The symptoms a user may see and report when a
computer has connectivity problems can be wild and varied: "the server
is down," "email doesn't work," or "this program doesn't work." When
troubleshooting connectivity, you need to go back to basics.
Basic network troubleshooting often starts with using the IPConfig command to check TCP/IP configuration and continues with the Ping
command to check connectivity. You can determine several
valuable pieces of information using IPConfig when troubleshooting,
including the following:
IP address and subnet mask
An address of
169.254.y.z. should jump right out at you as an APIPA address. For some
reason, the client can't reach a DHCP server.
Source of IP address
If DHCP Enabled is set to
Yes, then you'll also see the IP address of the DHCP server. If DHCP
Enabled is set to No, you won't see a DHCP address. If the DHCP address
is set to 169.254.0.1, the address is assigned by APIPA.
Default gateway
The default gateway should
be on the same subnet. When TCP/IP is manually configured, this can
sometimes be configured incorrectly through simple typos.
DNS address
The DNS server is
usually on a different subnet and can often be used to check
connectivity with a host on a different subnet by pinging the IP address
of the DNS server. This address is also used by NSLookup.
Armed with the
information from IPConfig, you can check connectivity with other systems
using basic troubleshooting steps such as these:
Verifying hardware and cabling
Using Ping to test connectivity and determine the scope of the problem
Verifying that name resolution is working
1. Verifying Hardware and Cabling
If IPConfig doesn't list
the network adapter or lists Media State as Media Disconnected, check
the hardware. The NIC needs to be enabled, operating correctly, and
connected to the network. Figure 1 shows some basic symptoms you may see from IPConfig if the NIC is disconnected.
|
When the NIC isn't
connected, the network icon in the Notification area displays a red X
icon. If you hover your mouse over this icon, the tooltip will display
Not Connected - No Connections Are Available.
|
|
This Network Connections page is
pretty clear with a red X and the message "Network Cable Unplugged."
IPConfig shows the Media State as Media Disconnected, but normally you
won't see a Media State line in IPConfig.
The cable could be unplugged at
the NIC, at the network device (hub, switch, or router), or at one of
the connections between the NIC and the network device, such as at a
wall connection. When the cable is plugged in correctly, you should see a
link light. However, if other symptoms show it's not connected, the
link light will be missing.
A quick check to determine
whether the problem is internal to the computer or external is to swap
the cables. Find another computer close by that's working and showing a
good link light on the NIC, and swap the cables. If the original faulty
computer is still faulty, the problem is in the computer. If the
original faulty computer now has a link light and shows that the NIC is
connected, the problem is in the original cabling or a distant device.
If the hardware is not the problem, using Ping to check connectivity is a logical step to take after using IPConfig.
Access
the Network and Sharing Center by clicking Control Panel and selecting
View Network Status And Tasks in the Network And Internet section. Right-click the adapter and select Status. You'll see a page similar to the following graphic.
You can use this
page to determine the speed and connectivity status of the adapter. In
the graphic, you can tell it has Internet access using IPv4, has been
operational for more than three days, and has a speed of 100 Mbps. Click the Details button. This will show you information similar to what you can see with the IPConfig /all command. Click Close. Click
the Diagnose button. The Windows Network Diagnostics page will appear
and diagnostics will begin. These diagnostics run several checks and
provide different results depending on what the diagnostics determine.
If Internet access isn't detected, the adapter is reset, which will
often resolve problems. Other times, a specific problem will be
detected, and you may be prompted to apply the fix.
|
2. Using Ping
Ping
is a basic but invaluable troubleshooting tool. You've probably used it
at some point. It sends
out echo request packets and returns echo reply packets using the
Internet Control Message Protocol (ICMP). If you receive the packets
back, you know that the other host is up and operational. You should
also know what the Ping responses mean when the host is not up and
operational.
NOTE
Ping was invented by
Michael Muus, who named it after the sound that sonar makes when it hits
another object and is reflected back. It sends packets out to a target
host, which are then reflected back to the sending host (if the target
host is operational), similar to how sonar sends sound waves out and
measures the sound waves that are reflected back.
ICMP is very often used in
malware attacks, so it's common for firewalls to block Ping messages. In
other words, if you don't receive a response from Ping, you can't
assume the other host is down.
You can ping an IP address or a hostname. When a hostname is used in the Ping command (as shown in Listing 1),
the name is resolved to an IP address. Ping normally sends out four
echo request packets and receives four echo reply packets in return.
