WINDOWS 2000 TROUBLE SHOOTING TCP/I P phần 10 doc

For a list of those docu-ments, see Chapter 4, “Windows 2000 TCP/IP Internals.” Windows 2000 EnhancementsThe following are some of the most exciting enhancements Microsoft hasmade to the

■ Client Services for NetWare (CSNW)

■ Gateway Services for NetWare (GSNW)

■ NWLink (Microsoft’s implementation of the IPX/SPX protocol)

■ File and Print Services for NetWare (FPNW)

■ Microsoft Print Services for UNIX (LPD and LPR services)SNA (Systems Network Architecture) is a separate software packagefrom Microsoft that can be used to connect Windows PC networks to IBMmainframe networks

General Troubleshooting Guidelines

Troubleshooting TCP/IP and other network problems is made easier ifyou follow the Ten Commandments of Troubleshooting:

1 Know thy network

2 Use the tools of the trade

3 Take it one change at a time

4 Isolate the problem

5 Recreate the problem

6 Don’t overlook the obvious

7 Try the easy way first

8 Document what you do

9 Practice the art of patience

10 Seek help from others

Troubleshooting Resources

There is a great deal of troubleshooting information for TCP/IP issues ingeneral and for Windows 2000-specific problems Be sure to take advan-tage of the following:

■ Microsoft documentation, including Help files, the Resource Kits,white papers, TechNet, official newsgroups, and the MicrosoftWeb site

■ Third-party documentation, including Internet mailing lists,Usenet public newsgroups, Web resources, local user groups,and books and magazines

Troubleshooting ModelsFollowing a set procedure allows you to organize the troubleshootingprocess and makes it less likely that you will overlook something impor-tant along the way The problem-solving models used by other professionscan be applied to network troubleshooting as well, as discussed in the fol-lowing sections.

Differential Diagnosis Model

This model is used in the medical field and consists of the following steps:

1 Examination

2 Diagnosis

3 Treatment

4 FollowupThese same steps can be used in solving TCP/IP connectivity prob-lems

SARA Model

This model is popular in the criminal justice world, in use by law ment agencies practicing community-oriented policing It includes the fol-lowing steps:

enforce-1 Scanning

2 Analysis

3 Response

4 AssessmentComparing the models, you see that although the terminology differs,the actual steps involve the same processes Problem-solving basics arethe same regardless of the type of problem

Information-Gathering TipsGathering information is always one of the first steps in problem solving

In network troubleshooting, as in most areas, this involves asking tions

■ Were you doing anything else in addition to this primary task atthe time?

■ What error message(s), if any, were displayed?

■ Is anyone else on the network experiencing the same problem?

■ Have you ever been able to perform this task on this computer?

■ When was the last time you were able to do so?

■ What changes have occurred since the last time you were able to

by the problem, how many are affected by the problem, what productionactivities are affected by the problem, and how often the problem occurs Solutions, once formulated, should also be prioritized according tocost, time involved, longevity, and long-term effect on performance

Forms and Check Lists

You can devise forms and check lists to guide you through the bleshooting process in an organized manner, or you can use the onessupplied in Chapter 3, “General Windows 2000 TCP/IP TroubleshootingGuidelines.” Forms are useful in helping you to gather information, andcheck lists force you to approach problem solving in a methodical, step-by-step way that is more conducive to success

trou-Inside TCP/IP

The Windows 2000 implementation of TCP/IP supports a large number ofInternet standards as outlined in various RFCs For a list of those docu-ments, see Chapter 4, “Windows 2000 TCP/IP Internals.”

Windows 2000 EnhancementsThe following are some of the most exciting enhancements Microsoft hasmade to the TCP/IP stack:

■ Scalable TCP window size and timestamping (RFC 1323)

■ Selective Acknowledgments (RFC 2018)

■ Support for IP over ATM (RFC 1577)

■ TCP fast retransmit

■ Quality of service (QoS)

■ Resource Reservation Protocol (RSVP)

CIDR is useful for the following purposes:

■ Smaller Internet routing tables

■ Less updating of external routes

■ More efficient allocation of address space

■ Increase in number of available (host) Internet addresses

Multihoming

A computer that has multiple IP addresses is called a multihomed host.

This can be a computer with more than one NIC, or a computer that hasmultiple IP addresses assigned to one NIC Windows 2000 supports bothtypes of multihoming

A multihomed computer with two NICs can act as a router, passingtransmissions from one subnet to another.

IP Multicasting

Multicasting refers to sending data to multiple destinations on the

net-work at the same time, using a single multicast address Computers aredesignated as members of a multicast group, and only group membersreceive the messages A computer can belong to multiple multicast groupssimultaneously

There are two types of multicast groups: permanent and transient.The Internet Group Management Protocol (IGMP) is used to manage mul-ticast membership The multicast address range consists of the class Daddresses 224.0.0.0 through 239.255.255.255

Windows 2000 includes the following utilities that are useful in bleshooting multicast transmissions:

trou-■ MRINFO

■ NETSH ROUTING IP MIB SHOW MFE

■ NETSH ROUTING IP MIB SHOW MFESTATS

■ NETSH ROUTING IP MIB SHOW JOINS

Duplicate Address Detection

In order for computers to communicate on a TCP/IP network, each work interface must have a unique IP address Windows 2000 uses a

net-“gratuitous ARP broadcast” when a computer comes online to detectwhether another computer is already using the IP address it is configured

to use If there is duplication, the second computer with the IP addresswill not be allowed to use it

