We have looked at some of the problems that affect a remote access connection. You might encounter similar problems with RRAS routing, either with demand-dial routing or router-to-router VPNs. There are also some unique issues to be aware of, as described in the following sections. Troubleshooting Demand-Dial RoutingObjective: Troubleshoot Routing and Remote Access routing.
When you experience a demand-dial routing problem, you should check the following for possible sources of the problem:
Troubleshooting Router-to-Router VPNsObjective: Troubleshoot Routing and Remote Access routing.
There are some commonalities between troubleshooting remote access VPNs and troubleshooting demand-dial routing. There are a large number of overlapping functions with those services. When troubleshooting router-to-router problems, you should consider the following:
Troubleshooting ToolsA variety of tools can also be used to troubleshoot remote access connections, including ping, tracert, pathping, ipconfig, Event Viewer, Network Monitor, the netsh command, and Performance console. You will recognize these tools from other chapters because troubleshooting remote access can be very similar to troubleshooting problems on a network. pingThe ping command is practically as old as TCP/IP networking itself. You can use the ping command to test basic network connectivity between two computers, over local and remote networks. The basic syntax of the ping command is ping computerIP. This command causes Windows to send four special Internet Control Message Protocol (ICMP) packets to the remote computer, and those packets are then returned to the local computer. For more information on the ping command, see Chapter 1, "Configuring and Troubleshooting TCP/IP Addressing." tracertThe TRacert (short for trace route) command traces the route between two hosts by using ICMP echo packets to report back at every hop between the hosts. The TRacert command provides a lot of useful information, including the IP address of every router connection it passes through and, in many cases, the name of the router (depending on the use of DNS for router names). The tracert command also reports the round-trip time (in milliseconds) for the packet to travel from the source host to each router and back. This information can tell you a lot about where network congestion or breaks are. For more information on the tracert command, see Chapter 9, "Maintaining and Troubleshooting a Network Infrastructure." pathpingThe pathping command acts as the equivalent of the tracert command by allowing you to identify which routers are in the path the packets are taking. It also acts as the equivalent of the ping command by sending ping requests to all the routers over a specified time period and then computing statistics based on the packets returned from each router. pathping displays the amount of packet loss at each router or link, allowing you to determine which routers and links (subnets) might be causes of connectivity troubles. For more information on the pathping command see Chapter 7. ipconfigThe ipconfig command can be used to quickly determine the settings that have been configured for the network adapters in computers. In addition, you can use this command to release and renew DHCP-assigned IP addresses and flush the local DNS cache. For more information on the ipconfig command, see Chapter 1. Event ViewerThe Event Viewer is used to view system, application, security, and a variety of other event logs, allowing you to gather information about hardware, software, and system problems. RRAS logs information about routing, connections, and errors to the system log in Windows Server 2003. This is a good place to look for specific errors when troubleshooting RRAS problems. Network MonitorNetwork Monitor is a tool you can use to capture network traffic. It can be used to diagnose problems when two computers do not communicate with one another or when a computer has trouble functioning in a network environment. For instance, a computer may have problems resolving names or finding a path to another computer (that is, it might be having routing problems). Network Monitor can be configured to capture network traffic in several ways. It can be configured to capture all network traffic that it receives, to respond to events on the network, or to monitor only a subset of the traffic (for instance, a particular protocol, such as HTTP traffic only). After the network data has been captured, Network Monitor analyzes the data and translates it into its logical frame structure to make the protocol information readable to the person capturing the information. netshnetsh is a command-line and scripting utility for networking components that can be used with local or remote computers. The netsh utility can also be used to save a configuration script that can be used for configuring other servers. In the context of troubleshooting, the netsh command can be used to gather additional information about RAS or VPN connections. Due to the complexity of the tool, the specific commands are beyond the scope of this book, but you should be aware that the tool exists. If you are interested in the full information on the tool, search www.microsoft.com for the string "Netsh commands for remote access"; note that the the TechNet page changes location frequently. Performance ConsoleThe Performance console can provide a number of types of information. It is generally the best tool for monitoring specifics about Windows Server 2003 services. The Performance console offers the following counters for the RAS object:
We will look at configuring the Performance console in an exercise at the end of this chapter. Note: What Are We MeasuringPort Level or Aggregate? The Performance console allows you to monitor counters on either a port-by-port level or an aggregate (entire server) level. You can select RAS Ports to look at a single port or RAS Total to see the stats for the entire server. |