Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe

Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe Picture 1 Part 1: Introduction
Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe Picture 2 Part 2: Troubleshooting routing tables
Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe Picture 3 Part 3: Fix network connections

In the previous article we examined how to fix network connections using the Repair feature of the Windows network connection. This repair feature works by performing a series of tests to try and restore the network connection caused by a network configuration error on the client (problems with setting up DHCP or cache resolver) or machine master (name registered with WINS or DNS server). However, the Repair feature has some limitations:

• The results of the Repair process cannot be saved for review or reporting purposes.

• On many computers, the Repair process must be performed separately from each network connection.

• The number of tests performed by the Repair process is limited.

These limitations can be overcome by using Netdiag.exe, a network connection troubleshooting tool in the Windows support tools component. Netdiag performs a series of more extensive tests and more tests than the Repair process does. You can also send Netdiag.exe output to a text file so you can record the tests performed and its results.

Install Netdiag

Troubleshooting TCP / IP: Structural Methods - Part 4: Use Netdiag.exe Picture 4 You can install Netdiag through the Windows Support Tools, which are installed by double-clicking SupportToolsSUPTOOLS.MSI . Default Support Tools installs to %% SystermDrive Program FilesSupport Tools but it is also easy to install on % SystemDrive% Tools because the tools need to run from the command line and this makes it easier to enter the public link This tool to run them. If you only want to install Netdiag and do not want other support tools, you can double-click the SupportToolsSupport.cab file and then double-click Netdiag.exe to install the tool.

Learn about Netdiag

Netdiag performs a series of tests on the internal system adapter. When these tests are done, Netdiag performs a series of global connection checks to identify and resolve connectivity issues that may be caused by problems outside the internal system.

Netdiag first performs the following check on the local system network adapters.

• Ndis
• Ipconfig
• Autonet
• DefGw
• NbtNm
• WINS

When these tests are done Netdiag will perform a global connection check below:

• Member
• NetBTTransports
• Autonet
• IpLoopBk
• DefGw
• NbtNm
• Winsock
• DNS
• Browser
• DsGetDc
• DcKust
• Trust
• Kerberos
• Ldap
• Bindings
• WAN
• Modem
• IPSec

Details of issues related to the above tests are provided in the table below:

Check Name DescriptionAutonetCheck if APIPA is being used by the network adpapter.BindingsList of network links including interface names, lowercase module names and uppercase letters indicating which links are currently enabled and reporting links.BrowserLists all of the network protocols limited to the Browser and Redirector services.CollectDcListlist of domain controllers.DefGw

Verify connection with each default port configured

DNSVerify the suitability of the configured DNS server and verify the client's DNS registrations.DsGetDcObtain the name of the domain controller from the directory service then obtain the name of the PDC Emulator.Verify that the GUID domain name stored in Local Security Authority (LSA) is the same as the GUID domain name stored in DC.IpConfigList TCP / IP settings for each network adapter.IpLoopBkPing 127.0.0.1 revolving address for each adapter.IPSecCheck if IPsec is enabled and then list all active IPsec policies for the computer.IPXList statistics for IPX (if installed)KerberosVerify whether the Kerberos validation package is up to date.LdapContact all domain controllers and determine which LSAP authentication protocol is currently being used.MemberCheck to confirm the details of the primary domain, including computer role, domain name and domain GUID.Check if NetLogon service is started, add the primary domain name to the list of domains and query the main domain security identifier (SID).ModemProvides configuration information for each modem on the system.Perform actions like the nbtstat -n command such as verifying the name of the Workstation Service workstation like the computer name and verifying that the Messenger = Service name and the Server Service name are displayed on all interfaces and not any of those names are in conflict.NdisList details related to the configuration of each network adapter including name, configuration, medium, GUID and statistics.NetBTTransportsList all the limited transmission protocols with NetBIOS over TCP / IP (NetBT).NetstatLists current TCP / IP connections and protocol statistics.NetwareQuery the nearest Netware server (if used) for the current login information.RouteList all static routes in the routing table and indicate whether they are persistent or not.TrustCheck domain trust relationships and verify that the primary domain SID is correct.WANSummary of settings and status for each COM port currently in use.WINSVerifies the compatibility of the configured WINS server and verifies WINS guest registrations.WinsockDisplays protocols and ports that match the WinSock service