Inside TCP and UDP

TCP and UDP are Host-to-Host (Transport) layer protocols They handleflow control and provide for reliable end-to-end communications

TCP

TCP is a connection-oriented protocol that handles important one-to-onecommunications such as logons, file and printer sharing, and replication.Windows 2000 TCP includes dead gateway detection, delayed acknowledg-ments, TCP keep-alives, and avoidance of the Silly Window Syndrome

UDP

UDP is a connectionless protocol used for broadcast transmissions andother situations where guaranteed delivery is not required UDP doesn’t

break messages into smaller chunks and reassemble them on the otherend as TCP does UDP is faster than TCP, but less reliable.

Both UDP and TCP provide for ports to differentiate between multipleconnections using the same IP address

TCP/IP Registry SettingsTCP/IP gets configuration information from the Windows Registry Youcan use a Registry Editor to change the behavior of the Windows 2000TCP/IP stack, but this should be done with caution

See Chapter 4 for a listing of Registry settings that can be changed,and instructions on how to do so

Network Monitoring Tools

Windows 2000 includes various tools and utilities that can be used toverify connectivity, gather information, monitor performance, and evenanalyze the packets themselves to assist you in troubleshooting yourTCP/IP network

These include graphic tools such as Network Monitor, Event Viewer,and the Performance console (also called System Monitor), as well ascommand-line utilities standard to the TCP/IP suite

Monitoring GuidelinesMonitoring network activity gives you a chance to gather information over

a period of time, detect and analyze patterns, and compare changes

Baselining

The first step in any monitoring program is to establish a baseline; thiscan be described as the process of collecting information about the

“patient” (the network) before it gets sick Gather your baseline

informa-tion when the network is working properly, so you can use it for son purposes when things go wrong

compari-Documentation

Be sure to document everything you do, and keep your documentationorderly and organized This will assist you in maintaining the networkand allow you to quickly and efficiently return to previous measures

Performance Logs and AlertsThe administrative tool formerly known as Performance Monitor, nowcalled the System Monitor or listed simply as “Performance” in the MMC,

can be used to obtain real-time data on network performance parameters.This information can be saved in a file for later analysis.

The System Monitor can also be configured to alert you when countersreach a specified limit

The Network Monitor program allows you to capture only those framesthat you are interested in, based on protocol or source or destinationcomputer You can apply even more detailed and exacting filters to datathat you have finished collecting, which allows you to pinpoint the preciseelements you might be looking for in the captured data

Network Monitor is not installed by default If it isn’t installed on yourcomputer, you can install it via the Add/Remove Programs applet in theControl Panel

There are two types of filters used by Network Monitor: capture filtersand display filters

Capture Filters

The purpose of the capture filter is to limit the frames that are actuallysaved in the capture buffer This allows you to make better use of yourbuffer space, because the limited amount of buffer you have can be

devoted to looking at the precise targets of interest It also reduces theamount of “extraneous” information that could cause you to overlooksomething important during your investigations

You can filter the capture information in two ways: by machineaddress pairs, or by a specified pattern in the frames that are examinedduring the capture sequence

Display Filters

The display filter allows us to look for very specific elements of the tured data and allows for a much more refined filtering than we canaccomplish with the capture filter A display filter can be used as a data-base search tool, where the capture frames are the data in our database

cap-Event ViewerThe Event Viewer can be used to check on the status of a number of net-work services Windows 2000 systems are configured to report significantfault situations to the event viewer You should make it a regular practice,perhaps the first thing you do every day, to check out the Event Viewer

on all of your primary servers to see if any of the Windows 2000 servicesrunning on these servers are reporting error conditions

The Event Log does contain an added feature over what was found inWindows NT: the DNS log Because of the added importance of DNS inthe normal functioning of domain-related activity, Microsoft deemed theDNS service important enough to warrant its own log in the Event Viewer

TCP/IP UtilitiesThe group of command-line TCP/IP utilities included with Windows 2000

is similar to those available in Windows NT 4.0 We have the familiar set

of TCP/IP tools, such as:

or enhanced functionality compared to what it could do in Windows NT4.0 In addition to these tools, Windows 2000 offers some new command-line TCP/IP tools, including PATHPING and NETDIAG

For detailed information on how to use these command-line utilities introubleshooting TCP/IP problems, see Chapter 5, “Using Network

Monitoring and Troubleshooting Tools in Windows 2000.”

