Troubleshooting Connectivity Problems on Windows Networks (Part 3)

In this article, I will continue my discussion by showing you how to verify that the local TCP/IP protocol stack is working correctly.

n the previous article in this series, I showed you how to determine which IP address your system is using as its primary address. The next step in the process is to verify that the IP address configuration is working correctly, and that there are no problems with the local TCP/IP protocol stack.

The first test that you need to perform is to ping the local host address. There are a couple of different ways of accomplishing this. One way is to enter the following command:

PING LOCALHOST

When you enter this command, Windows will ping the address 127.0.0.1. Regardless of your machine's IP address, Windows will always use 127.0.0.1 as the local host address. Therefore, an alternative to the command listed above is to simply enter the following command:

Ping 127.0.0.1

Upon entering this command, you should see a successful ping, just as you would with any other ping command. You can see an example of this, shown in Figure A.

Figure A: You should receive a successful ping when you attempt to ping the local host address

Pinging the local host address does nothing to diagnose communications problems with a remote host. It does however allow you to confirm that your local TCP/IP stack is functioning correctly. If you ping the local host address and receive a destination host unreachable error message, it is almost always an indication that TCP/IP is configured incorrectly, or that some part of the local TCP/IP stack is damaged. It has been my experience that you can usually get around this problem by removing the TCP/IP protocol from the computer, and then reintroducing it from scratch.

Ping the Default Gateway

In the previous part of this article series, I mentioned that there were several different aspects of the TCP/IP configuration that you needed to document, and have on hand for the troubleshooting process. Among these pieces of information or the IP addresses of the default Gateway, and of the primary DNS server.

Assuming that the hosts that you're trying to communicate with is on a remote network, or on a different segment of your corporate network, then the next thing that you need to attempt is to ping the default Gateway. You can accomplish this by simply appending the default gateway’s IP address to the ping command. For example, if you look at Figure B, you will notice that my TCP/IP configuration lists my default Gateway address as 147.100.100.100. I then simply pinged this address. This verifies that the local machine can communicate with the default Gateway. It also tells you that communications on the local network are working as intended, at least at the IP address level.

Figure B: Pinging the default gateway verifies that IP packets can reach your network’s default gateway

Ping the DNS Server

So far we have established that IP level communications are working between the local computer and the default Gateway. This does not however guarantee that host names are being resolved to IP addresses. In the first part of the article series, I showed you how you could use the destination host's fully qualified domain name in conjunction with the ping command as a way of verifying that the DNS server is doing its job. There are a couple of other ways that you can easily test DNS name resolution though.

One thing that you can do is to ping the DNS server's IP address, as shown in Figure C. This does not guarantee the name resolution is working correctly, but it does verify that the local machine is able to communicate with the DNS server.

Figure C: You should verify that the host can communicate with your DNS server

Another thing that you can do is to use the Nslookup command to verify that name resolution is working properly. To do so, simply enter the Nslookup command, followed by the remote host’s fully qualified domain name. The Nslookup command should be able to resolve the fully qualified domain name to an IP address, as shown in Figure D.

Figure D: The Nslookup command tells you whether or not your DNS server is able to resolve the host name

The image above can be a bit misleading at first, if you are not used to working with Nslookup. Initially, this screen appears to be reporting an error. If you take a closer look though, you can see that the first part of the information that has been returned refers to the local DNS server. You can tell this because the IP address that is referenced matches the DNS server’s IP address. However, the lower section of the returned information provides you with the IP address of the host that you have queried. As long as this IP address is listed, then the DNS query was successful.

If the name resolution process fails, then there is a DNS problem. The actual problem may be any one of a number of different problems with the DNS server. For example, the DNS servers forwarding address may not be correct, or the DNS server may not have access to the Internet, which it needs in order to contact higher level DNS servers. Likewise, the DNS server's DNS service may have stopped. Typically though, these types of problems will affect other clients as well since multiple clients usually rely on a single DNS server.

If DNS name resolution succeeds, that it is important that you've verified the IP address that was returned during the name resolution process. You can do this by comparing the IP address of the returned to the actual IP address that the remote host is using. These IP addresses should match, but there are conditions that could cause a mismatch, which would result of the communications failure.

If you do encounter a IP address mismatch, it could be the result of a malware infestation on the client, or it could be the result of DNS poisoning. DNS poisoning is a process in which the DNS cache is populated with invalid or incorrect IP addresses.

If you should encounter such a problem, then I would recommend scanning the client machine for a malware. It is important to scan for both spyware and viruses since both are known to cause this type of problem. Once the machine is free of malware, then try flushing the DNS cache. You can flush the DNS cache by entering the following command:

IPCONFIG /FLUSHDNS

You can see an example of this, shown in Figure E.

It is important to keep in mind that just because the DNS cache contains inaccurate IP addresses, it does not always mean that DNS poisoning has taken place. Sometimes hosts are assigned new IP addresses, and it takes the DNS cache a while to become aware of the changes.

Figure E: If you suspect that your DNS cache may contain inaccurate information, then you must flush it

Read more!

