Managing TCP/IP Networking in Windows Server 2008

  • 2/27/2008
Contents

Troubleshooting and Testing Network Settings

Windows Server 2008 includes many tools for troubleshooting and testing TCP/IP connectivity. This section looks at automated diagnostics, basic tests that you should perform whenever you install or modify a computer’s network settings, and techniques for resolving difficult networking problems involving DHCP and DNS. The final section shows you how to perform detailed network diagnostics testing.

Diagnosing and Resolving Local Area Connection Problems

Occasionally network cables can get unplugged or the network adapter might experience a problem that temporarily prevents it from working. After you plug the cable back in or solve the adapter problem, the connection should automatically reconnect. To diagnose local area connection problems, follow these steps:

  1. Click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar.

  2. In Network And Sharing Center, click Manage Network Connections.

  3. Right-click the connection you want to work with and select Diagnose.

Windows Network Diagnostics will then try to identify the problem. A list of possible solutions is provided for identifiable configuration problems. Some solutions provide automated fixes that you can execute by clicking the solution. Other solutions require manual fixes, such as might be required if you need to reset a network router or broadband modem. If your actions don’t fix the problem, refer to other appropriate parts of this troubleshooting section.

Diagnosing and Resolving Internet Connection Problems

Because of the many interdependencies between services, protocols, and configuration settings, troubleshooting network problems can be difficult. Fortunately, Windows Server 2008 includes a powerful network diagnostics tool for pinpointing problems that relate to the following:

  • General network connectivity problems

  • Internet service settings for e-mail, newsgroups, and proxies

  • Settings for modems, network clients, and network adapters

  • DNS, DHCP, and WINS configuration

  • Default gateways and IP addresses

To diagnose Internet connection problems, follow these steps:

  1. Click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar.

  2. Click Diagnose And Repair.

Windows Network Diagnostics will then try to identify the problem. If identifiable configuration problems exist, a list of possible solutions is provided. Some solutions provide automated fixes that you can execute by clicking the solution. Other solutions require manual fixes, such as might be required if you need to reset a network router or broadband modem. If your actions don’t fix the problem, refer to other appropriate parts of this troubleshooting section.

Performing Basic Network Tests

Whenever you install a new computer or make configuration changes to the computer’s network settings, you should test the configuration. The most basic TCP/IP test is to use the PING command to test the computer’s connection to the network. PING is a command-line command. To use it, type ping <host> at the command prompt, where <host> is either the computer name or the IP address of the host computer you’re trying to reach.

With Windows Server 2008, you can use the following methods to test the configuration using PING:

  • Try to ping IP addresses If the computer is configured correctly and the host you’re trying to reach is accessible to the network, PING should receive a reply, as long as pinging is allowed by the computer’s firewall. If PING can’t reach the host or is blocked by a firewall, PING times out.

  • On domains that use WINS, try to ping NetBIOS computer names If NetBIOS computer names are resolved correctly by PING, the NetBIOS facilities, such as WINS, are correctly configured for the computer.

  • On domains that use DNS, try to ping DNS host names If fully qualified DNS host names are resolved correctly by PING, DNS name resolution is configured properly.

You might also want to test network browsing for the computer. If the computer is a member of a Windows Server 2008 domain and computer browsing is enabled throughout the domain, log on to the computer and then use Windows Explorer or Network Explorer to browse other computers in the domain. Afterward, log on to a different computer in the domain and try to browse the computer you just configured. These tests tell you if the DNS resolution is being handled properly in the local environment. If you can’t browse, check the configuration of the DNS services and protocols.

In some cases, discovering and sharing might be set to block discovery. You’ll need to allow discovery to resolve this by following these steps:

  1. Click Start and then click Network.

  2. In Network Explorer, click Network And Sharing Center on the toolbar.

  3. If Network Discovery is set to Off, expand the Sharing And Discovery panel using the Expand button, click Turn On Network Discovery, and then click Apply to turn on this feature.

Diagnosing and Resolving IP Addressing Problems

The current IP address settings of a computer can be obtained as discussed in “Viewing Network Configuration Information” on page 672. If a computer is having problems accessing network resources or communicating with other computers, an IP addressing problem might exist. Take a close look at the IP address currently assigned, as well as other IP address settings, and use the following tips to help in your troubleshooting:

  • If the IPv4 address currently assigned to the computer is in the range 169.254.0.1 to 169.254.255.254, the computer is using Automatic Private IP Addressing (APIPA). An automatic private IP address is assigned to a computer when it is configured to use DHCP and its DHCP client cannot reach a DHCP server. When using APIPA, Windows Server 2008 will automatically periodically check for a DHCP server to become available. If a computer doesn’t eventually obtain a dynamic IP address, the network connection usually has a problem. Check the network cable, and if necessary trace the cable back to the switch or hub into which it connects.

