TROUBLESHOOTING by yaosaigeng

VIEWS: 22 PAGES: 43

									                  1




Chapter 12

TROUBLESHOOTING
                    Chapter 12: TROUBLESHOOTING      2




OVERVIEW

 Determine whether a network communications
  problem is related to TCP/IP.
 Understand how TCP/IP client configuration
  problems can affect computer performance.
 List the reasons why a DHCP client might fail to
  obtain an IP address from a DHCP server.
 List the reasons a DNS client might experience
  name resolution failures, might supply incorrect
  information, and might be unable to resolve names
  for which it is not the authority.
                    Chapter 12: TROUBLESHOOTING       3




OVERVIEW (continued)

 Use TCP/IP tools to isolate a router problem.
 Check an RRAS installation for configuration
  problems.
 Troubleshoot static and dynamic routing problems.
 Determine the location of an Internet access
  problem.
                    Chapter 12: TROUBLESHOOTING       4




OVERVIEW (continued)

 Understand client configuration problems and
  router, NAT, and proxy server problems that can
  interrupt Internet access.
 List possible causes of IPSec policy mismatches.
 Describe the functions of the IP Security Monitor
  and the Resultant Set of Policy (RSoP) snap-ins.
                   Chapter 12: TROUBLESHOOTING    5




TROUBLESHOOTING TCP/IP ADDRESSING

 Isolating TCP/IP problems
 Troubleshooting client configuration problems
                   Chapter 12: TROUBLESHOOTING        6




ISOLATING TCP/IP PROBLEMS

 Many problems can cause what appears to be a
  TCP/IP error when in fact the underlying hardware
  or network infrastructure is at fault.
 Determine if there is a problem with the physical
  configuration of the system by attempting to access
  the network using a different protocol.
 Check physical elements, such as networking
  cabling, and hardware devices, such as hubs,
  switches, and routers.
                    Chapter 12: TROUBLESHOOTING      7




TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
 Duplicate IP addresses are a cause of many
  problems on networks that use static IP address
  configuration.
 Attempting to connect a system to the network with
  a duplicate IP address will prevent the system from
  communicating on the network.
 Implementing DHCP all but eliminates issues with
  IP address conflicts.
                    Chapter 12: TROUBLESHOOTING     8




INCORRECT SUBNET MASKS

 Two systems on the same physical network
  segment with two different subnet masks will
  be unable to communicate.
 Use ipconfig /all to determine that the correct
  subnet mask values have been configured.
 Configuring IP addressing via DHCP should
  eliminate subnet mask addressing conflicts.
                     Chapter 12: TROUBLESHOOTING      9




INCORRECT DEFAULT GATEWAY ADDRESSES

 An incorrect default gateway address will prevent
  communication with systems on other subnets or
  networks.
 Use ipconfig /all to view the configured default
  gateway address.
                    Chapter 12: TROUBLESHOOTING      10




NAME RESOLUTION FAILURES

 Ensure that a name resolution failure is not due to a
  connectivity problem.
 Attempt to connect to the target system using an
  IP address instead of a host name.
 Examine name resolution methods such as the
  HOSTS file, DNS server configurations, LMHOSTS
  file, or WINS for possible problems.
                    Chapter 12: TROUBLESHOOTING   11




TROUBLESHOOTING DHCP PROBLEMS

 Failure to contact a DHCP server
 Failure to obtain an IP address
 Failure to obtain correct DHCP options
                   Chapter 12: TROUBLESHOOTING       12




FAILURE TO CONTACT A DHCP SERVER

 On non-APIPA-capable systems, an IP address of
  0.0.0.0 will be assigned by the system.
 On systems that support APIPA, an address in the
  169.254 range will be assigned by the system,
  provided connectivity to the network can be
  established.
 For DHCP servers on different subnets, relay agents
  will be required to forward DHCP broadcasts across
  routers.
                    Chapter 12: TROUBLESHOOTING       13




FAILURE TO OBTAIN AN IP ADDRESS

 Check the configuration of the DHCP scopes on the
  server.
 Ensure that the DHCP server has a scope for each
  of the subnets it is designed to service.
 Ensure that sufficient IP addresses are available
  within the scope to service requests.
                    Chapter 12: TROUBLESHOOTING      14




