Troubleshooting Your Systems with Network DiagnosticsThis article may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. To maintain the flow of the article, we've left these URLs in the text, but disabled the links.
by Lorraine Vachon
Operating System: Windows 2000
Managing almost any size network can be a daunting task when you must locate and identify connection and configuration problems. Anyone who has combed through performance logs, changed out hardware in vain, tracked cables, or sat for hours in front of a monitor clicking through configuration screens knows the value of good utilities. Until recently, support personnel often relied on third-party tools to help them diagnose and troubleshoot performance slowdowns and various hard-to-find failures. However, such tools can be expensive and time-consuming to learn. Fortunately, Windows 2000 ships with a suite of network troubleshooting utilities. Powerful, yet surprisingly quick to learn, these utilities should help you accurately assess client configurations and isolate various network problems.
Network Diagnostics (NetDiag) is one of several new utilities included on your Windows 2000 CD. In this article, we'll explore this powerful utility. We'll look at how this utility works and how it can help you better diagnose problems and manage your clients on the network. Specifically, we'll describe installation and customization options, investigate each diagnostic test, and provide sample output for some of the tests.
Microsoft's support utilities are located in the Support\Tools folder of your Windows 2000 CD. To install the utilities, first log on as a member of the administrator group. You can either browse to the Tools folder and double-click on Setup.exe to launch the Installation Wizard, or you can install the utility from a command prompt. To install from a prompt, run msiexec with the option /i. For example, to install in the current directory type this at the command prompt:
msiexec /i cd_drive_letter:\support\tools\ 2000rkst.msi
If you're installing the support tools as part of an unattended installation, append /qb to the end of the install argument. See Table A for a description of command line options.
Table A: Command line switches and their meanings
Performs unattended installation.
|/f||[ReinstallModes] 2000rkst.msi||Repairs a previous installation.|
|/a||2000rkst.msi||Administrators installation. Installs onto a server for network installations.|
|/l||[i|w|e|f|a|r|u|c|m|p|+|!|v]Logfile||Specifies path to log file. The flags indicate what information to log.|
The flag 'i', for example, indicates status messages, and 'w' indicates non-fatal warnings. For a brief description of each flag, consult the Sreadme.txt in the Support\Tools folder.
After you install the 2000 support utilities, you'll notice a host of new tools in the Start | Programs | Windows 2000 Support Tools | Tools menu. NetDiag is one of several command-line-only utilities; therefore, it's not listed in the Support Tools folder on your Start menu.
As we mentioned, NetDiag is a command-line-only executable that helps you identify and isolate various connectivity and network problems. The command line syntax for NetDiag is as follows:
NetDiag [[/q|/v|/debug] [/I] [d:Domain Name] [fix] [/dcaccountenum] [/test:Testname| /skip:Testname]]
Using NetDiag doesn't require you to specify any parameters or switches. You can simply type netdiag.exe at the command prompt and press [Enter]. Thus, you can focus on analyzing the output rather than learning how to use the tool. However, NetDiag does include several switches that allow you to customize your output. The command is NetDiag followed by the appropriate switch. Table B provides a listing of the switches and their meanings.
Table B: NetDiag switches and their meanings
|/q||Quiet output. Lists only tests that return errors.|
|/v||Verbose output. Lists detailed information as each test runs.|
|/debug||Most verbose. Generates a high level of detail including reasons for success or failure.|
|/L||Logs output. Stores results in NetDiag.log in the current directory. This switch is very helpful because the output usually exceeds more than one command prompt screen.|
|/d:domainName||Finds DC. Finds a domain controller.|
|/fix||Fixes DNS problems. This applies only to domain controllers.|
|/DCAccountEnum||Domain account enumerator.|
|/test:||Runs a specified test.|
|/skip:||Skips a specified test.|
|/Testname||Specifies test to be performed or skipped. Tests you can run are discussed later in this article.|
|/?||Help. Displays NetDiag syntax and switches.|
A closer look
Network Diagnostics consists of a total of 25 tests. The utility examines DLL files, output from other tools, and the system registry to find potential trouble spots. NetDiag determines which network services or functions are running on your network and then runs the appropriate configuration tests.
When a test is run, NetDiag alerts you to errors by printing [FATAL], which means to fix immediately, or [WARNING], which signals a failure, but one that may not require immediate attention. The tests are run in a specific order, from basic functionality (NIC card operations) to more complex issues (such as DNS registrations). Since the diagnostic output displays information about functions already running on your machine, NetDiag skips tests for functions not present on your network.
Tests and log output
Although NetDiag probably won't run every test on your system, we'll describe each one of them below to help you interpret the results in your log file. In addition, we'll highlight some of the output from tests run on our small test network. Figures A, B and C illustrate samples of the log output for NDIS, Member and NetBT transports tests respectively. Notice that each of these tests "passed." Figure D shows you a fatal message that in most situations points you to a severe problem or failure.
NDIS. Lists adapter configuration details, including adapter name, configuration, media, globally unique identifier (GUID) and statistics. NetDiag first runs the NDIS test by default. If this test fails, subsequent tests don't run. Figure A shows you an abbreviated sample of test output.
Figure A: This is the first of several blocks of information you'll see. The [PASS] message indicates that the NIC card is functioning properly.
IPConfig. Displays most of the information you'd expect to see with ipconfig /all. It also pings Dynamic Host Configuration Protocol (DHCP) and WINS servers and checks that the default gateway is on the same subnet as the local computer's IP address.
