Troubleshooting RRAS Routing


We have looked at some of the problems that affect a remote access connection. You might encounter similar problems with RRAS routing, either with demand-dial routing or router-to-router VPNs. There are also some unique issues to be aware of, as described in the following sections.

Troubleshooting Demand-Dial Routing

Objective:

Troubleshoot Routing and Remote Access routing.

  • Troubleshoot demand-dial routing.

When you experience a demand-dial routing problem, you should check the following for possible sources of the problem:

  • Ensure that the transport medium (modem, ISDN, and so on) is working correctly. It's important that you don't overlook the physical issues. A loose wire or bad modem can prevent a connection from working.

  • Ensure that RRAS is running on both the local and remote routers.

  • Ensure that the demand-dial interface on each router is enabled.

  • Ensure that demand-dial routing is enabled on both routers.

  • Make sure there is an available port on each of the involved routers.

  • Ensure that the static routes are configured appropriately. Also check to make sure the static route has the Use This Route to Initiate Demand-Dial Connections option enabled.

  • Ensure that the dial-out hours are not preventing the connection. Something as simple as having the hours set to p.m. instead of a.m. can cause serious connectivity problems.

  • Check when the demand-dial filters on both routers. You might be accidentally blocking the connection because of the filters.

  • Ensure that the calling router, the answering router, and the applicable remote access policy are using at least one common authentication method.

  • Ensure that the calling router, the answering router, and the applicable remote access policy are using at least one common encryption method.

  • Check the credentials on both routers. The username, password, and domain information should be verified and must match on both routers. You should also make sure that the account is not disabled or locked.

  • Ensure that there is an applicable remote access policy that allows the connection.

  • Make sure the authentication infrastructure (Active Directory, IAS, or a third-party RADIUS server) is functioning correctly.

Troubleshooting Router-to-Router VPNs

Objective:

Troubleshoot Routing and Remote Access routing.

  • Troubleshoot router-to-router VPNs.

There are some commonalities between troubleshooting remote access VPNs and troubleshooting demand-dial routing. There are a large number of overlapping functions with those services. When troubleshooting router-to-router problems, you should consider the following:

  • Ensure that the transport medium is working correctly. If the two routers cannot reach each other, they cannot connect. This troubleshooting can be done with the ping command or the tracert command.

  • Ensure that RRAS is running on both the local and remote routers.

  • Ensure that the user account for the connection is not locked out, expired, or disabled.

  • Ensure that the VPN ports are enabled for inbound and outbound demand-dial routing connections.

  • Verify that there are enough VPN ports. You can add additional modems if needed or check to ensure that the ports are not hung or otherwise unavailable.

  • Ensure that the routers and remote access policy use at least one common authentication method.

  • Ensure that the routers and remote access policy use at least one common encryption strength.

  • Ensure that the routers are using a common tunneling protocol.

  • Ensure that the VPN connection has the appropriate permissions through dial-in properties of the user account and remote access policies.

  • Ensure that there are no conflicts between the remote access profiles on the calling and answering routers.

  • Ensure that the authentication infrastructure (Active Directory, IAS, or a third-party RADIUS server) is functioning correctly.

Troubleshooting Tools

A variety of tools can also be used to troubleshoot remote access connections, including ping, tracert, pathping, ipconfig, Event Viewer, Network Monitor, the netsh command, and Performance console. You will recognize these tools from other chapters because troubleshooting remote access can be very similar to troubleshooting problems on a network.

ping

The ping command is practically as old as TCP/IP networking itself. You can use the ping command to test basic network connectivity between two computers, over local and remote networks. The basic syntax of the ping command is ping computerIP. This command causes Windows to send four special Internet Control Message Protocol (ICMP) packets to the remote computer, and those packets are then returned to the local computer. For more information on the ping command, see Chapter 1, "Configuring and Troubleshooting TCP/IP Addressing."

tracert

The TRacert (short for trace route) command traces the route between two hosts by using ICMP echo packets to report back at every hop between the hosts. The TRacert command provides a lot of useful information, including the IP address of every router connection it passes through and, in many cases, the name of the router (depending on the use of DNS for router names). The tracert command also reports the round-trip time (in milliseconds) for the packet to travel from the source host to each router and back. This information can tell you a lot about where network congestion or breaks are. For more information on the tracert command, see Chapter 9, "Maintaining and Troubleshooting a Network Infrastructure."

