Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 71 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
71
Dung lượng
328,26 KB
Nội dung
640 Chapter 13 • Windows 2000 TCP/IP Fast Track ■ Client Services for NetWare (CSNW) ■ Gateway Services for NetWare (GSNW) ■ NWLink (Microsoft’s implementation of the IPX/SPX protocol) ■ File and Print Services for NetWare (FPNW) ■ Microsoft Print Services for UNIX (LPD and LPR services) SNA (Systems Network Architecture) is a separate software package from Microsoft that can be used to connect Windows PC networks to IBM mainframe networks. General Troubleshooting Guidelines Troubleshooting TCP/IP and other network problems is made easier if you follow the Ten Commandments of Troubleshooting: 1. Know thy network. 2. Use the tools of the trade. 3. Take it one change at a time. 4. Isolate the problem. 5. Recreate the problem. 6. Don’t overlook the obvious. 7. Try the easy way first. 8. Document what you do. 9. Practice the art of patience. 10. Seek help from others. Troubleshooting Resources There is a great deal of troubleshooting information for TCP/IP issues in general and for Windows 2000-specific problems. Be sure to take advan- tage of the following: ■ Microsoft documentation, including Help files, the Resource Kits, white papers, TechNet, official newsgroups, and the Microsoft Web site ■ Third-party documentation, including Internet mailing lists, Usenet public newsgroups, Web resources, local user groups, and books and magazines 91_tcpip_13.qx 2/25/00 11:21 AM Page 640 Windows 2000 TCP/IP Fast Track • Chapter 13 641 Troubleshooting Models Following a set procedure allows you to organize the troubleshooting process and makes it less likely that you will overlook something impor- tant along the way. The problem-solving models used by other professions can be applied to network troubleshooting as well, as discussed in the fol- lowing sections. Differential Diagnosis Model This model is used in the medical field and consists of the following steps: 1. Examination 2. Diagnosis 3. Treatment 4. Followup These same steps can be used in solving TCP/IP connectivity prob- lems. SARA Model This model is popular in the criminal justice world, in use by law enforce- ment agencies practicing community-oriented policing. It includes the fol- lowing steps: 1. Scanning 2. Analysis 3. Response 4. Assessment Comparing the models, you see that although the terminology differs, the actual steps involve the same processes. Problem-solving basics are the same regardless of the type of problem. Information-Gathering Tips Gathering information is always one of the first steps in problem solving. In network troubleshooting, as in most areas, this involves asking ques- tions. Questions to Ask What questions to ask (and of whom) vary according to the situation, but the following can serve as a guideline to get you started: ■ Exactly what task were you trying to perform when the problem occurred? 91_tcpip_13.qx 2/25/00 11:21 AM Page 641 642 Chapter 13 • Windows 2000 TCP/IP Fast Track ■ Were you doing anything else in addition to this primary task at the time? ■ What error message(s), if any, were displayed? ■ Is anyone else on the network experiencing the same problem? ■ Have you ever been able to perform this task on this computer? ■ When was the last time you were able to do so? ■ What changes have occurred since the last time you were able to do so? Log Files The Windows 2000 log files provide information that may be helpful in troubleshooting. These files are accessed via the Event Viewer, and include the following logs: ■ System log ■ Application log ■ Security log Organizing Information In order to make a diagnosis or analysis of the information, you must organize it in a logical manner. This means learning to sift through and discard irrelevant information, and looking for patterns in the data. This also means setting priorities according to such factors as who is affected by the problem, how many are affected by the problem, what production activities are affected by the problem, and how often the problem occurs. Solutions, once formulated, should also be prioritized according to cost, time involved, longevity, and long-term effect on performance. Forms and Check Lists You can devise forms and check lists to guide you through the trou- bleshooting process in an organized manner, or you can use the ones supplied in Chapter 3, “General Windows 2000 TCP/IP Troubleshooting Guidelines.” Forms are useful in helping you to gather information, and check lists force you to approach problem solving in a methodical, step- by-step way that is more conducive to success. 