You are on page 1of 54

Module 7: Resolving Network Connectivity Issues

Contents Overview Lesson: Applying the OSI Model Lesson: Managing Computer Addressing Lesson: Managing Name Resolution Lesson: Troubleshooting Remote Connection Issues Lab: Resolving Network Connectivity Issues Course Evaluation 1 2 9 23 33 45 48

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Windows Server, Active Directory, ActiveX, ClearType, Direct3D, DirectDraw, DirectInput, DirectMusic, DirectPlay, DirectShow, DirectSound, DirectX, FrontPage, MSDN, MSN, Outlook, PowerPoint, the Windows logo, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Module 7: Resolving Network Connectivity Issues

iii

Instructor Notes
Presentation: 115 minutes Lab: 15 minutes This module enables students to identify and resolve network connectivity issues. After completing this module, students will be able to:
!

Explain the relationship between the Open Systems Interconnection (OSI) model and troubleshooting network connectivity issues Identify issues with computer addressing Identify issues with name resolution Troubleshoot remote connection issues

! ! !

Required materials Preparation tasks

To teach this module, you need the Microsoft PowerPoint file 2261A_07.ppt presentation. To prepare for this module:
! !

Read all of the materials for this module. Read the associated materials in the Knowledge Base (KB) and other online resources as referred to in the text. Complete the practices and lab.

iv

Module 7: Resolving Network Connectivity Issues

How to Teach This Module


This section contains information that will help you to teach this module.

Lesson: Applying the OSI Model


This section describes the instructional methods for teaching this lesson. What Is the OSI Model? Introduce students to the basic concepts behind the Open Systems Interconnection (OSI) model. Explain the relevance of this model and why being able to understand it will be useful to them as desktop support technicians (DSTs). Emphasize that it is frequently referred to in the industry in discussions and education about networking protocols. This topic provides students with a real-world example of how the OSI model is relevant to troubleshooting.

How to Use the OSI Model to Troubleshoot Networking Practice: Applying the OSI Model

In this practice, students are given troubleshooting scenarios and asked to map the issue to a specific layer of the OSI model. This practice reinforces the relevance of OSI in understanding and troubleshooting networking issues.

Lesson: Managing Computer Addressing


This section describes the instructional methods for teaching this lesson. What Is a TCP/IP Address? In this topic, provide an overview of Transmission Control Protocol/Internet Protocol (TCP/IP): what it is, how it works, and why students need to know about it. Emphasize that it is the protocol that enables communication over the Internet. Describe the separate functions of TCP and IP, and how IP addressing works at a high level. If time permits, show the multimedia presentation How an IP Packet Moves Through the Suite of TCP/IP Protocols. This presentation is included under Multimedia on the Web page on the Student Materials compact disc. How TCP/IP Addresses are Assigned In this topic, explain the two methods of assigning TCP/IP addresses. Students need to be very familiar with the differences between these methods. Be sure to explain that even though DHCP is the preferred method of assigning IP addresses in most cases, there are certain situations in which their customers will be using static IP addresses. Identify specific situations in which this may be the case. Explain how to identify the TCP/IP address in Microsoft Windows XP and Windows 2000 Professional using the dialog boxes and the ipconfig command. If time permits, demonstrate this functionality for them. In this topic, review the steps that students will take to set a static IP address. Introduce them to Alternate IP Configuration. Briefly describe why students need to know how to renew their TCP/IP addresses in Windows XP and Windows 2000 Professional.

How to Identify the TCP/IP Address How to Configure TCP/IP How to Renew a TCP/IP Address

Module 7: Resolving Network Connectivity Issues

Practice: Managing Computer Addressing

In the first part of this practice, you will disable the Dynamic Host Configuration Protocol (DHCP) server and guide the students through the procedure of using the ipconfig command to renew their IP addresses. Because the DHCP server is disabled, they will receive an IP address through Automatic Private IP Addressing (APIPA). You will then guide students through the process of pinging the server and the instructor computer, which also has an APIPA address. Next, students will configure a static IP address and ping the server. You will need to restart the DHCP server and renew the instructors IP address. Students will then configure their computers as DHCP clients and renew their IP addresses. Before the students begin the practice, you will disable the DHCP server: 1. On London, log on to the domain as Administrator with the password P@ssw0rd. 2. Click Start, then click Administrative Tools, and then click DHCP. 3. Right-click london.nwtraders.msft [192.168.x.1]. 4. Click All Tasks, and then click Stop. Guide students through the procedures for releasing and renewing the IP addresses on their computer and then pinging the instructor computer. Next, students will configure a static IP address. After they have completed the configuration, you will need to enable the DHCP server so that they can perform the last part of the exercise, viewing the results of DHCP. To enable the DHCP server: 1. On London, log on to the domain as Administrator with the password P@ssw0rd. 2. Click Start, then click Administrative Tools, and then click DHCP. 3. Right-click london.nwtraders.msft [192.168.x.1]. 4. Click All Tasks, and then click Start. 5. On Glasgow, at the command prompt, type ipconfig /release and press ENTER. 6. At the command prompt type ipconfig /renew and press ENTER. To ensure that this practice runs smoothly, you will need to verify that the students are participating with you at all times and that you facilitate a discussion by asking the students to explain what is happening at each critical point in the exercise.

vi

Module 7: Resolving Network Connectivity Issues

Lesson: Managing Name Resolution


This section describes the instructional methods for teaching this lesson. What Is Name Resolution? Host Files and Name Resolution How to Troubleshoot Name Resolution Define name resolution and describe the two main methods: NetBIOS and host name. Explain the order of steps that are followed on a Microsoft network in resolving host names. This is the most important topic in the lesson. Review each troubleshooting tool in detail. Engage students in a discussion of when and why they might be able to use these tools. Make sure students understand the fundamentals of each tool and where to go for more information about using them. In this practice, students will use the tools you talked about in the previous topic: ipconfig, ping, Nslookup, the Net command, and Nbstat. To complete this practice, students need to log on to the domain with an account that has local administrative rights on the computer.

Practice: Troubleshooting Name Resolution

Lesson: Troubleshooting Remote Connection Issues


This section describes the instructional methods for teaching this lesson. Types of Remote Connections What Is Connection Manager? How to Configure VPN Review the types of remote connections that are available. Students need to understand how all of them work to successfully troubleshoot remote connection issues. Describe the purpose of the Connection Manager. Point out where students should go for more information about troubleshooting the Connection Manager. There are several articles in the Knowledge Base on this. In this topic, describe how students can access details about the virtual private network (VPN) in order to configure it. Briefly review the settings that can be configured. The important point is that they know where to go to access the connections properties, review the settings, and make adjustments as necessary. Explain how Internet connection sharing (ICS) works and review the steps for how to configure it. In this topic, lead students in a discussion of the types of issues that they may face as DSTs. This topic organizes remote connection issues into three main categories: dial-up connection issues, shared Internet connection issues, and VPN connection issues. In this practice, students will configure a dial-up connection and then enable the dial-up connection to be shared by using ICS. They will also configure a VPN connection. To complete this practice, they will need to log on to the domain with an account that has local administrative rights on the computer.

How to Configure ICS How to Troubleshoot Remote Connection Issues Practice: Using Remote Connections

Lab: Resolving Network Connectivity Issues


In this lab, students will work in groups to troubleshoot problems, and then present their conclusions to the rest of the class. They will examine sample phone calls from customers and determine the best solution for the customer.