Name Resolution Problems

Name resolution problems are one of the most common causes of theinability to connect to another TCP/IP computer on the network Theseproblems fall into one of two categories: NetBIOS name resolution andhost name resolution

In Windows 2000, as in other Windows operating systems, NetBIOSresolution is handled primarily by WINS, the Windows Internet Name

Service; and host name resolution is handled by the Domain Name

System service, DNS (or its updated incarnation, Dynamic DNS)

WINS and NetBIOS Name Resolution

A NetBIOS name server is a computer that maintains a database of

NetBIOS names and matching IP addresses WINS is the best known andmost widely used NetBIOS name server Windows 2000’s implementation

of WINS complies with RFC 1001/1002 and contains new features notincluded in WINS in NT 4.0

Components of network communications that are involved withNetBIOS name resolution include:

■ The TCP/IP protocol stack

■ NetBIOS over TCP/IP (also called NetBT)

■ WINS and DNS servers

■ Broadcasts

■ LMHOSTS and HOSTS files

■ The Browser service

■ The Server and Workstation services

■ My Network Places

■ The “net” commands (net use, net view, net send)

■ The Alerter serviceThis list can provide a starting point in troubleshooting NetBIOS nameresolution problems To prevent or solve NetBIOS name resolution prob-lems, follow these guidelines:

■ Don’t multihome your WINS server(s)

■ Use a WINS proxy agent on network segments that have WINS clients

non-■ Avoid static records in the WINS database

■ Define replication partners based on link factors

■ Avoid split registration

■ Use the “hub and spoke” model in multisite environments

■ Configure your DNS servers to resolve NetBIOS names

■ Don’t multihome the master browser(s)

■ Use manual tombstoning instead of deleting records

■ Consider all the ramifications before disabling NetBT

DNS and Host Name ResolutionThe NetBIOS namespace is “flat,” but DNS uses a hierarchical (multilevel)namespace DNS resolves Fully Qualified Domain Names (FQDNs) to IPaddresses These names are in the format myserver.mydomain.com

The Windows 2000 DNS is standards-based and is now capable ofdynamic update (hence the new name, Dynamic DNS, or DDNS) DNS isused for resolution of names on the global Internet, and in Windows 2000has moved to the forefront as the name resolution method of choice forMicrosoft networks as well

Resolving Host Names to IP Addresses

DNS clients can resolve a host name to IP address in several ways TheWindows 2000 DNS client service features a caching resolver, whichkeeps a list of recently resolved host names and IP addresses If a sought-after mapping is not there, the client will query a DNS server If the DNSserver can’t resolve the name, the client will go through NetBIOS nameresolution sequence and attempt to resolve the name using the WINSserver, broadcasts, or LMHOSTS files

There are two basic types of queries:

■ Recursive

■ Iterative

An FQDN includes the host name and the host’s domain membership

A fully qualified query must end with a period, although most tions will automatically include it before sending the request

applica-If the request is unqualified, by default the domain membership of themachine issuing the query will be appended to the request A list of otherdomain suffixes can be configured that will be appended to unqualifiedrequests

Planning the DNS Namespace

If a company has both an internal Windows 2000 network and anInternet presence, it can choose to represent the namespace in one of twoways:

■ Use the same domain name for the internal and externalnamespaces

■ Use different domain names for the internal and externalnamespaces

The first choice requires registration of only one domain name, andprovides for more continuity and consistency However, servers will have

to be mirrored internally, and DNS clients will not access external rate host resources.

corpo-The second choice eliminates the need to mirror servers and reducesconfusion as to what is an external and what is an internal resource Youshould, however, register both domain names (although only the externalone is actually required to be registered)

Zones

The actual domains and hosts are contained in zone files These database

files contain resource records, which track the resources contained in adomain

The Windows 2000 server supports both standard and ActiveDirectory integrated zones Active Directory integrated zones offer severaladvantages, including faster and more efficient replication and securedynamic updates

of connectivity problems IP addresses are logical addresses, assigned by

the administrator, and are not to be confused with the more permanent

physical address burned into the NIC, the MAC address.

The IP Address

An IP address has two parts: one identifies the network, and the otheridentifies the host (individual computer) on that network How many bitsrepresent each depends on the subnet mask

IP addresses were originally divided into classes based on the size ofthe networks, as shown in the Table 13.2.

Table 13.2 Address Classes

Address Class

Number of Networks Number of Hosts

Default Subnet Mask

How IP Addresses Are Assigned

In a Windows 2000 TCP/IP network, there are two ways in which IPaddresses (host addresses) can be assigned:

■ Manual address assignment, where an administrator enters theinformation in the TCP/IP configuration properties sheet of everyinterface

■ Automatic addressing, which includes DHCP, APIPA, and ICSautoaddressing

Manual assignment is time-consuming and more prone to errors

DHCP requires that there be a DHCP server on the network configuredwith a block of addresses to allocate APIPA “self-assigns” an addressfrom a preset range to a computer that can’t find a DHCP server An ICShost computer that shares its Internet connection can act as a DHCP

“allocator” and assign addresses to other computers for purposes of ing the connection

shar-ARPThe Address Resolution Protocol is used to resolve IP addresses to physi-cal (MAC) addresses ARP uses broadcasts, and caches the information

You can also add static entries to the ARP cache

You can view the current ARP cache by typing arp –a at the command

prompt

Reverse Address Resolution Protocol (RARP) resolves MAC addresses

to IP addresses

Common IP Addressing Errors

Some of the most common IP addressing errors that affect TCP/IP munications include:

com-■ Duplicate IP addresses on the network

■ Use of invalid or “illegal” IP addresses

■ DHCP configuration problems

DHCP

The Dynamic Host Configuration Protocol (DHCP) server is configured andmanaged from the MMC Most configuration problems are at the serverend

