Transcript Chapter 12 PowerPoint

1
Chapter 12
TROUBLESHOOTING
Chapter 12: TROUBLESHOOTING
2
OVERVIEW
 Determine whether a network communications
problem is related to TCP/IP.
 Understand how TCP/IP client configuration
problems can affect computer performance.
 List the reasons why a DHCP client might fail to
obtain an IP address from a DHCP server.
 List the reasons a DNS client might experience
name resolution failures, might supply incorrect
information, and might be unable to resolve names
for which it is not the authority.
Chapter 12: TROUBLESHOOTING
OVERVIEW (continued)
 Use TCP/IP tools to isolate a router problem.
 Check an RRAS installation for configuration
problems.
 Troubleshoot static and dynamic routing problems.
 Determine the location of an Internet access
problem.
3
Chapter 12: TROUBLESHOOTING
OVERVIEW (continued)
 Understand client configuration problems and
router, NAT, and proxy server problems that can
interrupt Internet access.
 List possible causes of IPSec policy mismatches.
 Describe the functions of the IP Security Monitor
and the Resultant Set of Policy (RSoP) snap-ins.
4
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING TCP/IP ADDRESSING
 Isolating TCP/IP problems
 Troubleshooting client configuration problems
5
Chapter 12: TROUBLESHOOTING
6
ISOLATING TCP/IP PROBLEMS
 Many problems can cause what appears to be a
TCP/IP error when in fact the underlying hardware
or network infrastructure is at fault.
 Determine if there is a problem with the physical
configuration of the system by attempting to access
the network using a different protocol.
 Check physical elements, such as networking
cabling, and hardware devices, such as hubs,
switches, and routers.
Chapter 12: TROUBLESHOOTING
7
TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
 Duplicate IP addresses are a cause of many
problems on networks that use static IP address
configuration.
 Attempting to connect a system to the network with
a duplicate IP address will prevent the system from
communicating on the network.
 Implementing DHCP all but eliminates issues with
IP address conflicts.
Chapter 12: TROUBLESHOOTING
INCORRECT SUBNET MASKS
 Two systems on the same physical network
segment with two different subnet masks will
be unable to communicate.
 Use ipconfig /all to determine that the correct
subnet mask values have been configured.
 Configuring IP addressing via DHCP should
eliminate subnet mask addressing conflicts.
8
Chapter 12: TROUBLESHOOTING
INCORRECT DEFAULT GATEWAY ADDRESSES
 An incorrect default gateway address will prevent
communication with systems on other subnets or
networks.
 Use ipconfig /all to view the configured default
gateway address.
9
Chapter 12: TROUBLESHOOTING
10
NAME RESOLUTION FAILURES
 Ensure that a name resolution failure is not due to a
connectivity problem.
 Attempt to connect to the target system using an
IP address instead of a host name.
 Examine name resolution methods such as the
HOSTS file, DNS server configurations, LMHOSTS
file, or WINS for possible problems.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DHCP PROBLEMS
 Failure to contact a DHCP server
 Failure to obtain an IP address
 Failure to obtain correct DHCP options
11
Chapter 12: TROUBLESHOOTING
12
FAILURE TO CONTACT A DHCP SERVER
 On non-APIPA-capable systems, an IP address of
0.0.0.0 will be assigned by the system.
 On systems that support APIPA, an address in the
169.254 range will be assigned by the system,
provided connectivity to the network can be
established.
 For DHCP servers on different subnets, relay agents
will be required to forward DHCP broadcasts across
routers.
Chapter 12: TROUBLESHOOTING
13
FAILURE TO OBTAIN AN IP ADDRESS
 Check the configuration of the DHCP scopes on the
server.
 Ensure that the DHCP server has a scope for each
of the subnets it is designed to service.
 Ensure that sufficient IP addresses are available
within the scope to service requests.
Chapter 12: TROUBLESHOOTING
FAILURE TO OBTAIN CORRECT DHCP OPTIONS
 If a system is able to obtain an IP address but
cannot connect to a remote system, the default
gateway specified in the scope may be incorrect.
 Server scope options apply to all scopes on the
DHCP server. Scope options are specific to each
scope.
14
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING NAME RESOLUTION
 Troubleshooting client configuration problems
 Troubleshooting DNS server problems
15
Chapter 12: TROUBLESHOOTING
16
TROUBLESHOOTING CLIENT CONFIGURATION
PROBLEMS
 Commence name resolution troubleshooting only
after verifying the correct operation of TCP/IP.
 Use ipconfig /all to determine that at least one valid
DNS server is configured.
 Verify connectivity to that server using Ping.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DNS SERVER PROBLEMS
 Non-functioning DNS servers
 Incorrect name resolutions
 Outside name resolution failures
17
Chapter 12: TROUBLESHOOTING
NON-FUNCTIONING DNS SERVERS
18
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING INCORRECT NAME
RESOLUTIONS
 An incorrect name resolution occurs when a host
address is resolved to the wrong IP address.
 Incorrect name resolutions can be caused by
 Incorrect resource records
 Failure of dynamic updates
 Zone transfer failures
19
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING OUTSIDE NAME
RESOLUTION FAILURES
20
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING TCP/IP ROUTING
 Isolating router problems
 Troubleshooting the Routing and Remote Access
configuration
 Troubleshooting the routing table
21
Chapter 12: TROUBLESHOOTING
ISOLATING ROUTER PROBLEMS
 Three primary tools are used for isolating router
problems:
 Ping.exe
 Tracert.exe
 Pathping.exe
22
Chapter 12: TROUBLESHOOTING
23
USING PING.EXE
 Ping the computer’s loopback address (127.0.0.1).
 Ping the computer’s own IP address.
 Ping the IP address of another computer on the
same LAN.
