Windows IT Pro
Windows IT Library
  - Advertise        
Windows IT Pro Logo

  Home  |   Books  |   Chapters  |   Topics  |   Authors  |   Book Reviews  |   Whitepapers  |   About Us  |   Contact Us

search for  on    power search   help
  






Troubleshooting Microsoft TCP/IP
View the book table of contents
Author: Kostya Ryvkin
Dave Houde
Tim Hoffman
Published: July 1999
Copyright: 1999
Publisher: Prentice Hall PTR
 


TESTING TCP/IP NAME RESOLUTION

Once IP-level connectivity has been checked, you should examine name resolution. Most name resolution problems occur because the computer cannot resolve the host name or NetBIOS name into the IP address.

NetBIOS Name Resolution Problems
If you can ping a computer by its IP address, but not its NetBIOS name, you may want to check that the target host is NetBIOS-enabled and ensure that the scope ID on the source and target computers is the same. If scope IDs don’t match, you probably have a NetBIOS name resolution problem.

Verify that the NetBIOS name-to-address mapping is available through broadcast, WINS, or the LMHOSTS file. If you have a WINS server, check that it is operational and that the local computer has been assigned the proper WINS server address.

If you suspect trouble with the LMHOSTS file, check that it is located in %systemroot%/system32/drivers/etc. Check that the file format matches the sample format originally installed with TCP/IP. Check for spelling errors, invalid addresses, and identifiers. (Remember, the LMHOSTS file is parsed from the beginning, so if duplicate entries exist, only the first one is considered.) Check for capitalization errors (although the NetBIOS names in the LMHOSTS file are not case-sensitive, entries like #PRE and #DOM are). Finally, ensure that LMHOSTS file has no extension. It is easy to edit and save the LMHOSTS file with the default .txt extension (especially when using an editor like Notepad). If you do this, the file will NOT be recognized as an LMHOSTS file.

Note: The LMHOSTS file does not support aliases for NetBIOS names. You must provide the actual NetBIOS name of each computer.

In some cases, NetBIOS name resolution works but is extremely slow. This could be caused by the large number of #INCLUDE tags and other entries in the LMHOSTS file. To correct the problem, place the most commonly used names closer to the beginning of the LMHOSTS file. Optionally you can use the #PRE tag to force entries to be pre-cached.

You can use the NBTSTAT utility to check the state of current NetBIOS over TCP/IP connections, update the LMHOSTS cache, and determine the registered name and scope ID.

The NBTSTAT utility has many switches, which can be viewed by typing NBTSTAT without arguments.

        
C:\WINNT>nbtstat 
NBTSTAT [-a RemoteName] [-A IP address] [-c] [-n] [-r]  
[-R] [-RR] [-s] [-S] [interval]] 
-a	(adapter status) Lists the remote machine’s name table given its name 
-A (adapter status)	Lists the remote machine’s name table given its IP address. 
-c (cache)	Lists the remote name cache including the IP addresses 
-n (names)	Lists local NetBIOS names. 
-r (resolved)	Lists names resolved by broadcast and via WINS 
-R (Reload)	Purges and reloads the remote cache name table 
-S (Sessions)	Lists sessions table with the destination IP addresses 
-s (sessions)	Lists sessions table converting destination IP
                addresses to host names via the hosts file. 
-RR		Sends Name Release packets to WINs and then, starts Refresh 
(ReleaseRefresh)                    
RemoteName	Remote host machine name. 
IP address	Dotted decimal representation of the IP address. 
Interval	Redisplays selected statistics, pausing interval seconds
                between each display. Press Ctrl+C to stop redisplaying
                statistics.
For example, you can type NBTSTAT -n to display the names that were registered locally on the system by applications, such as the server and redirector. Typing NBTSTAT -c shows the NetBIOS name cache, which contains name-to-address mappings for other computers. Typing NBTSTAT -R purges the name cache and reloads it from the LMHOSTS file.

Host Name Resolution Problems
If you can ping a computer by its IP address, but not by its host name, you have a host name resolution problem. In this case, you should check that host name-to-address resolution is possible by means of a DNS server, a HOSTS file, or through NetBIOS methods.

