The following common network problems are listed with
the tools most likely to be useful in isolating, diagnosing, and
resolving them.
Some clients cannot connect to a server Arp, IPConfig, Nbtstat, Netstat, Network Monitor, Nslookup, PathPing, PortQry, Telnet Client, Windows Network Diagnostics
No clients can connect to a server IPConfig, Network Monitor, PortQry, Telnet Client, Windows Network Diagnostics
Clients cannot connect to shared resources IPConfig, Nbtstat, Net, Nslookup, Network Monitor, PortQry, Telnet Client, Windows Network Diagnostics
Clients cannot connect to the network IPConfig, Windows Network Diagnostics
Network performance is poor or unpredictable Network Monitor, Performance Monitor, PathPing, Resource Monitor, Task Manager
Many factors
affect network performance and reliability, including remote
connections, hardware configuration (network adapters or the physical
network connection), and device drivers. Quite often, network
difficulties are related to protocol configuration errors. For example,
using incorrect settings in networks based on Transmission Control
Protocol/Internet Protocol (TCP/IP) can affect IP addressing, routing,
and IP security.
Windows 7 provides a collection of useful troubleshooting tools with which you can monitor and test network performance. Table 1 lists the most important tools for troubleshooting network problems.
Table 1. Network Troubleshooting Tools
| TOOL | PURPOSE | MEMBERSHIP REQUIRED | DESCRIPTION |
|---|
| Arp | Displays and clears the Address Resolution Protocol (ARP) cache, which affects communications with hosts on the local network. | Users or Administrators, depending on the commands used | Operating system, command line |
| IPConfig | Displays
network configuration information about the local computer, requests
new dynamically assigned IP addresses, manages the Domain Name System
(DNS) client resolver cache, and registers new DNS records. | Users or Administrators, depending on the commands used | Operating system, command line |
| Nblookup | Tests Windows Internet Naming Service (WINS) name resolution. | Users | Free download, command line |
| Nbtstat | Displays and clears network basic input/output system (NetBIOS) names. | Users | Operating system, command line |
| Net | Displays information about shared resources and connects to shared resources. | Users | Operating system, command line |
| Netsh | Views and modifies network configuration settings. | Users or Administrators, depending on the commands used | Operating system, command line |
| Netstat | Displays detailed information about open connections. | Users | Operating system, command line |
| Network Monitor | Captures and displays network traffic sent to and from the local computer. | Administrators | Free download, graphical user interface (GUI) |
| Nslookup | Diagnoses DNS name resolution problems. | Users | Operating system, command line |
| PathPing | Diagnoses network connectivity, routing, and performance problems. | Users | Operating system, command line |
| Performance Monitor | Displays detailed information about hundreds of network performance counters. | Administrators | Operating system, GUI |
| PortQry | Identifies the availability of network services from a client that has the tool installed. | Users | Free download, command line |
| Resource Monitor | Displays information about network utilization. | Administrators | Operating system, GUI |
| Route | Displays
and modifies the local computer's IP routing tables, which is primarily
useful when multiple gateways are on the local network. | Users or Administrators, depending on the commands used | Operating system, command line |
| Task Manager | Quickly
determines current network utilization, identifies processes that are
using the network, and identifies processes that are consuming processor
time. | Users or Administrators, depending on the commands used | Operating system, GUI |
| Telnet Client | Identifies
the availability of network services from a client that does not have
PortQry installed. This tool is an optional feature and is not installed
by default. | Users | Operating system, command line |
| Test TCP | Tests TCP connectivity between two computers. | Users | Operating system, command line |
| Windows Network Diagnostics | Automatically diagnoses some network problems and provides a user-friendly interface for resolving them. | Users | Operating system, GUI |
Note:
In Windows 7, troubleshooting IPv6 is identical to troubleshooting IPv4. Most of the same tools
work, including Ping, PathPing, Nslookup, IPConfig, Route, Netstat,
Tracert, and Netsh. To use them, simply specify IPv6 addresses instead
of IPv4 addresses. Unfortunately, PortQry does not currently support
IPv6. However, you can use Telnet instead. Additionally, you cannot use
the Route tool to add or delete IPv6 addresses. Instead, you should use
the netsh interface ipv6 add route and netsh interface ipv6 delete route commands.
1. Arp
Arp (Arp.exe) is a
useful command-line tool for diagnosing problems in connecting to
systems on a LAN where communications between computers do not travel
through a router. Arp is also useful for diagnosing problems related to
the client communicating with the default gateway. When a client
contacts a server on the same subnet, it must address the frame with
both the media access control (MAC) address and the IPv4 address. The MAC address is a 48-bit number that uniquely identifies a network adapter.
Arp is the name of a tool; it is
also the acronym for the Address Resolution Protocol (ARP), which is
used to find the MAC address corresponding to an IPv4 address. When a
client communicates with a system on the same LAN, ARP broadcasts a
message to all systems on the LAN asking for a response from the system
that has the requested IPv4 address. That system responds to the
broadcast by sending its MAC address, and ARP stores the MAC address in
the ARP cache.
Note:
IPv4 addresses are
used to identify computers on different networks. However, computers
communicating across a LAN use MAC addresses to identify each other. ARP
lets a computer look up a MAC address based on an IPv4 address so that
two computers on the same LAN can communicate.
Problems with ARP occur
only occasionally. For example, if a system changes its network adapter,
clients might store the incorrect MAC address in the ARP cache. You can
also manually place MAC addresses into the ARP cache, but if a manually
added MAC address is incorrect, communications sent to that IPv4
address will not succeed.