pathping

The pathping command acts as the equivalent of the tracert command by allowing you to identify which routers are in the path the packets are taking. It also acts as the equivalent of the ping command by sending ping requests to all the routers over a specified time period and then computing statistics based on the packets returned from each router. pathping displays the amount of packet loss at each router or link, allowing you to determine which routers and links (subnets) might be causes of connectivity troubles. For more information on the pathping command see Chapter 7.

ipconfig

The ipconfig command can be used to quickly determine the settings that have been configured for the network adapters in computers. In addition, you can use this command to release and renew DHCP-assigned IP addresses and flush the local DNS cache. For more information on the ipconfig command, see Chapter 1.

Event Viewer

The Event Viewer is used to view system, application, security, and a variety of other event logs, allowing you to gather information about hardware, software, and system problems. RRAS logs information about routing, connections, and errors to the system log in Windows Server 2003. This is a good place to look for specific errors when troubleshooting RRAS problems.

Network Monitor

Network Monitor is a tool you can use to capture network traffic. It can be used to diagnose problems when two computers do not communicate with one another or when a computer has trouble functioning in a network environment. For instance, a computer may have problems resolving names or finding a path to another computer (that is, it might be having routing problems).

Network Monitor can be configured to capture network traffic in several ways. It can be configured to capture all network traffic that it receives, to respond to events on the network, or to monitor only a subset of the traffic (for instance, a particular protocol, such as HTTP traffic only). After the network data has been captured, Network Monitor analyzes the data and translates it into its logical frame structure to make the protocol information readable to the person capturing the information.

netsh

netsh is a command-line and scripting utility for networking components that can be used with local or remote computers. The netsh utility can also be used to save a configuration script that can be used for configuring other servers. In the context of troubleshooting, the netsh command can be used to gather additional information about RAS or VPN connections. Due to the complexity of the tool, the specific commands are beyond the scope of this book, but you should be aware that the tool exists. If you are interested in the full information on the tool, search www.microsoft.com for the string "Netsh commands for remote access"; note that the the TechNet page changes location frequently.

Performance Console

The Performance console can provide a number of types of information. It is generally the best tool for monitoring specifics about Windows Server 2003 services. The Performance console offers the following counters for the RAS object:

  • Alignment Errors This counter helps you determine whether the size of the packet received is different from the size expected.

  • Buffer Overrun Errors This counter helps you determine whether the software is unable to handle the rate at which data is being received.

  • Bytes Received This counter helps you determine the total number of bytes received by the service.

  • Bytes Received/Sec This counter helps you determine the number of bytes received by the service in a second.

  • Bytes Transmitted This counter helps you determine the total number of bytes transmitted by the service.

  • Bytes Transmitted/Sec This counter helps you determine the number of bytes transmitted by the service in a second.

  • CRC Errors This counter helps you determine whether a frame received contains erroneous data and the packet did not pass the cyclic redundancy check (CRC).

  • Frames Received This counter helps you determine the total number of frames received by the service.

  • Frames Received/Sec This counter helps you determine the number of frames received by the service per second.

  • Frames Transmitted This counter helps you determine the total number of frames transmitted by the service.

  • Frames Transmitted/Sec This counter helps you determine the number of frames transmitted by the service per second.

  • Percent Compression In This counter tells how well inbound traffic is being compressed.

  • Percent Compression Out This counter tells how well outbound traffic is being compressed.

  • ErrorsSerial Overrun Errors, Timeout Errors, Total Errors, and Total Errors/Sec These objects handle all the error information for RRAS.

We will look at configuring the Performance console in an exercise at the end of this chapter.

Note: What Are We MeasuringPort Level or Aggregate?

The Performance console allows you to monitor counters on either a port-by-port level or an aggregate (entire server) level. You can select RAS Ports to look at a single port or RAS Total to see the stats for the entire server.





MCSA(s)MCSE 70-291(c) Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
MCSA/MCSE 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure (Exam Prep)
ISBN: 0789736497
EAN: 2147483647
Year: 2006
Pages: 196
Authors: Will Schmied

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net