DHCP Server Issues

DHCP uses scopes of addresses, which are groups of consecutive IP

addresses that can be allocated to client computers The New ScopeWizard is used to define the scope A scope must have a name, a range of

IP addresses, and a subnet mask You can also exclude certain addresseswithin the scope from being offered to clients

Superscopes are used when a single physical network segment sists of more than one logical IP subnet, and there are two DHCP serversmanaging separate subnets on the same network

con-DHCP lease duration can be set or changed for a scope The default iseight days

You can reserve addresses for computers that need to always have thesame address, such as server machines

There are three types of DHCP options that can be configured:

■ Scope options

■ Client options

■ Class optionsThe DHCP database files are stored in <systemroot>\System32\DHCPand include four files: dhcp.mdb, dhcp.tmp, j50.log, and j50.chk You canedit the backup interval at which Windows 2000 backs up the DHCPdatabase You also must edit the Registry to manually restore the data-base from backup See Chapter 8, “Troubleshooting Windows 2000 IPAddressing Problems,” for explicit instructions

Windows 2000 protects against “rogue” (unauthorized) DHCP servers

by requiring that Windows 2000 DHCP servers be registered in the

Directory, but this does not prevent rogue NT DHCP servers on the work

net-DHCP Client Issues

Most client configuration problems are relatively simple Ensure that youhave TCP/IP connectivity with the DHCP server by using PING Check tosee that the client is configured to obtain an IP address automatically Ifthe client is unable to communicate with other computers and you find it

is using an address from the 169.254.0.0 range, this indicates it wasunable to contact a DHCP server and assigned itself an address viaAPIPA APIPA can be disabled by editing the Registry

or remote relative to the source host

Subnetting problems (incorrect subnet mask) are common reasons forthe inability of TCP/IP computers to connect Subnetting is a complextopic; for examples and walk-throughs on how to calculate subnet masksfor different network classes, see Chapter 8

Remote Access Connectivity

Windows 2000’s Routing and Remote Access service (RRAS) allows you toestablish a TCP/IP connection across a wide area link In many cases,troubleshooting a remote connection is similar to troubleshooting a localconnection However, there are some special considerations

RRAS supports remote access through the traditional dial-up method,

or via Virtual Private Networking (VPN)

Remote Access versus Remote ControlRemote access is different from remote control In the latter, you actually

“take over the desktop” of a remote computer, controlling it from anotherlocation With remote access, you become another node on the remotenetwork, able to access network resources as you would if your computerwere cabled to the network locally

RRAS provides for a Windows 2000 computer to act as both a remoteaccess client and a remote access server RRAS must be installed andconfigured properly, and dial-up networking must also be installed andconfigured if you wish to dial out as a remote client You can use the NewConnection Wizard to set up a dial-up connection

Remote Access Links

Remote access requires a physical link of some sort, commonly a phone line WAN links vary in type, speed, and cost Some common tech-nologies include:

tele-■ Public Switched Telephone Network/PSTN (regular analog phonelines)

■ Integrated Services Digital Network/ISDN (high-speed digitalphone lines)

■ Digital Subscriber Line/DSL (higher-speed digital phone lines)

■ T-Carrier/T-1, T-2, T-3 (dedicated leased line)

■ X.25 (packet-switched network)

Remote Access Protocols

Remote access protocols work across the WAN link (and are sometimes

called WAN protocols) in conjunction with the LAN protocols used by the

network to which you are remotely connecting The LAN protocol is

“wrapped” (encapsulated) inside the WAN protocol

The two popular WAN protocols are:

■ Serial Line Internet Protocol (SLIP)

■ Point-to-Point Protocol (PPP)PPP is more commonly used, as it supports encryption, compression,and automatic IP address assignment by a DHCP server SLIP is used pri-marily by some UNIX servers Windows 2000 can use either SLIP or PPP

to dial out, but uses only PPP for dial-in connections

You can enable PPP event logging and use PPP tracing to gather mation useful in troubleshooting PPP connections For instructions onhow to do so, see Chapter 9, “Troubleshooting Remote Access in a

infor-Windows 2000 TCP/IP Network.”

RRAS Configuration Problems

Configuration problems can stem from either the RRAS server or theremote client

Server Configuration

The first step in troubleshooting the inability to establish a dial-up nection to the remote server is to ensure that the server’s modem or ISDNadapter is working properly, and that the RRAS service is started on theserver You should ensure that the server’s ports are configured for

con-remote access, and that the properties for the LAN protocol being used

(IP) are configured to allow remote access Also be sure there are enough

IP addresses in the static address pool assigned by RRAS, if this feature

is being used by the RRAS server

RRAS allows you to aggregate the bandwidth of multiple telephone lines

If you have trouble doing so, you should ensure that your ISDN adaptersupports multiple lines or that you have two functional modems, eachattached to a separate working telephone line Then, ensure that theremote access server’s PPP options are configured to support multilink

You can also elect to use Bandwidth Allocation Protocol (BAP) to allowmultilink to adapt to changing bandwidth demands

pack-Remote Access Policy

You can set policies on the RRAS server governing remote access thatplace conditions and parameters on incoming connections Policies can beset to limit dial-in to certain days or time of day, connection types, orgroup memberships, and limits can be set on the duration of the connec-tion

When a user attempts to make a connection, the characteristics of theconnection attempt are compared with the authentication information,user dial-in properties, and remote access policies Access will be denied

if the connection attempt doesn’t match any of the remote access policies

NAT and ICSInternet Connection Sharing (ICS) and Network Address Translation (NAT)allow you to provide Internet access to many computers using only onedial-up connection and registered IP address ICS is actually a “light” ver-sion of NAT ICS is available on both Windows 2000 Professional and

Server computers, but NAT is available only on server products NAT ismore flexible and configurable.