In addition to performing the above tests, Netdiag.exe also reports information regarding the system as listed below:

• NetBIOS name of the system
• DNS name of the system
• General system information
• The installed hotfix

Run Netdiag

The simplest way to run Netdiag is to not need any parameters, which will check the local network adapter on the system and then perform a series of global connection tests. The output during the process of running this command on the Windows Server 2003 member server is given below (the hotfix book has been truncated):

C: toolsnetdiag
......

Computer Name: SRV
DNS Host Name: SRV.contoso.com
System info: Microsoft Windows Server 2003 R2 (Build 3790)
Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes:
KB890046
KB893756
KB896358
.
KB925486
Q147222

Netcard queries test. . . . . . . : Passed

Per interface results:

Adapter: Local Area Connection

Netcard queries test. . . : Passed

Host Name. . . . . . . . . : SRV
IP Address. . . . . . . . : 172.16.11.31
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.16.11.1
Dns Servers. . . . . . . . : 172.16.11.32

AutoConfiguration results. . . . . . : Passed

Default gateway test. . . : Passed

NetBT name test. . . . . . : Passed
[WARNING] At least one of the 'WorkStation Service', 'Messenger Service', 'WINS' names is missing.

WINS service test. . . . . : Skipped
Không có máy phục vụ WINS cấu hình cho giao diện này.

Global results:

Domain membership test. . . . . . : Passed

NetBT transports test. . . . . . . : Passed
Cấu hình của NetBt hiện thời được xác định:
NetBT_Tcpip_ {64B5D4FF-0014-4CC2-BB8D-9FB0C67CB75E}
1 NetBt hiện thời hiện được cấu hình.

Autonet address test. . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test. . . . . . . : Passed

NetBT name test. . . . . . . . . . : Passed
[WARNING] You do not have một giao diện chỉ với 'WorkStation Service', 'Messenger Service', 'WINS' names defined.

Winsock test. . . . . . . . . . . : Passed

DNS test. . . . . . . . . . . . . : Passed

Redir and Browser test. . . . . . : Passed
Danh sách các giao dịch của NetBt hiện thời được kết nối đến Redir
NetBT_Tcpip_ {64B5D4FF-0014-4CC2-BB8D-9FB0C67CB75E}
The redir is bound to 1 NetBt transport.

Danh sách các giao dịch của NetBt hiện thời được kết nối đến Browser
NetBT_Tcpip_ {64B5D4FF-0014-4CC2-BB8D-9FB0C67CB75E}
The browser is bound to 1 NetBt transport.

DC discovery test. . . . . . . . . : Passed

DC list test. . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Secure channel for domain 'CONTOSO' is to 'DC-1A.contoso.com'.

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed

Bindings test. . . . . . . . . . . : Passed

WAN configuration test. . . . . . : Skipped
Không hoạt động từ xa kết nối.

Modem diagnostics test. . . . . . : Passed

IP Security test. . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?"để biết thêm thông tin chi tiết

The command completed successfully

Note that running an NbtNm test will give you the following results:

NetBT name test......: Passed
[WARNING] At least one of the 'WorkStation Service', 'Messenger Service', 'WINS' names is missing.

This warning is not really a problem because the Messenger service does not run on Windows Server 2003 by default, so no names are registered for it.

There are several ways you can run Netdiag like:

• Netdiag / q performs checks in quiet mode and only reports errors.

• Netdiag / v performs checks in specific mode and provides additional details.

• Netdiag / test: test_name (s) performs standard checks and then they perform the specified tests.

• Netdiag / skip: test_name (s) performs a standard test against global checks except for the specified tests (Although some tests cannot be ignored like Member, Ndis and NetBTTransports)

• Netdiag / fix does all the global and standard checks, trying to fix any problems it finds.