Troubleshooting Connectivity Problems on Windows Networks (Part 2)

This article continues the Troubleshooting Connectivity Problems series by showing you how to examine the machine’s IP configuration for clues to the cause of the problem.

Before I Begin

As I explained in the first part of this article series, my goal is to create a troubleshooting guide that anyone with basic skills can follow. That being the case, I am starting with basic troubleshooting techniques, and as the series progresses, I will gradually move into more advanced techniques.

Confirming Connectivity

In the previous article, I showed you the basics of using the PING command to test network connectivity. However, if you are having trouble communicating with other hosts on the network, or hosts on remote networks, then there are a few more PING tests that you can perform in order to get a better idea of what’s going on.

Before I show you those techniques though, it is important to understand how the host that is having communications problems is configured. The procedure for doing so varies from one version of Windows to the next, so I will show you how to check the network configuration on a machine that’s running Windows Server 2003

The first thing that you must do is to determine whether the machine in question is running a static or a dynamic IP address configuration. To do so, open the Control Panel, and choose the Network Connections option. Now, right click on the connection that you are trying to diagnose, and choose the Properties command from the resulting shortcut menu. Upon doing so, you will see the connection’s properties sheet, as shown in Figure A.

Figure A: This is the network connection’s properties sheet

Now, scroll through the list of items that the connection uses until you locate the TCP/IP protocol (selected in Figure A). Select this protocol, and click the Properties button to reveal the Internet Protocol (TCP/IP) Properties sheet, shown in Figure B.

Figure B: The Internet Protocol (TCP/IP) Properties sheet is used to configure the TCP{/IP protocol

Once you arrive at this screen, it is important to make note of the machine’s IP configuration. Specifically, you will want to make note of the following items:

• Is the machine using a static or a dynamic configuration?
• If a static configuration is being used, what is the IP address, subnet mask, and default gateway?
• Is the DNS server address being obtained automatically?
• If the DNS server address is being manually specified, what address is being used?

Before I move on, I also want to mention that if a computer has multiple network adapters installed, then there will be multiple connections that are listed in the Control Panel. It is very important that you know which connection corresponds to which network adapter, or else the techniques that I am about to show you will not work.

If you have any doubt as to which connection corresponds to which network adapter, then check the adapter type. If you look at Figure A, you will notice that the adapter type is listed at the top of the screen. If need be, you can open the case to see which network adapter the network cable is connected to, so that you can be absolutely sure that you are looking at the correct network connection.

Now that you know how TCP/IP is configured for the network adapter in question, we must determine whether or not Windows acknowledges the configuration. To do so, open a Command Prompt window, and enter the following command:

IPCONFIG /ALL

It might seem strange to have to make sure that Windows acknowledges your configuration, but IPCONFIG can really tell you a lot about what’s going on. For example, take a look at the screen that’s shown in Figure C. When you enter the IPCONFIG /ALL command, the first thing that you must do is to locate the correct network adapter. In this case, locating the correct adapter is easy, because only one adapter is listed. Notice though that IPCONFIG provides you with the connection number (in this case it’s Ethernet adapter Local Area Connection 2). If you look back at Figure A, you will notice that the title of the properties sheet shown in the figure bears the same name. That along with the description of the physical network adapter tells you exactly which network connection you are looking at.

Figure C: The IPCONFIG /ALL command shows you the machine’s IP configuration as Windows sees it

Of course the first thing that you will probably notice about Figure C is that it lists many different IP addresses for the connection. The reason for this is that I created the screenshot on a Web server. The Web server hosts multiple Web sites, each with its own IP address. I wanted to use this server to illustrate the point that the IP address configuration that you see when you glance at the TCP/IP properties sheet isn’t always what Windows is using. In this case, the IP configuration information shown in Figure B is still valid. It serves as the machine’s primary IP address. However, there are many other IP addresses that are also in use.

The next step in the troubleshooting process varies depending on whether the machine is using a static or a dynamic IP address configuration. If the machine is using a static configuration, then for right now, just check to make sure that the IP address, subnet mask, default gateway, and DNS server address that is listed matches those entered on the TCP/IP properties sheet.

If the machine is using a dynamic IP address, then you will want to look at the address and see if it falls within the expected address range. If you are troubleshooting a problem on an unfamiliar network, then you may not know what the address range should be. If that’s the case, there are a few values that you can look for that have special meanings.

The most obvious clue that something has gone wrong is an IP address of 0.0.0.0. This presence of this address usually indicates one of three things:

The network adapter is not connected to the network (possibly because of a cable problem or a bad switch port)

The IP address was released

An IP address conflict has occurred.

If you receive this address, then try entering the following three commands:

IPCONFIG /RELEASE
IPCONFIG /RENEW
IPCONFIG /ALL

These commands will essentially tell the computer to give up its current address, try to obtain a new address, and then show you the new configuration information. Sometimes this process will fix the problem, and sometimes it won’t. Often though, it will yield clues as to the cause of the problem.

Another tell tale clue that something has gone wrong is that the IP address falls into the 169.254.x.x range with a subnet mask of 255.255.0.0. Some versions of Windows will automatically use this address if an IP address cannot be acquired from a DHCP server.