NAT Configuration

NAT must be configured for both public and private interfaces, as NAT

“translates” private IP addresses used internally on the LAN to one ormore public registered IP addresses that are “seen” on the Internet Thepublic interface connects to the ISP, and the private one to the local net-work

Some programs will not work through NAT because they use protocolsthat are not translatable (due to the way the packet headers are con-structed) NAT editors are available and included in Windows 2000 formany common protocols such as FTP, ICMP, PPTP, and NetBT Some pro-tocols, such as HTTP, don’t require a NAT editor

NAT cannot be used with IPSec for host-to-host security

Virtual Private Networking (VPN)

VPNs are a popular solution for creating a secure yet inexpensive way toconnect from a remote computer to a LAN across the Internet Virtual pri-vate networking allows you to establish a “tunnel” in which messages areencapsulated and encrypted

Windows 2000 supports two tunneling protocols:

■ Point-to-Point Tunneling Protocol (PPTP)

■ Layer 2 Tunneling Protocol (L2TP)Troubleshooting VPN connections is similar to troubleshooting otherremote connections, with a bit more complexity Some guidelines include:

■ Ensure that RRAS is installed and enabled on the VPN server

■ Ensure the RRAS service is started on the VPN server

■ Ensure that PPTP or L2TP ports are enabled for inbound remoteaccess traffic

■ Ensure that LAN protocols used by the VPN client are enabled

on the server

■ Ensure that all PPTP or L2TP ports are not already in use

■ Ensure that the VPN client and server are configured with acommon authentication method and a common encryptionmethod

■ Ensure that the user account has the proper dial-in permissionsgranted

■ Ensure that remote access policies are not causing a denial ofthe connection

The Network Interface Level

Connectivity problems can occur at any layer of the networking model

The network interface level includes physical and data link issues, suchas:

■ The network interface card (NIC)

■ NIC drivers

■ Cable and other media

■ Connectivity devices

Connectivity DevicesLayer 1 and 2 connectivity devices include repeaters, hubs, switches, andbridges Each of these serves a different purpose and works in a differentway

■ Passive Do not boost the signal

■ Active Boost the signal

■ Intelligent Contain diagnostic chips for management

■ Switching (also called a switch; see the next section)

net-Bridges determine whether to forward a packet across based on the MACaddress and the bridge’s own routing table, which it builds as it “learns”the locations of computers on the network.

The 5-4-3 Rule

A standard guideline is that coax Ethernet networks may have no morethan five network segments, connected by no more than four repeaters,and no more than three of those segments may be populated by nodes(computers or other network devices)

The 80/20 Rule

With bridges, a popular guideline is that 80 percent of the network trafficshould be local (same side of the bridge), and 20 percent (or less) shouldcross the bridge

For best performance, you should ensure that computers that municate with each other are most often on the same side of the bridge

com-Looping

Bridge looping is a common problem that can occur if there is more thanone active bridge on the network The Spanning Tree Algorithm wasdeveloped as a solution to bridge looping

The Internetwork Level

The Internetwork layer of the DoD model (equivalent to the Network layer

in OSI) is responsible for routing Windows 2000 allows a computer to

function as an IP router (also called a gateway) when two network

inter-faces are installed and RRAS is properly configured for IP forwarding

IP routing involves finding a pathway from the sending computer or warding router to the destination computer, whose address is designated in

for-the IP header The distance from one router to for-the next is called a hop There are two types of routing: direct and indirect Indirect routing

refers to routing data to a computer on the same subnet, while indirectrouting refers to sending data through a gateway or gateways to a com-puter on a different subnet

Each TCP/IP computer on a routed network has a designated defaultgateway to which packets addressed to a destination with a different net-work ID are sent Windows 2000 allows you to configure multiple defaultgateways, but only one is active at a given time If the first fails, the sec-ond is used The default gateway must be on the same IP subnet as the

IP address assigned to the interface

A router’s interface can connect to a LAN or a WAN Each interfacemust have an IP address with a network ID appropriate for the network

To view the routing table, use the route print command, or you canview the table from the GUI using the RRAS management console

The routing table has the following columns:

Features of the Windows 2000 Router

A Windows 2000 computer running RRAS and providing routing servicessupports the following features:

■ Multiprotocol routing (IP, IPX, and AppleTalk)

■ Support for standard dynamic routing protocols (RIP and OSPF)

■ Packet filtering

■ Router advertisement and discovery (ICMP)

■ Multicast services (IGMP)

■ Unicast routing

Routing ProtocolsRouting can be either static or dynamic Static routing requires manuallyentering routes into the routing table Dynamic routing requires specialprotocols Windows 2000 supports the following dynamic routing proto-cols:

hori-RIP listening (Silent hori-RIP) is also supported With Silent hori-RIP, hosts thatare not routers themselves can listen to RIP messages sent by other com-puters and use them to update their tables.