Module 7: Resolving Network Connectivity Issues

Overview

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction As a desktop support technician (DST), you may be called on to support customers who are having problems connecting to networks by using their Microsoft Windows 2000 Professional and Windows XP computers. They may be having problems with the physical connection, networking protocols, or the way in which their computer is addressed. In this module, you will learn how to support your customers in managing their connectivity to the network in Windows 2000 Professional and Windows XP. You will learn how to apply the OSI model to your troubleshooting scenarios, how to help customers manage computer addressing, and how to use a variety of tools to troubleshoot name resolution issues. You will also learn about the different types of remote connections and how to assist your customers in properly configuring these connections. Objectives After completing this module, you will be able to:
!

Explain the relationship between the OSI model and troubleshooting network connectivity issues Identify issues with computer addressing Identify issues with name resolution Troubleshoot remote connection issues

! ! !

Module 7: Resolving Network Connectivity Issues

Lesson: Applying the OSI Model

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, My Internet Explorer is messed up. I cant access any FTP sites anymore. My session keeps getting terminated. What would you do? Lesson objectives After completing this lesson, you will be able to:
! !

Identify the layers of the OSI model Explain the relationship between the OSI model and troubleshooting network connectivity issues

Module 7: Resolving Network Connectivity Issues

What Is the OSI Model?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Open Systems Interconnection (OSI) is a reference model developed by the International Organization for Standardization (ISO) as a standard for how networking protocols work. Its purpose is to guide networking system vendors in developing and implementing products that will work consistently with other products. OSI was originally designed to be a detailed specification of interfaces for product vendors to adhere to, but proprietary standards were too entrenched and OSI was too loosely defined. Instead, OSI has become a single point of reference in discussions and education about networking protocols. Many, if not most, product vendors involved in telecommunication make an attempt to describe themselves in relation to the OSI model. The real value of the OSI model is its role as a reference model to which realworld protocols can be compared. Real-world protocols, such as the Transmission Control Protocol/Internet Protocol (TCP/IP), DECnet, and Systems Network Architecture (SNA), generally only map loosely to OSI. They usually omit some of the functions, or even levels, of OSI. For example, TCP/IP maps to only four levels of the OSI model. Logical layers The main idea behind OSI is that the process of communication between end points in a telecommunication network can be divided into logical layers. Each layer has a specific networking function. The upper layers use the functions of lower layers to enable the communications process. Each computer that communicates across a network has these seven layers of function. Therefore, when a user sends a message from one computer to another on a network, the message passes through each layer at the users computer and, at the other end, when the message arrives, it passes through the layers in the receiving computer and ultimately to the end user or program.

How OSI is used

Module 7: Resolving Network Connectivity Issues

The seven layers of the OSI model are:


Layer Application layer Purpose Connects user applications with network functionality, controls how applications access the network, and generates error messages. Protocols at this level include HTTP, FTP, SMTP, and NFS. Translates data to be transmitted by applications into a format suitable for transport over the network. Redirector software, such as the Workstation service for Microsoft Windows NT, is located at this level. Network shells are also defined at this layer. Defines how connections can be established, maintained, and terminated. Also performs name resolution functions. Sequences packets so that they can be reassembled at the destination in the proper order. Generates acknowledgments and retransmits packets. Assembles packets after they are received. Defines logical host addresses such as IP addresses, creates packet headers, and routes packets across an internetwork using routers and Layer 3 switches. Strips the headers from the packets at the receiving end. Specifies how data bits are grouped into frames, and specifies frame formats. Responsible for error correction, flow control, hardware addressing, and how devices such as hubs, bridges, repeaters, and Layer 2 switches operate. The Project 802 specifications divide this layer into two sublayers, the logical link control (LLC) layer and the media access control (MAC) layer. Defines network transmission media, signaling methods, bit synchronization, architecture, and cabling topologies. Defines how network interface cards (NICs) interact with the media.

Presentation layer

Session layer Transport layer

Network layer

Data Link layer

Physical layer

Module 7: Resolving Network Connectivity Issues

How to Use the OSI Model to Troubleshoot Networking

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction OSI can be a useful tool in troubleshooting networking problems, because it provides a framework for understanding the role of networking protocols in enabling network communication. As a DST, you can use the OSI model to guide your troubleshooting process. For example, users who are having problems when they are browsing sites on the Internet may assume that the source of the problem is the Web browser. However, using the OSI model, you realize that the problem could be caused by a variety of issues, ranging from hardware to failed networking protocols. Applying key concepts from the OSI model One of the key concepts in the OSI model is that upper layer protocol functions cannot work unless all lower layer functions work properly first. Therefore, when your customer calls with a networking problem, try to determine whether the issue is a lower- or an upper-layer problem. To determine if the issue relates to the lower layers of the OSI model, ask the following types of questions:
! !

Troubleshooting issues related to the lower layers

Is the cable connected? Does the network card have an IP address configured?

You may want to ask the customer to perform the following tests:
! ! ! ! !

Check physical cable connections. Ping the local loopback address 127.0.0.x. Ping the users own IP address and host name. Ping the IP address of the default gateway for your local network. Ping the IP address of a host on a remote network.

Module 7: Resolving Network Connectivity Issues

Tip Ping is a command-line tool that sends packets and waits for replies to verify the integrity of a network connection. To use ping, open a command line window and type ping followed by either the IP address or the fully qualified domain name (FQDN) of the host for which you want to test network connectivity. Troubleshooting issues related to the upper layers Once you have eliminated these issues as possible problems, you can progress to testing upper layer issues. Questions that you may want to ask the customer include:
!

Are the Internet Information Server (IIS) Services running on the Web server? Does the customers network use hosts files? If so, does the hosts file on the customers computer need to be updated?

Ask your customer to perform the following tests:


!

Ping the host name of a popular Web site to be sure Domain Name Service (DNS) is working. Check proxy settings in Internet Explorer. Verify HTTP and secure socket layer (SSL) settings in Internet Explorer.

! !

Note For more information about Internet Explorer settings and connectivity, see article 326155 in the Microsoft Knowledge Base.

Module 7: Resolving Network Connectivity Issues

Practice: Applying the OSI Model

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will be presented with three scenarios that describe networking related issues. Attempt to determine the cause of the problem by identifying where the problem is in the OSI model. A customer receives Page Cannot Be Displayed errors when attempting to view certain sites in Internet Explorer. You ask him for one of the sites so that you can test it. You are able to view the site, and you notice that the site is secured using SSL (https://). You determine that the user does not have SSL enabled in Internet Explorer. What layer of the OSI model is involved? _______________________________________________________________ The Presentation layer Practice 2 A customer cannot reach locations on the local network. The customer can ping her own IP address, but she cannot ping the default gateway. You determine that this indicates the default gateway is not functioning. What layer of the OSI model contains the default gateway? _______________________________________________________________ The Network layer

Practice 1

Module 7: Resolving Network Connectivity Issues

Practice 3

Using Internet Explorer, a customer is trying to access an FTP server on the Internet from within his local network, but he receives an error explaining that the session was terminated. You are able to access the FTP server. You learn that the customers network is implementing a proxy server to access the Internet, and you determine that port 21 is closed on the proxy. What layer of the OSI does this port issue reflect? ________________________________________________________________ The Session layer

Module 7: Resolving Network Connectivity Issues

Lesson: Managing Computer Addressing

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, I have lost all network connectivity. I checked the status of my network connection and I have IP address 169.254.0.x. I thought all our IP addresses begin with 192.168. What happened? How would you respond? Objectives After completing this module, you will be able to:
! ! ! ! !

