Troubleshooting Internet Connectivity

You can establish Internet connectivity in a number of ways. You can use a remote access server, Internet Connections Sharing (ICS), Network Address Translation (NAT), or a direct connection using a network card, a modem, or another device. Because many organizations now rely heavily on the Internet for day-to-day operations, it is important that you have some understanding of how to troubleshoot Internet connectivity issues as they arise and the tools available to assist you.

Note

Refer to Chapter 5, "Routing and Remote Access," for specific information about troubleshooting remote access.

If you are troubleshooting Internet Connectivity, the following are some of the common steps you can take initially:

If you are using a dial-up connection, verify the number and credentials being used.
Verify that the hardware being used is connected.
Ensure that the hardware being used to connect to the Internet (such as a modem) is functioning.
Use the IPCONFIG command to check the local host's TCP/IP configuration.
If you access the Internet through a gateway, verify that the gateway is operational. This can be done by pinging the gateway's IP address.
For name-resolution errors, make sure that DNS is properly configured and the DNS servers are online.
If Internet access is through a proxy server, verify that the outgoing traffic is permitted.

The following section examines some of the tools and utilities included with Windows Server 2003 that can be used to assist you in troubleshooting Internet connectivity.

Hardware

Whether you have a direct connection to the Internet or have access through another computer, some form of hardware is used. If you experience hardware problems, whether with a modem, a network adapter, or another device, you can use Device Manager to attempt to troubleshoot and diagnose the problem.

You can access Device Manager by right-clicking My Computer and choosing Properties. Select the Hardware tab and click the Device Manager button. As you can see from Figure 6.9, Device Manager lists all the hardware that is currently installed on the computer.

Figure 6.9. Using Device Manager to troubleshoot hardware problems

By opening the properties window for a device, such as the network interface card, you can verify its status. If there are problems with the device, click the Troubleshoot button, which gives you some basic suggestions for troubleshooting the issue at hand. If you are troubleshooting a modem problem, you can also use the Diagnostics tab, which is found on the properties window for the modem within the Phone and Modem applet.

Driver Signing

Microsoft recommends you only install drivers that have been tested for compatibility with Windows Server 2003. Drivers that have met the Designed for Microsoft Windows logo requirements are digitally signed and safe to install on your computer.

Windows Server 2003 includes three different options for driver signing. The option you select will tell Windows what to do when it detects an unsigned driver (this is a driver that has not been tested with Windows). You can configure the driver signing options from the System Properties dialog box. The different options include the following:

Ignore Install the Software Anyway and Don't Ask for My Approval. Selecting this option means that any unsigned drivers will be installed on your computer and could cause instability.
Warn Prompt Me Each Time to Choose an Action. If this option is selected, Windows will present a warning when you attempt to install an unsigned driver.
Block Never Install Unsigned Driver Software. By selecting this option, no unsigned drivers will be installed on the computer.

In some cases, unsigned drivers might not cause any problems on a computer. However, you can never be sure because they have not been tested. If you want to err on the side of caution, you can configure Windows XP to prevent the installation of unsigned drivers.

To accomplish this, open the System applet within the Control Panel. From the Hardware tab, select the Driver Signing button. Select the BlockNever Install Unsigned Driver Software option. Also verify that the Make This Action the System Default option at the bottom of the dialog box is selected. Click OK to close the Driver Signing Options dialog box. Click OK to close the System Properties dialog box. Users will no longer be permitted to install drivers that have not been signed.

You can also configure Driver Signing options through the local policy. Open the Group Policy Editor (click Start, click Run, and type gpedit.msc). Expand Computer Configuration, Windows Settings, Security Settings, Local Policies, Security Options. In the details pane, double-click Devices: Unsigned Driver Installation Behavior. Use the drop-down arrow to make your selection and click OK.

Driver Rollback

The driver Roll Back feature can be used if you encounter problems after updating a driver. For example, such problems include error messages when you access the device, faulty behavior of the device, or even the inability to start Windows.