Both hosts and gateways can implement RIP RIP is relatively easy toset up, but has the following disadvantages and problems:

■ Hop count limit of 15

■ Excessive network traffic caused by RIP broadcasts

■ High convergence time

■ Possibility of routing loops

■ Count-to-infinity problem

■ Rogue RIP routersRIPv2 supports password authentication so the origin of RIPannouncements can be confirmed RIP is a distance vector protocol

OSPF Features

Open Shortest Path First (OSPF) is a link state protocol As such, it isefficient and doesn’t require much overhead The Shortest Path First algo-rithm is not vulnerable to routing loops SPF calculates the shortest pathbetween the router and remote networks by creating and maintaining amap of the network, called the Link State Database (LSDB)

Windows 2000’s OSPF can be used on a broadcast network likeEthernet, a nonbroadcast network like ATM, or a point-to-point networkusing a dedicated leased line OSPF’s routing table structure is hierarchi-cal, unlike RIP’s flat structure

Areas and Router Classifications

OSPF divides the network into areas, which are assigned an area number.There is always a “backbone” area, called Area 0, to which the Area

Border Router (ABR) of every other area is connected An area can consist

of one or more networks or subnets ABRs can summarize their routes,which decreases the need for OSPF to recalculate routes

OSPF routers are classified as:

■ ABRs (Area Border Routers)

■ IRs (Internal Routers)

■ BR (The Backbone Router)

■ ASBR (Autonomous System Border Routers)

OSPF Protocols

OSPF uses the following protocols: common header protocol, hello col, exchange protocol, flooding protocol, and the aging link state recordprotocol

proto-OSPF Advantages

Although it is more complex and requires more technical expertise toimplement, OSPF enjoys the following advantages over RIP:

■ More efficient calculation of routes

■ Faster convergence times

■ Support for load balancing

■ Low bandwidth utilization

■ No routing loops or count-to-infinity problems

■ Hierarchical structure isolates instability within an area

■ More scalable, appropriate for larger networks

■ Secure password authentication for transmission of updatemessages

Windows 2000 Router LoggingYou can enable logging to assist in troubleshooting the Windows 2000router in one of two ways:

■ Enable event logging: Writes events to the system log in EventViewer

■ Enable tracing: Logs to a file

To enable tracing, you must edit the Windows 2000 Registry Forinstructions on how to do so, see Chapter 11, “Troubleshooting Windows

2000 Connectivity Problems at the Internetwork Level.”

Selected Services

Windows 2000 includes the Internet Information Services (IIS 5.0): Webserver, FTP server, NNTP news server, gopher and SMTP mail server All ofthese services depend on the TCP/IP suite and are fully integrated withthe operating system

Site Logging

You can enable site logging to assist with troubleshooting the Web andFTP services This is done through the IIS management console There arefour types of logging formats from which to choose:

■ W3C Extended Log File Format

■ Logging to an ODBC database

■ NCSA Common Log File Format

■ Microsoft IIS Log FormatWC3 and ODBC logging can be customized, while NCSA and MicrosoftIIS formats are fixed (noncustomizable) file formats

Web Server

The Web server is subject to the following common problems:

■ Connection capacity bottleneck To solve this, you can throttle

network bandwidth

■ CPU utilization bottleneck To solve this, you can enable

processor throttling, upgrade the CPU, add additional CPUs(multiprocessing), or move applications that use a great deal ofprocessor time to another computer

■ Site name resolution problems You can use IPCONFIG and

standard name resolution troubleshooting techniques

■ Inaccessible virtual directories You must add the virtual

directory to every individual site

■ Problems hosting multiple site You must properly configure

appended port numbers, assign multiple IP addresses, orconfigure host headers

■ Permissions problems Check NTFS permissions, ensure that

IIS is not set to deny access to that IP address or domain, andcheck the user account

IIS configuration information is stored in the metabase, which is a

hierarchical database similar to the Registry Changes can be made to themetabase using the IIS snap-in to the MMC or the HTML Web-basedInternet Services Manager

FTP Server

Most FTP problems are authentication or permissions problems, or nectivity problems Troubleshoot general network connectivity usingPING

con-FTP commands and arguments are all sent together in the same

pack-et, which makes it easy to troubleshoot the service with a protocol sis tool like Sniffer because you don’t have to reassemble the packets

analy-Ensure that you know how to restart a paused or stopped FTP site

You can do this within the Internet Services MMC or from the commandline

NNTP ServerThe NNTP service can be monitored using System Monitor (Performance).You can also use Event Viewer’s system log, to which NNTP error mes-sages are written

Common NNTP problems involve network connectivity, or NNTP ice availability Both of these can be checked using standard TCP/IP com-mand-line utilities For detailed instructions on how to do so, see Chapter

serv-11 Another common source of problems involves security settings

Always check the permissions on the directories where the newsgroupresides, ensure that the IP address or domain has not been restricted,and check to see if SSL is required

