Troubleshooting Tools

Troubleshooting Tools

The tools for troubleshooting wireless connections on Windows wireless clients are the following:

• Network Connections folder

  The Network Connections folder is used to determine the status of the connection and its configuration.

• Tracing

  Tracing is used to obtain detailed information of the behavior of internal components that perform Extensible Authentication Protocol (EAP) and 802.1X authentication.

• Network Monitor

  Network Monitor is used to capture the network traffic sent between a wireless client and the wireless AP or another wireless client.

• Wireless Monitor snap-in

  The Wireless Monitor snap-in, provided only with Windows Server 2003, is used to view available wireless APs and wireless client events.

Network Connections Folder

The Network Connections folder and the messages displayed in the notification area of the desktop provide information about the state of the authentication. If an authentication requires additional information from the user, such as selecting one of multiple user certificates, a text balloon appears that instructs the user. Within the Network Connections folder, the text under the name of the connection corresponding to the wireless network adapter describes the state of the authentication.

Figure 14-1 shows the information available for a successfully authenticated wireless connection in the Windows XP Network Connections folder.

Figure 14-1. A wireless network connection in the Network Connections folder.

For Windows XP wireless clients, when you click the wireless connection, the Details area displays the authentication status, the Internet Protocol (IP) address configuration, and information about the connected wireless network and the current association.

When you obtain status on the connection, you can view information such as the signal speed on the General tab and the IP address configuration on the Support tab. If the wireless adapter is assigned an Automatic Private IP Addressing (APIPA) address in the range 169.254.0.0/16 or the configured alternate IP address, the wireless client is still associated with the wireless AP, but either authentication has failed or the Dynamic Host Configuration Protocol (DHCP) server is not available. If the authentication fails and the association is still in place, the wireless adapter is enabled and Transmission Control Protocol/Internet Protocol (TCP/IP) performs its normal configuration process. If a DHCP server is not found (either authenticated or not), Windows XP automatically configures an APIPA address or the alternate address.

For a Windows 2000 wireless client, you can use the Network And Dial-up Connections folder to view whether the connection corresponding to your wireless network adapter is authenticated. If authentication is successful, the connection icon appears normal. If authentication has failed, the connection icon has a red X through it. To view the IP address configuration of the connection corresponding to the wireless network adapter, type ipconfig at a command prompt.

Tracing

Windows XP, Windows Server 2003, and Windows 2000 have an extensive tracing capability that you can use to troubleshoot complex problems for specific components. The information in tracing files is typically useful only to Microsoft support engineers, who might request that you create trace files for a connection attempt during their investigation of a support issue. You can enable the components in Windows to log tracing information to files using the netsh command for specific components or for all components.

To enable and disable tracing for a specific component, the command is

netsh ras set tracing component enabled disabled

in which component is a component in the list of components found in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing. For example, to enable tracing for the IASRAD component, the command is

netsh ras set tracing iasrad enabled

To enable tracing for all components, the command is

netsh ras set tracing * enabled

Enabling tracing for all components produces a lot of log files for processes that are not related to wireless authentication, and can consume system resources. To obtain detailed information about the EAP authentication process for Windows XP or Windows Server 2003, enable tracing for just the EAP over LAN (EAPOL) and RASTLS components.

To enable tracing for EAPOL, the command is

netsh ras set tracing eapol enabled

To enable tracing for RASTLS, the command is

netsh ras set tracing rastls enabled

After these commands are issued, try the authentication process again and view the Eapol.log and Rastls.log files in the SystemRoot\Tracing folder.

To disable tracing for EAPOL and RASTLS, the respective commands are

netsh ras set tracing eapol disabled

netsh ras set tracing rastls disabled

To obtain detailed information about the EAP authentication process for Windows 2000, enable tracing for the RASTLS component.

Microsoft Network Monitor

You can use Microsoft Network Monitor, available in Microsoft Systems Management Server or the Windows 2000 Server and Windows Server 2003 families, or a commercial packet analyzer (also known as a network sniffer), to capture and view the authentication and data traffic sent and received by the wireless network adapter. Network Monitor includes 802.1X, EAPOL, and EAP parsers. A parser is a component included with Network Monitor that can separate the fields of a protocol header and display their structure and values. Without a parser, Network Monitor displays the hexadecimal bytes of a header, which you must parse manually.

For Windows wireless client authentications, you can use Network Monitor to capture the set of frames exchanged between the wireless client computer and the wireless AP during the wireless authentication process. You can then use Network Monitor to view the individual frames and determine why the authentication failed.

In the Windows 2000 Server and Windows Server 2003 families, Network Monitor is installed as an optional management and monitoring tool using Control Panel s Add/Remove Programs. Once installed, you can run Network Monitor from the Administrative Tools folder.

Figure 14-2 shows an example of the display of an EAP message in Network Monitor for an EAP-Transport Layer Security (EAP-TLS)-based wireless authentication.

Figure 14-2. Example of an EAP message in Network Monitor.

Wireless Monitor Snap-in

For Windows Server 2003-based wireless clients, you can use the new Wireless Monitor snap-in to view wireless AP or wireless client information.

To add the Wireless Monitor snap-in to a console, do the following:

1. Click Start, click Run, type mmc, and then click OK.

2. Click File, click Add/Remove Snap-in, and then click Add.

3. In the Add Standalone Snap-In dialog box, click Wireless Monitor and then click Add.

4. Click Close and then click OK.

There are two main screens of information in the Wireless Monitor snap-in:

• Access Point Information

• Wireless Client Information

When you click Access Point Information in the console tree, the wireless network adapter scans for the available wireless APs within range and then displays them in the details pane, as shown in Figure 14-3.

Figure 14-3. Wireless AP information in the Wireless Monitor snap-in.

You can use the list of wireless APs to determine the visibility and parameters (such as signal strength, channel, and data rates) of specific wireless APs for a given location.

When you click Wireless Client Information in the console tree, the list of wireless events for the Wireless Zero Configuration (WZC) service and the EAPOL component displays in the details pane, as shown in Figure 14-4.

Figure 14-4. Wireless client information in the Wireless Monitor snap-in.

You can use these events to determine how the WZC service chooses to connect to a specific wireless AP and explore the details of the authentication process.