1.1. How to Identify a Problem with the ARP Cache
To identify an incorrect entry in the ARP cache, first determine the MAC addresses and IPv4 addresses of hosts or gateways on the LAN with which the computer cannot communicate (as shown in the ipconfig /all
example in this section). View the ARP cache on the computer that is
experiencing the problem. Compare the output with the correct IPv4
address and MAC address combinations. If an entry is incorrect, clear
the ARP cache to resolve the problem.
To determine the MAC address
of a computer, open a command prompt and run the following command.
Then find the Physical Address line in the output for your network
adapter (which appears in bold in the code shown here).
ipconfig /all
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : contoso.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-13-D3-3B-50-8F
DHCP Enabled. . . . . . . . . . . : Yes
After you use IPConfig to
determine the correct MAC address, you can view the ARP cache on the
problematic computer to determine whether the cached address is
incorrect. To view the ARP cache, open a command prompt and run the
following command.
arp -a
Interface: 192.168.1.132 --- 0xa
Internet Address Physical Address Type
192.168.1.1 00-11-95-bb-e2-c7 dynamic
192.168.1.210 00-03-ff-cf-38-2f dynamic
192.168.1.241 00-13-02-1e-e6-59 dynamic
192.168.1.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
1.2. How to Clear the ARP Cache
If you determine that one
of the entries in the ARP cache is incorrect, resolve the problem by
clearing the ARP cache. Clearing the ARP cache isn't harmful, even if
all entries appear correct. Therefore, it's a safe step to take during
troubleshooting.
To clear the ARP cache, open a command prompt and run the following command.
arp -d
Alternatively, you can clear
the ARP cache by disabling and re-enabling a network adapter or by
choosing the automated Repair option. For more information about the Arp tool, run Arp -? at a command prompt.
1.3. Event Viewer
The Windows Troubleshooting Platform records extremely detailed information in the System Event Log, both when problems occur and when network connections are successful. Additionally, administrators can use Wireless Diagnostics tracing to capture and analyze diagnostic information by using graphical tools.
You can find network diagnostic information in two places in Event Viewer:
Windows logs\System Look for events with a Source of Diagnostics-Networking. These events detail troubleshooting
options that were presented to the user (Event ID 4000), the results of
the user's choice (Event ID 5000), and detailed information gathered
during the diagnosis process (Event ID 6100). When troubleshooting
wireless networks, events also include the name of the wireless network
adapter and whether it is a native Windows 7 driver or an older driver; a
list of visible wireless networks with the signal strength, channel,
and protocol (such as 802.11b or 802.11g) for each; and the list of
preferred wireless networks and each network's configuration settings.
Event descriptions resemble the following.
The Network Diagnostics Framework has completed the repair phase of operation.
The following repair option or work-around was executed:
Helper Class Name: AddressAcquisition
Repair option: Reset the network adapter "Local Area Connection"
Resetting the adapter can sometimes resolve an intermittent problem.
RepairGuid: {07D37F7B-FA5E-4443-BDA7-AB107B29AFB9}
The repair option appears to have successfully fixed the diagnosed problem.
Applications and Services Logs\Microsoft\Windows\Diagnostics-Networking\Operational
This event log details the inner workings of the Windows
Troubleshooting Platform and will be useful primarily when escalating
problems to Microsoft support.
2. IPConfig
IPConfig
(Ipconfig.exe) is a useful command-line tool for troubleshooting
problems with automatic configuration such as Dynamic Host Configuration
Protocol (DHCP). You can use IPConfig to display the current IP
configuration, identify whether DHCP or Automatic Private IP Addressing
(APIPA) is being used, and release and renew an automatic IP
configuration.
To view detailed IP configuration information, open a command prompt and run the following command.
ipconfig /all
This command displays the current IP configuration and produces output similar to the following.
Windows IP Configuration
Host Name . . . . . . . . . . . . : Win7
Primary Dns Suffix . . . . . . . : hq.contoso.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hq.contoso.com
contoso.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : contoso.com
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-13-D3-3B-50-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a54b:d9d7:1a10:c1eb%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.132(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, September 27, 2009 2:08:58 PM
Lease Expires . . . . . . . . . . : Friday, September 29, 2009 2:08:56 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234886099
DNS Servers . . . . . . . . . . . : 192.168.1.210
NetBIOS over Tcpip. . . . . . . . : Enabled
To determine whether DHCP addressing was successful, open a command prompt and run the following command.
ipconfig
This command produces output similar to the following.
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Autoconfiguration IP Address. . . : 169.254.187.237
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
If the IP address shown
is in the range from 169.254.0.0 through 169.254.255.255, Windows used
APIPA because the operating system was unable to retrieve an IP
configuration from a DHCP server upon startup, and there was no
alternate configuration. To confirm this, examine the IPConfig output
for the DHCP Enabled setting without a DHCP server address.
To release and renew a
DHCP-assigned IPv4 address, open a command prompt with administrative
credentials and run the following commands.
ipconfig /release
ipconfig /renew
Windows will stop using the
current IPv4 address and attempt to contact a DHCP server for a new
IPv4 address. If a DHCP server is not available, Windows will either use
the alternate configuration or automatically assign an APIPA address in
the range of 169.254.0.0 through 169.254.255.255.
To release and renew an automatically assigned IPv6 address, open a command prompt and run the following commands.
ipconfig /release6
ipconfig /renew6
