Chapter 15: Configuring, Maintaining, and Troubleshooting TCPIP Networking

Being able to configure, maintain, and troubleshoot Transmission Control Protocol/Internet Protocol (TCP/IP) networking is a vital part of every administrator’s job. This chapter starts with a discussion of the command-line tools available for performing these tasks, then delves into each area separately giving you the knowledge and techniques you’ll need for successfully managing and supporting TCP/IP networking on Windows XP Professional and Windows Server 2003 systems.

Using the Network Services Shell

The network services shell (Netsh) is a command-line scripting utility that allows you to manage the configuration of various network services on local and remote computers. Netsh provides a separate command prompt that you can use in either interactive or noninteractive mode.

Working with Netsh Contexts

In interactive mode, you enter the shell by typing netsh and then specifying the context name of the network service you want to work with. Context names and their meanings are as follows:

• aaaa Authentication, authorization, accounting, and auditing. The context used to view and work with the AAAA database. That database is used by the Internet Authentication Service (IAS) and the Routing And Remote Access service.

• dhcp Dynamic Host Configuration Protocol (DHCP). The context used for viewing and managing DHCP servers. You use the DHCP context to assign TCP/IP configuration information dynamically to network clients.

• diag Network diagnostics. The context for viewing and troubleshooting network service parameters.

• interface ip Interface IP. The context used to view and manage the TCP/ IP network configuration of a computer. With Windows XP Service Pack 2, can also be used to manage the IPv4 Internet Connection Firewall (ICF).

  Security Alert

  When the IPv4 ICF is enabled under Windows XP SP2 or later, boot-time security is also enabled. Boot-time security makes it so the computer can only perform basic networking tasks at bootup for DNS, DHCP, and communications with domain controllers. Once the ICF is running, it loads and applies the run-time ICF policy and then removes the boot-time filters. While you cannot control boot-time security policy, you can configure the way ICF is used; you use Netsh to do this.

• interface ipv6 Interface IP version 6. The context used to view and manage the IPv6 network configuration of a computer. With Windows XP Advanced Networking Pack or Service Pack 2 or later, can also be used to manage the IPv6 Internet Connection Firewall.

• interface portproxy Interface Port Proxy. The context used to manage proxies between IPv4 and IPv6 networks.

• ipsec Internet Protocol Security (IPsec). The context used to view and configure IPsec.

• bridge Network Bridge. The context used to enable or disable transport layer (OSI model layer 3) compatibility mode for network bridges. Also used to view the configuration settings of network bridges.

• ras Remote access server (RAS). The context used to view and manage remote access server configurations.

• routing Routing. The context used to manage routing servers. Used with Routing And Remote Access server.

• rpc Remote procedure call (RPC) helper. The context used to view and manage IP address interface settings as well as IP subnet addresses that are configured on a computer.

• wins Windows Internet Name Service (WINS). The context used to view and manage WINS server settings. You use WINS to resolve NetBIOS computer names to Internet Protocol (IP) addresses for pre–Windows 2000 computers.

  Note

  Some contexts and subcontexts are only available when you use Netsh on a local computer. The key one you’ll notice is RPC, which is only available when working locally. In addition, some Netsh contexts and subcommands require the Routing And Remote Access service to be configured even when you are working with a local computer at the command line. If this is the case, you must set the Connections To Other Access Servers remote access policy to grant remote access permission, and then ensure that the remote access service is running.

The context name tells Netsh which helper DLL to load. The helper DLL provides context-specific commands that you can use. For example, if you typed netsh to work interactively with Netsh and then typed rpc you would enter the RPC context. You could then type show interfaces to see the IP address interfaces configured on the computer. As a series of steps, this would look like this:

1. Type netsh. The command prompt changes to: Netsh>.

2. Type rpc. The command prompt changes to: Netsh rpc>.

3. Type show interfaces. The IP address interfaces configured on the computer are displayed, such as

   Subnet        Interface     Status    Description
    
   127.0.0.0     127.0.0.1     Enabled   MS TCP Loopback interface
    
   192.168.1.0   192.168.1.56  Enabled   Intel(R) PRO/100 VE Network Connection

Each context has a different set of commands available and some of these commands lead to subcontexts that have their own commands as well. Keep in mind the related service for the context must be configured on the domain to allow you to do meaningful work within a particular context. Regardless of what context you are working with, you can view the list of available commands by typing help. Similarly, regardless of what context you are in, typing quit will exit the network services shell, returning you to the Windows command prompt. Well, that’s how Netsh works interactively; it’s slow and plodding, but it’s good for beginners or while digging around to find out what commands are available.

Once you grow accustomed to working with Netsh, you’ll want to use this utility in noninteractive mode. Noninteractive mode allows you to type in complete command sequences at the command-line prompt or within batch scripts. For example, the previous procedure which took three steps can be performed with this one command line:

netsh rpc show interfaces

Whether you insert this line into a script or type it directly at a command-line prompt, the resulting output is the same: a list of interfaces on the computer you are working with. As you can see, typing commands directly is a lot faster.

Working with Remote Computers

Netsh can be used to work with remote computers. To work interactively with a remote computer, you start netsh with the –R parameter and then specify the IP address or domain name of the computer to which you want to connect, such as

netsh -r 192.168.10.15

or

netsh -r corpsvr02 

While you work with the remote computer, Netsh will include the computer IP address or name in its command prompt, such as

[corpsvr02] netsh>

Here you use Netsh to work remotely with CorpSvr02.

If you want to work noninteractively with remote computers, you must use the following syntax:

netsh -c Context -r RemoteComputer Command 

where Context is the identifier for the context you want to work with, RemoteComputer is the name or IP address of the remote computer, and Command is the command to execute. Consider the following example:

netsh -c "interface ip" -r corpsvr02 show ipaddress

In this example, you use the Interface IP context to obtain a list of IP addresses configured on CorpSvr02. Here, you cannot use the RPC context to perform this task, because this context is only available on a local computer.

Working with Script Files

As discussed previously, you can type in complete Netsh command sequences at the command line or within batch scripts. The catch is that you must know the complete command line you want to use and cannot rely on Netsh for help. Some command lines can be very long and complex. For example, the following commands connect to a DHCP server, configure a DHCP scope, and then activate the scope:

netsh dhcp server \\corpsvr02 add scope 192.168.1.0 255.255.255.0 
MainScope PrimaryScope
 
netsh dhcp server \\corpsvr02 scope 192.168.1.0 add iprange 
192.168.1.1 192.168.1.254
 
netsh dhcp server \\corpsvr02 scope 192.168.1.0 add excluderange 
192.168.1.1 192.168.1.25
 
netsh dhcp server \\corpsvr02 scope 192.168.1.0 set state 1

If you save these commands to a batch script, you can run the script just as you would any other batch script. For example, if you named the script dhcpconfig.bat, you would type dhcpconfig to run the script.

When working with remote computers, you can place the script on a network share accessible from the remote computer and then log on remotely to execute the script. Or you can copy the script directly to the remote computer and then log on to execute it remotely. Either way works, but both involve a couple of extra steps. Fortunately, there’s a faster way to run a script on a remote computer. To do this, you must change the script a bit and use the following syntax:

netsh -c Context -r RemoteComputer -f Script 

where Context is the identifier for the context you want to work with, RemoteComputer is the name or IP address of the remote computer, and Script is the file or network path to the script to execute. Consider the following example:

netsh -c "dhcp server" -r corpsvr02 -f dhcpconfig.bat

In this example, you run a Netsh script called dhcpconfig.bat on CorpSvr02 using the DHCP Server context. Note that Server is a subcontext of the DHCP context. The script contains the following commands:

add scope 192.168.1.0 255.255.255.0 MainScope PrimaryScope
scope 192.168.1.0 add iprange 192.168.1.1 192.168.1.254
scope 192.168.1.0 add excluderange 192.168.1.1 192.168.1.25
scope 192.168.1.0 set state 1

These commands create, configure, and then activate a DHCP scope on the designated DHCP Server, CorpSvr02. Because you are already using the DHCP Server context on CorpSvr02, you don’t need to type netsh dhcp server \\corpsvr02 at the beginning of each command.