|
|
NetDiag is a powerful tool that can be used for diagnosing practically any network problem — from physical connectivity to name resolving and authentication. To see a complete list of NetDiag's options (tests), enter netdiag /? at the command prompt. You can run all tests, a selected test, or all tests except those specified. The test diagnosis messages are quite explanatory (especially in verbose and debug modes). You should pay particular attention to the lines with [FATAL] and [WARNING] tags. All fatal problems must be fixed, or the system will not be able to work properly. You need to analyze the warnings and find (and maybe repair) their causes. The warnings, however, can sometimes be safely ignored.
Two options of NetDiag have already been discussed in Chapter 5, "Installing Active Directory." These tests (DcList and DsGetDc) can be useful for running before promoting a server to a DC or joining a client computer (workstation or server) to a domain. In this chapter, we will consider a successful test run (the result output that you need to get for every domain computer to work properly) and fixing DNS issues.
Caution | The original Windows 2000 version of NetDiag does not run on Windows XP/.NET systems. The Windows .NET version of NetDiag will not run on Windows 2000-based computers. |
Note | For the Windows 2000 environment, it is recommended that you download the updated version (from July 5, 2001) of NetDiag from http://www.microsoft.com/downloads/release.asp?ReleaseID=31169. |
Let us look at a sample test output that has been obtained by a domain administrator on a domain controller (netdc1.net.dom). (If a domain user runs NetDiag on his or her computer, the results will be slightly different since a normal user does not have all administrative rights.) Notice that the computer has no WINS settings. You may wish to compare this output with results obtained on domain client computers and analyze the differences. (Comments are given in bold brackets.)
C:\>netdiag .................................... Computer Name: NETDC1 DNS Host Name: netdc1.net.dom System info : Windows 2000 Server (Build 3621) Processor : x86 Family 6 Model 8 Stepping 3, GenuineIntel List of installed hotfixes : Q147222 Netcard queries test.......: Passed Per interface results: [All installed network adapters will be listed below.] Adapter : Local Area Connection Netcard queries test...: Passed Host Name.........: netdc1 IP Address........: 192.168.1.2 [Multiple IP addresses and other settings can be assigned to the same adapter. All of them will be displayed here.] Subnet Mask........: 255.255.255.0 Default Gateway......: 192.168.1.1 Dns Servers........: 192.168.1.2 AutoConfiguration results......: Passed Default gateway test...: Passed [This test can fail if there is no connectivity with other subnets and if the default gateway has not been configured.] NetBT name test......: Passed [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing. WINS service test.....: Skipped There are no WINS servers configured for this interface. Global results: Domain membership test......: Passed NetBT transports test.......: Passed List of NetBt transports currently configured: NetBT_Tcpip_{6D657D29-CED0-4322-954B-6B0167289E52} 1 NetBt transport currently configured. [This test will be skipped if NetBIOS over TCP/IP is disabled.] Autonet address test.......: Passed IP loopback ping test.......: Passed Default gateway test.......: Passed NetBT name test..........: Passed [This test will be skipped if NetBIOS over TCP/IP is disabled.] [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined. Winsock test...........: Passed DNS test.............: Passed [On client computers, this test only reports 'Passed' or 'Failed'.] PASS --- All the DNS entries for DC are registered on DNS server '192.168.1.2' and other DCs also have some of the names registered. [All warnings in this section must be carefully analyzed, since in fact, they can represent fatal errors. See also the note below.] Redir and Browser test......: Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{6D657D29-CED0-4322-954B-6B0167289E52) The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{6D657D29-CED0-4322-954B-6B0167289E52} The browser is bound to 1 NetBt transport. [This test will be skipped if NetBIOS over TCP/IP is disabled.] DC discovery test.........: Passed DC list test...........: Passed Trust relationship test......: Skipped [This test is skipped on the PDC Emulator. Otherwise, if it is 'Passed', it must report the following: Secure channel for domain 'NET' is to '\\netdc1.net.dom'.] Kerberos test...........: Passed [This test will be skipped if the user has been logged on to the computer locally.] LDAP test.............: Passed [You can locate any problems with LDAP by using the netdiag /test:LDAP /v command.] Bindings test...........: Passed WAN configuration test......: Skipped No active remote access connections. Modem diagnostics test......: Passed IP Security test.........: Passed Service status is: Started Service startup is: Automatic IPSec service is available, but no policy is assigned or active Note: run "ipseccmd /?" for more detailed information The command completed successfully
Attention | On domain client computers, if the Register this connection's addresses in DNS box is not checked on the DNS tab in the Advanced TCP/IP Settings window, the DNS test can pass, even if there is no corresponding host record for a client on the DNS server. You can test the DNS settings separately with the netdiag /test:DNS /v command. |
If NetDiag detects that registration of some SRV records has failed for a domain controller, you can try to fix the problem automatically. Executing the netdiag /fix command yields the same result as restart of the Netlogon service would. The command looks up all DNS records in the %SystemRoot%\system32\config\netlogon.dns file and updates the corresponding records on the DNS server. When the command runs, strings similar to the following will appear in the 'DNS test' section:
[FIX] re-register DC DNS entry '_ldap.tcp.36622959-3372-43e6-bbba- 8d77caa1fc46.domains._msdcs.net.dom.' on DNS server '192.168.1.2' succeed.
The following message completes the fixing process:
FIX PASS - netdiag re-registered missing DNS entries for this DC successfully on DNS server '192.168.1.2'.
You can analyze the command output to see which records were incorrect or absent. After NetDiag has tried to fix the DNS issues, run it once more to be sure that all the problems have been solved.
Attention | Remember that only the ipconfig /registerdns command re-registers the computer's A (host) record on the DNS server in both forward and reverse zones. (On Windows XP /.NET- based computers, you can refresh DNS registration as well as clear the DNS requestor's cache, if you open the Local Area Connection Status window, and click Repair on the Support tab.) Run it before NetDiag, since the netdiag /fix command only affects SRV records. |
Attention | Do not forget to clear the cache on the DNS server specified as primary after executing the netdiag /fix or ipconfig /registerdns commands! (If you don't, you must at least manually delete the records re-registered by these commands from the cache.) Even though the commands may have already updated the information in dynamic zones on the authoritative DNS server, the cache may still contain the old data for some records. As a result, it might seem that the problems still exist, since while testing, the commands use the cached responses from the primary DNS server. You may also need to clear the requester's (local) cache by using the ipconfig /flushdns command. |
|
|