Describe the types of TCP/IP address Explain how TCP/IP addresses are assigned Identify a computers TCP/IP address Configure the TCP/IP address Renew a TCP/IP address

10

Module 7: Resolving Network Connectivity Issues

What Is a TCP/IP Address?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction TCP/IP is an industry-standard protocol suite that enables communication over the Internet. In order to communicate and send information over the Internet, your computer must have the TCP/IP protocols installed. TCP/IP can also be used as a communications protocol in a private network. TCP/IP is a two-layered protocol. TCP, the higher layer, manages the assembling of a message or file into smaller packets that are transmitted over the Internet and received by a TCP layer that reassembles the packets into the original message. IP, the lower layer, is responsible for addressing each packet so that it gets to the right destination. Each gateway computer on the network checks this address to see where to forward the message. Although some packets from the same message are routed differently than others, the packets will be reassembled at the destination. Note For more information on how TCP/IP works, see the multimedia presentation How an IP Packet Moves Through the Suite of TCP/IP Protocols under Multimedia on the Web page on the Student Materials compact disc. IP addressing The current standard of IP is version 4 (IPv4). In IPv4, a TCP/IP address is a logical 32-bit numeric address that identifies a specific computer. IP addresses enable packets to be routed over an IP network. Each IP packet has a header that contains the IP address of the source host that transmitted the packet and the destination host to which the packet is being sent. IP addresses are usually expressed in four-octet, dotted-decimal form in which each octet ranges in value from 0 to 255, with some restrictions. The IP address of a host is partitioned by the networks subnet mask into two parts, a network ID and a host ID. For example, the IP address 205.116.8.44 is partitioned using the subnet mask 255.255.255.0 into the network ID 25.116.8.0 and the host ID 44.

How TCP/IP works

Module 7: Resolving Network Connectivity Issues

11

Current shortage of IP addresses

In order for communication to take place reliably on an IP network, each computer on the network needs a unique IP address assigned to it. But since the Internet itself is an IP network and since the number of possible addresses is limited, the pool of available IP addresses for Internet communication began to dwindle in the 1990s. The Internet Engineering Task Force (IETF) suggested a method of reusing certain addresses, in which three blocks of IP addresses are reserved for private use. In other words, any company can use any of these private IP addresses for internal networking purposes. These private IP addresses are not routable to the Internet and networks using them need to use network address translation (NAT) to establish connectivity with the Internet. The three blocks of private IP addresses specified are:
! ! !

Class A addresses in the range 10.0.0.0 through 10.255.255.255. Class B addresses in the range 172.16.0.0 through 172.31.255.255. Class C addresses in the range 192.168.0.0 through 192.168.255.255.

Additional reading

For more information on TCP/IP, see the whitepaper Introduction to TCP/IP at http://msdn.microsoft.com/library/default.asp?url=/library /en-us/dniph/html/tcpipintro.asp.

12

Module 7: Resolving Network Connectivity Issues

How TCP/IP Addresses Are Assigned

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction IP addresses can be assigned to host computers either manually or automatically. A manually assigned IP address is called a static IP address. It is static because it does not change unless you change it manually. IP addresses can also be assigned automatically by using the Dynamic Host Configuration Protocol (DHCP). DHCP enables a network administrator to supervise and distribute IP addresses automatically from a central point. When a computer connects to the network, DHCP automatically sends a new IP address to this computer. Without DCHP, a network administrator must assign IP addresses to each computer on the network manually, and if a computer is moved, a new address must be issued. The DHCP protocol functions in a client-server relationship. The DHCP client broadcasts requests to the DHCP server, which typically has a pool of IP addresses that it is allowed to distribute to clients. The client leases an IP address from the pool for a specific period of time, usually several days. When the lease is about to expire, the client contacts the server to arrange for renewal. In a typical Windows domain environment, DHCP runs as a service on a server. But often in small-office or home networks, DHCP is provided by a dedicated appliance, such as a combination firewall/router. Remotely connected computers also typically obtain their IP addresses through DHCP. The IP address assigned to a dial-up user connecting to the Internet is normally provided by DHCP servers at the Internet service provider (ISP). DHCP is also often used for clients utilizing a VPN connection. Automatic Private IP Addressing (APIPA) If you have configured your computer to use DHCP but no DHCP server is available, the operating system automatically assigns an IP address in a specific private IP range. This is called Automatic Private IP Addressing (APIPA). If all computers on a subnet are using APIPA addresses, they can communicate with one another without requiring any additional configuration. APIPA was first introduced in May 1998 with Windows 98 and works the same in all versions of Windows released since that time.

The DHCP protocol

How DHCP works

Module 7: Resolving Network Connectivity Issues

13

Automatic versus static addressing

In most cases, DHCP is the preferred method of assigning IP addresses. With a properly configured server, DHCP centralizes updating, greatly simplifies IP configuration, and provides better protection against human error. In certain situations, however, you may want to control the IP address that is assigned to certain computers. For example, if you want to set up a Web server, a mail server, a VPN gateway, or any other computer that needs to be accessible from across the Internet, you may want to assign a static IP address to the computer. If you are using a router in a local network, you may want to configure the router so that packets entering your network on a specific port are forwarded to a specific computer. If you use DHCP to assign addresses within the local network, you cannot control the IP address that is assigned to that computer. By assigning that computer a static IP address that is within the range of addresses assigned by the DHCP server, you can ensure that the computer always has the same address and is thus always reachable.

Additional reading

For more information on TCP/IP addressing and subnetting, see article 164015 in the Microsoft Knowledge Base.

14

Module 7: Resolving Network Connectivity Issues

How to Identify the TCP/IP Address

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction In Windows 2000 Professional and Windows XP, TCP/IP is installed and configured automatically. Most of the time, TCP/IP should work automatically, without requiring any manual configuration. When your customers encounter problems with TCP/IP networks, such as the inability to connect with other computers on the same network or problems connecting to external sites, the problem may be TCP/IP related. You will need to know how to access TCP/IP configuration information to troubleshoot the problem. Windows XP and Windows 2000 Professional include tools that a DST can use to view the current IP Address of the computer. The method you use to identify the current TCP/IP address of a particular computer depends on whether the IP address is configured statically or dynamically and can vary depending on which operating system is installed. Using the ipconfig command You can use the ipconfig command to identify TCP/IP settings and whether the address is assigned statically or dynamically. To use the ipconfig command: 1. Click Start, and then click Run. 2. Type cmd and then click OK. 3. At the command prompt, type ipconfig and press ENTER. IP address, subnet mask, and default gateway information is displayed for each network interface card (NIC). For additional detailed IP settings information, use the /all switch ipconfig /all.

Module 7: Resolving Network Connectivity Issues

15

Viewing the TCP/IP address in Windows XP

In Windows XP, you can quickly identify your current IP address settings on the Support tab of the network connections status window. This tab displays your IP address, subnet mask, default gateway, and whether the address is assigned statically or dynamically. To view details about your current IP address in Windows XP: 1. From Control Panel, open the Network Connections folder. 2. Double-click the connection icon to open the connection dialog box. Detailed information is displayed about the connection on the tabs in this dialog box.

Diagnosing IP address problems

The actual IP address that you see may help you solve the connection problems:
!

