640 Chapter 13 • Windows 2000 TCP/IP Fast Track
■
Client Services for NetWare (CSNW)
■
Gateway Services for NetWare (GSNW)
■
NWLink (Microsoft’s implementation of the IPX/SPX protocol)
■
File and Print Services for NetWare (FPNW)
■
Microsoft Print Services for UNIX (LPD and LPR services)
SNA (Systems Network Architecture) is a separate software package
from Microsoft that can be used to connect Windows PC networks to IBM
mainframe networks.
General Troubleshooting Guidelines
Troubleshooting TCP/IP and other network problems is made easier if
you follow the Ten Commandments of Troubleshooting:
1. Know thy network.
2. Use the tools of the trade.
3. Take it one change at a time.
4. Isolate the problem.
5. Recreate the problem.
6. Don’t overlook the obvious.
7. Try the easy way first.
8. Document what you do.
9. Practice the art of patience.
10. Seek help from others.
Troubleshooting Resources
There is a great deal of troubleshooting information for TCP/IP issues in
general and for Windows 2000-specific problems. Be sure to take advan-
tage of the following:

■
Microsoft documentation, including Help files, the Resource Kits,
white papers, TechNet, official newsgroups, and the Microsoft
Web site
■
Third-party documentation, including Internet mailing lists,
Usenet public newsgroups, Web resources, local user groups,
and books and magazines
91_tcpip_13.qx 2/25/00 11:21 AM Page 640
Windows 2000 TCP/IP Fast Track • Chapter 13 641
Troubleshooting Models
Following a set procedure allows you to organize the troubleshooting
process and makes it less likely that you will overlook something impor-
tant along the way. The problem-solving models used by other professions
can be applied to network troubleshooting as well, as discussed in the fol-
lowing sections.
Differential Diagnosis Model
This model is used in the medical field and consists of the following steps:
1. Examination
2. Diagnosis
3. Treatment
4. Followup
These same steps can be used in solving TCP/IP connectivity prob-
lems.
SARA Model
This model is popular in the criminal justice world, in use by law enforce-
ment agencies practicing community-oriented policing. It includes the fol-
lowing steps:
1. Scanning
2. Analysis

3. Response
4. Assessment
Comparing the models, you see that although the terminology differs,
the actual steps involve the same processes. Problem-solving basics are
the same regardless of the type of problem.
Information-Gathering Tips
Gathering information is always one of the first steps in problem solving.
In network troubleshooting, as in most areas, this involves asking ques-
tions.
Questions to Ask
What questions to ask (and of whom) vary according to the situation, but
the following can serve as a guideline to get you started:
■
Exactly what task were you trying to perform when the problem
occurred?
91_tcpip_13.qx 2/25/00 11:21 AM Page 641
642 Chapter 13 • Windows 2000 TCP/IP Fast Track
■
Were you doing anything else in addition to this primary task at
the time?
■
What error message(s), if any, were displayed?
■
Is anyone else on the network experiencing the same problem?
■
Have you ever been able to perform this task on this computer?
■
When was the last time you were able to do so?
■
What changes have occurred since the last time you were able to

do so?
Log Files
The Windows 2000 log files provide information that may be helpful in
troubleshooting. These files are accessed via the Event Viewer, and
include the following logs:
■
System log
■
Application log
■
Security log
Organizing Information
In order to make a diagnosis or analysis of the information, you must
organize it in a logical manner. This means learning to sift through and
discard irrelevant information, and looking for patterns in the data. This
also means setting priorities according to such factors as who is affected
by the problem, how many are affected by the problem, what production
activities are affected by the problem, and how often the problem occurs.
Solutions, once formulated, should also be prioritized according to
cost, time involved, longevity, and long-term effect on performance.
Forms and Check Lists
You can devise forms and check lists to guide you through the trou-
bleshooting process in an organized manner, or you can use the ones
supplied in Chapter 3, “General Windows 2000 TCP/IP Troubleshooting
Guidelines.” Forms are useful in helping you to gather information, and
check lists force you to approach problem solving in a methodical, step-
by-step way that is more conducive to success.
91_tcpip_13.qx 2/25/00 11:21 AM Page 642
Windows 2000 TCP/IP Fast Track • Chapter 13 643
Inside TCP/IP