91_tcpip_13.qx 2/25/00 11:21 AM Page 642 Windows 2000 TCP/IP Fast Track • Chapter 13 643 Inside TCP/IP The Windows 2000 implementation of TCP/IP supports a large number of Internet standards as outlined in various RFCs. For a list of those docu- ments, see Chapter 4, “Windows 2000 TCP/IP Internals.” Windows 2000 Enhancements The following are some of the most exciting enhancements Microsoft has made to the TCP/IP stack: ■ Scalable TCP window size and timestamping (RFC 1323) ■ Selective Acknowledgments (RFC 2018) ■ Support for IP over ATM (RFC 1577) ■ TCP fast retransmit ■ Quality of service (QoS) ■ Resource Reservation Protocol (RSVP) ■ IPSec ■ NDIS 5.0 support Inside IP IP operates at the Internetwork layer and is responsible for routing pack- ets to their destination addresses. CIDR Support IP in Windows 2000 supports Classless Interdomain Routing (CIDR), which is a way of aggregating routes once designated as class C networks using “supernetting” to create larger networks by “stealing” bits from the network portion of the IP address to allow for more Host IDs. CIDR is useful for the following purposes: ■ Smaller Internet routing tables ■ Less updating of external routes ■ More efficient allocation of address space ■ Increase in number of available (host) Internet addresses Multihoming A computer that has multiple IP addresses is called a multihomed host. This can be a computer with more than one NIC, or a computer that has multiple IP addresses assigned to one NIC. Windows 2000 supports both types of multihoming. 91_tcpip_13.qx 2/25/00 11:21 AM Page 643 644 Chapter 13 • Windows 2000 TCP/IP Fast Track A multihomed computer with two NICs can act as a router, passing transmissions from one subnet to another. IP Multicasting Multicasting refers to sending data to multiple destinations on the net- work at the same time, using a single multicast address. Computers are designated as members of a multicast group, and only group members receive the messages. A computer can belong to multiple multicast groups simultaneously. There are two types of multicast groups: permanent and transient. The Internet Group Management Protocol (IGMP) is used to manage mul- ticast membership. The multicast address range consists of the class D addresses 224.0.0.0 through 239.255.255.255. Windows 2000 includes the following utilities that are useful in trou- bleshooting multicast transmissions: ■ MRINFO ■ NETSH ROUTING IP MIB SHOW MFE ■ NETSH ROUTING IP MIB SHOW MFESTATS ■ NETSH ROUTING IP MIB SHOW JOINS Duplicate Address Detection In order for computers to communicate on a TCP/IP network, each net- work interface must have a unique IP address. Windows 2000 uses a “gratuitous ARP broadcast” when a computer comes online to detect whether another computer is already using the IP address it is configured to use. If there is duplication, the second computer with the IP address will not be allowed to use it. Inside TCP and UDP TCP and UDP are Host-to-Host (Transport) layer protocols. They handle flow control and provide for reliable end-to-end communications. TCP TCP is a connection-oriented protocol that handles important one-to-one communications such as logons, file and printer sharing, and replication. Windows 2000 TCP includes dead gateway detection, delayed acknowledg- ments, TCP keep-alives, and avoidance of the Silly Window Syndrome. UDP UDP is a connectionless protocol used for broadcast transmissions and other situations where guaranteed delivery is not required. UDP doesn’t 91_tcpip_13.qx 2/25/00 11:21 AM Page 644 Windows 2000 TCP/IP Fast Track • Chapter 13 645 break messages into smaller chunks and reassemble them on the other end as TCP does. UDP is faster than TCP, but less reliable. Both UDP and TCP provide for ports to differentiate between multiple connections using the same IP address. TCP/IP Registry Settings TCP/IP gets configuration information from the Windows Registry. You can use a Registry Editor to change the behavior of the Windows 2000 TCP/IP stack, but this should be done with caution. See Chapter 4 for a listing of Registry settings that can be changed, and instructions on how to do so. Network Monitoring Tools Windows 2000 includes various tools and utilities that can be used to verify connectivity, gather information, monitor performance, and even analyze the packets themselves to assist you in troubleshooting your TCP/IP network. These include graphic tools such as Network Monitor, Event Viewer, and