What Is Windows NT Server?

Download Report

Transcript What Is Windows NT Server? 

A Presentation to the
Unisys NDS Group
At the City of Chicago
March 30, 2000
Bill Slater
[email protected]
http://billslater.com
http://slatertech.com
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
2
Thank You, Unisys
For Your Kindness, Friendship and
Your Hospitality!
Bill Slater -- http://billslater.com
Copyright by William F. Slater, III 1997 - 2000
3
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
4
This Presentation Is Available...
• On the web at:
http://billslater.com/ntcccpa.htm
• In a PowerPoint file (specify version) by e-mailing
me at:
[email protected]
Copyright by William F. Slater, III 1997 - 2000
5
What is Windows NT?
• The world’s latest and most exciting operating system
• A modern, portable, multi-tasking, multi-threaded,
robust, secure, high performance operating system
• Over 14 million lines of code
(Windows 2000 is about 30 million l.o.c.)
• Possibly the most ambitious and aggressive system
software project ever attempted:
– 250+ developers
– 200 testers
– delivered first operational version within 5 years after
coding started
Copyright by William F. Slater, III 1997 - 2000
6
What is Windows NT?
(continued)
• The enterprise-quality network operating system which
Microsoft is betting is betting against Novell Netware,
UNIX, VMS, MVS, and others
• An increasingly popular server platform
• And an increasingly popular client platform
• About $800 for a 5-User License of NT Server 4.0
• About $300 for a NT Workstation 4.0
Copyright by William F. Slater, III 1997 - 2000
7
Original NT Goals by Microsoft
•
•
•
•
•
•
•
Security
Performance
Scaleable
Portable
Compatible
Robust
Fault Tolerant
•
•
•
•
•
•
•
Protects information assets
Delivers expected response
Scales up well
Runs on different hardware
Runs older applications
Won’t crash easily
Resists several forms of threat
Copyright by William F. Slater, III 1997 - 2000
8
Windows NT Timeline
First
“production”
release
David Cutler
leaves Digital
joins Microsoft
NT 3.1
7/93
NT 3.51
9/95
NT 4.0
Enterprise
Q4 ‘97
Five
Service
Packs
‘87 ‘88 ‘89 ‘90 ‘91 ‘92 ‘93 ‘94 ‘95 ‘96 ‘97 ‘98 ‘99 ‘00
Bill Slater writes the world’s first article
advocating NT Workstation for desktop
client operating system. It was first
reviewed by Microsoft and then published
in NT Developer Journal in November
1993. See http://slatertech.com/writing
Six
Service
Packs
First Beta of
NT 3.1
Copyright by William F. Slater, III 1997 - 2000
NT 3.5
9/94
NT 4.0
8/96
First
Windows 95
User Interface
Release
Windows
2000
2/2000
October 1998: Microsoft
Changes NT Brand name
to Windows 2000
9
NT Architecture
• Accomplishes the Microsoft NT design
goals
–
–
–
–
–
–
–
Security
Performance
Scaleable
Portable
Compatible
Robust
Fault Tolerant
Copyright by William F. Slater, III 1997 - 2000
NT
10
NT Architecture
(continued)
• Is closely related to other modern operating
systems such as UNIX, VMS and MACH 2
• Has two major modes: User and Privileged
mode
• It has “client/server” functionality between
each subsystem and the NT Executive
NT
Copyright by William F. Slater, III 1997 - 2000
11
NT Architecture
NT
User Mode
DOS Win32
App. App.
Win32
App.
Security
Subsystem
Win32
Subsystem
Win16
Win16
App.App.
WOW
(Win16)
OS/2
App.
OS/2
Subsystem
Executive Services
POSIX
Subsystem
Kernel Mode
NT Executive
Hardware (Intel or MIPS or ALPHA or PowerPC)
Copyright by William F. Slater, III 1997 - 2000
12
NT Architecture
NT
DOS Win32
App. App.
Win32
App.
Security
Subsystem
Win32
Subsystem
Win16
Win16
App.App.
WOW
(Win16)
OS/2
App.
OS/2
Subsystem
POSIX
Subsystem
Executive Services
I/O System
File Systems
Device Drivers
Object
Manager
Security
Reference
Monitor
Process
Manager
Virtual
Memory
Manager
Hardware Abstraction Layer (HAL)
Local
Procedure
Call
Facility
Kernel
Hardware (Intel or MIPS or ALPHA or PowerPC)
Copyright by William F. Slater, III 1997 - 2000
13
NT: Two Versions,
Several Hardware Platforms
• Two Versions:
– Windows NT Workstation
– Windows NT Server
• More than One Hardware Platform
–
–
–
–
Intel
Alpha (but not after NT 4.0)
PowerPC (but not after NT 4.0)
MIPS (but not after NT 4.0)
Copyright by William F. Slater, III 1997 - 2000
14
NT and Networking
• Can interoperate with other computers:
–
–
–
–
–
–
–
–
DOS clients
Windows for Workgroup clients
Windows 95
Macintosh clients
Netware Servers and Clients
Other NT Workstation clients
Other NT Servers
UNIX workstations
1
2 3 4 5
6 7
8 9 10 11 12
13 14 15 16 17 18 19 20 21 22 23 24
• Can provide also provide access to networks via a
Remote Access Services (RAS) connection.