The Windows 2000 implementation of TCP/IP supports a large number of
Internet standards as outlined in various RFCs. For a list of those docu-
ments, see Chapter 4, “Windows 2000 TCP/IP Internals.”
Windows 2000 Enhancements
The following are some of the most exciting enhancements Microsoft has
made to the TCP/IP stack:
■
Scalable TCP window size and timestamping (RFC 1323)
■
Selective Acknowledgments (RFC 2018)
■
Support for IP over ATM (RFC 1577)
■
TCP fast retransmit
■
Quality of service (QoS)
■
Resource Reservation Protocol (RSVP)
■
IPSec
■
NDIS 5.0 support
Inside IP
IP operates at the Internetwork layer and is responsible for routing pack-
ets to their destination addresses.
CIDR Support
IP in Windows 2000 supports Classless Interdomain Routing (CIDR),
which is a way of aggregating routes once designated as class C networks
using “supernetting” to create larger networks by “stealing” bits from the
network portion of the IP address to allow for more Host IDs.

CIDR is useful for the following purposes:
■
Smaller Internet routing tables
■
Less updating of external routes
■
More efficient allocation of address space
■
Increase in number of available (host) Internet addresses
Multihoming
A computer that has multiple IP addresses is called a multihomed host.
This can be a computer with more than one NIC, or a computer that has
multiple IP addresses assigned to one NIC. Windows 2000 supports both
types of multihoming.
91_tcpip_13.qx 2/25/00 11:21 AM Page 643
644 Chapter 13 • Windows 2000 TCP/IP Fast Track
A multihomed computer with two NICs can act as a router, passing
transmissions from one subnet to another.
IP Multicasting
Multicasting refers to sending data to multiple destinations on the net-
work at the same time, using a single multicast address. Computers are
designated as members of a multicast group, and only group members
receive the messages. A computer can belong to multiple multicast groups
simultaneously.
There are two types of multicast groups: permanent and transient.
The Internet Group Management Protocol (IGMP) is used to manage mul-
ticast membership. The multicast address range consists of the class D
addresses 224.0.0.0 through 239.255.255.255.
Windows 2000 includes the following utilities that are useful in trou-
bleshooting multicast transmissions:

■
MRINFO
■
NETSH ROUTING IP MIB SHOW MFE
■
NETSH ROUTING IP MIB SHOW MFESTATS
■
NETSH ROUTING IP MIB SHOW JOINS
Duplicate Address Detection
In order for computers to communicate on a TCP/IP network, each net-
work interface must have a unique IP address. Windows 2000 uses a
“gratuitous ARP broadcast” when a computer comes online to detect
whether another computer is already using the IP address it is configured
to use. If there is duplication, the second computer with the IP address
will not be allowed to use it.
Inside TCP and UDP
TCP and UDP are Host-to-Host (Transport) layer protocols. They handle
flow control and provide for reliable end-to-end communications.
TCP
TCP is a connection-oriented protocol that handles important one-to-one
communications such as logons, file and printer sharing, and replication.
Windows 2000 TCP includes dead gateway detection, delayed acknowledg-
ments, TCP keep-alives, and avoidance of the Silly Window Syndrome.
UDP
UDP is a connectionless protocol used for broadcast transmissions and
other situations where guaranteed delivery is not required. UDP doesn’t
91_tcpip_13.qx 2/25/00 11:21 AM Page 644
Windows 2000 TCP/IP Fast Track • Chapter 13 645
break messages into smaller chunks and reassemble them on the other
end as TCP does. UDP is faster than TCP, but less reliable.