If the address is in the format 169.254. x.y, the computer is using Automatic Private IP Addressing (APIPA). This means the computers DHCP client was unable to reach a DHCP server to be assigned an IP address. Check the connection to the network. If the address is in one of the blocks of IP addresses reserved for use on private networks, make sure that another computer (an Internet Connection Sharing host) or a router or residential gateway is routing Internet requests to a properly configured public IP address. If the address of the computer appears as 0.0.0.0, either the network is disconnected or the static IP address for the connection duplicates an address that already exists on the network. Make sure the customer is using the correct subnet mask for computers on the local network. Compare IP settings on the computer that is having problems with those on other computers on the network. The default gateway and subnet mask should be identical for all network computers. The first one, two, or three sets of numbers in the IP address for each computer should also be identical, depending on the subnet mask. A subnet mask of 255.255.255.0 means the first three IP address numbers of computers on your network must be identical 192.168.0.83 and 192.168.0.223, for instance, can communicate on a network using this subnet mask, but 192.168.x.101 will not be recognized as belonging to the network. Likewise, with a subnet mask of 255.255.0.0, the first two numbers in each address must match 172.16.2.34, 172.16.4.56, and 172.16.83.201 are all valid addresses on a subnet with this mask. In every case, the gateway computer must also be a member of the same subnet. If you use a router, switch, or residential gateway for Internet access, the local address on that device must be part of the same subnet as the computers on your network.

16

Module 7: Resolving Network Connectivity Issues

How to Configure the TCP/IP Address

*****************************ILLEGAL FOR NON-TRAINER USE****************************** In some cases you may need to know how to configure a computer to use a static IP address. Although this method takes more time and is more complex than automatic addressing, it gives you greater control over the addressing process. How to assign a static IP address To assign a static IP address: 1. From Control Panel, open the Network Connections folder and select the connection whose settings you want to change. 2. Right-click the connection icon and click Properties. 3. From the list of installed network components, select Internet Protocol (TCP/IP) and then click Properties. 4. In the Internet Protocol (TCP/IP) Properties dialog box, select Use the Following IP Address and fill in the blanks. Do not forget to fill in addresses for DNS servers as well. 5. Click OK to save your changes. Alternate IP configuration Windows XP offers a new feature called Alternate IP Configuration. This feature enables you to specify multiple IP addresses for a single network connection. This feature is very useful for portable computers that regularly connect to different networks. You can configure the connection to automatically acquire an IP address from an available DHCP server, and then assign a backup address for use if the first configuration is not successful. Access details about the alternate IP configuration on the Alternate Configuration tab of the TCP/IP Properties dialog box.

Module 7: Resolving Network Connectivity Issues

17

How to Renew a TCP/IP Address

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction DHCP servers lease IP addresses to client computers for a specific period of time. When the IP lease expires on a DHCP client, it will automatically request a new lease from the server. This process is called renewing the lease of an IP address. There are instances when you may wish to obtain a renewed IP address lease before the current lease expires. For example:
!

Reasons to renew a lease

The default gateway that is part of the IP lease has been changed. In this situation, you will need to renew the lease on the DHCP client to obtain the new default gateway address. A computer cannot find a DHCP server and Automatic Private IP Addressing has assigned default IP settings. When proper communication with the DHCP server has been restored, you will need to renew the IP lease to gain the correct settings for the network.

Renewing an IP lease

In Windows XP, you can easily renew your IP address on the Support tab of the Network Connection Details dialog box by clicking Repair. The Repair function renews the IP address, removes cached DNS and NetBIOS setting, registers the computer with the DNS server, and broadcasts the new NetBIOS settings to the network. In Windows 2000 Professional, you need to use the ipconfig command to renew the IP lease. You can also use the ipconfig command to renew IP leases in Windows XP. To renew your IP address using the ipconfig command, type ipconfig /renew at the command prompt.

18

Module 7: Resolving Network Connectivity Issues

Releasing an IP lease

It is a best-practice to always release your IP address prior to renewing it. By following this practice, you will ensure that you receive the correct IP address from the DHCP server. To release an IP lease, type ipconfig /release at the command prompt. For more information about the Repair tool, see article 289256 in the Microsoft Knowledge Base. For more information about the ipconfig command, see article 223413 in the Microsoft Knowledge Base.

Additional reading

Module 7: Resolving Network Connectivity Issues

19

Practice: Managing Computer Addressing

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice In this practice, you will use the ipconfig command to renew and release an IP address, configure a static IP address, and view the results of DHCP. Stop Your instructor will guide you through this part of the practice. Do not begin until your instructor tells you to begin.

! Use the ipconfig command to renew and release IP addresses


1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, click Run, type cmd and then click OK. 3. At the command prompt, type ipconfig /all and then press ENTER. What is your current IP address? ____________________________________________________________ Your IP address will be 192.168.x.y (x.y will vary). The IP address has been set using DHCP. 4. At the command prompt, type ipconfig /release and then press ENTER. 5. At the command prompt, type ipconfig and then press ENTER. What is your current IP address? ____________________________________________________________ Your IP address will be 0.0.0.0. Stop Your instructor will guide you through this part of the practice. Do not begin until your instructor tells you to begin.

20

Module 7: Resolving Network Connectivity Issues

6. At the command prompt, type ipconfig /renew and then press ENTER. 7. Read the error message that appears in the command line window, then at the command prompt type ipconfig /all and then press ENTER. What is your IP address now? ____________________________________________________________ Your IP address will be 169.254.x.y (x and y will vary). The IP address has been set using Automatic Private IP Addressing (APIPA) because the instructor has disabled the DHCP server. 8. At the command prompt, type ping 192.168.x.1 which is Londons IP address, and then press ENTER. Are you able to ping London? Why? ____________________________________________________________ No. You are unable to ping the server address of 192.168.x.1 because your APIPA-assigned IP is not in the same network address range. 9. Ask another student what their TCP/IP address is from step 6, and then, at the command prompt, type ping 169.254. x.y (where x and y are given to you by another student), and then press ENTER. Are you able to ping the other students computer? Why? ____________________________________________________________ Yes. The other students computer is also using APIPA.

! Configure a static IP address


1. Click Start, and then click Control Panel. If you are in category view (blue background), click Switch to Classic View on the left. 2. Double-click Network Connections. 3. Right-click Local Area Connection, and then select Properties. 4. Double-click Internet Protocol (TCP/IP), and then select Use the following IP address.

Module 7: Resolving Network Connectivity Issues

21

5. Enter the following information: IP Address: 192.168.x.n. See table below. (Where x will be given to you by the instructor and n is in the table below.) Subnet mask: 255.255.255.0. Default gateway: 192.168.x.1. Preferred DNS Server: 192.168.x.1.
Computer Name Vancouver Denver Perth Brisbane Lisbon Bonn Lima Santiago Bangalore Singapore Casablanca Tunis Acapulco Miami Auckland Suva Stockholm Moscow Caracas Montevideo Manila Tokyo Khartoum Nairobi IP Address 192.168.x.201 192.168.x.202 192.168.x.203 192.168.x.204 192.168.x.205 192.168.x.206 192.168.x.207 192.168.x.208 192.168.x.209 192.168.x.210 192.168.x.211 192.168.x.212 192.168.x.213 192.168.x.214 192.168.x.215 192.168.x.216 192.168.x.217 192.168.x.218 192.168.x.219 192.168.x.220 192.168.x.221 192.168.x.222 192.168.x.223 192.168.x.224

6. Click OK twice. 7. At the command prompt, type ping 192.168.x.1 which is Londons IP address, and then press ENTER. Were you able to ping London? Why? ____________________________________________________________ Yes. You have configured a static IP address that is in the same address range as London.

22

Module 7: Resolving Network Connectivity Issues

Stop Do not proceed with the next part of this practice until your instructor tells you to begin.

! View the results of DHCP


1. In Network Connections, right-click Local Area Connection, and then select Properties. 2. Double-click Internet Protocol (TCP/IP), select Obtain an IP address automatically. 3. Select Obtain DNS server address automatically, and then click OK twice. 4. At the command prompt, type ipconfig /release and then press ENTER. 5. At the command prompt, type ipconfig /renew and then press ENTER. 6. At the command prompt, type ipconfig /all and then press ENTER. What is your IP address? ____________________________________________________________ Your IP address will once again be 192.168.x.y (x will vary). The instructor has re-enabled DHCP on the server so you IP address has been set using DHCP. 7. Close all windows and log off.

