Tools for Troubleshooting CHAPTER 31
1553
9 266 ff00::/8 On-link
8 276 ff00::/8 On-link
11 286 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Fully interpreting the routing configuration requires a detailed understanding of IP
networking; however, you can quickly identify default routes for traffic being sent to your
default gateway by locating the Active Route with a Network Destination and Network Mask
of 0.0.0.0 for IPv4 routes and an Active Route with the prefix ::/0 for IPv6 routes. Other Active
Routes with a Gateway assigned cause traffic for the specific Network Destination and Network
Mask to be sent through that gateway, with a preference for the route with the lowest metric.
MoRe inFo
For additional information on IPv6 networking, read Chapter 28, “Deploying
IPv6.”
If you must manually update the IPv4 routing table (you should typically make changes to
the network infrastructure that assigned the routes to the client), you can use the route add,
route change, and route delete commands. For more information, type route –? at a command
prompt.
To update the IPv6 routing table, you must use the netsh interface ipv6 add|set|delete route
commands.
Task Manager
Task Manager (Taskmgr.exe) is a GUI tool that you can use to view or end a process or an
unresponsive application. You can also use Task Manager to gather other information, such
as CPU statistics. To start Task Manager, click Start, type Taskmgr, and then press Enter.
Alternatively, you can right-click the taskbar and then click Task Manager.
The Windows Task Manager window contains six tabs: Applications, Processes, Services,
Performance, Networking, and Users.
n

Optionally, click Show Processes From All Users.
3.
On the View menu, click Select Columns.
4.
Select or clear the columns that you want to add to, or remove from, the Processes tab.
5.
Click OK to return to Task Manager.
To identify the cause of high processor utilization, follow these steps:
1.
Start Task Manager and then click the Performance tab.
2.
Click the View menu and then select Show Kernel Times (if it is not already selected).
3.
Examine the CPU Usage History graph. If the graph shows values close to 100 percent,
one process or multiple processes are consuming the bulk of the computer’s process-
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Tools for Troubleshooting CHAPTER 31
1555
ing capability. The red line shows the percentage of the processor consumed by the
kernel, which includes drivers. If the bulk of the processing time is consumed by the
kernel, verify that you are using signed drivers and have the latest version of all drivers
installed. If the kernel is not responsible for the majority of the processor usage, con-
tinue following these steps to identify the process.
4.
Click the Processes tab.
5.
Click the CPU column heading twice to sort the processes by processor utilization with
the highest utilization at the top of the list.
The process or processes consuming the processor will show high CPU utilization values.
When the processor is not being used heavily, the System Idle Process shows high CPU

CHAPTER 31 Troubleshooting Network Issues
1556
FIGURE 31-5
TCPView allows you to monitor network connections in real time.
To download TCPView, visit http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx.
You do not need to install TCPView; simply copy the executable file to a folder that allows
applications to be run (such as C:\Program Files\) and then double-click Tcpview.exe. TCPView
also includes Tcpvcon.exe, a command-line tool that provides similar functionality.
Telnet Client
Although it is not primarily a troubleshooting tool, Telnet Client is extremely useful for
determining whether TCP-based network services are reachable from a client. Most
commonly used network services are TCP based, including Web services, mail services, and
file transfer services. Telnet Client is not useful for troubleshooting UDP-based network
services such as DNS and many streaming media communications.
Telnet Client is not installed by default in Windows 7. To install it, run the following
command from a command prompt with administrative privileges.
start /w pkgmgr /iu:"TelnetClient"
Alternatively, you can install it by following these steps:
1.
Click Start and then click Control Panel.
2.
Click Programs.
3.
Click Turn Windows Features On Or Off.
4.
In the Windows Features dialog box, select the Telnet Client check box. Click OK.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
Tools for Troubleshooting CHAPTER 31
1557
Telnet Client is useful only for determining whether a service is reachable, and it will not