Both UDP and TCP provide for ports to differentiate between multiple
connections using the same IP address.
TCP/IP Registry Settings
TCP/IP gets configuration information from the Windows Registry. You
can use a Registry Editor to change the behavior of the Windows 2000
TCP/IP stack, but this should be done with caution.
See Chapter 4 for a listing of Registry settings that can be changed,
and instructions on how to do so.
Network Monitoring Tools
Windows 2000 includes various tools and utilities that can be used to
verify connectivity, gather information, monitor performance, and even
analyze the packets themselves to assist you in troubleshooting your
TCP/IP network.
These include graphic tools such as Network Monitor, Event Viewer,
and the Performance console (also called System Monitor), as well as
command-line utilities standard to the TCP/IP suite.
Monitoring Guidelines
Monitoring network activity gives you a chance to gather information over
a period of time, detect and analyze patterns, and compare changes.
Baselining
The first step in any monitoring program is to establish a baseline; this
can be described as the process of collecting information about the
“patient” (the network) before it gets sick. Gather your baseline informa-
tion when the network is working properly, so you can use it for compari-
son purposes when things go wrong.
Documentation
Be sure to document everything you do, and keep your documentation
orderly and organized. This will assist you in maintaining the network
and allow you to quickly and efficiently return to previous measures.
Performance Logs and Alerts

The administrative tool formerly known as Performance Monitor, now
called the System Monitor or listed simply as “Performance” in the MMC,
91_tcpip_13.qx 2/25/00 11:21 AM Page 645
646 Chapter 13 • Windows 2000 TCP/IP Fast Track
can be used to obtain real-time data on network performance parameters.
This information can be saved in a file for later analysis.
The System Monitor can also be configured to alert you when counters
reach a specified limit.
Network Monitor
The Microsoft Network Monitor is a software protocol analyzer that allows
you to capture and analyze traffic on your network. The Network Monitor
is a very useful tool for assessing the activity on the network. You can use
the tool to collect network data and analyze it on the spot, or save your
recording activities for a later time. It allows you to monitor network
activity and set triggers for when certain events or data cross the wire,
which could be useful if you are looking for certain “key words” in e-mail
communications moving through the network.
The Network Monitor program allows you to capture only those frames
that you are interested in, based on protocol or source or destination
computer. You can apply even more detailed and exacting filters to data
that you have finished collecting, which allows you to pinpoint the precise
elements you might be looking for in the captured data.
Network Monitor is not installed by default. If it isn’t installed on your
computer, you can install it via the Add/Remove Programs applet in the
Control Panel.
There are two types of filters used by Network Monitor: capture filters
and display filters.
Capture Filters
The purpose of the capture filter is to limit the frames that are actually
saved in the capture buffer. This allows you to make better use of your

buffer space, because the limited amount of buffer you have can be
devoted to looking at the precise targets of interest. It also reduces the
amount of “extraneous” information that could cause you to overlook
something important during your investigations.
You can filter the capture information in two ways: by machine
address pairs, or by a specified pattern in the frames that are examined
during the capture sequence.
Display Filters
The display filter allows us to look for very specific elements of the cap-
tured data and allows for a much more refined filtering than we can
accomplish with the capture filter. A display filter can be used as a data-
base search tool, where the capture frames are the data in our database.
91_tcpip_13.qx 2/25/00 11:21 AM Page 646
Windows 2000 TCP/IP Fast Track • Chapter 13 647
Event Viewer
The Event Viewer can be used to check on the status of a number of net-
work services. Windows 2000 systems are configured to report significant
fault situations to the event viewer. You should make it a regular practice,
perhaps the first thing you do every day, to check out the Event Viewer
on all of your primary servers to see if any of the Windows 2000 services
running on these servers are reporting error conditions.
The Event Log does contain an added feature over what was found in
Windows NT: the DNS log. Because of the added importance of DNS in
the normal functioning of domain-related activity, Microsoft deemed the
DNS service important enough to warrant its own log in the Event Viewer.
TCP/IP Utilities
The group of command-line TCP/IP utilities included with Windows 2000
is similar to those available in Windows NT 4.0. We have the familiar set
of TCP/IP tools, such as:
■