Summary

The TCP/IP protocol suite has been around for—in the context of

comput-er technology—a long time The Windows 2000 opcomput-erating system is new

Together, they work effectively to provide reliable network tions over networks of all sizes They also present some unique trou-bleshooting challenges (also known as opportunities) to the networkadministrator Learning to live with (and love) them is more a job require-ment than an option; it looks as if both will be around for some time tocome

communica-TCP/IP Troubleshooting Secrets

Solutions in this chapter:

Lesser-Known Shortcuts

The following are some of the lesser-known shortcuts available withWindows 2000

Finding the Consoles

Windows 2000 has a great many preconfigured Management Consolesthat you can use right out of the box Many of these consoles are avail-able to you directly from the Administrative Tools menu, which you canaccess from the Start menu However, if you would like to look at some ofthe “undocumented” consoles available in Windows 2000, you can use theFind command from the Start menu to help your search

Click the Start menu, go to Search, and then click on Files or Folders.From there, type in the “Search for file or folders named” text box thestring:

*.msc

This will cause the Find utility to search for all the MicrosoftManagement Consoles on your machine The number of handy MMCsthat Microsoft has included might pleasantly surprise you If you findthem useful, you can create a shortcut on your desktop to any of theseconsoles you discovered

Control the Index Server

The Index Server that comes with Windows 2000 can be incredibly intensive If you find that you have frequent spikes of processor activityattributable to the cisvc.exe or cidaemon.exe processes, you might want towrestle some control over the amount of system resources dedicated to theIndex Server Luckily, Microsoft gives you a way to do this easily

resource-Open the Computer Management console from the Administrative Toolsmenu Then expand the Services and Applications node in the left pane, andclick on Indexing Service First you need to stop the Index Server by right-clicking the Indexing Service node and selecting Stop

After you have stopped the Index Server, right-click it again, tracedown to All Tasks, and then over to click Tune Performance You’ll seethe dialog box displayed in Figure A.1

From this dialog box, you can configure how much of the system’sresources you want to dedicate to the Index Server Processes

The default is “Used often, but not dedicated to this service.”

If you find that the service is used only occasionally, but you still want

to avail yourself of the Index Server services periodically, choose the

“Used occasionally” option button

Figure A.1 The Indexing Service Usage properties dialog box.

Windows 2000 Telnet Client and Server

In Windows NT 4.0, you could easily access the Telnet Client from theAccessories menu in the Start menu If you try to find the Telnet Client inthe same way in Windows 2000, you’ll be sadly disappointed In order to

access the Telnet Client in Windows 2000, you must type telnet at the

Run command or command prompt You will see a screen similar toFigure A.2

Figure A.2 The Windows 2000 Telnet Client application.

The Telnet Client is now entirely character-based You no longer havethe comfort of the nice GUI interface provided with the Telnet Client thatwas included with Windows NT 4.0 To configure the Telnet Client’s

behavior, type ? at the Telnet command prompt You should see output

similar to the following:

Commands may be abbreviated Supported commands are:

close close current connection

display display operating parameters

open connect to a site

quit exit telnet

set set options (type 'set ?' for a list)

status print status information

unset unset options (type 'unset ?' for a list)

?/help print help information

In order to get more control over the appearance of your Telnet dows, you can include some “set” options To find out what your set

win-options are, type set ? at the Telnet command prompt You should see

something similar to the following:

Microsoft Telnet> set ?

NTLM Turn ON NTLM Authentication.

LOCAL_ECHO Turn ON LOCAL_ECHO.

TERM x (where x is ANSI, VT100, VT52, or VTNT)

CRLF Send both CR and LF

By using the “set” options, you can configure such properties as:

■ The terminal emulation type

■ Whether you want to use NTLM authentication

■ Whether the terminal windows should echo the characters thatyou type

There was no Telnet Server available “out of the box” for Windows NT 4.0 There

was a Telnet Server available with the Windows NT 4.0 Resource Kit, although

it was somewhat difficult to implement and was not always very reliable Windows 2000 includes a Telnet Server right out of the box, which is

a tremendous boon to administrators who wish to use command-lineprocesses to execute instructions to remote machines

To access the Windows 2000 Telnet Server, go to the AdministrativeTools menu, and click Telnet Server Administration You should see ascreen similar to Figure A.3.

Figure A.3 The Telnet Server Administration command window.

From here, you can configure the Telnet Server settings The onesthat you’ll be most concerned with will be related to displaying andchanging the Registry settings that determine how the Telnet Serverfunctions If you select option 3 from this list, you will see a screen sim-ilar to Figure A.4

Figure A.4 The Telnet Server Registry settings options.

What do all these options mean? Open the Windows 2000 Help andsearch for Telnet You will find the meanings and the configurationoptions for all settings there

Under-Documented Features and Functions

Here are several under-documented features and functions available inWindows 2000

The FTP Command Set

Have you ever wanted to be able to use the command-line FTP programlike the pros do, but had no idea what the command set was? Table A.1shows a list of the most useful commands you can execute from theWindows 2000 command-line FTP program

Table A.1 Command-Line FTP Program Commands

! Run the command on the local computer rather than on the

FTP Server

ASCII Sets the file transfer type to ASCII, which is the default

Bell The computer will make a sound after a file transfer command

is completed

Binary Sets the file transfer type to binary for binary file transfers such

as program files

Bye This ends the FTP session

CD Changes your directory location on the FTP Server

Debug Causes the screen to print detailed information about the

com-mands sent to and from the FTP Server

Delete Deletes files on the FTP Server

Dir Shows a listing of the Directories on the FTP Server

Get Copies a file on the FTP Server to your computer

Glob Allows you to GET groups (globs) of files using wildcard

char-acters

Lcd Changes the directory where files will be downloaded on the

local machine

Ls Lists files and directories on the FTP Server

Mget GETS multiple files from the FTP Server

Mput Copies multiple files from the local machine to the FTP Server.Open Connects to a specified FTP Server

Put Copies local files to the FTP Server

Command Action

Continued

The nslookup UtilityOne of the most useful utilities you have is the nslookup command.