also use the Test TCP tool for UDP traffic. With Test TCP, you can configure a computer to
listen on a specific TCP or UDP port without having to install the application or service on the
computer. This allows you to test network connectivity for specific traffic before the services
are in place.
Test TCP (Ttcp.exe) is a tool that you can use to listen for and send TCP segment data or
UDP messages between two nodes. Ttcp.exe is provided with Windows Server 2003 in the
Valueadd\Msft\Net\Tools folder of the Windows Server 2003 or Windows XP Service Pack 2
(SP2) product CD-ROM.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 31 Troubleshooting Network Issues
1558
Test TCP differs from Port Query in the following ways:
n
With Test TCP, you can configure a computer to listen on a specific TCP or UDP port
without having to install the application or service on the computer. This allows you
to test network connectivity for specific traffic before the services are in place. For
example, you could use Test TCP to test for domain replication traffic to a computer
before you make the computer a domain controller.
n
Test TCP also supports IPv6 traffic.
When you are using a TCP port, the following code shows the basic syntax for Ttcp.exe on
the listening node (the receiver):
ttcp -r –pPort
When using a UDP port, use the following syntax.
ttcp -r –pPort -u
After starting Test TCP in receive mode, the tool will wait indefinitely for a transmission
before returning you to the command prompt. The first time you use Test TCP to listen from
a computer running Windows 7, you might be prompted to create a Windows Firewall
exception. You must create the exception for Test TCP to work. If you choose to unblock the
application, Windows Firewall will allow all traffic for that computer on the specified port in

ttcp-t: buflen=8192, nbuf=2048, align=16384/+0, port=80 tcp -> www.microsoft.com
send(to) failed: 10053
ttcp-t: done sending, nbuf = 2037
ttcp-t: 81920 bytes in 16488 real milliseconds = 4 KB/sec
ttcp-t: 11 I/O calls, msec/call = 1498, calls/sec = 0, bytes/call = 7447
In this example, the TCP connection was successful, even though the output includes the
line “send(to) failed.” If the connection was unsuccessful, the output would have included the
phrase “connection refused.” Alternatively, some servers will simply not respond to invalid
communications, which will cause the Test TCP transmitter to pause indefinitely while it awaits
a response from the server. To cancel Test TCP, press Ctrl+C.
Each instance of Test TCP can listen on or send to only a single port. However, you can run
it in multiple command prompts to listen or send on multiple ports. For additional command-
line options, type Ttcp at the command prompt.
Windows Network Diagnostics
Troubleshooting network problems is complicated, especially for users. Many users discover
network problems when they attempt to visit a Web page with Internet Explorer. If the Web
page is not available, Internet Explorer returns the message “Internet Explorer cannot display
the webpage.” The problem could be any one of the following, however:
n
The user mistyped the address of the Web page.
n
The Web server is not available.
n
The user’s Internet connection is not available.
n
The user’s LAN is not available.
n
The user’s network adapter is misconfigured.
n
The user’s network adapter has failed.

tray and then clicking Open Network And Sharing Center. At the bottom of the page,
click Troubleshoot Problems and follow the prompts that appear. If Windows Network
Diagnostics does not identify or resolve the problem, please choose to send the infor-
mation to Microsoft to help improve Windows Network Diagnostics. Then, continue
following these steps.
2.
Are you attempting to connect to a wireless network, but your connection attempt is
rejected? If so, see the section titled “How to Troubleshoot Wireless Networks” later in
this chapter.
3.
Are you attempting to connect to a remote network using a VPN connection, but your
connection attempt is rejected? If so, see Chapter 27, “Connecting Remote Users and
Networks.”
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
The Process of Troubleshooting Network Problems CHAPTER 31
1561
4.
Can you occasionally access the network resource, but it is unreliable or slow? If so,
see the section titled “How to Troubleshoot Performance Problems and Intermittent
Connectivity Issues” later in this chapter.
5.
Can you access other network resources using different applications, such as e-mail or
different Web sites? If not, you have a network connectivity problem or a name resolu-
tion problem. If you can contact servers using the IP address instead of the host name,
see the section titled “How to Troubleshoot Name Resolution Problems” later in this
chapter. If servers are not accessible when you specify an IP address or if you do not
know an IP address, see the next section, “How to Troubleshoot Network Connectivity
Problems.”
6.
Are you trying to join a domain or log on to your computer using a domain account