To use the Roll Back feature in Windows Server 2003, open the Device Manager and follow these steps:

1.	Right-click the device for which you want to reinstall the previous version of the driver and click Properties.
2.	Click the Drivers tab.
3.	Click the Roll Back Driver button.

Troubleshooting Utilities

Aside from Device Manager, which can be used to troubleshoot hardware problems, a number of other utilities available can assist in diagnosing Internet connectivity problems. The following sections outline some of the tools that are included with Windows Server 2003.

Network Diagnostics

Network Diagnostics is a tool that gathers information about the hardware, software, and network connections on a local computer and displays the results. It can be used to verify network connectivity and determine whether network-related services are running. The result of the network diagnostics analysis can then be used to identify connectivity problems.

Tip

You can also configure the scanning option for Network Diagnostics and specify what actions to take and what categories to include in the scan.

To use Network Diagnostics, perform the following tasks:

1.	Click Start and click Help and Support.
2.	From the list of Support Tasks, click Tools.
3.	Select Help and Support Center Tools.

4.	Select Network Diagnostics (see Figure 6.10). Figure 6.10. Help and Support Center tools

5.	Click Scan Your System. Network Diagnostics gathers information about hardware, software, and network connections on the local computer and displays the results (see Figure 6.11). Figure 6.11. Network Diagnostics results

The `NeTDiag` Command

After the Windows Server 2003 Support Tools are installed, you can use the NeTDiag.exe command-line utility to troubleshoot networking and connectivity problems. Netdiag performs a series of tests to determine the status of the network client. The information can be used by administrators and support personnel to isolate and troubleshoot network problems.

Note

To install the Windows Server 2003 Support Tools, open the Support\Tools directory located on the Windows Server 2003 CD-ROM and double-click the suptools.msi file.

`Netsh` Command

Netsh is a command-line utility that enables you to modify the network configuration of the local computer or a remote computer. Netsh in Windows Server 2003 introduced a set of diagnostic commands that can be used for troubleshooting. Table 6.1 summarizes some of the context commands that can be useful when troubleshooting Internet connectivity.

Table 6.1. `Netsh diag` Command Contexts
Command Context	Description
`Connect ieproxy`	Establishes, verifies, and drops a connection with the proxy listed in the properties of Internet Explorer.
`Connect iphost`	Establishes, verifies, and drops a connection with a specified host using a specified port.
`Connect mail`	Establishes, verifies, and drops a connection with the host specified as the mail server within Outlook Express.
`PING`	Verifies connectivity with the remote host specified.
`PING` `adapter`	Verifies connectivity through a specified adapter. If used without parameters, it tests connectivity through all installed adapters.
`PING gateway`	Verifies connectivity with the default gateways listed in the TCP/IP properties for the specified adapter. If no adapter is specified, connectivity is verified through all installed adapters.
`PING DNS`	Verifies connectivity with DNS servers listed in the TCP/IP properties for the specified adapter. If no adapter is specified, connectivity to DNS servers is tested through all installed adapters.
`PING ieproxy`	Verifies connectivity with the proxy server listed in the properties of Internet Explorer.
`PING iphost`	Verifies connectivity with a local or remote host.
`PING mail`	Verifies connectivity with the mail server configured in Outlook Express.
`Show` `modem`	Lists information about the specified modem.
`Show gateway`	Lists all Internet gateways for the specified adapter.
`Show ieproxy`	Lists all Internet Explorer proxy servers for the specified adapters.
`Show mail`	Shows the Outlook Express mail server configured on the local computer.

`IPCONFIG`

If you are experiencing network connectivity problems, one of the first actions you should perform is to verify the IP configuration on the client or server that is reporting the error. By doing so, you can verify that incorrect IP parameters configured on the computer are not causing the problem. You can use the IPCONFIG utility from the command prompt to verify a computer's IP configuration. You can view detailed IP configuration information for all interfaces, including modems (see Figure 6.12). Table 6.2 summarizes the available switches.

