Troubleshooting TCPIP Addressing


Troubleshooting TCP/IP Addressing

TCP/IP is one of the protocols that requires a certain amount of configuration either on individual clients or centrally on a server. Many issues can arise related to such problems as incorrect IP parameters on a client or a nonresponsive DHCP server. To successfully implement TCP/IP and DHCP on a network, it's important to have a general understanding of some of the common issues that can arise, as well as how to troubleshoot them. The following section discusses some of the more common problems that might be encountered on a TCP/IP network.

Diagnosing and Resolving Issues Related to Automatic Private IP Addressing

Automatic private IP addressing was introduced in Windows 98. It is enabled by default and is supported by the following clients:

  • Windows 98

  • Windows Me

  • Windows 2000 (all platforms)

  • Windows XP

  • Windows Server 2003

Clients that support this feature can assign themselves an IP address in the following situations:

  • When a DHCP client cannot contact a DHCP server or there is no DHCP server on the network

  • When a DHCP client's attempt to renew its IP address leased from a DHCP server fails

In both cases, the client assigns itself an IP address in the range of 169.254.0.1 to 169.254.255.254. You can use the IPCONFIG command-line utility to verify that APIPA is enabled and that an IP address within the specific range has been assigned. Remember that APIPA is enabled by default. However, this feature can be disabled through the Registry. The APIPA settings on XP clients can also be manually adjusted in the network properties to match the addresses used on the local subnet. If you decide to do this, you need to make sure that the address used on the APIPA Settings dialog box is excluded from the DHCP scope, to avoid IP address conflicts.

If your network consists of multiple subnets, clients using APIPA can communicate only with hosts on their local subnet. APIPA does not include optional parameters. Clients assign themselves only an IP address and a subnet mask. Without the IP address of the default gateway and DNS server, communication outside of the local subnet will fail.

Diagnosing and Resolving Issues Related to Incorrect TCP/IP Configuration

A number of command-line utilities can be used to test and diagnose incorrect TCP/IP configurations. To do so, click Start, All Programs, Accessories, Command Prompt, and type ipconfig (using the /all parameter brings up more detailed configuration information).

The following list outlines some of the common parameters that can be used with the ipconfig command:

  • /all Displays detailed IP configuration information

  • /release Releases the IP address for the specified adapter

  • /renew Renews the IP address for the specified adapter

  • /flushDNS Purges the entries in the DNS cache

  • /registerDNS Refreshes all leased IP addresses and reregisters DNS names

  • /displayDNS Displays the contents of the DNS cache

The PING command-line utility is useful in verifying connectivity with another TCP/IP host. Connectivity on the network is verified by sending Internet Control Message Protocol (ICMP) echo requests and replies. When the PING command is issued, the source computer sends echo request messages to another TCP/IP host. If reachable, the remote host then responds with four echo replies.

Note

Windows defaults to sending only four ECHO REQ packets, whereas other operating systems, such as Linux, will continuously send ECHO REQ packets until the command is terminated. You can configure Windows to send pings continuously by editing the Registry or by including a -t when issuing the PING command.


The PING command is also issued at the command prompt along with the TCP/IP address or domain name of the other TCP/IP host, as follows:

 C:> PING 124.120.105.110 C:> PING www.bayside.net 


Tip

To determine whether TCP/IP is initialized on the local computer, issue the PING command and specify the loopback address of 127.0.0.1.


The general steps for troubleshooting TCP/IP using the PING command are as follows:

1.

PING the loopback address of 127.0.0.1 to ensure that TCP/IP is initialized on the local computer.

2.

If successful, PING the IP address assigned to the local computer.

3.

Next PING the IP address of the default gateway. If this fails, verify that the IP address of the default gateway is correct and that the gateway is operational.

4.

Next PING the IP address of a host on a remote network. If this is unsuccessful, verify that the remote host is operational, verify the IP address of the remote host, and verify that all routers and gateways between the local computer and remote computer are operational.

Tip

A quick way of verifying TCP/IP connectivity is to complete step 4 from the preceding list. If you can successfully PING the IP address of a remote host, steps 1 through 3 will be successful. However, if step 4 fails, you'll need to work through steps 1 through 3 to discover at what point the problem exists.


Two other utilities that can be used for TCP/IP troubleshooting are tracert and pathping. The tracert command determines the route that is taken to a specific destination. You might want to use the TRacert command if you are not able to successfully PING the IP address of a remote host. The results of the TRacert command indicate whether there is a problem with a router or gateway between the local computer and the remote destination. The pathping command is basically a combination of the PING and tracert commands. When the command is issued, packets are sent to each router between the local computer and a remote computer. The results determine which routers and gateways could be causing problems on the network.

Note

On non-Windows systems, the TRacert command is actually traceroute. They do not use the 8.3 naming convention truncated tracert that most Windows (that is, DOSbased operating systems) command line utilities are limited to.


Diagnosing and Resolving Issues Related to DHCP Authorization

As mentioned earlier in the chapter, a DHCP server must be authorized within Active Directory before it can begin leasing IP addresses to clients. Again, the purpose of this is to eliminate the possibility that a DHCP server is mistakenly or maliciously introduced onto a network, especially if it has been misconfigured.

Authorizing a DHCP server is a relatively simple process. If you are unable to authorize a DHCP server, verify that the user account you are logged on has the required permissions. Only members of the Enterprise Admins group are permitted to perform this operation.