If a HOSTS file is your primary method of host name resolution, check that the entries use the proper sequence and delimiters. If you use DNS, verify that the DNS server is operational.

Note: Even if other methods of host name resolution are available, you should check that the DNS server is on-line and functioning. A DNS client (resolver) has a certain timeout before passing control to other methods. If the client is configured to use DNS, but the DNS server is unreachable, the client may experience long delays in host name resolution.

You can use NSLOOKUP to check records, domain host aliases, domain host services, and operating system information by querying the Internet domain name servers.

Another problem can occur when a TCP/IP connection to a remote system appears to be "hung." In this case, you can type NETSTAT-a to see the status of all activity on TCP and UDP ports on the local system. Good TCP connections usually appear with 0 bytes in queues. Large data blocks in either send or receive queues may indicate a connection problem or network delay. NETSTAT has several command line switches:


C:\>netstat -? 
Displays protocol statistics and current TCP/IP network
connections.NETSTAT [-a] [-e] [-n] [-s] [-p proto] [-r] [interval]
—a	Displays all connections and listening ports. (Server-side
connections are normally not shown). (SP 3 only) 
—e	Displays Ethernet statistics. This may be combined with the -s option.
—n	Displays addresses and port numbers in numerical form. 
—p proto	Shows connections for the protocol specified by proto;
proto may be tcp or udp. If used with the -s option to display
per-protocol statistics, proto may be tcp, udp, or ip.
—r	Displays the contents of the routing table. 
—s	Displays per-protocol statistics. By default, statistics are
shown for TCP, UDP and IP; the -p option may be used to specify a subset
of the default.
Interval	Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying statistics. If
omitted, netstat will print the current configuration information once.
For example, the following command displays the IP protocol statistics:


C:\WINNT\>netstat -s -p ip 
IP Statistics 
  Packets Received                   		= 4383117 
  Received Header Errors              		= 4154 
  Received Address Errors             		= 311 
  Datagrams Forwarded                 		= 0 
  Unknown Protocols Received          		= 0 
  Received Packets Discarded          		= 0 
  Received Packets Delivered          		= 4378963 
  Output Requests                     		= 4865242 
  Routing Discards                    		= 0 
  Discarded Output Packets            		= 0 
  Output Packet No Route              		= 0 
  Reassembly Required                 		= 0 
  Reassembly Successful               		= 0 
  Reassembly Failures                 		= 0 
  Datagrams Successfully Fragmented   		= 0 
  Datagrams Failing Fragmentation     		= 0 
  Fragments Created                   		= 0
Session Communications Problems
Sometimes you can ping a target computer by an IP address and by name, but you cannot establish a session. For example, you are unable to ftp the target host. In this case, you probably have a session problem. You may want to check that the correct services are running on the target computer and that you have the proper permissions to access it. Sometimes you are unable to connect because the maximum number of licenses is reached on the target computer. If the remote host is a UNIX-based machine, check that the appropriate daemon is configured and running.

Other Tools
Event Viewer
You can use Windows NT Event Viewer to browse system information about TCP/IP. Important TCP/IP events, such as duplicate IP address, are recorded to the Event Log. (See Figure 8.)

Performance Monitor
The Windows NT Performance Monitor has many TCP/IP-related counters and also can be used to troubleshoot TCP/IP networks. Since it accesses statistics that have been gathered by the SNMP Agent, the SNMP service must be installed on computers that are to be monitored. Performance counters are available for the IP, ICMP, UDP, TCP, and other protocols of the TCP/IP suite. You can observe TCP/IP counters and thus monitor the overall health of your system. One of the features of Performance Monitor is that it allows counters from various systems to be monitored from a single management window. It also permits you to set alerts for the counters being monitored. For example, you can set an alert when the number of TCP connection failures exceeds a predefined value.

Network Monitor
If you are unable to solve your problem using the tools discussed, you may want to try Network Monitor to capture the network traffic and analyze it at the packet level. If the problem is beyond your capability, you can send the capture to a network analyst or support organization.