Read more!

Troubleshooting Connectivity Problems on Windows Networks (Part 1)

This article series will explain various troubleshooting techniques that you can use when machines on a Windows network have difficulty communicating with each other.

Verify Network Connectivity

When one host has trouble communicating with another, the first thing that you must do is to gather some information about the problem. More specifically, you need to document the host’s configuration, find out if the host is having trouble communicating with any other machines on the network, and find out if the problem effects any other hosts.

For example, suppose that a workstation is having trouble communicating with a particular server. That in itself doesn’t really give you a lot to go on. However, if you were to dig a little bit deeper into the problem and found out that the workstation couldn’t communicate with any of the network servers, then you would know to check for a disconnected network cable, a bad switch port, or maybe a network configuration problem.

Likewise, if the workstation were able to communicate with some of the network servers, but not all of them, that too would give you a hint as to where to look for the problem. In that type of situation, you would probably want to check to see what the servers that could not be contacted had in common. Are they all on a common subnet? If so, then a routing problem is probably to blame.

If multiple workstations are having trouble communicating with a specific server, then the problem probably isn’t related to the workstations unless those workstations were recently reconfigured. More than likely, it is the server itself that is malfunctioning.

The point is that by starting out with a few basic tests, you can gain a lot of insight into the problem at hand. The tests that I am about to show you will rarely show you the cause of the problem, but they will help to narrow things down so that you will know where to begin the troubleshooting process.

PING

PING is probably the simplest TCP/IP diagnostic utility ever created, but the information that it can provide you with is invaluable. Simply put, PING tells you whether or not your workstation can communicate with another machine.

The first thing that I recommend doing is opening a Command Prompt window, and then entering the PING command, followed by the IP address of the machine that you are having trouble communicating with. When you do, the machine that you have specified should produce four replies, as shown in Figure A.

Figure A: The specified machine should generate four replies

The responses essentially tell you how long it took the specified machine to respond with thirty two bytes of data. For example, in Figure A, each of the four responses were received in less than four milliseconds.

Typically, when you issue the PING command, one of four things will happen, each of which has its own meaning.

The first thing that can happen is that the specified machine will produce four replies. This indicates that the workstation is able to communicate with the specified host at the TCP/IP level.

The second thing that can happen is that all four requests time out, as shown in Figure B. If you look at Figure A, you will notice that each response ends in TTL=128. TTL stands for Time To Live. What this means is that each of the four queries and responses must be completed within 128 milliseconds. The TTL is also decremented once for each hop on the way back. A hop occurs when a packet moves from one network to another. I will be talking a lot more about hops later on in this series.

Figure B: If all four requests time out, it could indicate a communications failure

At any rate, if all four requests have timed out, it means that the TTL expired before the reply was received. This can mean one of three things:

• Communications problems are preventing packets from flowing between the two machines. This could be caused by a disconnected cable, a bad routing table, or a number of other issues.
• Communications are occurring, but are too slow for PING to acknowledge. This can be caused by extreme network congestion, or by faulty network hardware or wiring.
• Communications are functional, but a firewall is blocking ICMP traffic. PING will not work unless the destination machine’s firewall (and any firewalls between the two machines) allow ICMP echos.

A third thing that can happen when you enter the PING command is that some replies are received, while others time out. This can point to bad network cabling, faulty hardware, or extreme network congestion.

The fourth thing that can occur when pinging a host is that you receive an error similar to the one that is shown in Figure C.

Figure C: This type of error indicates that TCP/IP is not configured correctly

The PING: Transmit Failed error indicates that TCP/IP is not configured correctly on the machine on which you are trying to enter the PING command. This particular error is specific to Vista though. Older versions of Windows produce an error when TCP/IP is configured incorrectly, but the error message is “Destination Host Unreachable”

What if the PING is Successful?

Believe it or not, it is not uncommon for a ping to succeed, even though two machines are having trouble communicating with each other. If this happens, it means that the underlying network infrastructure is good, and that the machines are able to communicate at the TCP/IP level. Typically, this is good news, because it means that the problem that is occurring is not very serious.

If normal communications between two machines are failing, but the two machines can PING each other successfully (be sure to run the PING command from both machines), then there is something else that you can try. Rather than pinging the network host by IP address, try replacing the IP address with the host’s fully qualified domain name, as shown in Figure D.

Figure D: Try pinging the network host by its fully qualified domain name

If you are able to ping the machine by its IP address, but not by its fully qualified domain name, then you most likely have a DNS issue. The workstation may be configured to use the wrong DNS server, or the DNS server may not contain a host record for the machine that you are trying to ping.

If you look at Figure D, you can see that the machine’s IP address is listed just to the right of its fully qualified domain name. This proves that the machine was able to resolve the fully qualified domain name. Make sure that the IP address that the name was resolved to is correct. If you see a different IP address than the one that you expected, then you may have an incorrect DNS host record.

Conclusion

In this article, I have shown you some steps for testing basic connectivity between two machines. In the next article in the series, I will show you some more techniques that you can use in the troubleshooting process.

Read more!