Module 7: Resolving Network Connectivity Issues

23

Lesson: Managing Name Resolution

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Users at a small company can no longer browse the Internet. They have a public Web site hosted from their network and you are able to view it, so they appear to have partial Internet connectivity. You ask them to ping a host name on the Internet, but they cannot. You ask them to ping the IP address of the host on the Internet, and that works fine. What is happening? Lesson objectives After completing this lesson, you will be able to:
! ! !

Explain name resolution Explain the relationship between host files and name resolution Troubleshoot name resolution issues

24

Module 7: Resolving Network Connectivity Issues

What Is Name Resolution?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Name resolution is the process of translating, or resolving, the name of a host on a network into its associated network address. Name resolution plays an important part of network communication because the logical names of hosts on the network must be resolved into their network addresses before actual communication can take place between them. TCP/IP networks running Microsoft Windows operating systems support two basic name resolution methods:
!

Name resolution methods

Method 1: NetBIOS name resolution. Used to resolve NetBIOS computer names into IP addresses. Performed by using broadcasts, or by querying a Windows Internet Name Service (WINS) server.

Method 2: Host name resolution. Used to resolve fully qualified domain names (FQDNs) in the Domain Name System (DNS) into IP addresses. Performed either by using a local hosts file on the computer or by querying a name server. Note NetBIOS is used by previous versions of Windows for host name resolution. In Windows 2000 Professional and Windows XP, DNS has superseded NetBIOS, but these operating systems still include support for NetBIOS to ensure backward compatibility with computers running Windows NT, Windows 95, Windows 98, and Windows Millennium Edition.

Module 7: Resolving Network Connectivity Issues

25

How name resolution works

In the name resolution process, if you access the command prompt of a computer running Windows XP and type ping followed by a host name or FQDN of another host on the network, the host name or FQDN of the target host must be resolved into its IP address before the TCP/IP utility ping can occur.

26

Module 7: Resolving Network Connectivity Issues

Host Files and Name Resolution

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Host name resolution methods Many applications access computers through a network connection. You may be downloading your e-mail, viewing a Web site, or listening to music over the Internet. The application you are using must resolve a host name or FQDN to an IP address. Windows uses a number of different methods to perform host name resolution. The following table shows the order in which these are attempted on a Microsoft network:
Host name resolution methods Check whether the target host is the local host. Check local hosts file. Contact DNS server. Description The local host knows its own host name. This check is performed only if a hosts file has been configured. This check is performed only if the DNS tab of the TCP/IP property sheet has a DNS server specified on it. The local host tries again at intervals of 5, 10, 20, and 40 seconds. The cache contains recently resolved NetBIOS names. On Microsoft networks, NetBIOS names and host names are usually the same.

Check local NetBIOS name cache. (Unique to Windows-based networks)

Module 7: Resolving Network Connectivity Issues (continued) Host name resolution methods Contact NBNS. (Unique to Windowsbased networks) Description

27

This check is performed if NBNS has been configured by creating a Windows Internet Name Service (WINS) record within the DNS database. On a Microsoft network, this is usually a WINS server. The local host tries three times to contact the WINS server and then tries the secondary WINS server three times. Local host broadcasts a NetBIOS name query request packet three times. This check is performed if an lmhosts file has been configured.

Perform local broadcast. (Unique to Windows-based networks) Check local lmhosts file. (Unique to Windows-based networks)

The methods are tried in succession until the host name is resolved into its IP address or until name resolution finally fails. Some methods may not be available, as for example when there is no DNS server or NetBIOS Name Server (NBNS) on the network. If all methods fail an error message states that the computer could not be found on the network. Using hosts files Notice that the first method used to resolve name resolution, after checking itself, is the hosts file. A hosts file can be used to resolve a host name or FQDN into its associated IP address. Hosts files are a local alternative to using distributed DNS servers for performing name resolution. Hosts files are used mainly on small networks where maintaining a DNS server is impractical or as a backup in case no name servers are available to perform name lookups. Hosts files are text files that consist of a series of FQDN-to-IP address mappings, one per line. Each line in the hosts file contains the IP address of a host followed by the FQDN of the host, followed by an optional comment prefixed with a pound sign (#). Hosts files should contain mappings for hosts on both local and remote networks. Mappings can consist of an IP address and one or more host names (aliases). If you are using hosts files to resolve host names on a network, each computer on the network should have a hosts file. On computers running Windows 2000 Professional, Windows XP, or Microsoft Windows Server 2003, the hosts file is located in systemroot\system32\ drivers\etc\Hosts. Although DNS has largely eliminated the need for maintaining hosts files, these files are still useful in two scenarios:
!

On small TCP/IP networks not connected to the Internet, it may be easier to maintain a host file than to run a DNS server. Hosts files can be used as a backup in case DNS goes down. Typically, you would keep the hosts file small in this case, adding only entries for your servers and for gateways to remote networks, plus a line for localhost, which maps to 127.0.0.1, the loopback address for testing IP communications.

28

Module 7: Resolving Network Connectivity Issues

Lmhosts file

While the hosts file is used to resolve domain names, the lmhosts file is used to resolve NetBIOS computer names. The lmhosts file normally contains mappings for hosts on remote networks only. Mappings are usually not required for hosts on local networks because these can be resolved using broadcasts. If you are using lmhosts files to resolve NetBIOS names on a network, each computer on the network should have an lmhosts file. You can find the lmhosts file in systemroot\ system32\drivers\etc in Windows NT, Windows 2000, Windows XP, and Windows Server 2003. Each line in the lmhosts file contains the IP address of a NetBIOS computer on the network, followed by the NetBIOS name of the computer. The computer name can be followed by optional prefixes that identify domains and domain controllers and allow entries to be loaded into the NetBIOS name cache at startup. Comments are prefixed with the pound sign (#). Place the NetBIOS names that need to be resolved most frequently near the top of the lmhosts file because the file is parsed linearly from the beginning.

Module 7: Resolving Network Connectivity Issues

29

How to Troubleshoot Name Resolution

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Windows XP and Windows 2000 Professional Windows include a number of tools that you can use when troubleshooting name resolutions issues. Ipconfig The ipconfig command displays the current TCP/IP configuration parameters on your computer. The following table shows the ipconfig command options that you can use to display TCP/IP configuration and renew TCP/IP connections.
Command /all /release /renew /flushdns /registerdns /displaydns Description Display full configuration information Release the IP address for the specified adapter Renew the IP address for the specified adapter Purge the DNS resolver cache Refresh all DHCP leases and re-register DNS names Display the contents of the DNS resolver cache

Ping

The ping command tests for low-level communication over IP to another host in the form of an echo request on the network. If ping fails, it may return one of the following error messages:
!

Destination host unreachable. This error message indicates that there is a problem at the IP routing level between your computer and the remote host. Unknown host hostname. This error message indicates that none of the clients name resolution mechanisms recognize the name that you typed. In this case, you must check that you typed the host name correctly. Request timed out. This error message indicates that at least one of the name resolution mechanisms recognized the name, but the target either did not receive the request or did not respond to it. In this case, you must check connectivity to the target host.