PING
■
NSLOOKUP
■
TRACERT
■
ARP
■
IPCONFIG
■
NBTSTAT
■
NETSTAT
Each of these basic TCP/IP command-line tools has either the same
or enhanced functionality compared to what it could do in Windows NT
4.0. In addition to these tools, Windows 2000 offers some new command-
line TCP/IP tools, including PATHPING and NETDIAG.
For detailed information on how to use these command-line utilities in
troubleshooting TCP/IP problems, see Chapter 5, “Using Network
Monitoring and Troubleshooting Tools in Windows 2000.”
Name Resolution Problems
Name resolution problems are one of the most common causes of the
inability to connect to another TCP/IP computer on the network. These
problems fall into one of two categories: NetBIOS name resolution and
host name resolution.
In Windows 2000, as in other Windows operating systems, NetBIOS
resolution is handled primarily by WINS, the Windows Internet Name
91_tcpip_13.qx 2/25/00 11:21 AM Page 647
648 Chapter 13 • Windows 2000 TCP/IP Fast Track
Service; and host name resolution is handled by the Domain Name

System service, DNS (or its updated incarnation, Dynamic DNS).
WINS and NetBIOS Name Resolution
A NetBIOS name server is a computer that maintains a database of
NetBIOS names and matching IP addresses. WINS is the best known and
most widely used NetBIOS name server. Windows 2000’s implementation
of WINS complies with RFC 1001/1002 and contains new features not
included in WINS in NT 4.0.
Components of network communications that are involved with
NetBIOS name resolution include:
■
The TCP/IP protocol stack
■
NetBIOS over TCP/IP (also called NetBT)
■
WINS and DNS servers
■
Broadcasts
■
LMHOSTS and HOSTS files
■
The Browser service
■
The Server and Workstation services
■
My Network Places
■
The “net” commands (net use, net view, net send)
■
The Alerter service
This list can provide a starting point in troubleshooting NetBIOS name

resolution problems. To prevent or solve NetBIOS name resolution prob-
lems, follow these guidelines:
■
Don’t multihome your WINS server(s).
■
Use a WINS proxy agent on network segments that have non-
WINS clients.
■
Avoid static records in the WINS database.
■
Define replication partners based on link factors.
■
Avoid split registration.
■
Use the “hub and spoke” model in multisite environments.
■
Configure your DNS servers to resolve NetBIOS names.
■
Don’t multihome the master browser(s).
■
Use manual tombstoning instead of deleting records.
■
Consider all the ramifications before disabling NetBT.
91_tcpip_13.qx 2/25/00 11:21 AM Page 648
Windows 2000 TCP/IP Fast Track • Chapter 13 649
DNS and Host Name Resolution
The NetBIOS namespace is “flat,” but DNS uses a hierarchical (multilevel)
namespace. DNS resolves Fully Qualified Domain Names (FQDNs) to IP
addresses. These names are in the format myserver.mydomain.com.
The Windows 2000 DNS is standards-based and is now capable of

dynamic update (hence the new name, Dynamic DNS, or DDNS). DNS is
used for resolution of names on the global Internet, and in Windows 2000
has moved to the forefront as the name resolution method of choice for
Microsoft networks as well.
Resolving Host Names to IP Addresses
DNS clients can resolve a host name to IP address in several ways. The
Windows 2000 DNS client service features a caching resolver, which
keeps a list of recently resolved host names and IP addresses. If a sought-
after mapping is not there, the client will query a DNS server. If the DNS
server can’t resolve the name, the client will go through NetBIOS name
resolution sequence and attempt to resolve the name using the WINS
server, broadcasts, or LMHOSTS files.
There are two basic types of queries:
■
Recursive
■
Iterative
An FQDN includes the host name and the host’s domain membership.
A fully qualified query must end with a period, although most applica-
tions will automatically include it before sending the request.
If the request is unqualified, by default the domain membership of the
machine issuing the query will be appended to the request. A list of other
domain suffixes can be configured that will be appended to unqualified
requests.
Planning the DNS Namespace
If a company has both an internal Windows 2000 network and an
Internet presence, it can choose to represent the namespace in one of two
ways:
■
Use the same domain name for the internal and external