Copyright by William F. Slater, III 1997 - 2000
15
What Is Windows NT Server?
• As a domain controller it provides centralized
administration of resources
• A great application server, yet it has all the same
features and architecture of NT Workstation
• Using Macintosh File and Print Services for NT
it allows file access and print services for MACs
on the same LAN
• Using the Gateway Service for Netware it
permits interoperability with Netware Servers
and clients.
Copyright by William F. Slater, III 1997 - 2000
16
NT as a File & Print Services Server
• NT Workstation in a Workgroup can
provide file and print services for the
following:
–
–
–
–
–
–
DOS clients
Windows for Workgroup clients
Windows 95 clients
Other NT Workstation clients
NT Servers
UNIX workstations
Copyright by William F. Slater, III 1997 - 2000
17
NT as a File & Print Services Server
• NT Server can provide file and print
services for the following:
–
–
–
–
–
–
–
DOS clients
Windows for Workgroup clients
Windows 95 clients
NT Workstation clients
Macintosh clients
Netware Servers and Clients
UNIX workstations
Copyright by William F. Slater, III 1997 - 2000
18
NT Server as an Application Server
• Runs the following important Microsoft server apps:
–
–
–
–
–
Microsoft SQL Server
MS Exchange Server
MS System Management Server
MS Internet Information Server (Web Server)
MS Proxy Server
• Also runs
– ORACLE RDBMS
– SYBASE SQL Server
Copyright by William F. Slater, III 1997 - 2000
19
NT in a Workgroup Environment
• NT Workstation computers may be arranged in a
Workgroup configuration.
• A Workgroup is a peer-to-peer arrangement of
computers where resources, such as disk space,
printers, etc... may be shared.
• Administratively, this arrangement is the default
when NT Workstation clients are set up.
• Each user is responsible for giving access to the
resources they control with their workstation.
Copyright by William F. Slater, III 1997 - 2000
20
NT in a Domain Environment
• As a Primary Domain Controller (PDC), NT Server
centrally manages all user accounts, security, and
access control information.
• If a second server is added, it becomes the Backup
Domain Controller, with security and user account
information replicated automatically from the PDC.
• The BDC provides login and management functions
if the PDC fails.
• NT Server can also be a standalone server (i.e. a
database server, a web server, or a proxy server)
Copyright by William F. Slater, III 1997 - 2000
21
NT Domain Models
•
•
•
•
Single domain model
Master domain model
Multiple master domain model
Complete trust domain model
Copyright by William F. Slater, III 1997 - 2000
22
Single Domain Model
Primary
Domain
Controller
Backup
Domain
Controller
Clients
Copyright by William F. Slater, III 1997 - 2000
23
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
24
Cost of Being Down
Can Your Company Afford It?
• Consider the Following Parameters for a given
company being denied access to their
networked computing resources because of
some type of component failure:
– Annual Sales:
$1.5 Billion
– No. of users affected:
300
– Cost per hour for Management’s loss of access:
$10,000
– Total cost per hour for lost access: $357,143
Copyright by William F. Slater, III 1997 - 2000
25
Cost of Being Down
Can Your Company Afford It?
Downtime in Hours
1
8
12
24
30
36
42
48
54
60
Impact
$379,143
$3,033,143
$4,549,714
$9,099,429
$11,374,286
$13,649,143
$15,924,000
$18,198,857
$20,473,714
Cluster Cost
$100,000
$100,000
$100,000
$100,000
$100,000
$100,000
$100,000
$100,000
$100,000
$22,748,571
$100,000
Copyright by William F. Slater, III 1997 - 2000
26
Downtime Impact By Hours Vs. Costs of a Cluster
for a $1.5 Billion Company
$25,000,000
70
60
60
$20,000,000
Impact
54
Cluster Cost
Dow ntime
50
42
Cost of Downtime
$15,000,000
40
36
30
30
$10,000,000
24
Cummulative Hours of Downtime
48
20
$5,000,000
12
10
8
1
$0
Copyright by William F. Slater, III 1997
2000
Data-Points
0
for V ar ious Hour V alue s
27
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
28
Microsoft Philosophies on
Troubleshooting Windows NT:
• The best service call is the one that doesn’t happen (say what???)