For example, running the Netdiag / q test on the above system gives the following results:

C: toolsnetdiag / q
......

Computer Name: SRV
DNS Host Name: SRV.contoso.com
System info: Microsoft Windows Server 2003 R2 (Build 3790)
Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes:
KB890046
KB893756
KB896358
.
KB925486
Q147222

Per interface results:

Adapter: Local Area Connection

Host Name.........: SRV
IP Address. . . . . . . . : 172.16.11.31
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.16.11.1
Dns Servers........: 172.16.11.32

WINS service test.....: Skipped

Global results:
[WARNING] You do not have một giao diện chỉ với 'WorkStation Service', 'Messenger Service', 'WINS' names defined.

IP Security test.........: Skipped

The command completed successfully

Other examples of Netdiag

The best way to learn how to interpret Netdiag output is to try to run it under different test scenarios. Here are a few examples in different scenarios and output from this tool. These scenarios are performed by running Netdiag on the member server in a Windows Server 2003 domain, the output is truncated only highlighting the error messages reported by the tool.

1. Outputs when running netdiag / q with an offline domain controller :

Global results:
[WARNING] You do not have một giao diện chỉ với 'WorkStation Service', 'Messenger Service', 'WINS' names defined.

Redir and Browser test......: Failed
[FATAL] Cannot send mailslot message to 'CONTOSO * MAILSLOTNETNETLOGON' via redir.[ERROR_BAD_NETPATH]

DC discovery test.........: Failed
[FATAL] Không tìm thấy DC trong miền 'CONTOSO'.[ERROR_NO_SUCH_DOMAIN]

DC list test...........: Failed
'CONTOSO': Cannot find DC để lấy danh sách DC từ [thử skipped].

Trust relationship test......: Failed
[FATAL] Secure channel to domain 'CONTOSO' is broken.[RPC_S_SERVER_UNAVAILABLE]

Kerberos test...........: Skipped
'CONTOSO': Cannot find DC để lấy danh sách DC từ [thử skipped].

LDAP test.............: Failed
Không tìm thấy DC để chạy LDAP tests trên.Gặp lỗi đã là: Những tên đã xác định mà không tồn tại hoặc không thể được liên kết.

[WARNING] không thể tìm thấy DC trong miền 'CONTOSO'.[ERROR_NO_SUCH_DOMAIN]

2. Output when running netdiag / q with the wrong default port configured on the system :

Default gateway test.......: Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have not connected to other network segments.
Nếu bạn cấu hình chế độ IP IP
bạn cần thêm vào một ít nhất một gateway hợp lệ.
[WARNING] You do not have một giao diện chỉ với 'WorkStation Service', 'Messenger Service', 'WINS' names defined.

DC list test...........: Failed
Lỗi kết nối DCs bởi sử dụng một Browser.[ERROR_REQ_NOT_ACCEP]

3. Output when running netdiag / q with Computer Browser service not running on the system :

Global results:
[WARNING] You do not have một giao diện chỉ với 'WorkStation Service', 'Messenger Service', 'WINS' names defined.

DC list test...........: Failed
Lỗi kết nối DCs bởi sử dụng một Browser.[NERR_ServiceNotInstalled]

4. Output when running netdiag / q with the computer account for the system disabled in Active Directory on startup

Global results:
[WARNING] Bạn không có một giao diện đơn với việc 'WorkStation Servi
ce ',' Messenger Service ',' WINS 'names defined.

Trust relationship test......: Failed
Không thể thử thông báo channel cho miền 'CONTOSO' to DC 'DC-1A'. [ERROR_NO_LOG
ON_SERVERS]

Kerberos test...........: Failed
[FATAL] Không thể lấy khóa Cache từ Kerberos.
Lỗi lỗi đã là: (null)

Conclude

Netdiag.exe is a useful tool for troubleshooting network connectivity problems on Windows. We recommend readers of this article to try and find more scripts similar to some of the examples above to increase their understanding of the features of this tool and how to use it.

( Also )