30

Module 7: Resolving Network Connectivity Issues

Ping can also perform a loopback test to the computer that it is running on. At a command prompt, type ping 127.0.0.1 or ping loopback. If this loopback test fails, there is a problem with the IP configuration. For example, your computer may not have been set up to use IP, or it may not have restarted after TCP/IP was installed and configured. Ping can accept an IP address or a host name. In this way, ping can also be used to test name resolution. If the ping command that uses an IP address connects, but the ping command that uses a host name fails to connect, there is a problem with name resolution. Note For security reasons, many Internet resources are configured to not respond to ping. If you attempt to ping one of these hosts, you will receive a Request timed out error message because the address has been configured to disregard ping requests. Nslookup The Nslookup utility uses DNS to translate a computer name to an IP address. Use the Nslookup utility to verify that the remote computer name is registered with the appropriate DNS servers. You can run the Nslookup utility in interactive mode by typing nslookup at a command prompt, with no parameters. The command then displays its own prompt. Type a host name and press ENTER to translate a computer name to an IP address. Type help to obtain a list of valid commands. For example, typing nslookup WKS1 DNSServer3 would query DNSServer3 for the IP address of the host, WKS1. The Nslookup utility can also be run in interactive mode by typing nslookup at a command prompt, with no parameters. The command then displays its own prompt. Type help to obtain a list of valid commands. Net The net command is primarily used for viewing network settings for the computer. The main net command that is used for testing NetBIOS name resolution is the net config workstation command. The Net config workstation command reports the NetBIOS name and the domain name of the computer. For more information about the net command, at a command prompt, type net help The nbtstat command is the primary tool used for managing the NetBIOS name cache information, and it can be used to display statistics and details about current TCP/IP connections. The nbtstat command checks the state of current NetBIOS over TCP/IP connections, updates the Lmhosts cache, and determines your registered name. This command is also useful for troubleshooting and preloading the NetBIOS name cache. The following table shows the nbstat command options that you can use to diagnose protocol statistics and TCP/IP connections.
Command nbtstat -n nbtstat -c nbtstat -R Description Lists the NetBIOS names registered by the client Displays the NetBIOS name cache Manually reloads the NetBIOS name cache by using entries in the Lmhosts file with a #PRE parameter

Nbtstat

For more information about the nbtstat command, type nbtstat /? at a command prompt.

Module 7: Resolving Network Connectivity Issues

31

Practice: Troubleshooting Name Resolution

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Practice In this practice, you will use command line tools to troubleshoot name resolution issues. To complete this practice, you need to log on to the domain with an account that has local administrative rights on the computer.

! Verify name server settings by using Ipconfig


1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, click Run, type cmd and then click OK. 3. At the command prompt, type ipconfig /all and then press ENTER. What is the IP address of this computers DHCP server? ____________________________________________________________ 192.168.x.1. What is the IP address of this computers DNS server? ____________________________________________________________ 192.168.x.1. What is the IP address of this computers WINS server? ____________________________________________________________ 192.168.x.1.

32

Module 7: Resolving Network Connectivity Issues

! Verify connectivity with DNS and WINS servers by using ping


At the command prompt, type ping x.x.x.x (where x.x.x.x is the IP address of the DNS and WINS servers), and then press ENTER. Are you able to ping the DNS and WINS servers? ____________________________________________________________ Yes.

! Determine the IP address of another computer on the network by using


Nslookup At the command prompt, type nslookup glasgow and then press ENTER. What is the IP address of Glasgow? ____________________________________________________________ Your answer will vary because Glasgows IP address has been assigned by DHCP.

! View the NetBIOS name and domain name of the computer by using
Net At the command prompt, type net config workstation and then press ENTER. What is the Computer name of your computer? ____________________________________________________________ \\ComputerName. What is the Workstation domain DNS name? ____________________________________________________________ nwtraders.msft

! Display the full list of NetBIOS names registered to the computer using
Nbstat 1. At the command prompt, type nbtstat -n and then press ENTER. What is the result? ____________________________________________________________ ____________________________________________________________ You will see the NetBIOS local name table for your computer. 2. Close the command window.

Module 7: Resolving Network Connectivity Issues

33

Lesson: Troubleshooting Remote Connection Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You receive a call from a customer who says, When I work from home and log into the office network, my connection to the Internet is immediately terminated. I can connect to the Internet without a problem, until I try to connect to my office. How would you respond? Lesson objectives After completing this lesson, you will be able to:
! ! ! ! !

Identify the types of remote connections Describe how Connection Manager is used for remote connection Configure a VPN connection Configure an ICS connection Troubleshoot remote connection issues

34

Module 7: Resolving Network Connectivity Issues

Types of Remote Connections

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A remote connection provides the means for users to connect to a network from a remote location, such as when a user is working from home and needs access to resources that are only available on the office LAN. There are several types of remote connections, including Point-to-Point Tunneling Protocol (PPTP) and VPN connections. Point-to-Point Tunneling Protocol PPTP is a data-link layer protocol based on the Internet standard Point-to-Point Protocol (PPP). PPTP was developed by Microsoft to enable network traffic to be encapsulated and sent over an unsecured public Internet Protocol (IP) network like the Internet. PPTP does this through the creation of VPNs, which securely tunnel network traffic through the Internet. Remote users can use PPTP to securely access resources on their corporate network over the Internet instead of having to use direct modem connections or costly leased lines. The term virtual private network (VPN) is used in various senses in the industry to describe a variety of technologies, but essentially it can have one of two meanings:
!

Virtual private network

Use of an unsecure public network such as the Internet to connect two networks, or to connect a network and a remote computer Technologies such as tunneling, authentication, and encryption that make this connection secure

Module 7: Resolving Network Connectivity Issues

35

VPN types

There are two main types of VPNs:


!

Network-network: A branch office network of an enterprise is connected by a VPN to corporate headquarters. Network-network VPNs offer a low-cost alternative to deploying expensive dedicated leased lines such as T1 lines at all branch offices. In spite of the cost advantage, however, networknetwork VPNs have been slow to gain a foothold in the enterprise due to the proven reliability of leased lines and the relative unreliability of the Internet in comparison. Host-network: A mobile knowledge worker uses his or her laptop or personal digital assistant (PDA) and modem to dial in to a local ISP and connect securely to a company intranet or portal by means of an encrypted VPN connection. Use of VPNs for this purpose has proliferated in the enterprise because it is more cost-effective than traditional remote access solutions involving modem pools, dedicated phone lines, and toll-free numbers.

How VPNs work

For a typical host-network VPN scenario, the remote user first establishes a dial-up connection with a local ISP to connect to the Internet. When the user connects, the client contacts the VPN server to connect to the corporate intranet. The VPN server authenticates the VPN client, negotiates which tunneling and encryption protocols to use, and establishes the secure VPN connection. The result is the formation of a secure encrypted tunnel that connects the VPN client to the VPN server. The effect is as if both client and server were on the same local area network (LAN). For the connection to work, however, the VPN client must be assigned an Internet Protocol (IP) address that makes it appear to the VPN server that it is on the same LAN as the server. VPN clients thus generally have two IP addresses, one for the VPN connection and one for the intermediate or transit network, such as the Internet.

Internet Connection Sharing

Internet Connection Sharing (ICS) is a feature of Windows XP and Windows 2000 Professional that enables a computer that is connected to the Internet to share the Internet service with several computers on a home or small-office network. The computer with the active Internet connection acts as the ICS host computer and shares its Internet connection. Other computers that are configured for ICS on your network route their Internet traffic through the ICS host computer. ICS is most effective with high-speed (cable or DSL) connections, although it works acceptably with dial-up Internet connections. The ICS host computer must have a second network adapter to share a broadband connection; and, of course, the shared connection is only available if the ICS host computer is turned on.