 Ping the DNS name of another computer on the
same LAN.
 Ping the computer’s designated default gateway
address.
 Ping computers on another network that are
accessible through the default gateway.
Chapter 12: TROUBLESHOOTING
24
USING TRACERT.EXE
 Like Ping, allows you to verify that a remote system
is available on the network
 Reports on every hop between source and
destination and reports the time taken to complete
the round trip
 Allows you to identify the point on the journey at
which the problem exists
Chapter 12: TROUBLESHOOTING
25
USING PATHPING.EXE
 Traces a path to a particular destination and
displays the names and addresses of the routers
along the path
 Reports packet loss rates at each of the routers on
the path
 Useful for diagnosing issues where data loss or
transmission delays are being experienced
Chapter 12: TROUBLESHOOTING
26
TROUBLESHOOTING THE ROUTING AND REMOTE
ACCESS SERVICE CONFIGURATION (RRAS)
 Verify that the Routing and Remote Access Service
is running.
 Verify that routing is enabled.
 Check the TCP/IP configuration settings.
 Check the IP addresses of the router interfaces.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING THE ROUTING TABLE
 Troubleshooting static routing
 Troubleshooting dynamic routing
27
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING STATIC ROUTING
28
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING ROUTING PROTOCOLS
29
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING INTERNET CONNECTIVITY
 Determining the scope of the problem
 Diagnosing client configuration problems
 Diagnosing NAT and proxy server problems
 Diagnosing Internet connection problems
30
Chapter 12: TROUBLESHOOTING
31
DETERMINING THE SCOPE OF THE PROBLEM
 Try to reproduce the Internet connectivity error and
note the results.
 Determine if the problem is a general connectivity
issue or is confined only to Internet access.
 Determine the source of the issue and troubleshoot
as appropriate.
Chapter 12: TROUBLESHOOTING
32
DIAGNOSING CLIENT CONFIGURATION
PROBLEMS
 Check the basic TCP/IP configuration parameters.
 Check that the default gateway configuration is
correct.
 Check that the router acting as the default gateway
is configured to forward Internet traffic properly.
Chapter 12: TROUBLESHOOTING
33
DIAGNOSING NAT AND PROXY SERVER
PROBLEMS
 Check the TCP/IP configuration on all interfaces of
the system acting as a NAT or proxy server.
 Ensure that the NAT implementation is configured to
work with the unregistered IP addresses you have
assigned to the client computers.
 Verify that the proxy server is not blocking access
because of an authentication failure or a policy
restriction.
Chapter 12: TROUBLESHOOTING
34
DIAGNOSING INTERNET CONNECTION
PROBLEMS
 If the Internet access router is a system other than
that acting as the NAT or proxy server, check the
configuration and physical connectivity.
 If you have WAN hardware such as CSU/DSU, cable
modem, or external ISDN adapters, cycle the power
on those devices.
 Contact your ISP to determine if they are aware of a
problem or can assist in diagnosing and correcting
your problem.
Chapter 12: TROUBLESHOOTING
TROUBLESHOOTING DATA TRANSMISSION
SECURITY
 Troubleshooting policy mismatches
 Using the IP Security Monitor snap-in
 Using the Resultant Set of Policy snap-in
 Examining IPSec traffic
35
Chapter 12: TROUBLESHOOTING
36
TROUBLESHOOTING POLICY MISMATCHES
 Incompatible IPSec policies or policy settings can be
a common source of problems.
 Policy mismatches are recorded in the Security log
of Event Viewer.
 Current policy settings can be viewed via the
Security Monitor snap-in or the Resultant Set of
Policy snap-in.
Chapter 12: TROUBLESHOOTING
USING THE IP SECURITY MONITOR SNAP-IN
37
Chapter 12: TROUBLESHOOTING
USING THE RESULTANT SET OF POLICY
SNAP-IN
38
Chapter 12: TROUBLESHOOTING
EXAMINING IPSEC TRAFFIC
39
Chapter 12: TROUBLESHOOTING
40
CHAPTER SUMMARY
 Duplicate IP addresses can cause both of the
computers involved to malfunction.
 An incorrect subnet mask makes the computer
appear to be on a different network, preventing
LAN communications.
 When a Windows Server 2003 DHCP client fails
to make contact with a DHCP server, the client
computer uses APIPA to assign itself an IP address.
Chapter 12: TROUBLESHOOTING
41
CHAPTER SUMMARY (continued)
 Ping.exe, the most basic TCP/IP connectivity
testing tool, uses ICMP Echo messages to determine
if another system on the network is functioning
properly.
 Tracert.exe is a command line tool that can help
you locate a nonfunctioning router on the network.
 Pathping.exe is a tool that sends large numbers
of test messages to each router on the path to a
destination and compiles statistics regarding
dropped packets.
Chapter 12: TROUBLESHOOTING
42
CHAPTER SUMMARY (continued)
 For an RRAS router to use either Routing
Information Protocol (RIP) or OSPF, you must install
the routing protocol and select the interfaces over
which it will transmit messages.
 If a Windows Server 2003 DNS server computer is
accessible from the network but is not resolving
names, the DNS Server service might not be
running.
 An incorrect default gateway address or a
malfunctioning default gateway router can
hinder Internet connectivity while leaving local
communications intact.
Chapter 12: TROUBLESHOOTING
43
CHAPTER SUMMARY (continued)
 NAT routers and proxy servers have network
interfaces just like client computers, and they must
have correct TCP/IP client configuration
parameters.
 If no other components are at fault, the Internet
access router or the WAN connection to the ISP
might be the cause of an Internet connection
problem.
 The IP Security Monitor snap-in displays information
about the IPSec policy currently in effect on a
particular computer, as well as IPSec statistics.