Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Published byRuby Shields Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote."— Presentation transcript:

1 Module 10: Troubleshooting Network Access

2 Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote Access

3 Lesson: Troubleshooting Network Access Resources Network Access Logs Network Access Events Network Access Tools Process for Troubleshooting Resources for LAN Connections Process for Troubleshooting Resources for Remote Connections

4 Network Access Logs LogUse Windows Authentication and Windows Accounting logs Used to track network access usage and authentication attempts; especially useful for troubleshooting remote access policy issues PPP logs Used to troubleshoot the failure of a PPP connection IAS logs Used to track network access usage and authentication attempts Audit and Oakley logging Used to monitor IPSec-related events and troubleshoot unsuccessful L2TP/IPSec connections IKE tracing log Used to troubleshoot IKE interoperability under controlled circumstances

5 Network Access Events Event LogUse System log Contains information from various services that run on the system and log information regarding their status Records errors and warnings related to network access problems Security log Used to troubleshoot Kerberos or IPSec authentication failures Shows logging failures when a user tries to authenticate

6 Network Access Tools ToolUse Remote access diagnostics Used to collect detailed logs and information about a remote access connection Network Monitor Used to find answers to network access problems and possible solutions Netdom Used to verify servers and trusts and to reset trusts Kerbtray Used to see if Kerberos tickets were granted out of the local cache IP Security Monitor Used to view details about an active IPSec policy that is applied to a domain or locally, and to view statistics associated with the key-exchange process Standard network troubleshooting tools Used to view client IP configuration and packet transfers

7 Process for Troubleshooting Resources for LAN Connections User cannot logon Determine if widespread problem or only one user View system logs to isolate problem Tools to use:  Kerbtray  Standard networking troubleshooting tools  Event logs Set logs and events on local computer WidespreadOne user Verify that standard networking troubleshooting has been completed Trust issues tools:  Netdom Authenticated Switch issue tools:  IAS logs Domain controller issues tools:  Standard networking troubleshooting tools  Netdom DNS issues tools:  DNS troubleshooting tools Kerberos and certificate issues tools:  Kerbtray

8 Process for Troubleshooting Resources for Remote Connections User cannot logon Determine if widespread problem or only one user View Routing and Remote Access system log to isolate problem Tools to use:  Windows accounting and authentication logs  IAS logs Set logs and events on remote access server WidespreadOne user Authentication issues tools:  Sys log  IAS log  Windows accounting and authentication logs  PPP logs Resource access issue tools:  Standard networking troubleshooting tools Certificates issues tools:  Event logs  IAS logs  Windows accounting and authentication logs Remote access policy issues tools:  Event logs  IAS logs  Windows accounting and authentication logs Verify that standard networking troubleshooting has been completed

9 Practice: Identifying Network Access Troubleshooting Resources In this practice, you will identify network access troubleshooting resources

10 Lesson: Troubleshooting LAN Authentication Causes of LAN Authentication Errors Security Event Logging Audit Account Logon Events Audit Logon Events Guidelines for Troubleshooting LAN Access

11 Causes of LAN Authentication Errors No connectivity to network resources Inability to reach domain controller Physical device problems Trust paths for NTLM and Kerberos

12 Security Event Logging Audit CategoryDescription Audit Account Logon Events Determine whether to audit each instance of a user logging on to or logging off from another computer in which the domain controller is used to validate the account. Generated when a domain user account is authenticated on a domain controller. The event is logged in the domain controller's security log. Audit Logon Events Determine whether to audit each instance of a user logging on to or logging off from a local computer. Generated when a local user is authenticated on a local computer. The event is logged in the local security log.

13 Audit Account Logon Events If enabled, an entry is logged for each user who is validated against the domain controller Most common events: EventDescription 672 Authentication service ticket successful 673 A ticket granting service ticket was granted 675 Pre-authentication failed; user typed in wrong password 678 An account was successfully mapped to a domain account

14 Audit Logon Events If enabled, an entry is logged when a local user is authenticated on a local computer Most common events: EventDescription 528 A user successfully logged on to a computer 529 Logon failure; a logon attempt was made with an unknown user name or a known user name with an invalid password 540 A user successfully logged on to a network

15 Guidelines for Troubleshooting LAN Access Identify the symptoms of the problem Select resources to use Isolate the problem

16 Practice: Troubleshooting LAN Network Access In this practice, you will troubleshoot LAN authentication based on a given scenario