namespaces
■
Use different domain names for the internal and external
namespaces
The first choice requires registration of only one domain name, and
provides for more continuity and consistency. However, servers will have
91_tcpip_13.qx 2/25/00 11:21 AM Page 649
650 Chapter 13 • Windows 2000 TCP/IP Fast Track
to be mirrored internally, and DNS clients will not access external corpo-
rate host resources.
The second choice eliminates the need to mirror servers and reduces
confusion as to what is an external and what is an internal resource. You
should, however, register both domain names (although only the external
one is actually required to be registered).
Zones
The actual domains and hosts are contained in zone files. These database
files contain resource records, which track the resources contained in a
domain.
The Windows 2000 server supports both standard and Active
Directory integrated zones. Active Directory integrated zones offer several
advantages, including faster and more efficient replication and secure
dynamic updates.
Tools
Windows 2000 includes a number of tools for investigating problems with
the DNS server, including:
■
NSLOOKUP
■
IPCONFIG
■

Event Viewer
■
Network Monitor
■
Trace logging
■
System Monitor (Performance)
IP Addressing Issues
The IP address, a 32-bit binary number usually represented as its dotted
decimal equivalent, is the basis for “getting it there” in TCP/IP communi-
cations. IP addressing errors, or misconfiguration of important addresses
such as that of the default gateway or proxy server, are a common source
of connectivity problems. IP addresses are logical addresses, assigned by
the administrator, and are not to be confused with the more permanent
physical address burned into the NIC, the MAC address.
The IP Address
An IP address has two parts: one identifies the network, and the other
identifies the host (individual computer) on that network. How many bits
represent each depends on the subnet mask.
91_tcpip_13.qx 2/25/00 11:21 AM Page 650
Windows 2000 TCP/IP Fast Track • Chapter 13 651
IP addresses were originally divided into classes based on the size of
the networks, as shown in the Table 13.2.
Table 13.2 Address Classes
Address Class
Number of
Networks
Number of Hosts
Default Subnet
Mask

Class A 126 16,777,214 255.0.0.0
Class B 16,384
65,534 255.255.0.0
Class C 2,097,152
254 255.255.255.0
The trend now is toward classless addressing, using variable-length
subnet masks.
How IP Addresses Are Assigned
In a Windows 2000 TCP/IP network, there are two ways in which IP
addresses (host addresses) can be assigned:
■
Manual address assignment, where an administrator enters the
information in the TCP/IP configuration properties sheet of every
interface
■
Automatic addressing, which includes DHCP, APIPA, and ICS
autoaddressing
Manual assignment is time-consuming and more prone to errors.
DHCP requires that there be a DHCP server on the network configured
with a block of addresses to allocate. APIPA “self-assigns” an address
from a preset range to a computer that can’t find a DHCP server. An ICS
host computer that shares its Internet connection can act as a DHCP
“allocator” and assign addresses to other computers for purposes of shar-
ing the connection.
ARP
The Address Resolution Protocol is used to resolve IP addresses to physi-
cal (MAC) addresses. ARP uses broadcasts, and caches the information.
You can also add static entries to the ARP cache.
You can view the current ARP cache by typing arp –a at the command
prompt.