SUMMARY

This chapter summarized common TCP/IP-related problems. We learned quite a bit about major TCP/IP faults and the methods of correcting them. You learned to troubleshoot a TCP/IP network by checking lower-level functions such as link reliability first and then to progress to IP connectivity checks, and routing and name resolution tests. We discussed the typical symptoms of some TCP/IP-related problems. Understanding the symptoms, you can frequently solve network problems without even touching a machine.


REVIEW QUESTIONS

  1. You run IPCONFIG on your Windows NT Server computer and get the following output:

    C:\WINNT>ipconfig 
	Windows NT IP Configuration 
	Ethernet adapter Elnk31: 
		IP Address. . . . . . . . . : 0.0.0.0 
		Subnet Mask . . . . . . . . : 0.0.0.0 
		Default Gateway . . . . . . :
    What is the most likely cause of this?

    1. Duplicate subnet mask

    2. TCP/IP is not installed on this computer

    3. Default gateway is missing

    4. This computer was unable to get the IP address from the DHCP server


  2. Which utility is used to identify the subnet mask?

    1. D Network Monitor

    2. D IPCONFIG

    3. D PING

    4. D Event Log


  3. Which address symbolizes the loopback address?

    1. 127.0.0.1

    2. 255.255.255.255

    3. 255.255.0.0

    4. 0.0.0.0

    5. 176.20.0.10


  4. Your computer is configured to use WINS, DNS, HOSTS, and LMHOSTS files for name resolution. You launch a command prompt and try to ping your neighbor’s computer (located in the same subnet) by using its NetBIOS name (ping mctcomp). The ping command hangs for about a minute and then gives you four successful pings. What is the most likely reason on such delay?

    1. DNS server is unreachable

    2. WINS server is unreachable

    3. The broadcast name resolution is a very slow method

    4. PING cannot use NetBIOS names


  5. You are the administrator of the network illustrated in Figure 9.

    Using FTP client software, your workstation cannot connect to the FTP server in the remote subnet. You can, however, connect to the FTP server by using Windows NT Explorer. What is the most likely reason for this behavior?

    1. The computer running the FTP server is down

    2. Your workstation does not have the default gateway

    3. Your workstation is not configured to use DNS

    4. Your workstation has a duplicate IP address


  6. You can successfully ping all workstations in your subnet and most remote subnets in your intranet. You cannot, however, ping all remote subnets in your intranet. All other computers are able to ping each other. What is the most likely reason of this problem?

    1. You computer has an invalid subnet mask

    2. You computer has a duplicate IP address

    3. The router is down

    4. Your computer is not using WINS


  7. Which utility would you use to check how your computer registers its NetBIOS name?

    1. NBTSTAT

    2. NETSTAT

    3. NSLOOKUP

    4. IPCONFIG


  8. You use Microsoft Network Monitor and you discover that your computer sends an ARP request for the default gateway address every time it attempts to contact another machine. What could be the problem?

    1. Your workstation is not TCP/IP-enabled

    2. Your workstation does not use DNS

    3. Your workstation has an invalid subnet mask

    4. There is no problem, this is normal


  9. Your computer has an invalid subnet mask. Which statement(s) is (are) true?

    1. Your computer cannot communicate with all other computers

    2. Your computer can only communicate with remote computers

    3. Your computer can only communicate with local computers

    4. Your computer possibly cannot communicate with some or all computers


  10. You try to map a network drive to the computer named RED that is located on the remote subnet, but you fail. Your computer is not WINS-enabled, but it uses an LMHOSTS file. You check the TCP/IP configuration and discover that your computer has received valid TCP/IP parameters from the DHCP server. What should you check next?

    1. Check that the DHCP server is turned on and functional

    2. Check that an entry for RED is present and has the correct mapping in the LMHOSTS file.

    3. Check that your computer is NOT using broadcasts for name resolution

    4. Check if RED is WINS-enabled


  11. A user is complaining that she is not able to connect to the corporate file server with Windows NT Explorer. From her computer you check that you are able to ping the corporate file server. What else should you check?

    1. Check that the route to the corporate file server is configured

    2. Check that the user’s computer is configured to use WINS

    3. Check that the user’s computer has a valid LMHOSTS file

    4. Check that the user’s computer has a valid subnet mask


  12. You are the administrator of the network shown in Figure 10. You are sitting at the computer named WKS1. You are able to access all computers in your intranet, but you are not able to access Server RED. What is the most likely reason for this?