the Performance console (also called System Monitor), as well as command-line utilities standard to the TCP/IP suite. Monitoring Guidelines Monitoring network activity gives you a chance to gather information over a period of time, detect and analyze patterns, and compare changes. Baselining The first step in any monitoring program is to establish a baseline; this can be described as the process of collecting information about the “patient” (the network) before it gets sick. Gather your baseline informa- tion when the network is working properly, so you can use it for compari- son purposes when things go wrong. Documentation Be sure to document everything you do, and keep your documentation orderly and organized. This will assist you in maintaining the network and allow you to quickly and efficiently return to previous measures. Performance Logs and Alerts The administrative tool formerly known as Performance Monitor, now called the System Monitor or listed simply as “Performance” in the MMC, 91_tcpip_13.qx 2/25/00 11:21 AM Page 645 646 Chapter 13 • Windows 2000 TCP/IP Fast Track can be used to obtain real-time data on network performance parameters. This information can be saved in a file for later analysis. The System Monitor can also be configured to alert you when counters reach a specified limit. Network Monitor The Microsoft Network Monitor is a software protocol analyzer that allows you to capture and analyze traffic on your network. The Network Monitor is a very useful tool for assessing the activity on the network. You can use the tool to collect network data and analyze it on the spot, or save your recording activities for a later time. It allows you to monitor network activity and set triggers for when certain events or data cross the wire, which could be useful if you are looking for certain “key words” in e-mail communications moving through the network. The Network Monitor program allows you to capture only those frames that you are interested in, based on protocol or source or destination computer. You can apply even more detailed and exacting filters to data that you have finished collecting, which allows you to pinpoint the precise elements you might be looking for in the captured data. Network Monitor is not installed by default. If it isn’t installed on your computer, you can install it via the Add/Remove Programs applet in the Control Panel. There are two types of filters used by Network Monitor: capture filters and display filters. Capture Filters The purpose of the capture filter is to limit the frames that are actually saved in the capture buffer. This allows you to make better use of your buffer space, because the limited amount of buffer you have can be devoted to looking at the precise targets of interest. It also reduces the amount of “extraneous” information that could cause you to overlook something important during your investigations. You can filter the capture information in two ways: by machine address pairs, or by a specified pattern in the frames that are examined during the capture sequence. Display Filters The display filter allows us to look for very specific elements of the cap- tured data and allows for a much more refined filtering than we can accomplish with the capture filter. A display filter can be used as a data- base search tool, where the capture frames are the data in our database. 91_tcpip_13.qx 2/25/00 11:21 AM Page 646 Windows 2000 TCP/IP Fast Track • Chapter 13 647 Event Viewer The Event Viewer can be used to check on the status of a number of net- work services. Windows 2000 systems are configured to report significant fault situations to the event viewer. You should make it a regular practice, perhaps the first thing you do every day, to check out the Event Viewer on all of your primary servers to see if any of the Windows 2000 services running on these servers are reporting error conditions. The Event Log does contain an added feature over what was found in Windows NT: the DNS log. Because of the added importance of DNS in the normal functioning of domain-related activity, Microsoft deemed the DNS service important enough to warrant its own log in the Event Viewer. TCP/IP Utilities The group of command-line TCP/IP utilities included with Windows 2000 is similar to those available in Windows NT 4.0. We have the familiar set of TCP/IP tools, such as: ■ PING ■ NSLOOKUP ■ TRACERT ■ ARP ■ IPCONFIG ■ NBTSTAT ■ NETSTAT Each of these basic TCP/IP command-line tools has either the same or enhanced functionality compared to what it could do