMARY (continued)  NAT routers and proxy servers have network interfaces just like client computers, and they must have correct TCP/IP client configuration parameters.  If no other components are at fault, the Internet access router or the WAN connection to the ISP might be the cause of an Internet connection problem.  The IP Security Monitor snap-in displays information about the IPSec policy currently in effect on a particular computer, as well as IPSec statistics.  NAT routers and proxy servers have network interfaces just like client computers, and they must have correct TCP/IP client configuration parameters.  If no other components are at fault, the Internet access router or the WAN connection to the ISP might be the cause of an Internet connection problem.  The IP Security Monitor snap-in displays information about the IPSec policy currently in effect on a particular computer, as well as IPSec statistics.


Download ppt "11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand."

Similar presentations


Ads by Google