• Preventative troubleshooting is less costly than downtime
• When the system is down every minute seems like an hour. The
user’s perception of time is expanded by the frustration level
• Normally there are more components in the environment which
are outside your control than in. Especially true in networking.
Copyright by William F. Slater, III 1997 - 2000
29
Microsoft Philosophies on
Troubleshooting Windows NT:
• You need to know the entire throughput chain of your
system and the meantime between failure for each
component
• Knowing how to use the right tool is as important as
having it.
• Your most powerful tool is documentation. Document,
Document, Document! (suggest that you use Visio &
Word and HP OpenView Network Node Manager.)
Copyright by William F. Slater, III 1997 - 2000
30
What Is the Throughput Chain?
• Following the entire path of communications from the
desktop through the network to the server.
Client
Message or Request Sent to
Server
Network
Interface
LAN
LAN/WAN
Interface
WAN
Message or Data Sent to
Client
Server
Disk I/O
From Introduction to Client/Server Systems by Paul E. Renaud
Bill’s Principles On Troubleshooting
• Thoughtfully assess your situation and determine:
• how much time you have to fix the problem and
the best course of action.
• When to take drastic measures: For example: if
calling an expensive consultant at $300/hour
will help you save the company $300,000/hour,
it’s worth it!
• Keep your management updated as often as
needed
Copyright by William F. Slater, III 1997 - 2000
32
Bill’s Principles On Troubleshooting
(Continued)
• Document your system and keep the
documentation up to date.
• Use the documentation
• Know your tools well
• Strip down to basics -- no superfluous
components or software
• Carefully control the environment: Work
from a known position to an unknown
position
Copyright by William F. Slater, III 1997 - 2000
33
Bill’s Principles On Troubleshooting
(Continued)
• Carefully test everything you do and know
what results to expect.
• Change only one thing at a time
• Make a record of everything you do -- Never
clear a system log or record without keeping
a copy
• If possible, find an identical machine where
everything works properly. Use this as your
control, or for system settings.
• Keep a cool head
Copyright by William F. Slater, III 1997 - 2000
34
Bill Slater’s Network
(Documented with Visio)
Copyright by William F. Slater, III 1997 - 2000
35
Bill Slater’s Network
(Documented with DeskTop Administrator)
Copyright by William F. Slater, III 1997 - 2000
36
Bill Slater’s Network
(Documented with Network Node Manager)
Copyright by William F. Slater, III 1997 - 2000
37
Classic Steps Toward Problem Solving:
• Problem identification
• Collection of data on the problem
• Selection of likely solution (determine impacts
and cost of each course of action)
• Determine best time implement the solution
• Execution of solution
• Evaluation of the problem solution
When under pressure do all
of these very fast!
Copyright by William F. Slater, III 1997 - 2000
38
The Biggest Reward for Good
Troubleshooting:
• You get to keep your job, and survive to
troubleshoot additional problems!
• And the experience you get will keep you
employable
Appearing Live Tonight:
The Slater Technology
Copyright by William F. Slater, III 1997 - 2000
39
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
40
Your Troubleshooting Toolbag
•
•
•
•
•
•
•
MS Windows NT Tools
NT Installation CD ROM and disks
NT Emergency Repair Disk
LAN Documentation
Your experience
Your vision and hearing
Good technical references (Including NT Resource
Kits!)
• The World Wide Web
• Colleagues in the NT SIG
• Tech support line numbers
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
NT Emergency
Repair Disk
Copyright by William F. Slater, III 1997 - 2000
41
How to Document an NT System in
a Lightning Fast Manner
• Run the two batch jobs in the following
slides.
• The first creates directories to store your
documentation files – you run it only once
• The second should be run at least weekly
and used with a parameter of current date in
the form of YYMMDD.
Copyright by William F. Slater, III 1997 - 2000
42
How to Document an NT System in
a Lightning Fast Manner
DIR_STRUC.BAT
@echo off
c:
cd \
md admin
md admin\logs
md admin\logs\app
md admin\logs\system
md admin\logs\security
Md admin\logs\backup
md admin\reports
md admin\reports\config
md admin\reports\winmsd
md admin\reports\network
md admin\reports\ipconfig
md admin\reports\filelist
md admin\bat
tree c:\admin
Copyright by William F. Slater, III 1997 - 2000
43
How to Document an NT System in
a Lightning Fast Manner
SYS_CFG.BAT
@echo off
rem BATCH file to gather data on and document system
Rem configuration data
rem Author: William F. Slater, III
rem Created on June 17, 1998
rem Operating Instructions
rem (prepare directory structure by executing dir_struc.bat first)
rem 1. go to command prompt
rem 2. type c:\admin\bat\sys_cfg yymmdd
rem (where yymmdd = current year, month, day)
rem ----------------------------ipconfig /all > c:\admin\reports\ipconfig\%1_ipconfig.txt
route print > c:\admin\reports\network\%1_route_table.txt
dir c:\*.*/s > c:\admin\reports\filelist\%1_drive_c_filelist.txt
dir d:\*.*/s > c:\admin\reports\filelist\%1_drive_d_filelist.txt
tree c:\ /a > c:\admin\reports\filelist\%1_drive_c_tree.txt
tree d:\ /a > c:\admin\reports\filelist\%1_drive_d_tree.txt
net view > c:\admin\reports\network\%1_net_view.txt
net statistics server > c:\admin\reports\network\%1_net_statistics_server.txt
net statistics workstation > c:\admin\reports\network\%1_net_statistics_workstation.txt
net config server > c:\admin\reports\network\%1_net_config_server.txt
net config workstation > c:\admin\reports\network\%1_net_config_workstation.txt
net accounts /domain > c:\admin\reports\network\%1_net_accounts_domain.txt
winmsd.exe
eventvwr.exe
exit
Copyright by William F. Slater, III 1997 - 2000
44
Some Cool Windows NT Secrets...