  • If the IPv4 address and the subnet mask of the computer are currently set as 0.0.0.0, the network is either disconnected or someone attempted to use a static IP address that duplicated another IP address already in use on the network. In this case, you should access Network Connections and determine the state of the connection. If the connection is disabled or disconnected, this should be shown. Right-click the connection and select Enable or Diagnose as appropriate. If the connection is already enabled, you will need to modify the IP address settings for the connection.

  • If the IP address is dynamically assigned, make sure that another computer on the network isn’t using the same IP address. You can do this by disconnecting the network cable for the computer that you are working with and pinging the IP address in question. If you receive a response from the PING test, you know that another computer is using the IP address. This computer probably has an improper static IP address or a reservation that isn’t set up properly.

  • If the IP address appears to be set correctly, check the subnet mask, gateway, DNS, and WINS settings by comparing the network settings of the computer you are troubleshooting with those of a computer that is known to have a good network configuration. One of the biggest problem areas is the subnet mask. When subnetting is used, the subnet mask used in one area of the network might look very similar to that of another area of the network. For example, the subnet mask in one IPv4 area might be 255.255.255.240, and it might be 255.255.255.248 in another IPv4 area.

When you are using static IP addressing, you can check the current IPv4 or IPv6 settings by entering ipconfig /all at a command prompt. The display of the ipconfig /all command includes IPv4/IPv6 addresses, default routers, and DNS servers for all interfaces. You can also check IPv4 and IPv6 addressing separately. To check the IPv4 addressing configuration, enter netsh interface ipv4 show address. To check IPv6 addressing, enter netsh interface ipv6 show address. To use Netsh to show the configuration of a remote computer use the -r RemoteComputerName command line option. For example, to display the configuration of the remote computer named CORPSERVER26, you would enter netsh -r corpserver26 interface ipv4 show address.

To make changes to the configuration of IP interfaces, use the netsh interface ipv4 set interface and netsh interface ipv6 set interface commands. To add the IP addresses of DNS servers, use the netsh interface ipv4 add dns and netsh interface ipv6 add dns commands.

Diagnosing and Resolving Routing Problems

As part of troubleshooting, you can verify the reachability of local and remote destinations. You can ping your default router by its IPv4 or IPv6 address. You can obtain the local IPv4 address of your default router by entering netsh interface ipv4 show routes. You can obtain the link-local IPv6 address of your default router by entering netsh interface ipv6 show routes. Pinging the default router tests whether you can reach local nodes and whether you can reach the default router, which forwards IP packets to remote nodes.

When you ping the default IPv6 router, you must specify the zone identifier (ID) for the interface on which you want the ICMPv6 Echo Request messages to be sent. The zone ID for the default router is listed when you enter the ipconfig /all command.

If you are able to ping your default router, ping a remote destination by its IPv4 or IPv6 address. If you are unable to ping a remote destination by its IP address, there might be a routing problem between your node and the destination node. Enter tracert -d IPAddress to trace the routing path to the remote destination You use the -d command-line option to speed up the response by preventing Tracert from performing a reverse DNS query on every near-side router interface in the routing path.

The inability to reach a local or remote destination might be due to incorrect or missing routes in the local IP routing table. To view the local IP routing table, enter the netsh interface ipv4 show routes or netsh interface ipv6 show routes command. Use the command output to verify that you have a route corresponding to your local subnet. The route with the lowest metric is used first. If you have multiple default routes with the same lowest metric, you might need to modify your IP router configuration so that the default route with the lowest metric uses the interface that connects to the correct network.

You can add a route to the IP routing table by using the netsh interface ipv4 add route or netsh interface ipv6 add route command. To modify an existing route, use the netsh interface ipv4 set route or the netsh interface ipv6 set route command. To remove an existing route, use the netsh interface ipv4 delete route or netsh interface ipv6 delete route command.

If you suspect a problem with router performance, use the pathping -d IPAddress command to trace the path to a destination and display information on packet losses for each router in the path. You use the -d command-line option to speed up the response by preventing Pathping from performing a reverse DNS query on every near-side router interface in the routing path.