FAILURE TO OBTAIN CORRECT DHCP OPTIONS

 If a system is able to obtain an IP address but
  cannot connect to a remote system, the default
  gateway specified in the scope may be incorrect.
 Server scope options apply to all scopes on the
  DHCP server. Scope options are specific to each
  scope.
                   Chapter 12: TROUBLESHOOTING    15




TROUBLESHOOTING NAME RESOLUTION

 Troubleshooting client configuration problems
 Troubleshooting DNS server problems
                    Chapter 12: TROUBLESHOOTING       16




TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
 Commence name resolution troubleshooting only
  after verifying the correct operation of TCP/IP.
 Use ipconfig /all to determine that at least one valid
  DNS server is configured.
 Verify connectivity to that server using Ping.
                   Chapter 12: TROUBLESHOOTING   17




TROUBLESHOOTING DNS SERVER PROBLEMS

 Non-functioning DNS servers
 Incorrect name resolutions
 Outside name resolution failures
             Chapter 12: TROUBLESHOOTING   18




NON-FUNCTIONING DNS SERVERS
                    Chapter 12: TROUBLESHOOTING     19




TROUBLESHOOTING INCORRECT NAME
RESOLUTIONS
 An incorrect name resolution occurs when a host
  address is resolved to the wrong IP address.
 Incorrect name resolutions can be caused by
   Incorrect resource records
   Failure of dynamic updates
   Zone transfer failures
             Chapter 12: TROUBLESHOOTING   20




TROUBLESHOOTING OUTSIDE NAME
RESOLUTION FAILURES
                   Chapter 12: TROUBLESHOOTING    21




TROUBLESHOOTING TCP/IP ROUTING

 Isolating router problems
 Troubleshooting the Routing and Remote Access
  configuration
 Troubleshooting the routing table
                    Chapter 12: TROUBLESHOOTING       22




ISOLATING ROUTER PROBLEMS

 Three primary tools are used for isolating router
  problems:
    Ping.exe
    Tracert.exe
    Pathping.exe
                   Chapter 12: TROUBLESHOOTING     23




USING PING.EXE

 Ping the computer’s loopback address (127.0.0.1).
 Ping the computer’s own IP address.
 Ping the IP address of another computer on the
  same LAN.
 Ping the DNS name of another computer on the
  same LAN.
 Ping the computer’s designated default gateway
  address.
 Ping computers on another network that are
  accessible through the default gateway.
                    Chapter 12: TROUBLESHOOTING        24




USING TRACERT.EXE

 Like Ping, allows you to verify that a remote system
  is available on the network
 Reports on every hop between source and
  destination and reports the time taken to complete
  the round trip
 Allows you to identify the point on the journey at
  which the problem exists
                    Chapter 12: TROUBLESHOOTING     25




USING PATHPING.EXE

 Traces a path to a particular destination and
  displays the names and addresses of the routers
  along the path
 Reports packet loss rates at each of the routers on
  the path
 Useful for diagnosing issues where data loss or
  transmission delays are being experienced
                    Chapter 12: TROUBLESHOOTING      26




TROUBLESHOOTING THE ROUTING AND REMOTE
ACCESS SERVICE CONFIGURATION (RRAS)

 Verify that the Routing and Remote Access Service
  is running.
 Verify that routing is enabled.
 Check the TCP/IP configuration settings.
 Check the IP addresses of the router interfaces.
                   Chapter 12: TROUBLESHOOTING   27




TROUBLESHOOTING THE ROUTING TABLE

 Troubleshooting static routing
 Troubleshooting dynamic routing
             Chapter 12: TROUBLESHOOTING   28




TROUBLESHOOTING STATIC ROUTING
             Chapter 12: TROUBLESHOOTING   29




TROUBLESHOOTING ROUTING PROTOCOLS
                   Chapter 12: TROUBLESHOOTING   30




TROUBLESHOOTING INTERNET CONNECTIVITY

 Determining the scope of the problem
 Diagnosing client configuration problems
 Diagnosing NAT and proxy server problems
 Diagnosing Internet connection problems
                      Chapter 12: TROUBLESHOOTING      31