in Windows NT 4.0. In addition to these tools, Windows 2000 offers some new command- line TCP/IP tools, including PATHPING and NETDIAG. For detailed information on how to use these command-line utilities in troubleshooting TCP/IP problems, see Chapter 5, “Using Network Monitoring and Troubleshooting Tools in Windows 2000.” Name Resolution Problems Name resolution problems are one of the most common causes of the inability to connect to another TCP/IP computer on the network. These problems fall into one of two categories: NetBIOS name resolution and host name resolution. In Windows 2000, as in other Windows operating systems, NetBIOS resolution is handled primarily by WINS, the Windows Internet Name 91_tcpip_13.qx 2/25/00 11:21 AM Page 647 648 Chapter 13 • Windows 2000 TCP/IP Fast Track Service; and host name resolution is handled by the Domain Name System service, DNS (or its updated incarnation, Dynamic DNS). WINS and NetBIOS Name Resolution A NetBIOS name server is a computer that maintains a database of NetBIOS names and matching IP addresses. WINS is the best known and most widely used NetBIOS name server. Windows 2000’s implementation of WINS complies with RFC 1001/1002 and contains new features not included in WINS in NT 4.0. Components of network communications that are involved with NetBIOS name resolution include: ■ The TCP/IP protocol stack ■ NetBIOS over TCP/IP (also called NetBT) ■ WINS and DNS servers ■ Broadcasts ■ LMHOSTS and HOSTS files ■ The Browser service ■ The Server and Workstation services ■ My Network Places ■ The “net” commands (net use, net view, net send) ■ The Alerter service This list can provide a starting point in troubleshooting NetBIOS name resolution problems. To prevent or solve NetBIOS name resolution prob- lems, follow these guidelines: ■ Don’t multihome your WINS server(s). ■ Use a WINS proxy agent on network segments that have non- WINS clients. ■ Avoid static records in the WINS database. ■ Define replication partners based on link factors. ■ Avoid split registration. ■ Use the “hub and spoke” model in multisite environments. ■ Configure your DNS servers to resolve NetBIOS names. ■ Don’t multihome the master browser(s). ■ Use manual tombstoning instead of deleting records. ■ Consider all the ramifications before disabling NetBT. 91_tcpip_13.qx 2/25/00 11:21 AM Page 648 Windows 2000 TCP/IP Fast Track • Chapter 13 649 DNS and Host Name Resolution The NetBIOS namespace is “flat,” but DNS uses a hierarchical (multilevel) namespace. DNS resolves Fully Qualified Domain Names (FQDNs) to IP addresses. These names are in the format myserver.mydomain.com. The Windows 2000 DNS is standards-based and is now capable of dynamic update (hence the new name, Dynamic DNS, or DDNS). DNS is used for resolution of names on the global Internet, and in Windows 2000 has moved to the forefront as the name resolution method of choice for Microsoft networks as well. Resolving Host Names to IP Addresses DNS clients can resolve a host name to IP address in several ways. The Windows 2000 DNS client service features a caching resolver, which keeps a list of recently resolved host names and IP addresses. If a sought- after mapping is not there, the client will query a DNS server. If the DNS server can’t resolve the name, the client will go through NetBIOS name resolution sequence and attempt to resolve the name using the WINS server, broadcasts, or LMHOSTS files. There are two basic types of queries: ■ Recursive ■ Iterative An FQDN includes the host name and the host’s domain membership. A fully qualified query must end with a period, although most applica- tions will automatically include it before sending the request. If the request is unqualified, by default the domain membership of the machine issuing the query will be appended to the request. A list of other domain suffixes can be configured that will be appended to unqualified requests. Planning the DNS Namespace If a company has both an internal Windows 2000 network and an Internet presence, it can choose to represent the namespace in one of two ways: ■ Use the same domain name for the internal and external namespaces ■ Use different domain names for the internal and external namespaces The first choice requires registration of only one domain name, and provides for more continuity and consistency. However, servers will have 91_tcpip_13.qx 2/25/00 11:21 AM Page 649 [...]