Microsoft Windows XP Professional Resource Kit 2003
ISBN: N/A
EAN: N/A
EAN: N/A
Year: 2005
Pages: 338
Pages: 338
Many network troubleshooting tools are available to assist in diagnosing TCP/IP problems for Windows XP Professional. The following sections describe the tools and configuration details necessary to resolve typical troubleshooting problems.
Table 21-5 lists the diagnostic tools discussed in this section.
| Tool | Function |
|---|---|
| Hostname | Displays the host name of the computer. |
| IPConfig | Displays current TCP/IP network configuration values, updates or releases Dynamic Host Configuration Protocol (DHCP) allocated leases, and displays, registers, or flushes Domain Name System (DNS) names. |
| Nbtstat | Displays status of current NetBIOS over TCP/IP connections, updates the NetBIOS name cache, and displays the registered names and scope ID. |
| Pathping | Displays a path to a TCP/IP host and reports packet losses at each router along the way. |
| Ping | Sends ICMP Echo Request messages to verify that TCP/IP is configured correctly and that a TCP/IP host is available. |
| Route | Displays the IP routing table and adds or deletes IP routes. |
| Tracert | Displays the path to a TCP/IP host. |
To view the proper syntax for each command, type -? after each command. Typing /? produces the same results except after hostname and tracert where it has no effect.
In addition to the TCP/IP-specific tools, the following Windows XP Professional tools can be used:
Event Viewer. Records system errors and events.
Control Panel. Allows changes to networking and other system components.
Registry editor. Regedit.exe allows viewing and editing of registry settings.
When troubleshooting a TCP/IP networking problem, begin by checking the TCP/IP configuration on the computer experiencing the problem. Use the ipconfig command to get the host computer configuration information, including the IP address, subnet mask, and default gateway.
When Ipconfig is used with the /all parameter, it produces a detailed configuration report for all interfaces, including any configured remote access adapters. Ipconfig output can be redirected to a file and pasted into other documents. To do so, type ipconfig directory\file name. The output is placed in the directory you specified with the file name you specified.
The output of Ipconfig can be reviewed to find any problems in the computer network configuration. For example, if a computer is manually configured with an IP address that is a duplicate of an existing IP address that has already been detected, the subnet mask appears as 0.0.0.0.
If no problems appear in the TCP/IP configuration, the next step is to test the ability to connect to other host computers on the TCP/IP network.
Ping is a tool that helps to verify IP-level connectivity. PathPing is a tool that detects packet loss over multiple-hop paths. The ping command is used to send an ICMP Echo Request message to a target host. Use Ping whenever you want to verify that a host computer can send IP packets to a destination host. You can also use the Ping tool to isolate network hardware problems and incompatible configurations.
| Note | If you run ipconfig /all and the IP configuration is displayed, there is no need to ping the loopback address and your own IP address; Ipconfig has already performed these tasks to display the configuration. |
When troubleshooting, it is best to verify that a route exists between the local computer and a network host by first using Ping and the IP address of the network host to which you want to connect. The command syntax is:
ping IP address
Perform the following steps when using Ping:
Ping the loopback address to verify that TCP/IP is installed and configured correctly on the local computer.
ping 127.0.0.1
If the loopback step fails, the IP stack is not responding. This might be because the TCP drivers are corrupted, the network adapter might not be working, or another service is interfering with IP.
Ping the IP address of the local computer to verify that it was added to the network correctly. If the routing table is correct, this simply forwards the packet to the loopback address of 127.0.0.1.
ping IP address of local host
Ping the IP address of the default gateway to verify that the default gateway is functioning and that you can communicate with a local host on the local network.
ping IP address of default gateway
Ping the IP address of a remote host to verify that you can communicate through a router.
ping IP address of remote host
Ping the host name of a remote host to verify that you can resolve a remote host name.
ping Host name of remote host
Run a PathPing analysis to a remote host to verify that the routers on the way to the destination are operating correctly.
pathping IP address of remote host
If your local address is returned as 169.254.y.z, with a subnet mask of 255.255.0.0, you were assigned an IP address by the Automatic Private IP Addressing (APIPA) feature of Windows XP Professional. This means that TCP/IP is configured for automatic configuration, a DHCP server was not found, and an alternate configuration is not specified.