17 Lesson: Troubleshooting Remote Access Certificate Validation Authentication Using IAS Logs Demonstration: Monitoring Remote Access by Using IAS Demonstration: Examining IAS Authentication and Accounting Log Files PPP Logging Remote Access Connections Wireless Access Authentication Common VPN Problems Demonstration: Creating and Testing Outbound VPN Connections Process for Troubleshooting Dial-Up Access Problems Guidelines for Troubleshooting Remote Access

18 Certificate Validation With client certificates you need to:  Check the date range  Ensure that the certificate has not been revoked  Ensure that the certificate has a valid signature With computer certificates you need to:  Verify that the ROOT CA certificate has been installed

19 Authentication Using IAS Logs Using IAS logs you can verify that the  Wireless access point can reach the IAS server  IAS server/wireless access point pair is configured with a common shared secret  IAS server can reach a global catalog server and an Active Directory domain controller  Computer accounts of the IAS servers are members for the Routing and Remote Access and IAS servers group for the appropriate domains  User or computer account is not locked out, expired, or disabled  Connection is authorized by a remote access policy  Changes to Active Directory are not impacting the functionality of the IAS servers

20 Demonstration: Monitoring Remote Access by Using IAS This objective of this demonstration is to explain how an Internet Authentication Service server can log remote access You will learn how to:  Enable logging in IAS  Open log files to view account logs  Explain how to use IAS to monitor remote access usage

21 Demonstration: Examining IAS Authentication and Accounting Log Files The objective of this demonstration is to examine the raw log file and to show how to use iasparse.exe to parse the log file

22 PPP Logging PPP connection process  Negotiate the use of the link  Authenticate the remote access client  Use callback  Negotiate the use of network protocols PPP logging  Lack of entries indicates that the connection failed  Authentication failure clues

23 Remote Access Connections If you have a failed connection attempt, you should check the  Remote access policy settings  User account connection settings If you have a connection attempt that is accepted when it should be rejected, you should check the  Parameters of connection in remote access policy If you are unable to reach locations beyond the remote access server, you should check that  The protocol is enabled  The remote access server’s IP address pool is accurate

24 Wireless Access Authentication MS-CHAP v2 credentials on a wireless client can  Send a user name and password combination to be validated against a user account in Active Directory Wireless client network can  Use Windows XP to view the properties of the wireless network connection Wireless access point troubleshooting tools can  Troubleshoot low signal strength and coverage area issues  Use standard or proprietary wireless protocols  Support SNMP

25 Common VPN Problems IssueTroubleshooting strategy TCP connection timeout Check port 1723 Packet filtering Verify that packets are not being blocked Winsock Proxy client Ensure that there is not a proxy client enabled Tunneling protocol Ensure that the server supports the protocol Certificates Verify that machine certificates are installed on the VPN server PPTP connections Verify user password length NAT-T Verify that the client supports IPSec NAT Traversal (NAT-T)

26 Demonstration: Creating and Testing Outbound VPN Connections The objective of this demonstration is to show how and where VPN tunnels are specified You will learn how to:  Create an outbound VPN connection  Specify the address of the VPN server (host name or IP address)  Specify user account permissions to the VPN server  Verify and test the IP address assigned within the VPN tunnel

27 Process for Troubleshooting Dial-Up Access Problems IssueTroubleshooting strategy Client computer Check error messages Verify setup of physical hardware Verify network connection configuration Remote access server Check error messages Check Event Viewer logs Trace remote access connections

28 Guidelines for Troubleshooting Remote Access Identify the symptoms of the problem Select resources to use Isolate the problem

29 Practice: Troubleshooting Remote Access Authentication In this practice, you will troubleshoot remote access based on a given scenario

30 Lab A: Troubleshooting Network Access Exercise 1:Troubleshooting LAN Access Exercise 2: Troubleshooting Remote Access Authentication

Download ppt "Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote."

Similar presentations

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.

4.1 Configuring Network Access Components of a Network Access Services Infrastructure What is the Network Policy and Access Services Role? What is Routing.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.

1 Routing and Remote Access Service (Week 15, Friday 4/21/2006) © Abdou Illia, Spring 2006.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Module 4: Implementing User, Group, and Computer Accounts

Module 4: Implementing User, Group, and Computer Accounts
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..

Virtual Private Network (VPN) © N. Ganesan, Ph.D..
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.

Module 11: Supporting Remote Users. Overview Establishing Remote Access Connections Connecting to Virtual Private Networks Configuring Authentication.
Module 8: Implementing Administrative Templates and Audit Policy.

Module 8: Implementing Administrative Templates and Audit Policy.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.

VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Chapter 6 Configuring, Monitoring & Troubleshooting IPsec

Similar presentations

Ads by Google