Dial-up

The term dial-up usually refers to the use of an analog modem and ordinary phone line to establish a remote connection. Dial-up lines are generally much less expensive to use, but they have less available bandwidth compared to dedicated or leased lines, which are digital lines with dedicated circuits. Companies often use dial-up lines for occasional, low-bandwidth usage, such as remote access networking, or as a backup for the more costly dedicated lines. Besides dial-up lines using analog modems over local loop connections, there are also some digital services that can be dialed, instead of dedicated, such as Integrated Services Digital Network (ISDN) and X.25.

36

Module 7: Resolving Network Connectivity Issues

What Is Connection Manager?

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The Connection Manager is software that is installed on remote access client computers. It is a client dialer and connection tool that includes advanced features, in addition to basic dial-up networking functionality. At the same time, Connection Manager presents a simplified dialing experience to the user. It limits the number of configuration options that a user can change, ensuring that the user can always connect successfully. Connection Manager enables users to:
! ! !

Connection Manager functionality

Select from a list of phone numbers to use, based on physical location Use customized graphics, icons, messages, and help Automatically create a dial-up connection before the VPN connection is made Run custom actions during various parts of the connection process, such as preconnect and postconnect actions. These actions are executed before or after the dial-up or VPN connection is completed

Connection Manager profiles

A customized Connection Manager client dialer package, also known as a profile, is a self-extracting executable file that is created by a network administrator with the Connection Manager Administration Kit (CMAK). The Connection Manager profile is distributed to VPN users via CD-ROM, e-mail, Web site, or file share. When the user runs the Connection Manager profile, it automatically configures the appropriate dial-up and VPN connections.

Module 7: Resolving Network Connectivity Issues

37

How to Configure VPN

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure a VPN connection in Windows XP, use the New Connection Wizard. To configure a VPN connection in Windows 2000 Professional, use the Network Connection Wizard. The PPTP protocol needed for VPN connections is automatically installed in Windows. To complete the wizard, you only need the host name or IP address of the remote computer to which you are connecting. After a VPN connection has been created, you can view and edit settings for this connection by right-clicking the connections icon and selecting Properties. Each connection is configured with general settings that are the minimum information needed to successfully connect. These options are found on the General tab of the Properties dialog box for that connection. You can configure additional settings, such as:
!

Adjusting VPN settings

Whether the operating system should connect to the public network, such as the Internet, before it tries to establish the virtual connection. Dialing and redialing options. Security options. Security protocols.

! ! !

Modifying these connection settings does not modify or affect the settings of other connections that may already exist. For example, you may have a VPN connection that requires data encryption for all traffic between the VPN client and server. You may also have a second connection that does not require any encryption. The security settings of the first connection never cause the second connection to challenge the VPN server for encryption.

38

Module 7: Resolving Network Connectivity Issues

You can modify connection settings while you are connected. However, the connection may need to be reinitiated in order to save the changes. The connection will be terminated, the changes will be saved, and the connection will be reestablished immediately. Additional reading For more information on how to configure a VPN connection in Windows XP, see article 305550 in the Microsoft Knowledge Base. For more information on how to configure a VPN connection in Windows 2000 Professional, see article 257333 in the Microsoft Knowledge Base.

Module 7: Resolving Network Connectivity Issues

39

How to Configure ICS

*****************************ILLEGAL FOR NON-TRAINER USE****************************** ICS requirements To enable and configure ICS on a network, the ICS host computer needs two network connections:
!

A local area connection, automatically created by installing a network adapter that connects to the computers on your home or small-office network A second connection, by means of a 56k modem, ISDN, DSL, or cable modem, linking the home or small-office network and the Internet

You need to ensure that ICS is enabled on the connection to the Internet. By doing this, the shared connection can link your home or small-office network to the Internet, and users outside your network are not at risk of receiving inappropriate addresses from your network. How ICS works When you enable ICS, the local area network connection to the home or smalloffice network is given a new static IP address and configuration. Consequently, TCP/IP connections established between any home or smalloffice computer and the ICS host computer at the time of ICS enablement are lost and need to be reestablished. For example, if Internet Explorer is connecting to a Web site when ICS is enabled, refresh the browser to reestablish the connection. You must configure client computers on your home or small-office network so that TCP/IP on the local area connection obtains an IP address automatically. Home or small-office network users must also configure Internet options for ICS.

40

Module 7: Resolving Network Connectivity Issues

Configuring Internet Connection Sharing in Windows XP

To configure ICS in Windows XP on the host computer: 1. Click Start, click Control Panel, and then doubleclick Network Connections. 2. Click the dial-up, local area network, Point-to-Point Protocol over Ethernet (PPPoE), or VPN connection you want to share, and then, under Network Tasks, click Change settings of this connection. 3. On the Advanced tab, select the Allow other network users to connect through this computer's Internet connection check box. 4. If you want this connection to dial automatically when another computer on your home or small-office network attempts to access external resources, select the Establish a dial-up connection whenever a computer on my network attempts to access the Internet check box. 5. If you want other network users to enable or disable the shared Internet connection, select the Allow other network users to control or disable the shared Internet connection check box. 6. Under Internet Connection Sharing, in Home networking connection, select any adapter that connects the computer sharing its Internet connection to the other computers on your network. The Home networking connection area is only present when two or more network adapters are installed on the computer. To configure Internet options on your client computers for ICS: 1. Click Start, All Programs, and then click Internet Explorer. 2. On the Tools menu, click Internet Options. 3. On the Connections tab, click Never dial a connection, and then click LAN Settings. 4. In Automatic configuration, clear the Automatically detect settings and Use automatic configuration script check boxes. 5. In Proxy Server, clear the Use a proxy server check box.

Additional reading

For information on enabling ICS in Windows 2000 Professional, refer to article 310816 in the Microsoft Knowledge Base.

Module 7: Resolving Network Connectivity Issues

41

How to Troubleshoot Remote Connection Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** The following are common problems, and their solutions that you may encounter when troubleshooting remote connection issues. Dial-up connection issues Problems with a dial-up connection may be caused by the modem hardware, the phone line, or software settings. To verify that the modem is functioning and able to communicate with the operating system: 1. In Control Panel (Classic View), double-click Phone and Modem Options. 2. On the Modems tab, select the modem, and then click Properties. 3. Click the Diagnostics tab, and then click Query Modem. If the modem is working correctly, a series of diagnostics responses will be returned. If the modem is faulty, try reinstalling the modem, or consult the modem manufacturer for more information. On the Diagnostics tab, click View log to get more information about what the modem is doing during a connection attempt. The modem session log information can help to pinpoint a variety of problems that you might encounter while attempting to make a dial-up connection. Verify that the phone cord and the phone jack that the computer is connected to work properly by testing them each with a phone. If a user has reconfigured dial-up settings on a particular connection multiple times in an attempt to resolve an issue it may be that the connection has become corrupted. If you have verified that the settings are correct but the connection still is not working, delete the connection and create a new one using the New Connection Wizard.

42

Module 7: Resolving Network Connectivity Issues

Shared Internet Connection issues

Any of the following circumstances can prevent ICS from working properly:
!

The ICS service is not running. In Control Panel, open the Administrative Tools folder, double-click Services, and then check to see that the Status column alongside the Internet Connection Sharing service reads Started. If necessary, right-click the Service entry and choose Start or Restart from the shortcut menu. The wrong network adapter is shared. Start the Network Setup Wizard again and confirm that youve selected the correct adapters. The settings on other network computers are incorrect. Computers running Windows 98, Windows Me, Windows 2000, or Windows XP should be able to connect to the Internet through an ICS host when configured to obtain an IP address and DNS servers automatically. Leave the default gateway field blank. If necessary, rerun the Network Setup Wizard on the other computers.