    1. DHCP server is in another network segment

    2. WINS server is in another network segment

    3. No route configured to the subnet with Server RED

    4. File LMHOSTS is corrupted


  13. You can successfully ping Mary’s computer, but when you use the net use command to connect to it you fail. You check that you are able to FTP her computer by name. What should you check next?

    1. Check that Mary’s computer is NetBIOS-enabled

    2. Check that your computer uses DNS

    3. Check that both computers are using the same scope ID

    4. Check that the link between these two computers is not broken


  14. You suspect that your computer has a duplicate IP address. Which application can you use to check it?

    1. Network Monitor

    2. Performance Monitor

    3. Event Viewer

    4. Server Manager


  15. When you type the command net use z: \\SRV\Public on your Windows NT computer, you connect to the computer named SRV. But, when you use ftp SRV you connect to a computer named RED. What is the most likely reason of this problem?

    1. LMHOSTS file is missing

    2. HOSTS file has an invalid entry

    3. LMHOSTS file has duplicate entries

    4. Server SRV is not a WINS client


  16. You’ve decided to build an intranet server for your organization. Your users use Microsoft Internet Explorer on a mixture of Windows 95, Windows 98, and Macintosh-based computers

    and will access your server using its host name. What service(s) should you install for efficient name resolution? (Select all that apply.)

    1. WINS

    2. SNMP

    3. DHCP

    4. DNS


  17. Linda is installing a Windows NT server on her network to act as a print server for a TCP/IP network printer. What should Linda install to permit users to send their documents to the server and have it forward their documents to the printer?

    1. LPR utility

    2. SNMP service

    3. TCP/IP Print Server

    4. DHCP


  18. Jim has just built a Windows NT network consisting of seven subnets, each with its own domain controller. He wants to ensure each machine can browse every other machine and make a peer-to-peer connection. He wants the network to automatically register and resolve computer names and to maintain them in a central database. What should Jim install on the network?

    1. SQL servers

    2. DNS servers

    3. WINS servers

    4. DHCP servers

    5. SNMP servers


  19. You decide to use the Windows NT Performance Monitor to monitor TCP/IP network activity on your computer. What should you install?

    1. Network Monitor tools and agent

    2. SMTP

    3. DHCP

    4. SNMP


  20. Sandy’s TCP/IP network has grown significantly in recent months and the job of managing TCP/IP configuration on all the network computers has taken valuable time from her other network management duties. What should Sandy install to reduce her workload?

    1. Netmon

    2. DHCP

    3. SNMP

    4. WINS

    5. A default gateway


  21. Vickie has just added a second subnet to her network and finds her DHCP server doesn’t service clients on the new subnet. She creates a DHCP scope for the new subnet but still cannot get DHCP information to the new subnet. What should she add to the new subnet to solve this problem?

    1. WINS proxy service

    2. DHCP Relay Agent service

    3. DNS forwarders

    4. SNMP service


  22. Your LMHOSTS files are becoming difficult to manage because of frequent changes in your network. You decide to implement something to reduce the administrative workload of maintaining these files. What should you install?

    1. HOSTS files

    2. WINS

    3. DNS

    4. DHCP

    5. A b-node


  23. You want to allow some of your users to dial in to your network from home. What service should you install?

    1. DNS

    2. RAS

    3. FTP

    4. LPQ

ANSWERS TO REVIEW QUESTIONS

1. D
2. B
3. A
4. A
5. C
6. A
7. A
8. C
9. D
10. B
11. B, C
12. C
13. A, C
14. C
15. B
16. A, D
17. C
18. C
19. D
20. B
21. B
22. B
23. B

Page: 1, 2		  



ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? Get expert legal advice and better understanding of what you are required to do as an IT professional.

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Sustainable Compliance: Are You Having a Resource Crisis?
Read this white paper to examine trends in compliance and security management and review approaches to reducing the cost and operational burden of compliance.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Windows IT Pro Home Register About Us Affiliates / Licensing Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing