Managing and monitoring a remote access server can be done with several tools. In this lesson, you learn about remote access logging, accounting, Netsh, Network Monitor, and various resource kit utilities.
After this lesson, you will be able to
Estimated lesson time: 30 minutes
Internet Authentication Service (IAS) can create log files based on the authentication and accounting requests received from the Network Access Servers (NASs) by collecting these packets in a centralized location. Setting up and using such log files to track authentication information—such as each accept, reject, and automatic account lockout—can help simplify administration of your service. You can set up and use logs to track accounting information—such as logon and logoff records—to help maintain records for billing purposes (see Figure 12.16).
Figure 12.16 Remote Access logging
When you set up logging, you can specify the following:
You can also select the types of requests received by the IAS server that are to be logged.
Accounting requests include the following:
Authentication requests include the following:
Initially, it is recommended that you select the first two options and refine your logging methods after you determine which data best matches your needs.
When you set up your servers, specify whether new logs are started daily, weekly, monthly, or when the log reaches a specific size. You can also specify that a single log is maintained continually (regardless of file size), but this is not recommended. The file naming convention for logs is determined by the log period you select. Because changing this option can result in overwriting of existing logs, you should copy logs to a separate file before changing the log period. By default, the log files are located in the %systemroot%\System32\LogFiles folder, but you have the option of specifying a different location.
Attributes are recorded in Unicode Translation Format-8 (UTF-8) encoding in a comma-delimited format. The format of the records in a log file depends on the file format.
Routing and Remote Access can be configured to log accounting information in the following locations:
Configuration of the Routing and Remote Access accounting provider is done from the Security tab from the properties of a remote access router in the Routing and Remote Access snap-in, as shown in Figure 12.17, or by using the Netsh tool.
Figure 12.17 Remote Access accounting
Netsh is a command-line and scripting tool for Windows 2000 networking components for local or remote computers. Netsh is supplied with Windows 2000. Netsh allows you to save a configuration script in a text file for archival purposes or for configuring other servers.
Netsh is a shell that can support multiple Windows 2000 components through the addition of Netsh helper dynamic-link libraries (DLLs). A Netsh helper DLL extends Netsh functionality by providing additional commands to monitor or configure a specific Windows 2000 networking component. Each Netsh helper DLL provides a context (a group of commands for a specific networking component). Within each context, subcontexts can exist. For example, within the routing context, the subcontexts IP and IPX exist to group IP routing and IPX routing commands together.
For Routing and Remote Access, Netsh has the following contexts:
Network Monitor enables you to detect and troubleshoot problems on LANs and on WANs, including Routing and Remote Access links. With Network Monitor you can identify network traffic patterns and network problems. For example, you can locate client-to-server connection problems, find a computer that makes a disproportionate number of work requests, capture frames (packets) directly from the network, display and filter the captured frames, and identify unauthorized users on your network.
The following are Resource Kit utilities that make the job of managing and monitoring Routing and Remote Access easier.
The RASLIST.EXE command-line tool displays Routing and Remote Access server announcements from a network. Raslist listens for Routing and Remote Access server announcements on all active network cards in the computer from which it is run. Its output shows which card received the announcement. Raslist is a monitoring tool. It may take a few seconds for the data to begin to appear; data continues to appear until the tool is closed.
By using the RASSRVMON.EXE tool, you can monitor the remote access server activities on your server in greater detail than the standard Windows tools allow. Rassrvmon provides the following monitoring information:
To allow for more flexibility, alerts can be set up to run a program of your choice. This gives you the flexibility to send mail, a page, a network popup, or any other action you can automate with an executable file name or a batch script.
RASUSERS.EXE lets you list for a domain or a server all user accounts that have been granted permission to dial in to the network via Routing and Remote Access, a feature of Windows 2000 that implements remote access functionality.
TRACEENABLE.EXE is a graphical user interface-based tool that enables tracing and displays current tracing options. Windows 2000 Routing and Remote Access has an extensive tracing capability that you can use to troubleshoot complex network problems. Tracing records internal component variables, function calls, and interactions. Separate Routing and Remote Access components can be independently enabled to log tracing information to files (file tracing). You must enable the tracing function by changing settings in the Windows 2000 registry using TRACEENABLE.EXE.
As each tracing item is selected in the combo box, the values are displayed. Make your changes, and then click Set. This writes your changes to the registry. To get console tracing, you must turn it on for the component and turn it on with the master check box at the top of the Trace Enable window. For example, you would follow these steps to generate a log file for PPP:
Tracing is now enabled for this component. In most cases the log file is created in %windir%\tracing.
Managing and monitoring a remote access server is done with several tools. In this lesson, you learned about remote access logging, accounting, Netsh, Network Monitor, and various resource kit utilities.