• The following built in tools give a really good picture of
how NT is configured and how it works.
–
–
–
–
–
NT Task Manager
NT Performance Monitor
NT Net Monitor (NT Server only!)
WinMSD
Control Panel System, Server, and Services applets
• Some other tools are available at sysinternals.com
–
–
–
–
–
TCPView
NT Process Monitor
NT Registry Monitor
NTFS Monitor
LISTDLLS
Copyright by William F. Slater, III 1997 - 2000
45
Microsoft Windows NT Tools
• Event Log Viewer – for System, App, and
Security logs
• Server Manager applet in Control Panel
• Services applet in Control Panel
• Devices applet in the Control Panel
• Network applet in Control Panel
• Task Manager
• WinMSD
• TCP/IP Commands
Copyright by William F. Slater, III 1997 - 2000
46
Microsoft Windows NT Tools
•
•
•
•
•
•
Performance Monitor
Net Monitor (NT Server only!)
NT User Manager for Domains
File Manager or NT Explorer
Process Viewer (From the NT Resource Kit)
Quick Slice (From the NT Resource Kit)
Copyright by William F. Slater, III 1997 - 2000
47
The “Jamaican Utilities”
Perfmon
Netmon
Browmon
Pmon
NTPmon
NTFSmon
NTRegmon
From sysinternals.com
Mark Russinivich’s website
CPUmon
Server Manager
• Used to manage the Server environment:
• You can view and track:
– All users that currently have session open
on a selected computer
– The resources open during each session
– How long a resource has been open by a
user
– How long a session has been idle
From Mastering Windows NT Server 4.0 by Mark Minasi
Server Manager
– Current information on the number of open
file locks, resources, and printers in use you
can also
– Control directory shares on remote servers,
remove existing shares or create new shares·
Add or remove servers from the domain
– Send messages to users
– Receive alerts -- messages from the system - at designated computers
– Configure directory replication
Copyright by William F. Slater, III 1997 - 2000
50
Event Viewer
• This very useful utility can be set to monitor as many or as
few system events as you need.
• It gives an up to the minute history of any and all events
on an NT system, particularly those which could point to
the causes of a system failure of a significant degrade in
system performance.
• Be sure to go to User Manager and under Policies, turn on
Auditing for the Success and Failure of these Events:
Startup, Shutdown, and Security Policy Changes.
• Bill Slater’s favorite troubleshooting tool
Copyright by William F. Slater, III 1997 - 2000
51
Event Viewer Logs and Tips
• Logs:
– System Log -- for operating system and
hardware events
– Security Log -- to track audited events and
security anomalies
– Applications Log -- for application events
Copyright by William F. Slater, III 1997 - 2000
52
Event Viewer Logs and Tips
• Tips:
– Place the Event Viewer application in the
Start-Up Window.
– Refresh often to get a clear picture of what is
happening
– Be sure to always save before clearing the
logs.
example:
C:\ADMIN\LOGS\SECURITY\961201.evt
Copyright by William F. Slater, III 1997 - 2000
53
Event Viewer Logs and Tips
– Be careful not to audit too many events
or else your security log will fill up
frequently.
– Place shortcut on the desktop for easy
access after it is closed.
Copyright by William F. Slater, III 1997 - 2000
54
Services Applet in the
NT Control Panel
• A very important tool to see which services are
running and which are not.
• If a service is not running, and it has a Startup
setting of “Automatic” or “System” then there
could be a problem.
• Place this a shortcut to this applet on the desktop.
Copyright by William F. Slater, III 1997 - 2000
55
Devices Applet in the
NT Control Panel
• A very important tool to see which device
drivers are running and which are not.
• If a device is not running, and it has a
Startup setting of “Automatic” or “System”
then there could be a problem.
• Place this a shortcut to this applet on the
desktop.