If your local address is returned as 0.0.0.0, the DHCP Media Sensing feature override started because the network adapter detected that it is not connected to a network or because TCP/IP has detected an IP address that duplicates a manually configured IP address.
Ping uses name resolution to resolve a computer name to an IP address. Therefore, if pinging by IP address succeeds, but fails by name, then the problem lies in host name resolution and not network connectivity.
If you cannot use Ping successfully at any point, make sure that:
The local computer s IP address is valid and appears correctly in the General tab of the Internet Protocol (TCP/IP) Properties dialog box or when using the Ipconfig tool.
A default gateway is configured and the link between the host and the default gateway is operational. For troubleshooting purposes, make sure that only one default gateway is configured. While it is possible to configure more than one default gateway, gateways beyond the first one are only used when the IP stack determines that the original gateway is not functioning. Because the point of troubleshooting is to determine the status of the first configured gateway, delete all others to simplify your troubleshooting.
IP Security is not currently enabled. Depending on IPSec policy, Ping packets might be blocked or require security. For more information about IPSec, see Configuring IPSec Policies earlier in this chapter.
| Warning | If the remote system being pinged is across a high-delay link such as a satellite link, responses might take longer to be returned. The -w (wait) parameter can be used to specify a longer time out period than the default time of four seconds. |
If you can ping both the loopback address and your own IP address, but not any other IP addresses, you might have to clear out the Address Resolution Protocol (ARP) cache. This can be done by using the Arp tool. Use commands arp -a or arp -g to display the cache contents. Delete the entries by using arp -d IP address. Flush the ARP cache by using netsh interface ip delete arpcache.
The gateway address must be on the same network as the local host; if not, messages from the host computer cannot be forwarded to any location outside the local network. Next, ensure that the default gateway address is correct as entered. Finally, make sure that the default gateway is a router, not just a host, and that it is enabled to forward IP datagrams.
If the default gateway responds correctly, ping a remote host to ensure that network-to-network communications are operating as expected. If this fails, use Tracert to trace the path to the destination. For IP routers that are computers running Windows XP Professional, Windows 2000, or Windows NT, use the Route tool or the Routing and Remote Access snap-in on those computers to examine the IP routing table. For IP routers that are not computers running Windows XP Professional, Windows 2000, or Windows NT, use the vendor-designated appropriate tool or facility to examine the IP routing table.
Four error messages are commonly returned by Ping during troubleshooting, as shown in Table 21-6.
| Error Message | Meaning and Action |
|---|---|
| TTL Expired in Transit | The number of required hops exceeds Time to Live (TTL). Increase TTL by using the ping -i parameter. A routing loop exists. Use the tracert command to check if there is a routing loop due to misconfigured routers. |
| Destination Host Unreachable | A local or remote route does not exist for a destination host either at the sending host or at a router. Troubleshoot the local host or router s routing table. |
| Request Timed Out | Echo Reply messages were not received within the designated time period (default of 4 seconds). Increase time period by using the ping -w parameter. |
| Ping request could not find host | Destination host name cannot be resolved. Verify name and availability of DNS or WINS servers. |
While IPSec can increase the defenses of a network, it can also make it more difficult to change network configurations or resolve troubleshooting problems. In some cases, IPSec policies requiring secured communication on a Windows XP Professional based computer can create difficulties in connecting to a remote host. If IPSec has been implemented locally, you can disable the IPSEC Services service in the Services snap-in.
If the problem disappears when IPSec services are stopped, IPSec policies are either blocking the necessary traffic or requiring security for the needed traffic. Contact the security administrator to modify the IPSec policy.
For more information about IPSec issues, see Configuring IPSec Policies earlier in this chapter.