INSIDE OUT: Checking IPSec policies and Windows Firewall

The problem with reaching a destination node might be due to the configuration of Internet Protocol Security (IPSec) or packet filtering. Check for IPSec policies that have been configured on the computer having the problem, on intermediate IPv6 routers, and on the destination computer. On computers running Windows XP or later, IPSec is configured using Windows Firewall With Advanced Security.

In many cases, packet filtering is configured to allow specific types of traffic and discard all others, or to discard specific types of traffic and accept all others. Because of this, you might be able to view Web pages on a Web server, but not ping the Web server by its host name or IP address.

Each network connection configured on a computer can be enabled or disabled in the Windows Firewall. When enabled, IPv4 and IPv6 drop incoming requests. During troublehshooting, you can disable the Windows Firewall for a specific IPv4 or IPv6 interface with the netsh interface ipv4 set interface interface=NameOrIndex firewall=disabled and netsh interface ipv6 set interface interface=NameOrIndex firewall=disabled commands. You can also completely turn off the Windows Firewall with the netsh firewall set opmode disable command. Don’t forget to reenable the firewall when you are done troubleshooting.

Releasing and Renewing DHCP Settings

DHCP servers can assign many network configuration settings automatically, including IP addresses, default gateways, primary and secondary DNS servers, primary and secondary WINS servers, and more. When computers use dynamic addressing, they are assigned a lease on a specific IP address. This lease is good for a specific time period and must be renewed periodically. When the lease needs to be renewed, the computer contacts the DHCP server that provided the lease. If the server is available, the lease is renewed and a new lease period is granted. You can also renew leases manually as necessary on individual computers or by using the DHCP server itself.

Problems that prevent network communications can occur during the lease assignment and renewal process. If the server isn’t available and cannot be reached before a lease expires, the IP address can become invalid. If this happens, the computer might use the alternate IP address configuration to set an alternate address, which in most cases has settings that are inappropriate and prevent proper communications. To resolve this problem, you’ll need to release and then renew the DHCP lease.

Another type of problem occurs when users move around to various offices and subnets within the organization. While moving from location to location, their computers might obtain DHCP settings from the wrong server. When the users return to their offices, the computer might seem sluggish or perform incorrectly because of the settings assigned by the DHCP server at another location. If this happens, you’ll need to release and then renew the DHCP lease.

You can use the graphical interface to release and renew DHCP leases by following these steps:

  1. Click Start and then click Network. In Network Explorer, click Network And Sharing Center on the toolbar.

  2. In Network And Sharing Center, click Manage Network Connections. In Network Connections, right-click the connection you want to work with and then select Diagnose.

  3. After Windows Network Diagnostics tries to identify the problem, a list of possible solutions is provided. If the computer has one or more dynamically assigned IP addresses, one of the solutions should be Automatically Get New IP Settings.... Click this option.

You can also follow these steps to use the IPCONFIG command to renew and release settings:

  1. Start an elevated command prompt.

  2. To release the current settings for all network adapters, type ipconfig /release at the command line. Then renew the lease by typing ipconfig /renew.

  3. To renew a DHCP lease for all network adapters, type ipconfig /renew at the command line.

  4. You can check the updated settings by typing ipconfig /all at the command line.

NOTE

If a computer has multiple network adapters and you only want to work with one or a subset of the adapters, specify all or part of the connection name after the ipconfig /renew or ipconfig /release command. Use the asterisk as a wildcard to match any characters in a connection’s name. For example, if you want to renew the lease for all connections with names starting with Loc, type the command ipconfig /renew Loc*. If you want to release the settings for all connections containing the word Network, type the command ipconfig /release *Network*.

Diagnosing and Resolving Name Resolution Issues

When you can reach a destination using an IP address but not reach a host using a host name, you might have a problem with host name resolution. Typically, name resolution issues have to do with improper configuration of the DNS client or problems with DNS registration. You can use the following tasks to troubleshoot problems with DNS name resolution:

  • Verify DNS configuration

  • Test DNS name resolution with the Ping tool

  • Use the Nslookup tool to view DNS server responses

  • Display and flush the DNS client resolver cache

On the computer having DNS name resolution problems, verify the following information:

  • Host name

  • The primary DNS suffix

  • DNS suffix search list

  • Connection-specific DNS suffixes

  • DNS servers

You can obtain this information by entering ipconfig /all at a command prompt. To obtain information about which DNS names should be registered in DNS, enter netsh interface ip show dns.