Failed network connection
n
Faulty network cables
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 31 Troubleshooting Network Issues
1562
n
Misconfigured network hardware
n
Misconfigured network adapter
note
Often, people jump to the conclusion that the network has failed when only a
single network resource has failed. For example, a failed DNS server will stop your
computer from resolving host names, which would prevent the computer from finding
resources on the network by name. Similarly, if the only network resource a user accesses
is her e-mail server and that server has failed, the failure might appear to that user to be a
total loss of connectivity. To avoid spending time troubleshooting the wrong problem, the
processes in this chapter always start by isolating the cause of the problem.
After you isolate the failed feature, you can work to resolve that specific problem or you
can escalate the problem to the correct support team. For example, if you determine that
the network adapter has failed, you will need to contact the hardware manufacturer for a
replacement part. If you determine that the Internet connection has failed, you will need to
contact your ISP. To isolate the cause of a network connectivity problem, follow these steps:
1.
Open the Network And Sharing Center by clicking the network icon in the system tray
and then clicking Open Network And Sharing Center. At the bottom of the page, click
Troubleshoot Problems and follow the prompts that appear. If Windows Network
Diagnostics does not identify or resolve the problem, continue following these steps.
2.
Open a command prompt on the computer experiencing the problems. Run the

Chapter 25. For more information about IPConfig, read the section titled “IPConfig”
earlier in this chapter.
n
If all network adapters show DHCP Enabled: No in the display of the ipconfig /all
command, the network adapter might be misconfigured. If DHCP is disabled, the
computer has a static IPv4 address, which is an unusual configuration for client
computers. Update the network adapter IPv4 configuration to Obtain An IP Address
Automatically and Obtain DNS Server Address Automatically, as shown in Figure
31-6. Then configure the Alternate Configuration tab of the IP Properties dialog box
with your current, static IP configuration. For information about configuring IP
addresses, see Chapter 25.
FIGURE 31-6
Enable DCHP for most client computers.
For most networks, set client configuration to Obtain An IP Address Automatically.
3.
Having arrived at this step, you know that your computer has a valid, DHCP-assigned
IPv4 address and can communicate on the LAN. Therefore, any connectivity problems
are caused by failed or misconfigured network hardware. Although you cannot solve
the problem from a client running Windows, you can still diagnose the problem. View
the output from the ipconfig command and identify the IPv4 address of your default
gateway. Verify that the IPv4 address of the default gateway is on the same subnet
as the network adapter’s IP address. If they are not on the same subnet, the default
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 31 Troubleshooting Network Issues
1564
gateway address is incorrect—the default gateway must be on the same subnet as the
client computer’s IPv4 address.
note
To determine whether an IPv4 address is on the same subnet as your computer’s
IPv4 address, first look at your subnet mask. If your subnet mask is 255.255.255.0, com-