Any mistakes in packet filtering can cause address resolution or connectivity to fail. To determine if packet filtering is the source of a network problem, you must disable TCP/IP packet filtering.
To disable TCP/IP packet filtering
In Control Panel (default view), click Network and Internet Connections.
Click Network Connections.
In Network Connections, right-click the local area connection you want to modify, and then click Properties.
On the General tab, in the This connection uses the following items list, click Internet Protocol (TCP/IP), and then click Properties.
Click Advanced, and then click the Options tab.
In the Optional Settings dialog box, click TCP/IP Filtering, and then click the Properties tab.
Clear the Enable TCP/IP Filtering (All adapters) check box, and then click OK.
Try pinging an address by using its DNS name, NetBIOS computer name, or IP address. If the attempt succeeds, the packet filtering options might be misconfigured or might be too restrictive. For example, the filtering might permit the computer to act as a Web server, but in the process disable tools, such as remote administration. You can restore a wider range of permissible filtering options by changing the permitted TCP port, UDP port, and IP protocol values.
If the attempt still fails, another form of packet filtering could still be interfering with your networking. For more information about IPSec packet filtering, see Internet Protocol Security earlier in this chapter. For information about Routing and Remote Access service packet filtering, see Unicast IP Routing in the Internetworking Guide of the Microsoft Windows 2000 Server Resource Kit.
Windows XP Professional supports routing on both single-adapter and multihomed computers. The Routing and Remote Access service provided with Windows 2000 Server includes two routing protocols: Routing Information Protocol (RIP) and Open Shortest Path First (OSPF). Windows 2000 routers can use RIP or OSPF to dynamically exchange routing information.
To determine the cause of connectivity problems when trying to connect to a specific server using NetBIOS-based connections, use the nbtstat -n command on the server to determine what name the server registered on the network.
Nbtstat -n output lists several names that the computer has registered. A name resembling the computer s name, as configured on the Computer Name tab in System in Control Panel, must be present. If not, try one of the other unique names displayed by Nbtstat.
The Nbtstat tool can also display the cached entries for remote computers from either #PRE entries in the Lmhosts file or from recently resolved names. If the name the remote computers are using for the server is the same, and the other computers are on a remote subnet, be sure that they have the computer s name-to-address mapping in their Lmhosts files or WINS servers.
To determine why a TCP/IP connection to a remote computer is not working properly, use the netstat -a command to show the status of all activity for TCP and UDP ports on the local computer.
A good TCP connection usually shows 0 bytes in the Sent and Received queues. If data is blocked in either queue or if the state is irregular, the connection is probably faulty. If not, you are probably experiencing network or application delay.
For two hosts to exchange IP datagrams, they must both have a route to each other, or use default gateways that know of a route. Normally, routers exchange information with each other by using a routing protocol, such as RIP or OSPF. For information about how to examine and configure the local routing table, see Configuring the Local IP Routing Table earlier in this chapter.
Tracert is a route-tracing tool that sends ICMP Echo Request messages with incrementally higher values in the IP header TTL field to determine the path from one host to another through a network. It then analyzes the ICMP messages that are returned. Tracert allows you to track the path from router to router for up to 30 hops. If a router has failed or if the packet is routed into a loop, Tracert reveals the problem. After the problem router is found, its administrator can be contacted if it is an offsite router, or the router can be restored to fully functional status if it is under your control.
If you see the message Your default gateway does not belong to one of the configured interfaces... during configuration, find out whether the default gateway is located on the same logical network as the computer s network adapter. Compare the network ID portion of the default gateway s IP address with the network IDs of the computer s network adapters. Specifically, check that the bitwise logical AND of the IP address and the subnet mask equals the bitwise logical AND of the default gateway and the subnet mask.
For example, a computer with a single network adapter, configured with an IP address of 172.16.27.139 and a subnet mask of 255.255.0.0, requires a default gateway of the form 172.16.y.z. The network ID for this IP interface is 172.16.0.0.