Diagnosing Network Connectivity Problems

< Day Day Up >

Network connectivity problems can be defined as communication problems between one host and another host (or set of hosts). In general, these communications problems exist in one of three areas: the remote host, the local host, or in the connection between them. A computer that is unable to communicate with any other computers is likely to be the source of its own problem. If the computer can communicate with some, but not all other computers, performing an accurate diagnosis can be more complicated. It is important for you to note that this exam objective uses the term diagnose rather than troubleshoot. Although it is important for you to be able to suggest a solution, the key to this section of the exam is to know how to get a clearer understanding of the problem.

Simple Diagnostic Tools

There are several diagnostic tools that are automatically installed on Windows Server 2003. For many of you, these tools are so obvious a choice that it might seem trite to mention them here. On the other hand, you are expected to remember that even simple tools can offer a solution and that questions can be written in such a way that you might discount a correct answer because it seems too easy in comparison to other presented options.

ipconfig

The ipconfig utility can be used from the command prompt. When run without switches, the ipconfig command-line utility displays the basic TCP/IP configuration of the computer on which it is run. When you run the tool without a switch, you are shown the

Connection-specific DNS suffix
IP address
Subnet mask
Default gateway

Looking at this information can tell you if the IP address of the server is configured correctly. In troubleshooting IP address problems, three things could be wrong:

Incorrect IP address could be set This can be diagnosed by looking at other hosts on the same network. If the IP address is not on the same subnet as the gateway, but all other hosts on the network are on the same subnet as the gateway (see Figure 10.3), it is likely that a new IP address needs to be assigned. In this situation, the computer is unable to contact other hosts on its local network as well as being unable to contact hosts on remote networks.
Figure 10.3. When examining exhibits in the exam, check if any of the IP addresses are out of place. Although not always the case, an unusual IP address is generally the culprit.
Incorrect subnet mask could be assigned This can be more difficult to diagnose and involves you performing a subnet calculation (see the following section). Subnet calculations show that the gateway address is on a different network. If the other hosts on the network have similar IP address and default gateway settings, but different subnet masks than the computer in question, this might be the culprit. If this is the case, the computer might be able to contact some hosts on its local network, but not all hosts on its local network. The situation can exist in which the subnet mask assigned is such that the computer can communicate with hosts on remote networks and some, but not all hosts on the local network.
Incorrect default gateway could be assigned To determine whether this is the case, you might have to perform a subnet calculation (see the following section) unless the exhibit that you are presented with is unusually helpful. The symptoms of this problem are that the computer cannot contact remote networks but has no problems communicating with hosts on the local network, as shown in Figure 10.4.
Figure 10.4. If the incorrect gateway is set, the Exchange server can contact hosts on the local network, but not on the remote network.

In an exam situation, you are provided with alternative IP addresses, subnet masks, and default gateways. You do not need to calculate everything from scratch, but you do need to know enough about subnet calculations to determine which of the proffered solutions is appropriate for the question that you have been given.

Subnet Calculations

If you are already competent at subnetting, you can skip this section and go on to the next.

The subnet on which a host resides is determined by two things: its IP address and its subnet mask. The subnet mask modifies the IP address revealing the network address. After you become adept at these calculations, you can quickly do them in your head. Until you reach that stage, you, like many other students before you, will find subnet calculations tedious and unnecessarily complicated.

There are many different methods to performing subnet calculations. The "Need to Know More?" resources for this chapter, found in Appendix B, have a link to an excellent site that can help you if the method presented here does not suit you.

IP addresses and subnet masks are made up of four numbers, called quads, separated by periods. A decimal quad in a subnet mask can only have nine distinct values: 255, 254, 252, 248, 240, 224, 192, 128, and 0. A decimal quad in an IP address can have values from 0 to 255. To determine whether two hosts, in this case the default gateway and the host address, are on the same subnet, you compare the binary version of the subnet quads against the binary version of the host and default gateway quads.

Before you worry about converting decimal to binary in an exam situation, remember that you are allowed to use the Windows Calculator during the exam. Be certain to switch the Calculator to Scientific mode, as shown in Figure 10.5, rather than Standard mode, as this allows you to translate from binary to decimal and back.

Figure 10.5. The Windows Calculator is a tool that you are allowed to use during this exam.

graphics/10fig05.jpg

To determine whether two hosts (for example, a host and its default gateway) are on the same subnet, convert the IP addresses and the subnet masks to binary. Then place them in a table similar to Table 10.1.

Table 10.1. Subnet Calculation Table
	IP	First	Second	Third	Fourth
Host	10.10.0.242	00001010	00001010	00000000	11110010
Subnet	255.255.255.240	11111111	11111111	11111111	11110000
Gateway	10.10.0.225	00001010	00001010	00000000	11100001

The one digits in the subnet quads show which digits in the host and gateway quads must match. In the example shown in Table 10.1, the first, second, and third quads are exactly the same in the host and gateway IP addresses. The subnet mask in the fourth quad has four ones followed by four zeros; this means that the first four binary digits of the fourth quad of the host and gateway must match if they are on the same subnet. In this case, they do not match; the fourth binary digit of the fourth gateway quad is zero, whereas the fourth binary digit of the fourth host quad is one.

ping

The ping utility is used to quickly check connectivity between two hosts. Ping sends five Internet Control Message Protocol (ICMP) echo requests to the destination host, giving you an estimate of the time it takes for a packet to travel to the destination and back. Ping is generally used to determine whether a remote host can be contacted. It can also be used to determine how unreliable a link is by displaying what sort of packet loss is occurring. Ping does not work through firewalls and some hosts no longer respond to ping because ICMP can be used in Denial of Service attacks.