Copyright by William F. Slater, III 1997 - 2000
56
Task Manager
•
•
•
•
•
A Windows NT 4.0 utility
The image file is under \WINNT\SYSTEM32
The image file name is taskmgr.exe
You need to add a shortcut to execute it easily
Shows
– Applications running
– Processes
– Performance (graphically) and system configuration
• Very useful to quickly tell how a system is doing
• Bill Slater’s second favorite troubleshooting tool
Copyright by William F. Slater, III 1997 - 2000
57
WinMSD
• Similar to the MSD utility under Windows and
Windows for Workgroups, the WinMSD utility is an
invaluable aid for determining the exact hardware
configuration of a system.
• Provides a “snapshot” of current system settings
• WINMSD.EXE is located in the
C:\WINNT\SYSTEM32 directory
Copyright by William F. Slater, III 1997 - 2000
58
WinMSD
• More preventative than active problem solving
• Very useful in documenting all system hardware
components and drivers
• Best place to determine possible system conflicts
on: IRQs, DMAs, I/O Location ranges
• Place shortcut on the desktop for easy access
Copyright by William F. Slater, III 1997 - 2000
59
Performance Monitor
• This very useful utility provides a look at whatever system
parameters you set, and these are graphed on a realtime
basis.
• Several system characteristics can be tracked at once.
• Use carefully -- this tool does realtime system monitoring
and require the use of resources.
• Uses the PERLIB.DLL to uncover NT OS events
• Save your Perfmon settiings as a .PMC file and you can
rapidly reload your monitoring session
Copyright by William F. Slater, III 1997 - 2000
60
Performance Monitor
• Most interesting “counters” to monitor:
– Memory
– Paging file usage
– Disk usage -- Physical Disk
– Percent Disk Time
– Disk queues
– CPU utilization
From Mastering Windows NT Server 4.0 by Mark Minasi
Performance Monitor - Minasi Tips
• The Big Four Sources of Performance
Bottlenecks:
– The disk subsystem
– The network card and software
– The CPU
– The memory, which includes RAM and the
disk (paging file)
From Mastering Windows NT Server 4.0 by Mark Minasi
Performance Monitor - Minasi Tips
• Network Counters -- The ones to watch:
– Sessions erred out
– Work item shortages
– Errors system pool non-paged failures
– Pool paged failures
– Blocking requests rejected
– Network Segment % Utilization
From Mastering Windows NT Server 4.0 by Mark Minasi
NT User Manager for Domains
• Add, modify, and/or delete Users, Local Groups,
and Global Groups
• Often used to give Users access to LAN resources
by adding them into a Global Group
Copyright by William F. Slater, III 1997 - 2000
64
File Manager or NT Explorer
•
•
•
•
Used to create shares and map network drives
Also used to set permissions and auditing
Windows NT Server 3.51 -- Use File Manager
Windows NT Server 4.0 -- Use NT Explorer
Copyright by William F. Slater, III 1997 - 2000
65
Process Viewer
(From the NT Resource Kit)
• Will provide a “snapshot” of all processes currently
running on the system.
• Shows:
–
–
–
–
the amount of CPU resources they are using
the memory range of each process
the number of threads used by each process
Important details on system processes
Copyright by William F. Slater, III 1997 - 2000
66
Quick Slice
(From the NT Resource Kit)
• A realtime, graphical reporting tool showing each
process and the amount of CPU resources that each
is getting.
• A valuable tool to instantly identify “runaway
processes”
Copyright by William F. Slater, III 1997 - 2000
67
Windows NT TCP/IP Utilities
• Command Line TCP/IP Commands Used in
Troubleshooting
– ping
– ipconfig
– tracert
– nbstat
ping
ipconfig
– netstat
The Big
Three
– arp
tracert
– route
Copyright by William F. Slater, III 1997 - 2000
68
Networking Components
•
•
•
•
•
•
Analysis and Design
Cables
Data jacks
Fiber Patch Panels
Wiring Racks
Network Interface Cards (for both Clients and
Servers)
• Server platform
1
2 3 4 5
6 7
8 9 10 11 12
13 14 15 16 17 18 19 20 21 22 23 24
Copyright by William F. Slater, III 1997 - 2000
69
Networking Components
•
•
•
•
•
•
•
Server OS (Network Operating System)
Client workstations
Client OS
Hub (sometimes called “concentrators)
Bridges (sometimes called “switches”)
Routers
Documentation, Maintenance and
Administration Plan
1
2 3 4 5
6 7
8 9 10 11 12
13 14 15 16 17 18 19 20 21 22 23 24
Copyright by William F. Slater, III 1997 - 2000
70
When Troubleshooting NT Network Problems
• Knowing the Seven-Layer OSI Model will help...