Figure 6.12. Using the `IPCONFIG /ALL` command

Table 6.2. `IPCONFIG` Command-Line Switches
Switch	Description
`/all`	Displays full configuration information
`/release`	Releases the IP address assigned to the specified adapter
`/renew`	Renews the IP address for the specified adapter
`/flushdns`	Purges the DNS resolve cache
`/registerdns`	Refreshes all DHCP leases and re-registers DNS names

`PING`

Use the PING command to verify connectivity with other hosts on a TCP/IP network or on the Internet. Connectivity is verified by sending Internet Control Message Protocol (ICMP) echo requests and replies. When the PING command is issued, the source computer sends echo request messages to another TCP/IP host. If reachable, the remote host then responds with four echo replies. The PING command is also issued at the command prompt, along with the TCP/IP address or domain name of the other TCP/IP host, as follows:

 C:> PING 124.120.105.110 C:> PING www.bayside.net

Tip

To determine whether TCP/IP is initialized on the local computer, issue the PING command and specify the loopback address of 127.0.0.1.

The general steps for troubleshooting TCP/IP using the PING command are as follows:

1.	`PING` the loopback address of 127.0.0.1 to ensure that TCP/IP is initialized on the local computer.
2.	If successful, `PING` the IP address assigned to the local computer.
3.	Next, `PING` the default gateway's IP address. If this fails, verify that the default gateway's IP address is correct and that the gateway is operational.
4.	Next, `PING` the IP address of a host on a remote network. If this is unsuccessful, verify that the remote host is operational, verify the IP address of the remote host, and verify that all routers and gateways between the local computer and remote computer are operational.

Tip

A quick way to verify TCP/IP connectivity is to complete step 4 in the preceding steps first. If you can successfully PING the IP address of a remote host, steps 1 through 3 will be successful.

`trACERT` and `PATHPING`

Two other utilities that can be used for TCP/IP troubleshooting are TRACERT and PATHPING. The trACERT command determines the route that is taken to a specific destination. You might want to use the TRACERT command if you cannot successfully PING the IP address of a remote host. The results of the trACERT command indicate whether there is a problem with a router or gateway between the local computer and the remote destination.

The PATHPING command is basically a combination of the PING and trACERT commands. When the command is issued, packets are sent to each router between the local computer and a remote computer. The output can display the degree of packet loss at each router, and the results determine which routers and gateways might be causing problems on the network.

Hardware

Figure 6.9. Using Device Manager to troubleshoot hardware problems

Driver Signing

Driver Rollback

Troubleshooting Utilities

Network Diagnostics

Figure 6.10. Help and Support Center tools

Figure 6.11. Network Diagnostics results

The `NeTDiag` Command

`Netsh` Command

Table 6.1. `Netsh diag` Command Contexts

`IPCONFIG`

Figure 6.12. Using the `IPCONFIG /ALL` command

Table 6.2. `IPCONFIG` Command-Line Switches

`PING`

`trACERT` and `PATHPING`

Troubleshooting Internet Connectivity

Hardware

Figure 6.9. Using Device Manager to troubleshoot hardware problems

Driver Signing

Driver Rollback

Troubleshooting Utilities

Network Diagnostics

Figure 6.10. Help and Support Center tools

Figure 6.11. Network Diagnostics results

The NeTDiag Command

Netsh Command

Table 6.1. Netsh diag Command Contexts

IPCONFIG

Figure 6.12. Using the IPCONFIG /ALL command

Table 6.2. IPCONFIG Command-Line Switches

PING

trACERT and PATHPING

The `NeTDiag` Command

`Netsh` Command

Table 6.1. `Netsh diag` Command Contexts

`IPCONFIG`

Figure 6.12. Using the `IPCONFIG /ALL` command

Table 6.2. `IPCONFIG` Command-Line Switches

`PING`

`trACERT` and `PATHPING`