Chapter 12 PowerPoint
Download
Report
Transcript Chapter 12 PowerPoint
1
Chapter 12
TROUBLESHOOTING
Chapter 12: TROUBLESHOOTING
2
OVERVIEW
Determine whether a network communications
problem is related to TCP/IP.
Understand how TCP/IP client configuration
problems can affect computer performance.
List the reasons why a DHCP client might fail to
obtain an IP address from a DHCP server.
List the reasons a DNS client might experience
name resolution failures, might supply incorrect
information, and might be unable to resolve names
for which it is not the authority.
Chapter 12: TROUBLESHOOTING
OVERVIEW (continued)
Use TCP/IP tools to isolate a router problem.
Check an RRAS installation for configuration
problems.
Troubleshoot static and dynamic routing problems.
Determine the location of an Internet access
problem.
3
Chapter 12: TROUBLESHOOTING
OVERVIEW (continued)
Understand client configuration problems and
router, NAT, and proxy server problems that can
interrupt Internet access.
List possible causes of IPSec policy mismatches.
Describe the functions of the IP Security Monitor
and the Resultant Set of Policy (RSoP) snap-ins.
4
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING TCP/IP ADDRESSING
Isolating TCP/IP problems
Troubleshooting client configuration problems
5
Chapter 12: TROUBLESHOOTING
6
ISOLATING TCP/IP PROBLEMS
Many problems can cause what appears to be a
TCP/IP error when in fact the underlying hardware
or network infrastructure is at fault.
Determine if there is a problem with the physical
configuration of the system by attempting to access
the network using a different protocol.
Check physical elements, such as networking
cabling, and hardware devices, such as hubs,
switches, and routers.
Chapter 12: TROUBLESHOOTING
7
TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
Duplicate IP addresses are a cause of many
problems on networks that use static IP address
configuration.
Attempting to connect a system to the network with
a duplicate IP address will prevent the system from
communicating on the network.
Implementing DHCP all but eliminates issues with
IP address conflicts.
Chapter 12: TROUBLESHOOTING
INCORRECT SUBNET MASKS
Two systems on the same physical network
segment with two different subnet masks will
be unable to communicate.
Use ipconfig /all to determine that the correct
subnet mask values have been configured.
Configuring IP addressing via DHCP should
eliminate subnet mask addressing conflicts.
8
Chapter 12: TROUBLESHOOTING
INCORRECT DEFAULT GATEWAY ADDRESSES
An incorrect default gateway address will prevent
communication with systems on other subnets or
networks.
Use ipconfig /all to view the configured default
gateway address.
9
Chapter 12: TROUBLESHOOTING
10
NAME RESOLUTION FAILURES
Ensure that a name resolution failure is not due to a
connectivity problem.
Attempt to connect to the target system using an
IP address instead of a host name.
Examine name resolution methods such as the
HOSTS file, DNS server configurations, LMHOSTS
file, or WINS for possible problems.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DHCP PROBLEMS
Failure to contact a DHCP server
Failure to obtain an IP address
Failure to obtain correct DHCP options
11
Chapter 12: TROUBLESHOOTING
12
FAILURE TO CONTACT A DHCP SERVER
On non-APIPA-capable systems, an IP address of
0.0.0.0 will be assigned by the system.
On systems that support APIPA, an address in the
169.254 range will be assigned by the system,
provided connectivity to the network can be
established.
For DHCP servers on different subnets, relay agents
will be required to forward DHCP broadcasts across
routers.
Chapter 12: TROUBLESHOOTING
13
FAILURE TO OBTAIN AN IP ADDRESS
Check the configuration of the DHCP scopes on the
server.
Ensure that the DHCP server has a scope for each
of the subnets it is designed to service.
Ensure that sufficient IP addresses are available
within the scope to service requests.
Chapter 12: TROUBLESHOOTING
FAILURE TO OBTAIN CORRECT DHCP OPTIONS
If a system is able to obtain an IP address but
cannot connect to a remote system, the default
gateway specified in the scope may be incorrect.
Server scope options apply to all scopes on the
DHCP server. Scope options are specific to each
scope.
14
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING NAME RESOLUTION
Troubleshooting client configuration problems
Troubleshooting DNS server problems
15
Chapter 12: TROUBLESHOOTING
16
TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
Commence name resolution troubleshooting only
after verifying the correct operation of TCP/IP.
Use ipconfig /all to determine that at least one valid
DNS server is configured.
Verify connectivity to that server using Ping.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DNS SERVER PROBLEMS
Non-functioning DNS servers
Incorrect name resolutions
Outside name resolution failures
17
Chapter 12: TROUBLESHOOTING
NON-FUNCTIONING DNS SERVERS
18
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING INCORRECT NAME
RESOLUTIONS
An incorrect name resolution occurs when a host
address is resolved to the wrong IP address.
Incorrect name resolutions can be caused by
Incorrect resource records
Failure of dynamic updates
Zone transfer failures
19
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING OUTSIDE NAME
RESOLUTION FAILURES
20
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING TCP/IP ROUTING
Isolating router problems
Troubleshooting the Routing and Remote Access
configuration
Troubleshooting the routing table
21
Chapter 12: TROUBLESHOOTING
ISOLATING ROUTER PROBLEMS
Three primary tools are used for isolating router
problems:
Ping.exe
Tracert.exe
Pathping.exe
22
Chapter 12: TROUBLESHOOTING
23
USING PING.EXE
Ping the computer’s loopback address (127.0.0.1).
Ping the computer’s own IP address.
Ping the IP address of another computer on the
same LAN.