... protocol is “wrapped” (encapsulated) inside the WAN protocol The two popular WAN protocols are: s s Serial Line Internet Protocol (SLIP) Point-to-Point Protocol (PPP) PPP is more commonly used, as it supports encryption, compression, and automatic IP address assignment by a DHCP server SLIP is used primarily by some UNIX servers Windows 2000 can use either SLIP or PPP to dial out, but uses only PPP for dial-in... requires special protocols Windows 2000 supports the following dynamic routing protocols: 91_tcpip_13.qx 2/25/00 11:21 AM Page 660 660 Chapter 13 • Windows 2000 TCP/IP Fast Track s s s RIPv1 RIPv2 OSPF RIP Features Windows 2000 s Routing Information Protocol (RIP) supports split horizon, poison reverse, and triggered updates, which are designed to avoid some of RIP’s problems such as routing loops RIP listening... than an option; it looks as if both will be around for some time to come 91_tcpip_13.qx 2/25/00 11:21 AM Page 664 91_tcpip_app.A.qx 2/25/00 11:22 AM Page 665 Appendix A TCP/IP Troubleshooting Secrets Solutions in this chapter: s Lesser-Known Shortcuts s Under-Documented Features and Functions s For Experts Only 665 91_tcpip_app.A.qx 2/25/00 11:22 AM Page 666 666 Appendix A• TCP/IP Troubleshooting... directories on the FTP Server Mget GETS multiple files from the FTP Server Mput Copies multiple files from the local machine to the FTP Server Open Connects to a specified FTP Server Put Copies local files to the FTP Server Continued 91_tcpip_app.A.qx 2/25/00 11:22 AM Page 671 TCP/IP Troubleshooting Secrets • Appendix A 671 Command Action Prompt When multiple files are being transferred, prompt will cause... Display the contents of the DNS Resolver Cache 91_tcpip_app.A.qx 2/25/00 11:22 AM Page 673 TCP/IP Troubleshooting Secrets • Appendix A 673 /showclassid Displays all the dhcp class IDs allowed for adapter /setclassid Modifies the dhcp class id The default is to display only the IP address, subnet mask and default gateway for each adapter bound to TCP/IP For Release and Renew, if no adapter name is specified,... files: dhcp.mdb, dhcp.tmp, j50.log, and j50.chk You can edit the backup interval at which Windows 2000 backs up the DHCP database You also must edit the Registry to manually restore the database from backup See Chapter 8, “Troubleshooting Windows 2000 IP Addressing Problems,” for explicit instructions Windows 2000 protects against “rogue” (unauthorized) DHCP servers by requiring that Windows 2000 DHCP servers... You can enable PPP event logging and use PPP tracing to gather information useful in troubleshooting PPP connections For instructions on how to do so, see Chapter 9, “Troubleshooting Remote Access in a Windows 2000 TCP/IP Network.” RRAS Configuration Problems Configuration problems can stem from either the RRAS server or the remote client Server Configuration The first step in troubleshooting the inability... Interface Metric Protocol Features of the Windows 2000 Router A Windows 2000 computer running RRAS and providing routing services supports the following features: s s s s s s Multiprotocol routing (IP, IPX, and AppleTalk) Support for standard dynamic routing protocols (RIP and OSPF) Packet filtering Router advertisement and discovery (ICMP) Multicast services (IGMP) Unicast routing Routing Protocols Routing... AM Page 668 668 Appendix A• TCP/IP Troubleshooting Secrets behavior, type ? at the Telnet command prompt You should see output similar to the following: Commands may be abbreviated Supported commands are: close display open quit set status unset close current connection display operating parameters connect to a site exit telnet set options (type 'set ?' for a list) print status information unset options... technologies are based on IP IP Telephony One exciting development is IP telephony, which offers simultaneous voice, video, and data transmission over the Internet or the local network 91_tcpip_app.A.qx 2/25/00 11:22 AM Page 675 TCP/IP Troubleshooting Secrets • Appendix A 675 IP telephony will work over a variety of physical media: analog telephone lines, ISDN, DSL, coax and UTP, T-carrier and satellite . is “wrapped” (encapsulated) inside the WAN protocol. The two popular WAN protocols are: ■ Serial Line Internet Protocol (SLIP) ■ Point-to-Point Protocol (PPP) PPP is more commonly used, as it supports. messages are encapsulated and encrypted. Windows 2000 supports two tunneling protocols: ■ Point-to-Point Tunneling Protocol (PPTP) ■ Layer 2 Tunneling Protocol (L2TP) Troubleshooting VPN connections. 643 Inside TCP/IP The Windows 2000 implementation of TCP/IP supports a large number of Internet standards as outlined in various RFCs. For a list of those docu- ments, see Chapter 4, Windows 2000 TCP/IP