• You must know that
– Building of this model happens during NT loading
– The layers are both sequence-dependent and
interdependent
– If one component fails to load or is misconfigured,
nothing works
– If a network interface card fails or is misconfigured, the
System Log will display server error messages and the
Server Process as well as the Workstation Process will
not load.
Copyright by William F. Slater, III 1997 - 2000
71
Windows NT
and the OSI Model
OSI
Layer
Component
Boundary
Layers
User-mode Process
WNet API
Multiple Provider Router
Application
LANManWorkstation
NWCWorkstation
Other
providers
Kernel-mode Process
Presentation
Session
Transport
Windows NT
Redirector
Netware Redirector
Other
Redirectors
Redirector Service/
File System Driver (FSD)/
NT Requester /
Multiple UNC Provider (MUP)
File
Systems
Transport Data
Interface (TDI)
TCP
Network
IP
Transport
Portocols
Data Link
Wrapper with NDIS
device driver
NDIS 3.0
(Network Device Interface Specification 3.0)
Physical
From: Windows NT Unleashed
By Robert Cowart, SAMS Publishing, 1995
NIC
The OSI Model In Practice
Receiving a Request or Data
Client
Computer
Sends
Request
or Data
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Physical
Copyright by William F. Slater, III 1997 - 2000
Server
Computer
Receives
Request
or Data
73
The OSI Model In Practice
Granting a Request or Sending an
Acknowledgment
Client
Computer
Receives
Result or
Acknowledgement
or Data
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Data Link
Data Link
Physical
Physical
Copyright by William F. Slater, III 1997 - 2000
Server
Computer
Sends Back
Result or
Acknowledgement
or Data
74
Top Ten Most Common
Network Problems *
•
•
•
•
•
•
•
•
•
•
40% - Insufficient bandwidth
31% - Design errors
18% - Wiring flaws
11% - Wrong connectivity device
10% - Overloaded connectivity device
9% - Application implementation and design errors
7% - Segment overload
6% - Server I/O overload
6% - Server CPU overload
2% - Other
* Population size not specified.
byOptimization,
William F. Slater, by
III Martin
1997 - 2000
EnterpriseCopyright
Network
Nemzow,1995, published by McGraw-Hill
75
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
76
NT Network Troubleshooting:
• Rule No. 1: Make sure all connections are plugged
in correctly (i.e. : cable to the NIC; cable to the
local hub; hub to the backbone; backbone to the
transceiver on the central hub; central hub to the
switch; switch to the server)
Copyright by William F. Slater, III 1997 - 2000
77
NT Network Troubleshooting:
• Causes of other possible Networking
problems:
–
–
–
–
–
–
NIC failure or incorrect type of NIC
IRQ conflict with NIC
Protocol mismatch
Incorrect protocol (NetBEUI is not routable)
Bad device drivers
External network problems
Copyright by William F. Slater, III 1997 - 2000
78
When the Boot Process Fails
• Before anything else can happen your server must be
free of hardware problems
– Your boot drive or boot drive's controller may be
malfunctioning or not setup correctly.
– You may have an interrupt conflict
– Maybe a hardware component removed or altered?
– The CPU or some other vital circuitry may have
failed . Note that power on the fan for the server's
power supply stops working and the temperature
rises to over 130 degrees F.
From Mastering Windows NT Server 4.0 by Mark Minasi
The NT Booting Process: NTLDR
• First thing NT server loads is NTLDR which looks for
– BOOT.INI
– NTDETECT.COM
– BOOTSECT.DOS
– NTBOOTDD.SYS
• NTLDR does these things:
– Shifts processor to 386 mode
– Starts a simple file system based on either a standard disk
interface or uses NTBOOTDD.SYS to boot from the
SCSI drive.
– reads BOOT.INI to find out if there are other operating
systems to offer and places these options on the screen
– Accepts user’s decision on OS to load or does default
From Mastering Windows NT Server 4.0 by Mark Minasi
The NT Booting Process: NTDETECT
• Next is NTDETECT.COM. It detects the type
of hardware you have and matches it against
the NT Registry database
– PC's machine ID byte
– bus type
– video board
– keyboard type
– serial ports
– parallel ports
– floppy drives
– mouse
From Mastering Windows NT Server 4.0 by Mark Minasi
The NT Booting Process: NTOSKRNL
• NT kernel loads, along with the HAL (Hardware
Abstraction Layer), the part of NT that allows
the operating system to be hardwareindependent. The kernel loads in four phases:
–
–
–
–
The kernel load phase
The kernel initialization phase (screen turns blue!)
The services load phase (Win32 subsystem loads here)
The Windows subsystem phase (logon dialog box
appears)
From Mastering Windows NT Server 4.0 by Mark Minasi
When the Boot Process Fails
• NTLDR could be missing or be corrupt: Use the NT
Emergency Disk and select the “Verify Windows NT
system file” option.