Computers running Windows Vista and Windows Server 2008 support DNS traffic over IPv6. By default, IPv6 configures the well-known site-local addresses of DNS servers at FEC0:0:0:FFFF::1, FEC0:0:0:FFFF::2, and FEC0:0:0:FFFF::3. To add the IPv6 addresses of your DNS servers, use the properties of the Internet Protocol Version 6 (TCP/IPv6) component in Network Connections or the netsh interface ipv6 add dns command. To register the appropriate DNS names as IP address resource records with DNS dynamic update, use the ipconfig /registerdns command. Computers running Windows XP or Windows Server 2003 do not support DNS traffic over IPv6.

TCP/IP checks the DNS client resolver cache before sending DNS name queries. The DNS resolver cache maintains a history of DNS lookups that have been performed when a user accesses network resources using TCP/IP. This cache contains forward lookups, which provide host name to IP address resolution, and reverse lookups, which provide IP address to host name resolution. After a DNS entry is stored in the resolver cache for a particular DNS host, the local computer no longer has to query external servers for DNS information on that host. This enables the computer to resolve DNS requests locally, providing a quicker response.

How long entries are stored in the resolver cache depends on the Time to Live (TTL) value assigned to the record by the originating server. To view current records and see the remaining TTL value for each record, type ipconfig /displaydns in an elevated command prompt. These values are given as the number of seconds that a particular record can remain in the cache before it expires. These values are continually being counted down by the local computer. When the TTL value reaches zero, the record expires and is removed from the resolver cache.

Occasionally, you’ll find that you need to clear out the resolver cache to remove old entries and enable computers to check for updated DNS entries before the normal expiration and purging process takes place. Typically, this happens because server IP addresses have changed and the current entries in the resolver cache point to the old addresses rather than the new ones. Sometimes the resolver cache itself can get out of sync, particularly when DHCP has been misconfigured.

NOTE

Skilled administrators know that several weeks in advance of the actual change, they should start to decrease the TTL values for DNS records that are going to be changed. Typically, this means reducing the TTL from a number of days (or weeks) to a number of hours, which allows for quicker propagation of the changes to computers that have cached the related DNS records. After the change is completed, administrators should restore the original TTL value to reduce renewal requests.

In most cases, you can resolve problems with the DNS resolver cache by either flushing the cache or reregistering DNS. When you flush the resolver cache, all DNS entries are cleared out of the cache and new entries are not created until the next time the computer performs a DNS lookup on a particular host or IP address. When you reregister DNS, Windows Server 2008 attempts to refresh all current DHCP leases and then performs a lookup on each DNS entry in the resolver cache. By looking up each host or IP address again, the entries are renewed and reregistered in the resolver cache. You’ll generally want to flush the cache completely and allow the computer to perform lookups as needed. Reregister DNS only when you suspect problems with DHCP and the DNS resolver cache.

You can test DNS name resolution by pinging a destination using its host name or fully qualified domain name (FQDN). If an incorrect IP address is shown, you can flush the DNS resolver cache and use the Nslookup tool to determine the set of addresses returned in the DNS Name Query Response message.

You can use the IPCONFIG command to flush and reregister entries in the DNS resolver cache by following these steps:

  1. Start an elevated command prompt.

  2. To clear out the resolver cache, type ipconfig /flushdns at the command line.

  3. To renew DHCP leases and reregister DNS entries, type ipconfig /registerdns at the command line.

  4. When the tasks are complete, you can check your work by typing ipconfig /displaydns at the command line.

To start Nslookup, enter Nslookup at a command prompt. At the Nslookup > prompt, use the set d2 command to get detail information about DNS response messages. Then, use Nslookup to look up the desired FQDN. Look for A and AAAA records in the detailed display of the DNS response messages.

With IPv6, the DNS client maintains a neighbor’s cache of recently resolved link-layer addresses as well as a standard resolver cache. To display the current contents of the neighbor cache, enter netsh interface ipv6 show neighbors. To flush the neighbor’s cache, enter netsh interface ipv6 delete neighbors.

For IPv6, the DNS client also maintains a destination cache. The destination cache stores next-hop IPv6 addresses for destinations. To display the current contents of the destination cache, enter netsh interface ipv6 show destinationcache command. To flush the destination cache, enter netsh interface ipv6 delete destinationcache.

Save to your account

This chapter is from the book