tracert

Whereas the ping utility can tell you whether a host can be contacted, how long a packet takes to get there and back, and what sort of packet loss the connection is experiencing, the tracert utility can be used to map out the exact path between one host and another. Tracert can be used to locate bottlenecks in the path taken from one host to another, though for more information you should use the pathping tool.

pathping

Pathping is a utility that combines the functionality of tracert with that of ping. Pathping not only displays the route to another host, but also displays how long each step in the path takes as well as the reliability of each step in the path. If there is a router somewhere on the network that is overloaded, you are likely to find it with the pathping utility, as this utility displays how many packets the router is dropping as well as a delay in the path. In such a case, you would either try to bypass the problematic router or replace it.

telnet

Telnet can provide a quick way of verifying that a remote SMTP server, Internet Message Access Protocol version 4 (IMAP4) server, or Post Office Protocol version 3 (POP3) server is functioning. As you know, these servers operate on specific ports. To check that, for example, an SMTP service is running on a local or remote computer, use the following command from the command prompt:

 telnet destination.host 25

In the telnet window, you should receive a message like

 220 exchange4.adintegtest.internal Microsoft ESMTP MAIL Service, Version: 6.0.37 90.0 ready at  Mon, 5 Jan 2004 11:59:41 +1100

The preceding message will be different if the mail server is running an SMTP Service other than that used by Exchange. This message simply informs you that the Microsoft ESMTP MAIL service is functioning at this particular moment in time.

The syntax of the command is telnet destination.host portnumber. In the case of SMTP, it will be port 25; IMAP4 is port 143, and POP3 is port 110. If you Telnet to each of these ports on a mail server that supports them, it results in a different message informing you of the service status.

NetDiag

NetDiag is a part of the Windows Server 2003 support tools. If you followed the Exchange Server Deployment Tools installation checklist, you have already installed the support tools on your Exchange server. When you ran the tool, you performed a basic examination of the network connectivity of the computer that was going to host Microsoft Exchange Server 2003. In this section, we explore this tool in more detail.

Installing NetDiag

If you did not follow the Exchange Server Deployment Tools installation checklist, you can install the Windows Server 2003 support tools (or the equivalent version for Windows 2000 Server) by installing the suptools.msi file in the \support\tools folder of your Windows Server 2003 (or Windows 2000 Server) installation media.

Running NetDiag

NetDiag installs to the \Program Files\Support Tools folder. Unless this folder is included in your path variable, you need to run NetDiag from the folder in which it is installed.

NetDiag is also a part of the Windows 2000 Server support tools. It is important if you are installing the support tools separately that you install the right support tools for the operating system. Installing the Windows 2000 Server support tools on Windows Server 2003 or vice versa leads to unexpected results.

Without switches, some of the checks that NetDiag performs include

Netcard queries test Checks that network card is working
ipconfig test Displays ipconfig information
Default gateway test Checks that the default gateway can be contacted
WINS service test Checks WINS Service if this is being used
Domain membership test Checks that the server is correctly configured as a member of a domain
IP loopback ping test Allows the TCP/IP stack to be given a basic test
DNS test Checks to see if the DNS server is available and if the host on which NetDiag is being run is registered correctly within DNS
DC discovery test Checks to see if a DC can be contacted from the host on which NetDiag is being run
Trust relationship test Checks any trust relationships that have been configured
Kerberos test Checks that Kerberos is functioning properly
LDAP test Checks that LDAP queries can be resolved
IP security test Checks IP security policies

When the command has completed running, it announces whether it was able to complete successfully. As the output is verbose, you might want to pipe it via more, as seen in the following example:

 Netdiag | more

Alternatively, NetDiag can be run with the /q switch, which only displays errors and warnings that NetDiag generates. Other switches are included in Table 10.2.

Table 10.2. NetDiag Switches
Switch	Function
/v	Displays verbose output, which you use if even more information is required.
/l	Sends output to the netdiag.log file in the directory in which NetDiag is run.
/debug	Displays even more verbose output. NetDiag takes significantly longer to execute with this switch.
/fix	Attempts to fix minor problems.
/test	Allows you to run only specific tests. A list of test names can be found in the NetDiag entry of the Support Tools help.

Network Monitor

Network Monitor (see Figure 10.6) is a tool that can be installed on Windows Server 2003 or Windows 2000 Server through the Add/Remove Windows Components section of the Add/Remove Programs area of the Control Panel.

Figure 10.6. The Network Monitor can be used to examine traffic on the network to and from the Exchange Server 2003 computer.

Network Monitor can be used to

Identify and monitor network traffic patterns.
Capture packets and frames sent across the network.
Display the content of frames.
Filter frames by type and source/destination.
Locate clients on the network that might be generating unusual amounts of traffic.

Ruling Out Problems with the Network

In addition to checking the items in the preceding list, it can be worth checking how the network cards are performing and whether they are overloaded by traffic. If the network card is overloaded, this necessarily causes blowouts in the size of the external and internal mail queues. The performance counter you should check is the Network Interface\Bytes Total/sec counter, which indicates how much information the network card is processing per second. For a 100 megabit network, the rate should be below 8 MB/sec.

You have several methods to reduce problems involved in excessive network traffic. One is to create a separate network just for global catalog and Exchange Server to Exchange Server traffic. This is not feasible on the WAN scale, but is definitely an option if using a local area network (LAN).