VPN connection issues

If there is a problem connecting to a VPN server, first verify that the correct host name or IP address is used. If the host name is correct, try using the IP address instead in case there is a problem with name resolution. Also, if you are connecting through a firewall, contact your administrator to ensure that the correct ports are open at the firewall to allow the VPN connection through the firewall. Another reason for VPN connection failure can be the use of network address translation (NAT). If your network uses NAT to protect internal IP addressing, certain VPN protocols cannot pass through. Another common problem that may occur with a VPN connection is that Internet services stop working after you establish a VPN connection. This occurs when the VPN connection is configured to use the default gateway on the remote network for Internet access. If you are connecting to a single computer or a small workgroup, it is usually not necessary to use the remote gateway. To fix the problem: 1. Right-click the VPN connection, and choose Properties. 2. Click the Networking tab, select Internet Protocol (TCP/IP), and click Properties. 3. In the Internet Protocol (TCP/IP) Properties dialog box, click Advanced. 4. On the General tab of the Advanced TCP/IP Settings dialog box, clear the Use default gateway on remote network check box. If you are connecting to a corporate network, you may be required to leave the Use default gateway on remote network box checked for security reasons. In such cases, the solution is normally to configure Internet Explorer to use a Web proxy for the VPN connection: 1. In Internet Explorer, select Internet Options from the Tools menu. 2. Click the Connections tab. 3. Choose your connection in the Dial-up and Virtual Private Network settings box. 4. Click Settings. 5. Enter the Proxy server settings provided by your network administrator.

Module 7: Resolving Network Connectivity Issues

43

Practice: Using Remote Connections

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will configure a dial-up connection and then enable the dial-up connection to be shared by using Internet Connection Sharing. You will also configure a VPN connection. To complete this practice, you need to log on to the domain with an account that has local administrative rights on the computer.

! Configure a dial-up connection and enable ICS


1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, and then Control Panel. 3. In Control Panel, if in category view (blue background), click Switch to Classic View on the left, and then double-click Network Connections. 4. In Network Connections, click Create a new connection. 5. In the New Connection Wizard, click Next. 6. On the What do you want to do? page, click Connect to the Internet, and then click Next. 7. On the Getting Ready page, select Set up my connection manually, and then click Next. 8. On the Internet Connection page, select Connect using a dial-up modem, and then click Next. 9. On the Connection Name page, in the ISP Name box, type ISP and then click Next. 10. On the What is your ISPs phone number? page, in the Phone number box type (555) 555-5555, and then click Next. 11. On the Connection Availability page, click Anyones use, and then click Next.

44

Module 7: Resolving Network Connectivity Issues

12. On the Internet Account Information page, leave the User name and Password blank and clear all three boxes, and then click Next. 13. On the Completing the New Connection Wizard page, click Finish. 14. On the Network Connections window, right-click ISP, and then click Properties, and then click the Advanced tab. 15. Select Allow other network users to connect through this computers Internet connection. 16. Read the information in the message box and click OK. 17. Click OK. Notice that the icon for the ISP connection has changed to indicate that it has been shared.

! Configure a VPN connection


1. Log on to the domain as ComputerNameAdmin with the password P@ssw0rd. 2. Click Start, and then Control Panel. 3. In Control Panel, if in category view (blue background), click Switch to Classic View on the left, and then double-click Network Connections. 4. In Network Connections, click Create a new connection. 5. In the New Connection Wizard, click Next. 6. On the Network Connection Type page, click Connect to the network at my workplace, and then click Next. 7. On the Network Connection page, click Virtual Private Network connection, and then click Next. 8. On the Connection Name page, in the Company Name box, type Company VPN and then click Next. 9. On the Public Network page, click Do not dial the initial connection, and then click Next. 10. On the VPN Server Selection page, in the Host name or IP address box, type nwtraders.msft and then click Next. 11. On the Connection Availability page, click Anyones use, and then click Next. 12. On the Completing the New Connection Wizard page, click Finish. 13. In the Connect Company VPN window, click Cancel. 14. To view available options for the VPN connection, right-click the Company VPN icon and select Properties. 15. Close all windows and log off.

Module 7: Resolving Network Connectivity Issues

45

Lab: Resolving Network Connectivity Issues

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Scenario After completing this lab, you will be able to troubleshoot network connectivity issues. In the following exercises, you will examine sample phone calls from customers and determine the best solution for the customer. Write your answers in the blank spaces provided. Be prepared to discuss your solution with the class. You are a support technician for a small company. A user complains that she can no longer connect to the network. You walk her through using the ipconfig utility and determine that her IP address is 169.254.0.x. According to the network administrator, all IP addresses in the users segment should be in the range 192.168.10.1 to 192.168.10.254. How did the users IP address get changed? What steps should be taken to resolve this? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ The user has lost connectivity to the DHCP server and has received her IP address via Automatic Private IP Addressing. The DST should take steps to determine the cause of the loss of connectivity. Once connectivity is restored to the DHCP server, you can walk the user through renewing her IP address using the ipconfig command.

Exercise 1

46

Module 7: Resolving Network Connectivity Issues

Exercise 2

You are a DST for Contoso Ltd, a large company with several branch offices. You work at the main office and provide phone support for five of the branch offices. You receive a call from the office manager at one of the remote offices. She informs you that they can no longer browse the Internet. Each branch office has its own FTP site hosted from the local network at the branch. You are able to log on normally to the FTP site. You have the office manager try and ping the corporate Web site at www.contoso.com which is hosted from your location, and she cant. You then ask her to ping the IP address of the contoso.com Web server and that works fine. You have her ping other sites on the Internet using the IP addresses for those sites and they work also. Why are the users at the branch office unable to browse the Internet? What can be done to resolve this issue? ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ Because the user can ping Web sites using IP addresses but not using domain names, it is clear that the problem is with name resolution. Determine which DNS servers the users computers are configured to use by having the office manager do an ipconfig /all. If the DNS servers are public (on the Internet), then you can use the Nslookup utility to see if those servers are active. If they are using a local DNS server on their LAN, you might need to schedule a technician to go to the branch office and troubleshoot the DNS problem on the server.

Module 7: Resolving Network Connectivity Issues

47

Exercise 3

As a DST, you receive a call from a project manger in your company. The manager relies heavily on instant messaging to communicate with the employees on his team throughout the day. He has one employee who works from her home except on Fridays, which was not a problem until recently. The manager tells you that the employee had been using offline files and synchronizing the files every Friday, but that the IT department had recently set the employee up with a VPN connection so that she wouldnt have to use offline files. Now the employee is not able to use instant messaging. The project manger wants to know if there is anything that can be done. Why is the employee not able to use instant messaging while connected to the VPN? What can be done to resolve this issue? _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ _______________________________________________________________ By default, VPN connections are configured to use the default gateway on the remote network. This causes all Internet network traffic to be routed through the default gateway on the remote network, which is preventing the employee from accessing the Internet locally. To resolve this issue, you can have the employee use a gateway other than the default gateway on the remote network for the VPN connection. However, depending on firewall settings at the VPN server, it may be necessary to use the default gateway on the remote network in order to access resources. An alternative would then be to configure the VPN connection to use a proxy server on the remote network for Internet communication.

48

Module 7: Resolving Network Connectivity Issues

Course Evaluation

*****************************ILLEGAL FOR NON-TRAINER USE****************************** Your evaluation of this course will help Microsoft understand the quality of your learning experience. To complete a course evaluation, go to http://www.CourseSurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.