Member. Checks and displays domain information such as computer role, domain name and domain GUID. It verifies that the netlogon service started and queries the domain security identifier (SID). See Figure B for a sample of the log output.
Figure B: The machine passed the domain membership test. The test identifies our machine as part of a workgroup and not as a domain member.
NetBT transports. Lists NetBT transports managed by the redirector. It displays error information if no NetBT transports are found. Figure C shows the portion of the log file that identifies the one NetBT transport in our system.
Figure C: Our test machines are running TCP/IP and other transports aren't installed.
Autonet. Checks if an interface is using automatic private IP addressing (APIPA). This is a Windows 2000 TCP/IP feature. When the TCP/IP protocol is configured for Dynamic IP addressing and DHCP is unavailable, Windows 2000 automatically configures a unique IP address from the private IP range 169.254.0.0-169.254.255.254 with the submask 255.255.0.0.
IPLoopBK. Pings IP loopback address, 127.0.0.1. Usually, if the loopback is successful, your TCP/IP stack is installed correctly on that machine.
DefGw. Pings all default gateways for each interface. Figure D shows the message output when there's a problem with the gateway.
Figure D: On a segmented network, the fatal message would tell us immediately that we probably had a wrong gateway address.
NbtNm. Checks for name conflicts. It compares the workstation service name <00> to the computer name. NbtNm also checks that the messenger service name <03> and service service name <20> are present on all interfaces and there are no conflicts. It's similar to the nbtstat -n command.
WINS. Sends NetBT name queries to all configured WINS servers.
Winsock. Uses the Windows Sockets WSAEnumProtocols() function to retrieve available transport protocols. This test can help diagnose TCP/IP problems.
DNS. Checks whether the DNS cache service is running, and whether the computer is registered correctly on the DNS servers. If the computer is a domain controller, the DNS test checks whether all DNS entries in Netlogon.dns are registered on the DNS server. If entries are incorrect, you can use the /fix switch to reregister the domain controller record on a DNS server.
Browser. Checks that the workstation service is running and retrieves lists from the redirector and the browser. It also checks whether NetBT transports are in the list from the NetBT transports test. In addition, it checks that the browser is bound to all the NetBT transports and whether the computer can send mailslot messages, and tests both via the browser and redirector.
DsGetDc. Finds a generic domain controller, a primary domain controller, and then finds a Windows 2000 domain controller. If the tested domain is the primary domain, it checks whether the domain GUID stored in Local Security Authority (LSA) is the same as the domain GUID stored in the domain controller. If not, the test returns a fatal error; if the /fix option is used, DsGetDc tries to fix the GUID in LSA. From previous output as shown in Figure B, you know that our client is in a workgroup, so NetDiag skips this test.
DcList. Displays a list of domain controllers in the domain and queries the directory service on an active domain controller. If there's no domain controller information for this domain, it tries to get an active domain controller from the directory service.
Trust. Tests trust relationships to the primary domain controller only if the computer is a member workstation, member server or domain controller. Note that this test looks at relationships between workstations, member servers and domain controllers. This test doesn't refer to trust relationships established between domains.
Kerberos. Tests Kerberos protocols only if the computer is a member computer or domain controller in a Windows 2000 domain. It connects to LSA and looks up the Kerberos package. Furthermore, it gets the ticket cache of the Kerberos package and checks whether the Kerberos package has a ticket for the primary domain and the local computer.
LDAP. Tests Lightweight Directory Access Protocol (LDAP) on all the active domain controllers and creates a LDAP connection block to the domain controller. It searches in the LDAP directory and tests the three types of authentication: unauthenticated, NTLM and negotiate. If the /v (verbose) switch is on, the test prints the details of each entry retrieved.
Route. Prints static and persistent entries in the routing table. The output includes a destination address, subnet mask, gateway address, interface and metric.
NetStat. Displays statistics of protocols and current TCP/IP network connections. You're probably familiar with this as a single command executed from the command prompt.
Bindings. Lists all bindings, and includes interface name, lower module name, upper module name, and (if binding is currently enabled) owner of the binding. In short, this test shows you the connections between layers of the operating system.
Wan. Displays the settings and status of current active remote access connections.
Modem. Displays the configuration of each line device. This test displays the type of modem you're using, as well as the port to which it's connected.
NetWare. Determines whether NetWare is using the directory tree or bindery logon process. If NetWare is using the directory tree logon process, it determines the default context. It also finds the server the host attaches to at startup.
IPX. Provides comprehensive output. It determines the network's IPX configuration, including frame type, Network ID, RouterMTU, and whether packet burst or source routing is enabled.
IPSec. Checks current status of the IP Security Policy Agent Service. The test also reports which IPSec policy (if any) is currently active.
NetDiag is a powerful, command-line utility that can accurately diagnose network problems. By checking many aspects of your client computer's connections and network configuration, you have a comprehensive testing utility for troubleshooting problems. Another advantage is NetDiag's logging capabilities. The output from this utility should be added to your network's baseline documentation and to new test logs generated for each significant configuration change you make to a computer. NetDiag, then, furnishes you with both valuable client (and server) documentation and reliable diagnostic tests.
Copyright © 2001 Element K Content LLC. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Element K Content LLC is prohibited. Element K is a service mark of Element K LLC.