Reverse Address Resolution Protocol (RARP) resolves MAC addresses
to IP addresses.
91_tcpip_13.qx 2/25/00 11:21 AM Page 651
652 Chapter 13 • Windows 2000 TCP/IP Fast Track
Common IP Addressing Errors
Some of the most common IP addressing errors that affect TCP/IP com-
munications include:
■
Duplicate IP addresses on the network
■
Use of invalid or “illegal” IP addresses
■
DHCP configuration problems
DHCP
The Dynamic Host Configuration Protocol (DHCP) server is configured and
managed from the MMC. Most configuration problems are at the server
end.
DHCP Server Issues
DHCP uses scopes of addresses, which are groups of consecutive IP
addresses that can be allocated to client computers. The New Scope
Wizard is used to define the scope. A scope must have a name, a range of
IP addresses, and a subnet mask. You can also exclude certain addresses
within the scope from being offered to clients.
Superscopes are used when a single physical network segment con-
sists of more than one logical IP subnet, and there are two DHCP servers
managing separate subnets on the same network.
DHCP lease duration can be set or changed for a scope. The default is
eight days.
You can reserve addresses for computers that need to always have the
same address, such as server machines.

There are three types of DHCP options that can be configured:
■
Scope options
■
Client options
■
Class options
The DHCP database files are stored in <systemroot>\System32\DHCP
and include four files: dhcp.mdb, dhcp.tmp, j50.log, and j50.chk. You can
edit the backup interval at which Windows 2000 backs up the DHCP
database. You also must edit the Registry to manually restore the data-
base from backup. See Chapter 8, “Troubleshooting Windows 2000 IP
Addressing Problems,” for explicit instructions.
Windows 2000 protects against “rogue” (unauthorized) DHCP servers
by requiring that Windows 2000 DHCP servers be registered in the
Directory, but this does not prevent rogue NT DHCP servers on the net-
work.
91_tcpip_13.qx 2/25/00 11:21 AM Page 652
Windows 2000 TCP/IP Fast Track • Chapter 13 653
DHCP Client Issues
Most client configuration problems are relatively simple. Ensure that you
have TCP/IP connectivity with the DHCP server by using PING. Check to
see that the client is configured to obtain an IP address automatically. If
the client is unable to communicate with other computers and you find it
is using an address from the 169.254.0.0 range, this indicates it was
unable to contact a DHCP server and assigned itself an address via
APIPA. APIPA can be disabled by editing the Registry.
Subnetting Problems
Subnetting means dividing a network into two or more parts (smaller net-
works). You use a subnet mask to designate which bits in the address

represent the network, and which represent the host. IP then uses a
process called ANDing to determine whether the destination host is local
or remote relative to the source host.
Subnetting problems (incorrect subnet mask) are common reasons for
the inability of TCP/IP computers to connect. Subnetting is a complex
topic; for examples and walk-throughs on how to calculate subnet masks
for different network classes, see Chapter 8.
Remote Access Connectivity
Windows 2000’s Routing and Remote Access service (RRAS) allows you to
establish a TCP/IP connection across a wide area link. In many cases,
troubleshooting a remote connection is similar to troubleshooting a local
connection. However, there are some special considerations.
RRAS supports remote access through the traditional dial-up method,
or via Virtual Private Networking (VPN).
Remote Access versus Remote Control
Remote access is different from remote control. In the latter, you actually
“take over the desktop” of a remote computer, controlling it from another
location. With remote access, you become another node on the remote
network, able to access network resources as you would if your computer
were cabled to the network locally.
RRAS provides for a Windows 2000 computer to act as both a remote
access client and a remote access server. RRAS must be installed and
configured properly, and dial-up networking must also be installed and
configured if you wish to dial out as a remote client. You can use the New
Connection Wizard to set up a dial-up connection.
91_tcpip_13.qx 2/25/00 11:21 AM Page 653
654 Chapter 13 • Windows 2000 TCP/IP Fast Track
Remote Access Links
Remote access requires a physical link of some sort, commonly a tele-
phone line. WAN links vary in type, speed, and cost. Some common tech-