• Other NT System files could be missing or could be corrupt:
Use the NT Emergency Disk and select the “Verify
Windows NT system file” option.
• If all else fails, re-install Windows NT Server, but do NOT
allow the Installation program to re-format your hard disk,
if you do, you lose all your data.
NT Emergency
Repair Disk
From Mastering Windows NT Server 4.0 by Mark Minasi
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
When a Print Job Fails
• Check connections
• See slide on NT Network Troubleshooting
• Check the resources on the workstation and the printer.
Enough memory on the Printer? Enough Disk space on the
workstation?
• Check the Printer Share
• Check permissions associated with Share
• Check the Printer Driver at the Workstation, and the Server
• If applicable, check the printer’s NIC
From Mastering Windows NT Server 4.0 by Mark Minasi
When the Installation Process Fails
• Check the hardware and ensure that you have the
required minimums
• Make sure all Server Hardware is in good working
order
• Check the NT Server installation media
• Check the NIC
• Remove NT 4.0 CD on Reboots!
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
Windows NT
Setup
Disk 1
From Mastering Windows NT Server 4.0 by Mark Minasi
Promoting to Primary Domain Controller
• In Server Manager click on the Computer option
on the top menu. Click on the Promote to Primary
Domain Controller option.
How about a
promotion?
When RAS Fails -- Connection Never Worked
Before:
– Incorrect configuration - all dial-in users have
permissions? Is Server set-up to accept calls? Is dialback number correct?
– Check connections on all cables and phone lines
– Modem problems - compatibility, hardware failure
• Check with terminal and type ATT will receive an OK
or if modem works
– ISDN problems - is ISDN connection setup properly?
IBM Compatible
Server
From Mastering Windows NT Server 4.0 by Mark Minasi
Modem
When RAS Fails -- Connection Has Worked
Before:
• Internal - Service running on client and server? Callback
number changed?, Reinstalled OS w/o RAS? Modem
running?
• External - telephone lines between client and server
functional?, ISDN telephone company's hub working?
• Check Audit Records in the Event Viewer:
– Audit: normal event - successful, failed, both
– Warning: irregular event not affecting system function
– Error: failed event or network error
IBM Compatible
Server
From Mastering Windows NT Server 4.0 by Mark Minasi
Modem
When RAS Fails -- Connection Has Worked
Before:
• Watch a user attempt to login by monitoring the RAS
Administrator, Communication Ports, Port Status on a
specific port
• Logs: Device Log in the System32 directory contains the
strings that are sent to and received from the serial device
that transmits between the client and server.
IBM Compatible
Server
From Mastering Windows NT Server 4.0 by Mark Minasi
Modem
When a User Cannot Access a Resource
WHY can’t I
access
my files?
?
Copyright by William F. Slater, III 1997 - 2000
90
When a User Cannot Access a Resource
• Is the User properly logged into the LAN?
• Does the resource exist?
• Determine the existence of a Shared Directory on the
Server
• Determine the permissions on the Shared Directory
• Determine if the User is in the correct group that has
the access permissions
• If applicable, check trust relationships between
domains, are they correct?
From Mastering Windows NT Server 4.0 by Mark Minasi
Recover From a Broken Mirror Set
• Have your NT Emergency Repair disk ready that points to
the second (mirrored) partition as the primary partition
instead of the failed primary.
• To accomplish this have a floppy that can be booted to NT
on which the BOOT.INI file has been modified to point to
the mirrored partition. (Remember to set the file attributes
to remove the “read only” so you can modify the BOOT.INI)
• Boot machine then install a new drive where the primary
used to be.
• After you obtain an identical new drive, use the NT Disk
Administrator to format and remirror (i.e. mirror the
mirrored drive to the new primary) then reboot.
NT Emergency
Repair Disk
From Mastering Windows NT Server 4.0 by Mark Minasi
Recover From a Failed Drive
• If not RAID 1 or RAID 5, no way unless you have
backup
• If you have a backup tape, use NT Backup or your
regular backup software to restore the drive.
• If you have no backup tape, update your resume
quickly. You’ll need it!
Failed!
C:
D:
E:
F:
From Mastering Windows NT Server 4.0 by Mark Minasi
Recover From the Failure
of a Disk in a Parity Stripe Set
• Recover from disk failure when Hardware RAID is
used:
– Get an identical drive to the others in the RAID
array
– Get users off the LAN
– Use the vendors RAID re-build utility to rebuild
RAID data volumes
– Pray for complete, uninterrupted re-build of data
volume
Data
Parity
Data
Data
Data
Parity
Data
Data
Data
RAID 5 Disk Array with Four Disks
From Mastering Windows NT Server 4.0 by Mark Minasi
Parity
Data
Data
When the Keyboard Fails
• If the Server console keyboard fails, it is usually because the
value for the keyboard buffer in the NT Registry is too low.