Example 1. Using Ping to check connectivity
C:\>ping darril-pc
Pinging darril-pc [192.168.1.101] with 32 bytes of data:
Reply from 192.168.1.101: bytes=32 time=1ms TTL=128
Reply from 192.168.1.101: bytes=32 time=1ms TTL=128
Reply from 192.168.1.101: bytes=32 time=1ms TTL=128
Reply from 192.168.1.101: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.1.101:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
|
Here are some of the common error messages you'll see when using the Ping command:
Request Timed Out
The echo request did
not receive an echo reply. This could be because the target was not
operational, a firewall on the host blocked the traffic, or network
problems between the source and target prevented the Ping packets from
reaching the target or source. If the network policy of the target is
set to Public, the firewall will be configured to block pings, and
you'll receive this message even though the system is up and
operational.
Ping Request Could Not Find Host
The name could not be
resolved to an IP address. If you know the IP address and can
successfully ping the IP address but not the name, it indicates a name
resolution problem. This often points to a DNS issue in a Microsoft
network but could be caused by other name resolution methods.
Destination Host Unreachable
This message often
indicates TCP/IP is not configured with the proper default gateway on
either the source or destination computer. It could also indicate a
problem with a router configured as the default gateway for either of
the computers. Finally, it could be something as simple as an incorrect
IP address or incorrect subnet mask on either end.
Normally, Ping will send out
only four echo request packets, but you may occasionally want Ping to
continue sending the messages while you troubleshoot. The -t switch is used to start a Ping loop, as in the following command:
Ping -t 192.168.1.1
Ping will continue sending messages until you press the Ctrl+C to interrupt the process.
3. Using Ping to Determine Scope of the Problem
From a basic troubleshooting
perspective, you should quickly try to determine the scope of the
problem. After all, if the problem is affecting the entire network, you
don't need to spend much time troubleshooting a single system.
Consider Figure 2.
Bob normally prints to a shared printer on Sally's computer, but for
some reason it isn't working anymore. What should be done?
|
It's important to
remember that Windows Firewall can block packets. If the Windows 7
computer is using a public network profile that blocks all incoming
requests, Ping will fail. However, this doesn't mean the client is down.
|
|
Here are some steps that you can take using Ping to narrow down the scope of the problem
Ping Sally's computer by IP address
You can do this to verify connectivity with Sally's computer.
Ping Sally's computer by name
You can do this to verify
name resolution. When Ping is used to check connectivity with a
hostname, it first resolves the name to an IP address. If the name can't
be resolved, Ping will reply, "Ping request could not find host." If
name resolution works, the first line of the Ping packet identifies the
IP address.
Ping the IP address of the default gateway
This is the near side of
the router. If you can't get successful pings to the default gateway,
you have either a TCP/IP configuration problem on the local system or a
problem with the router. However, if the router has a problem, more than
just a single person will be complaining.
Ping the local IP address and the loopback address
If you can't
successfully ping the local IP address or the loopback address
(127.0.0.1), it indicates you have a problem with TCP/IP itself or a
hardware problem with the NIC. You can try to reset the NIC or do a cold
boot by completely shutting down the computer and restarting it.
4. Troubleshooting and Resolving Name Resolution Issues
If you can successfully ping the
IP address of a client but you can't successfully ping the name, the
problem is related to name resolution. In a Microsoft network today,
this usually indicates a problem with DNS but could be a problem with
the Hosts file.
Some basic steps to take include the following:
Verify that the client is configured with the correct IP address of a DNS server.
Verify that DNS is operational and reachable.
Verify that DNS is responding to name requests.
Verify that DNS has a record for the name.
You can accomplish these steps
with the basic command-prompt tools of IPConfig, Ping, and NSLookup.
If recent work was
accomplished on DNS, the system may have either incorrect TCP/IP
configuration information or stale DNS records. You can renew the DHCP
lease by using IPConfig /release and IPConfig /renew to verify that the client is configured with current DHCP information.
In addition, you can use IPConfig /DisplayDNS to view the records currently in cache. You can use IPConfig /FlushDNS to remove existing records and ensure only new records are used.
If records remain after flushing the DNS cache, check the Hosts file at %windir%\System32\Drivers\etc. Malware sometimes modifies this file to prevent access to specific servers.