nologies include:
■
Public Switched Telephone Network/PSTN (regular analog phone
lines)
■
Integrated Services Digital Network/ISDN (high-speed digital
phone lines)
■
Digital Subscriber Line/DSL (higher-speed digital phone lines)
■
T-Carrier/T-1, T-2, T-3 (dedicated leased line)
■
X.25 (packet-switched network)
Remote Access Protocols
Remote access protocols work across the WAN link (and are sometimes
called WAN protocols) in conjunction with the LAN protocols used by the
network to which you are remotely connecting. The LAN protocol is
“wrapped” (encapsulated) inside the WAN protocol.
The two popular WAN protocols are:
■
Serial Line Internet Protocol (SLIP)
■
Point-to-Point Protocol (PPP)
PPP is more commonly used, as it supports encryption, compression,
and automatic IP address assignment by a DHCP server. SLIP is used pri-
marily by some UNIX servers. Windows 2000 can use either SLIP or PPP
to dial out, but uses only PPP for dial-in connections.
You can enable PPP event logging and use PPP tracing to gather infor-
mation useful in troubleshooting PPP connections. For instructions on
how to do so, see Chapter 9, “Troubleshooting Remote Access in a

Windows 2000 TCP/IP Network.”
RRAS Configuration Problems
Configuration problems can stem from either the RRAS server or the
remote client.
Server Configuration
The first step in troubleshooting the inability to establish a dial-up con-
nection to the remote server is to ensure that the server’s modem or ISDN
adapter is working properly, and that the RRAS service is started on the
server. You should ensure that the server’s ports are configured for
remote access, and that the properties for the LAN protocol being used
91_tcpip_13.qx 2/25/00 11:21 AM Page 654
Windows 2000 TCP/IP Fast Track • Chapter 13 655
(IP) are configured to allow remote access. Also be sure there are enough
IP addresses in the static address pool assigned by RRAS, if this feature
is being used by the RRAS server.
Client Configuration
First, check physical connections; then ensure that the client is config-
ured to use the correct authentication method for the remote server, and
is set to use the same encryption strength as the remote server. Be sure
the user account is enabled to allow dial-in access.
Multilink
RRAS allows you to aggregate the bandwidth of multiple telephone lines.
If you have trouble doing so, you should ensure that your ISDN adapter
supports multiple lines or that you have two functional modems, each
attached to a separate working telephone line. Then, ensure that the
remote access server’s PPP options are configured to support multilink.
You can also elect to use Bandwidth Allocation Protocol (BAP) to allow
multilink to adapt to changing bandwidth demands.
Network Access
If a remote client can access the server, but not the rest of the network,

you should ensure that IP routing has been enabled on the server. Check
to see that packet filtering has not been configured to block TCP/IP pack-
ets, and ensure that the LAN protocol is configured to allow access to the
entire network.
Remote Access Policy
You can set policies on the RRAS server governing remote access that
place conditions and parameters on incoming connections. Policies can be
set to limit dial-in to certain days or time of day, connection types, or
group memberships, and limits can be set on the duration of the connec-
tion.
When a user attempts to make a connection, the characteristics of the
connection attempt are compared with the authentication information,
user dial-in properties, and remote access policies. Access will be denied
if the connection attempt doesn’t match any of the remote access policies.
NAT and ICS
Internet Connection Sharing (ICS) and Network Address Translation (NAT)
allow you to provide Internet access to many computers using only one
dial-up connection and registered IP address. ICS is actually a “light” ver-
sion of NAT. ICS is available on both Windows 2000 Professional and
91_tcpip_13.qx 2/25/00 11:21 AM Page 655
656 Chapter 13 • Windows 2000 TCP/IP Fast Track
Server computers, but NAT is available only on server products. NAT is
more flexible and configurable.
NAT Configuration
NAT must be configured for both public and private interfaces, as NAT
“translates” private IP addresses used internally on the LAN to one or
more public registered IP addresses that are “seen” on the Internet. The
public interface connects to the ISP, and the private one to the local net-
work.
Some programs will not work through NAT because they use protocols