to Ping requests from the local network. It’s a good idea to ping your network equip-
ment when everything is working properly just to determine whether it responds under
normal conditions.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
The Process of Troubleshooting Network Problems CHAPTER 31
1565
5.
Use the Tracert command to test whether you can communicate with devices outside
your LAN. You can reference any server on a remote network; however, this example
uses the host www.microsoft.com.
C:\>tracert www.microsoft.com
Tracing route to www.microsoft.com [10.46.19.30]
over a maximum of 30 hops:
0 win7.hsd1.nh.contoso.com. [192.168.1.132]
1 192.168.1.1
2 c-3-0-ubr01.winchendon.ma.boston.contoso.com [10.165.8.1]
3 ge-3-37-ur01.winchendon.ma.boston.contoso.com [10.87.148.129]
4 ge-1-1-ur01.gardner.ma.boston.contoso.com [10.87.144.225]
5 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
The 0 line is your client computer. The 1 line is the default gateway. Lines 2 and above
are routers outside your local area network.
n
If you see the message “Unable to resolve target system name,” your DNS server
is unreachable because the DNS server is offline, your client computer is miscon-
figured, or the network has failed. If your DNS server is on your LAN (as displayed
by the ipconfig /all command) and you can still ping your router, the DNS server
has failed or is misconfigured; see the section titled “How to Troubleshoot Name
Resolution Problems” later in this chapter for more information on these issues. If
your DNS server is on a different network, the problem could be either a network
infrastructure problem or a name resolution problem. Repeat this step, but use Ping

8 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
9 te-9-2-ur01.marlboro.ma.boston.contoso.com [10.87.144.77]
10 10g-8-1-ur01.natick.ma.boston.contoso.com [10.87.144.197]
11 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
12 te-9-2-ur01.marlboro.ma.boston.contoso.com [10.87.144.77]
13 10g-8-1-ur01.natick.ma.boston.contoso.com [10.87.144.197]
n
If any routers on line 2 or above respond (it doesn’t matter if the final host responds),
the client computer and the default gateway are configured correctly. The problem
exists with the network infrastructure, or your Internet connection may have failed.
Follow the troubleshooting steps described in the next section, “How to Trouble-
shoot Application Connectivity Problems,” or contact network support to trouble-
shoot the problem.
To double-check your results, repeat these steps from another client computer on the
same network. If the second client computer exhibits the same symptoms, you can be con-
fident that part of the network infrastructure has failed. If the second client can successfully
communicate on the network, compare the IPConfig /all output from the two computers. If
the Default Gateway or DNS Server addresses differ, try configuring the problematic com-
puter with the other computer’s settings. If this does not resolve the problem, the problem
is unique to the problematic computer and may indicate a hardware or driver problem (see
Chapter 30).
How to Troubleshoot Application Connectivity Problems
Sometimes, you might be able to access the network with some applications but not others.
For example, you might be able to download your e-mail but not access Web servers. Or, you
might be able to view pages on a remote Web server but not connect to the computer with
Remote Desktop.
Several issues might cause these symptoms (in rough order of likelihood):
n
The remote service is not running. For example, Remote Desktop might not be enabled
on the remote computer.

consult the application’s manual or contact the technical support team. Alternatively,
you can use a protocol analyzer, such as Network Monitor, to examine network traffic
to determine the port numbers used.
TABLE 31-2
Default Port Assignments for Common Services and Tasks
SERVICE NAME OR TASK UDP TCP
Web servers, HTTP, and Internet Information Services (IIS) 80
HTTP- Secure Sockets Layer (SSL) 443
DNS client-to-server lookup (varies) 53 53
DHCP client 67
File and printer sharing 137 139, 445
FTP-control 21
FTP-data 20
Internet Relay Chat (IRC) 6667
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 31 Troubleshooting Network Issues
1568
SERVICE NAME OR TASK UDP TCP
Microsoft Office Outlook (see POP3, IMAP, and SMTP
for ports)

Internet Mail Access Protocol (IMAP) 143
IMAP (SSL) 993
LDAP 389
LDAP (SSL) 636
Message Transfer Agent (MTA) – X.400 over TCP/IP 102
POP3 110
POP3 (SSL) 995
RPC endpoint mapper 135
SMTP 25