Multiple DHCP servers can exist on a network. However, you might encounter problems if you have a DHCP server configured as a standalone server and a DHCP server configured as a member server on the same subnet. When the standalone server detects the second DHCP server, it attempts to verify with a domain controller that it is authorized. Because the standalone server is not a member of the domain, it will fail to contact a domain controller and stop servicing DHCP client requests. To resolve the problem, the authorized DHCP server must be removed from the subnet.

Verifying DHCP Reservation Configuration

As previously mentioned, client reservations are created so that certain DHCP clients can always be assigned the same IP address from a DHCP server. When you create the reservation, you specify the IP address to be leased and the MAC address of the DHCP client. If you find that a client for which a reservation has been configured is receiving a different IP address than intended, verify the configuration of the client reservation. To do so, right-click the appropriate client reservation within the Reservations container in the DHCP console and click Properties. From the Properties window, verify that you have correctly entered the MAC address of the DHCP client.

Keep in mind that DHCP servers do not share information. If there are multiple DHCP servers on the network, the client reservation must be configured on each one. This way, if one DHCP server is unavailable, the client can still be assigned the same IP address from another DHCP server.

Conflict Detection

Conflict detection can be enabled on a DHCP server to reduce the chances of two clients being assigned the same IP address. When this feature is enabled, the DHCP server will use the ping process to test the availability of IP addresses before offering them to DHCP clients.

Before the DHCP server offers an IP address lease to a client, it will attempt to ping the IP address. If the DHCP server receives a successful response, the IP address is already in use on the network and the address will not be offered in a lease to a client. If the ping fails and times out, the IP address is available and the DHCP server proceeds to offer the address to lease.

To enable conflict detection:

1.

Open the DHCP console.

2.

Right-click your DHCP server and click Properties.

3.

Select the Advanced tab.

4.

In the Conflict detection attempts field, type in a number greater than 0 and less than 6. This determines how many times the DHCP server will attempt to ping an IP address before offering it as a lease.

5.

Click OK.

Examining the System Event Log and DHCP Server Audit Log to Find Related Events

Log files can provide administrators with valuable information when it comes to troubleshooting. You can use the system log within the Event Viewer to monitor and troubleshoot DHCP-related events. When an event occurs, such as the DHCP Server service being restarted, it is written to the log file and provides useful information, including a description of the event and when it occurred.

Windows Server 2003 also supports audit logging of the DHCP service. By default, the audit logs are stored in the %system%\system32\DHCP directory. Audit logging for a DHCP server can be enabled by right-clicking the appropriate DHCP server within the management console and selecting Properties. Using the General tab, auditing logging can be enabled or disabled. The default location of the audit logs can be changed by clicking the Advanced tab and editing the Audit log file path.

As events occur, they are written to a log file. Entries in the log contain an event ID, the date and time that the event occurred, as well as the IP address, host-name, and MAC address of the workstation that generated the event. Some of the common audit codes are as follows:

  • 00 The log was started.

  • 01 The log was stopped.

  • 02 The log was temporarily paused due to low disk space.

  • 10 A new IP address was leased to a client.

  • 11 A client renewed an existing lease.

  • 12 A client released an IP address.

  • 13 An IP address was found in use on the network.

  • 14 A client cannot lease an IP address because the address pool is exhausted.

  • 15 A lease request was denied.

  • 30 A DNS dynamic update request occurred.

  • 31 The DNS dynamic update failed.

  • 32 The DNS dynamic update was successful.

  • 55 The DHCP server was authorized to start on the network.

  • 56 The DHCP server was not authorized to start on the network.

Note

Do not limit your investigations of problems to just the DHCP's log files. Be sure to review the system, security, and application logs for related issues about the environment as a whole or the DHCP process itself that are not recorded by the DHCP server's internal audit system.


Diagnosing and Resolving Issues Related to Configuration of DHCP Server and Scope Options

Scope options can be configured at different levels. The level at which scope options are configured determines which DHCP clients are affected. For example, configuring an option at the server level affects all clients, regardless of the IP subnet on which they reside.

One of the most common problems that can occur with DHCP options is that clients end up being assigned incorrect parameters. In such cases, you must verify the level at which the option has been configured. For example, configuring the router option at the server level when the network consists of multiple subnets results in some DHCP clients being configured with an incorrect gateway. In this case, the option needs to be configured at the scope level instead of the server level.

Verifying Database Integrity

The Reconcile All Scopes option is useful when you need to fix any inconsistencies in the DHCP database, such as when not all IP address leases are being reflected in the DHCP database. Information in the database is compared with information stored in the Registry.

Selecting the Reconcile All Scopes option opens the Reconcile All Scopes dialog box. Click the Verify button to check the database for inconsistencies. Any errors are displayed.

Compacting the DHCP Database

The DHCP database is automatically compacted. If there are Jet errors listed in Event Viewer or if the DHCP server is heavily used, you can manually compact the database using Jetpack.exe.

You can compact the DHCP database using the following steps:

1.

Stop the DHCP Server service.

2.

Open the command prompt and switch to the directory containing the DHCP database.

3.

Type the following command: jetpack.exe dhcp.mdb temp.mdb

4.

Restart the DHCP Server service.



Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
Exam Cram(c) 70-291 Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure
ISBN: 131516345
EAN: N/A
Year: 2006
Pages: 126

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net