Traditionally, however, Windows NT network administrators have not hadvery much training in how to use the utility You can use nslookup totroubleshoot problems with host name resolution, and to investigateproblems with the DNS server itself, such as absent records in the zonedatabase file

There may be times when you are not at a machine that has the DNSConsole available, but you still need to know the contents of the zonedatabase file to troubleshoot a host name resolution problem In thatcase, you can still access the entries in the zone database by using thenslookup command

First, start nslookup in interactive mode Remember that interactivemode allows you to stay in the nslookup command context until you type

exit from the nslookup command prompt Then type ? to see the

ls –a tacteam.net.

again replacing the zone name with the one that you’re interested in Youcan use the –t [Record Type] command to list only those records you areinterested in For example, if you only wanted to see the NS records forthe zone, you could type:

ls -t NS tacteam.net.

and a list of all the NS records would be returned

Prompt When multiple files are being transferred, prompt will cause

the system to prompt you for your wish to download quent files This is turned on by default

subse-Status Informs you of the current status of FTP connections and

tog-gled options

Type Sets or displays the file transfer type

Verbose Gives you detailed information about all FTP commands

exe-cuted during the session

Command Action

Take some time to acquaint yourself with the nslookup command Youwill find it a faithful ally in solving many of your DNS-related problems.

Using ipconfig Switches

You have undoubtedly run into the ipconfig command and some of itsnew features The ipconfig command now allows you to set and show theclass IDs available to DHCP clients on your Windows 2000 network The Windows 2000 DHCP service allows you to use class IDs that theDHCP client sends to the DHCP server to let it know that it is a member

of a “class,” either a “user class” or a “vendor class.”

The user classes are those that you can create yourself, and the vendorclasses are implemented by vendors of specific hardware and software

The trick is, how do you actually implement these class IDs? If youlook at the online help for the ipconfig command, you see the following:

| /setclassid adapter [classidtoset] ]

adapter Full name or pattern with '*' and '?' to 'match',

* matches any character, ? matches one character.

Options /? Display this help message.

/all Display full configuration information.

/release Release the IP address for the specified adapter.

/renew Renew the IP address for the specified adapter.

/flushdns Purges the DNS Resolver cache.

/registerdns Refreshes all DHCP leases and re-registers DNS names /displaydns Display the contents of the DNS Resolver Cache.

NOTE

/showclassid Displays all the dhcp class IDs allowed for adapter.

/setclassid Modifies the dhcp class id.

The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP.

For Release and Renew, if no adapter name is specified, then the IP address leases for all adapters bound to TCP/IP will be released or renewed.

For SetClassID, if no class id is specified, then the classid is removed.

To see the available class IDs, you can use the showclassid switch

Notice that the command must include the adapter name Now, how doyou know your adapter name? You could use the ipconfig command withthe /all switch and see something like the following:

C:\>ipconfig /all Windows 2000 IP Configuration

Host Name : EXETER Primary DNS Suffix : tacteam.net Node Type : Hybrid

IP Routing Enabled : Yes WINS Proxy Enabled : No DNS Suffix Search List : blah.com

wins.tacteam.net Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix : Description : 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-T)

Physical Address : 00-50-04-70-EC-D3 DHCP Enabled : No

IP Address : 192.168.1.186 Subnet Mask : 255.255.255.0 Default Gateway : 192.168.1.16 DNS Servers : 192.168.1.185

192.168.1.16 Primary WINS Server : 192.168.1.185

Looking at this example, what do you think the adapter name is? Ifyou guessed 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-T), you’rewrong! The actual adapter name is Local Area Connection So, what doyou think you would get if you typed ipconfig /showclassid Local

need to put the phrase “Local Area Connection” in quotation marks This

Now, when I type the command ipconfig /showclassid 3Com, we seethe following:

C:\>ipconfig /showclassid 3Com

Windows 2000 IP Configuration

DHCP Class ID for Adapter "3Com":

DHCP ClassID Name : Microsoft Dynamic BOOTP Class DHCP ClassID Description : User class for options specific

to dynamic BOOTP clients

You can use the new adapter name when setting class IDs for yourDHCP clients as well For more information on how to create and use

user and vendor class IDs, check out Managing Windows 2000 Network Services published by Syngress Media.

For Experts Only

Here are some of the more advanced features of Windows 2000

The Future of IP Communications

As we enter the twenty-first century, the ways we communicate continue

to change Technologies once dreamed of only by science fiction writersare becoming reality—and many of those technologies are based on IP

IP Telephony

One exciting development is IP telephony, which offers simultaneousvoice, video, and data transmission over the Internet or the local net-work