DETERMINING THE SCOPE OF THE PROBLEM

 Try to reproduce the Internet connectivity error and
  note the results.
 Determine if the problem is a general connectivity
  issue or is confined only to Internet access.
 Determine the source of the issue and troubleshoot
  as appropriate.
                    Chapter 12: TROUBLESHOOTING         32




DIAGNOSING CLIENT CONFIGURATION
PROBLEMS
 Check the basic TCP/IP configuration parameters.
 Check that the default gateway configuration is
  correct.
 Check that the router acting as the default gateway
  is configured to forward Internet traffic properly.
                    Chapter 12: TROUBLESHOOTING         33




DIAGNOSING NAT AND PROXY SERVER
PROBLEMS
 Check the TCP/IP configuration on all interfaces of
  the system acting as a NAT or proxy server.
 Ensure that the NAT implementation is configured
  to work with the unregistered IP addresses you have
  assigned to the client computers.
 Verify that the proxy server is not blocking access
  because of an authentication failure or a policy
  restriction.
                    Chapter 12: TROUBLESHOOTING       34




DIAGNOSING INTERNET CONNECTION
PROBLEMS
 If the Internet access router is a system other than
  that acting as the NAT or proxy server, check the
  configuration and physical connectivity.
 If you have WAN hardware such as CSU/DSU, cable
  modem, or external ISDN adapters, cycle the power
  on those devices.
 Contact your ISP to determine if they are aware of a
  problem or can assist in diagnosing and correcting
  your problem.
                    Chapter 12: TROUBLESHOOTING   35




TROUBLESHOOTING DATA TRANSMISSION
SECURITY
 Troubleshooting policy mismatches
 Using the IP Security Monitor snap-in
 Using the Resultant Set of Policy snap-in
 Examining IPSec traffic
                     Chapter 12: TROUBLESHOOTING     36




TROUBLESHOOTING POLICY MISMATCHES

 Incompatible IPSec policies or policy settings can be
  a common source of problems.
 Policy mismatches are recorded in the Security log
  of Event Viewer.
 Current policy settings can be viewed via the
  Security Monitor snap-in or the Resultant Set of
  Policy snap-in.
              Chapter 12: TROUBLESHOOTING   37




USING THE IP SECURITY MONITOR SNAP-IN
              Chapter 12: TROUBLESHOOTING   38




USING THE RESULTANT SET OF POLICY
SNAP-IN
              Chapter 12: TROUBLESHOOTING   39




EXAMINING IPSEC TRAFFIC
                   Chapter 12: TROUBLESHOOTING      40




CHAPTER SUMMARY

 Duplicate IP addresses can cause both of the
  computers involved to malfunction.
 An incorrect subnet mask makes the computer
  appear to be on a different network, preventing
  LAN communications.
 When a Windows Server 2003 DHCP client fails
  to make contact with a DHCP server, the client
  computer uses APIPA to assign itself an IP address.
                   Chapter 12: TROUBLESHOOTING       41




CHAPTER SUMMARY (continued)

 Ping.exe, the most basic TCP/IP connectivity
  testing tool, uses ICMP Echo messages to
  determine if another system on the network is
  functioning properly.
 Tracert.exe is a command line tool that can help
  you locate a nonfunctioning router on the network.
 Pathping.exe is a tool that sends large numbers
  of test messages to each router on the path to a
  destination and compiles statistics regarding
  dropped packets.
                    Chapter 12: TROUBLESHOOTING      42




CHAPTER SUMMARY (continued)

 For an RRAS router to use either Routing
  Information Protocol (RIP) or OSPF, you must install
  the routing protocol and select the interfaces over
  which it will transmit messages.
 If a Windows Server 2003 DNS server computer is
  accessible from the network but is not resolving
  names, the DNS Server service might not be
  running.
 An incorrect default gateway address or a
  malfunctioning default gateway router can
  hinder Internet connectivity while leaving local
  communications intact.
                    Chapter 12: TROUBLESHOOTING       43




CHAPTER SUMMARY (continued)

 NAT routers and proxy servers have network
  interfaces just like client computers, and they must
  have correct TCP/IP client configuration
  parameters.
 If no other components are at fault, the Internet
  access router or the WAN connection to the ISP
  might be the cause of an Internet connection
  problem.
 The IP Security Monitor snap-in displays information
  about the IPSec policy currently in effect on a
  particular computer, as well as IPSec statistics.

								
To top