Ping the DNS name of another computer on the
same LAN.
Ping the computer’s designated default gateway
address.
Ping computers on another network that are
accessible through the default gateway.
Chapter 12: TROUBLESHOOTING
24
USING TRACERT.EXE
Like Ping, allows you to verify that a remote system
is available on the network
Reports on every hop between source and
destination and reports the time taken to complete
the round trip
Allows you to identify the point on the journey at
which the problem exists
Chapter 12: TROUBLESHOOTING
25
USING PATHPING.EXE
Traces a path to a particular destination and
displays the names and addresses of the routers
along the path
Reports packet loss rates at each of the routers on
the path
Useful for diagnosing issues where data loss or
transmission delays are being experienced
Chapter 12: TROUBLESHOOTING
26
TROUBLESHOOTING THE ROUTING AND REMOTE
ACCESS SERVICE CONFIGURATION (RRAS)
Verify that the Routing and Remote Access Service
is running.
Verify that routing is enabled.
Check the TCP/IP configuration settings.
Check the IP addresses of the router interfaces.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING THE ROUTING TABLE
Troubleshooting static routing
Troubleshooting dynamic routing
27
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING STATIC ROUTING
28
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING ROUTING PROTOCOLS
29
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING INTERNET CONNECTIVITY
Determining the scope of the problem
Diagnosing client configuration problems
Diagnosing NAT and proxy server problems
Diagnosing Internet connection problems
30
Chapter 12: TROUBLESHOOTING
31
DETERMINING THE SCOPE OF THE PROBLEM
Try to reproduce the Internet connectivity error and
note the results.
Determine if the problem is a general connectivity
issue or is confined only to Internet access.
Determine the source of the issue and troubleshoot
as appropriate.
Chapter 12: TROUBLESHOOTING
32
DIAGNOSING CLIENT CONFIGURATION
PROBLEMS
Check the basic TCP/IP configuration parameters.
Check that the default gateway configuration is
correct.
Check that the router acting as the default gateway
is configured to forward Internet traffic properly.
Chapter 12: TROUBLESHOOTING
33
DIAGNOSING NAT AND PROXY SERVER
PROBLEMS
Check the TCP/IP configuration on all interfaces of
the system acting as a NAT or proxy server.
Ensure that the NAT implementation is configured to
work with the unregistered IP addresses you have
assigned to the client computers.
Verify that the proxy server is not blocking access
because of an authentication failure or a policy
restriction.
Chapter 12: TROUBLESHOOTING
34
DIAGNOSING INTERNET CONNECTION
PROBLEMS
If the Internet access router is a system other than
that acting as the NAT or proxy server, check the
configuration and physical connectivity.
If you have WAN hardware such as CSU/DSU, cable
modem, or external ISDN adapters, cycle the power
on those devices.
Contact your ISP to determine if they are aware of a
problem or can assist in diagnosing and correcting
your problem.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DATA TRANSMISSION
SECURITY
Troubleshooting policy mismatches
Using the IP Security Monitor snap-in
Using the Resultant Set of Policy snap-in
Examining IPSec traffic
35
Chapter 12: TROUBLESHOOTING
36
TROUBLESHOOTING POLICY MISMATCHES
Incompatible IPSec policies or policy settings can be
a common source of problems.
Policy mismatches are recorded in the Security log
of Event Viewer.
Current policy settings can be viewed via the
Security Monitor snap-in or the Resultant Set of
Policy snap-in.
Chapter 12: TROUBLESHOOTING
USING THE IP SECURITY MONITOR SNAP-IN
37
Chapter 12: TROUBLESHOOTING
USING THE RESULTANT SET OF POLICY
SNAP-IN
38
Chapter 12: TROUBLESHOOTING
EXAMINING IPSEC TRAFFIC
39
Chapter 12: TROUBLESHOOTING
40
CHAPTER SUMMARY
Duplicate IP addresses can cause both of the
computers involved to malfunction.
An incorrect subnet mask makes the computer
appear to be on a different network, preventing
LAN communications.
When a Windows Server 2003 DHCP client fails
to make contact with a DHCP server, the client
computer uses APIPA to assign itself an IP address.
Chapter 12: TROUBLESHOOTING
41
CHAPTER SUMMARY (continued)
Ping.exe, the most basic TCP/IP connectivity
testing tool, uses ICMP Echo messages to determine
if another system on the network is functioning
properly.
Tracert.exe is a command line tool that can help
you locate a nonfunctioning router on the network.
Pathping.exe is a tool that sends large numbers
of test messages to each router on the path to a
destination and compiles statistics regarding
dropped packets.
Chapter 12: TROUBLESHOOTING
42
CHAPTER SUMMARY (continued)
For an RRAS router to use either Routing
Information Protocol (RIP) or OSPF, you must install
the routing protocol and select the interfaces over
which it will transmit messages.
If a Windows Server 2003 DNS server computer is
accessible from the network but is not resolving
names, the DNS Server service might not be
running.
An incorrect default gateway address or a
malfunctioning default gateway router can
hinder Internet connectivity while leaving local
communications intact.
Chapter 12: TROUBLESHOOTING
43
CHAPTER SUMMARY (continued)
NAT routers and proxy servers have network
interfaces just like client computers, and they must
have correct TCP/IP client configuration
parameters.
If no other components are at fault, the Internet
access router or the WAN connection to the ISP
might be the cause of an Internet connection
problem.
The IP Security Monitor snap-in displays information
about the IPSec policy currently in effect on a
particular computer, as well as IPSec statistics.