If the command prompt clears or if you receive text from the remote service, you have
successfully established a connection. Close the command prompt to cancel Telnet. This
indicates that you can connect to the server; therefore, the server application is listening for
incoming connections and no firewall is blocking your traffic. Instead of troubleshooting the
problem as a connectivity issue, you should consider application-level issues, including:
n
Authentication issues View the server’s Security Event Log or the application’s log to
determine whether it is rejecting your client connections because of invalid credentials.
n
Failed service Restart the server. Test whether other client computers can connect to
the server.
n
Invalid client software Verify that the client software running on your computer is
the correct version and is configured properly.
If Telnet displays “Could not open connection to the host,” this indicates an application
connectivity issue, such as a misconfigured firewall. Follow these steps to continue trouble-
shooting the problem:
1.
If possible, verify that the server is online. If the server is online, attempt to connect
to a different service running on the same server. For example, if you are attempting
to connect to a Web server and you know that the server has file sharing enabled,
attempt to connect to a shared folder. If you can connect to a different service, the
problem is almost certainly a firewall configuration problem on the server.
2.
Attempt to connect from different client computers on the same and different subnets.
If you can connect from a client computer on the same subnet, you might have an
application configuration problem on the client computer. If you can connect from a
client computer on a different subnet but not from the same subnet, a firewall on the
network or on the server might be filtering traffic from your client network.
3.

of converting a host name to an IP address, and DNS is by far the most common name
resolution technique.
Many apparent connectivity problems are actually name resolution problems. If any of the
following problems occur, the client will be unable to contact a server using its host name:
n
DNS servers have failed.
n
The network connecting the client to the DNS server has failed.
n
A host name is missing from the DNS database.
n
A host name is associated with an incorrect IP address. Often, this happens because a
host has recently changed IP addresses and the DNS database has not been updated.
n
The client does not have DNS servers configured or is configured with the incorrect
DNS server IP addresses.
To diagnose a name resolution problem, follow these steps:
1.
Open the Network And Sharing Center by clicking Start, clicking Network, and then
clicking Network And Sharing Center. If a red X is displayed over a network link, click
the link to start Windows Network Diagnostics and follow the prompts that appear.
Windows Network Diagnostics can solve many common configuration problems. If
Windows Network Diagnostics does not identify or resolve the problem, continue
following these steps.
2.
Verify that you can connect to other computers using IP addresses. If you cannot
connect to servers by using their IP address, the source of your problem is network
connectivity rather than name resolution. See the section titled “How to Troubleshoot
Network Connectivity Problems” earlier in this chapter. If you can connect to servers
by using their IP address but not by using their host names, continue following these

administrator for additional assistance.
n
If Nslookup displays the message “Default servers are not available,” the computer
does not have a DNS server configured. Update the client network configuration
with DNS server IP addresses or configure the computer to acquire an address
automatically.
4.
If you can connect to the server from a different client computer, run ipconfig /all from
a command prompt to determine which DNS servers the client computer is configured
to use. If the IP addresses are different, consider changing the problematic client com-
puter to use those IP addresses.
How to Verify Connectivity to a DNS Server
Although DNS traffic can use either TCP port 53 or UDP port 53, UDP is almost always used
because it is more efficient for short communications. Because Telnet always uses TCP, it is not
useful for testing UDP DNS connectivity. Instead, you can install and use the PortQry tool, as
described earlier in this chapter.
Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
CHAPTER 31 Troubleshooting Network Issues
1572
To test for connectivity to DNS traffic, install PortQry, and then run the following command.
portqry -n DNS_server_name_or_IP_address -p UDP -e 53
If PortQry can connect to the specified DNS server, it will respond with “LISTENING.” If
PortQry cannot connect, it will respond with “LISTENING OR FILTERED.” After displaying
“LISTENING OR FILTERED,” PortQry will attempt to issue a DNS request to the remote
computer and then will display whether the server responded to the request.
If you prefer graphical tools, you can use the PortQueryUI tool to query for UDP port 53,
as shown in Figure 31-7.
FIGURE 31-7
PortqryUI provides a GUI that you can use to test DNS connectivity.
How to Use the Hosts File