• NT is supposed to be Fault Tolerant enough to weather this
without bringing the system down.
• The Good News: You may possibly still use the mouse.
Inspect the Event Viewer and you can tell when the
Keyboard Console process hung.
• Do security work through the Backup Domain Controller
and bring down the Server after hours and restart it.
NT Tuning Options
• Can be optimized for file and print services or
• Client/Server application processing
• Other tuning options include
–
–
–
–
–
Adding more RAM
Increasing the Page File
Adding a Page File on each disk volume
Configuring for disk striping
Using PVIEW to set the processing priority of various
tasks
– Scheduling jobs with heavy I/O processing for after-hours
From Mastering Windows NT Server 4.0 by Mark Minasi
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
97
Conclusion
• To be an effective NT LAN administrator, you must
be skilled in troubleshooting NT Server and LAN
problems.
• Troubleshooting is as much of an art as it is a science
• Even with its fault tolerant attributes, NT Server and
NT Workstation can occasionally have problems.
• Experience with the product and troubleshooting
LAN problems are the best teachers
• Learn your tools
• Review good resources
Copyright by William F. Slater, III 1997 - 2000
98
Thank You!
• I’ve enjoyed presenting to you on Windows NT
Troubleshooting
• E-Mail me if you want a copy.
• See you on the Net, okay?
Bill Slater
Consultant, Author, and Teacher
773-235-3080
[email protected]
http://www.billslater.com
Copyright by William F. Slater, III 1997 - 2000
99
Agenda
•
•
•
•
•
•
•
What is Windows NT?
Considering the Cost of Being Down
Principles of Troubleshooting
Your Troubleshooting Toolbag
Actual Troubleshooting Scenarios
Conclusion
NT Resources
Copyright by William F. Slater, III 1997 - 2000
100
Resources
• NT Server: Management and Control
– By Kenneth L. Spencer. Prentice Hall, 1996
• Windows NT 3.51 Unleashed, third ed.
– By Robert Cowart. SAMS, 1996
• Mastering Windows NT Server 4.0, fourth ed.
– By Mark Minasi, et al. Sybex, 1997
• Inside Windows NT Server
– By Drew Heywood. New Riders, 1995, 1997
• Windows NT Server Professional Reference
– By Karanjit Siyan. New Riders, 1995, 1997
• Networking Windows NT 4.0, third edition
– Ruley, John, et al. Wiley, 1995
Copyright by William F. Slater, III 1997 - 2000
101
Resources
• Communications and Networking, fifth edition
– Jordan, Larry and Churchill, Bruce. Brady, 1994
• Complete LAN Security and Control
– Davis, Peter. Windcrest/McGraw-Hill, 1994
• DOS <-> UNIX Networking and Internetworking
– Burgard, Michael, and Phillips, Kenneth. Wiley, 1994
• Enterprise Network Optimization
– Nemzow, Martin, McGraw-Hill, 1995
• Guide to Connectivity, 3rd edition
– Derfler, Frank. Ziff-Davis Press, 1995
• Inside Windows NT Server
– Heywood, Drew. New Riders, 1995
Copyright by William F. Slater, III 1997 - 2000
102
Resources
• Interconnections: Bridges and Routers
– Perlman, Radia. Addison-Wesley, 1992
• Introduction to Networking, third edition
– Nance, Barry. Que Corporation, 1994
• LAN Primer, second edition
– Nunemacher, Greg. M&T Books,1992
• LAN Troubleshooting Handbook, second edition
– Miller, Mark. M&T Books, 1993
• Local Area Networks
– Stampler, David. Benjamin/Cummings, 1994
Copyright by William F. Slater, III 1997 - 2000
103
Resources
• Network Management: A Practical Perspective
– Leinwand, Allan and Fang, Karen. Addison-Wesley, 1993
• Network Planning and Management: Your Personal
Consultant
– Rigney, Steve. Ziff-Davis Press, 1993
• Networking for Dummies
– Lowe, Doug. IDG Books, 1994
• Networking Security Secrets
– Stang, David and Moon, Sylvia. McGraw-Hill, 1993
• Open Systems Networking: TCP/IP and OSI
– Piscitello, David and Chapin, A. Addison-Wesley Company, 1993
Copyright by William F. Slater, III 1997 - 2000
104
Resources
• How Intranets Work
– Gralla, Preston, Ziff-Davis Press, 1996
• How The Internet Works: All New Edition
– Gralla, Preston, Ziff-Davis Press, 1996
• Internet and Intranet Engineering
– Minoli, Daniel, McGraw-Hill, 1997
• Getting Connected: The Internet at 56K and Up
– Dowd, Kevin, O’Reilly and Associates, Inc.
Copyright by William F. Slater, III 1997 - 2000
105