that are not translatable (due to the way the packet headers are con-
structed). NAT editors are available and included in Windows 2000 for
many common protocols such as FTP, ICMP, PPTP, and NetBT. Some pro-
tocols, such as HTTP, don’t require a NAT editor.
NAT cannot be used with IPSec for host-to-host security.
Virtual Private Networking (VPN)
VPNs are a popular solution for creating a secure yet inexpensive way to
connect from a remote computer to a LAN across the Internet. Virtual pri-
vate networking allows you to establish a “tunnel” in which messages are
encapsulated and encrypted.
Windows 2000 supports two tunneling protocols:
■
Point-to-Point Tunneling Protocol (PPTP)
■
Layer 2 Tunneling Protocol (L2TP)
Troubleshooting VPN connections is similar to troubleshooting other
remote connections, with a bit more complexity. Some guidelines include:
■
Ensure that RRAS is installed and enabled on the VPN server.
■
Ensure the RRAS service is started on the VPN server.
■
Ensure that PPTP or L2TP ports are enabled for inbound remote
access traffic.
■
Ensure that LAN protocols used by the VPN client are enabled
on the server.
■
Ensure that all PPTP or L2TP ports are not already in use.
■

Ensure that the VPN client and server are configured with a
common authentication method and a common encryption
method.
■
Ensure that the user account has the proper dial-in permissions
granted.
■
Ensure that remote access policies are not causing a denial of
the connection.
91_tcpip_13.qx 2/25/00 11:21 AM Page 656
Windows 2000 TCP/IP Fast Track • Chapter 13 657
The Network Interface Level
Connectivity problems can occur at any layer of the networking model.
The network interface level includes physical and data link issues, such
as:
■
The network interface card (NIC)
■
NIC drivers
■
Cable and other media
■
Connectivity devices
Connectivity Devices
Layer 1 and 2 connectivity devices include repeaters, hubs, switches, and
bridges. Each of these serves a different purpose and works in a different
way.
Repeaters
Repeaters simply connect two segments of cable and boost the signal to
extend the network beyond the cable’s normal distance limitations.

Repeaters do no filtering or logical division of the network, and pass
everything, including noise, from one side to the other.
Hubs
Most hubs are multiport repeaters. They connect computers in a star
topology. These active hubs boost the signal and then send it back out all
ports to all computers. Hubs actually come in several varieties:
■
Passive Do not boost the signal
■
Active Boost the signal
■
Intelligent Contain diagnostic chips for management
■
Switching (also called a switch; see the next section)
Switches
Switches, or switching hubs, increase effective network bandwidth. They
are multiport devices like hubs, but they send packets only out the port
to which the destination computer is attached, based on the MAC address
in the header.
Bridges
Bridges segment the network, dividing it into two parts. They reduce net-
work traffic by isolating traffic to one side of the bridge, when possible.
91_tcpip_13.qx 2/25/00 11:21 AM Page 657
658 Chapter 13 • Windows 2000 TCP/IP Fast Track
Bridges determine whether to forward a packet across based on the MAC
address and the bridge’s own routing table, which it builds as it “learns”
the locations of computers on the network.
The 5-4-3 Rule
A standard guideline is that coax Ethernet networks may have no more
than five network segments, connected by no more than four repeaters,

and no more than three of those segments may be populated by nodes
(computers or other network devices).
The 80/20 Rule
With bridges, a popular guideline is that 80 percent of the network traffic
should be local (same side of the bridge), and 20 percent (or less) should
cross the bridge.
For best performance, you should ensure that computers that com-
municate with each other are most often on the same side of the bridge.
Looping
Bridge looping is a common problem that can occur if there is more than
one active bridge on the network. The Spanning Tree Algorithm was
developed as a solution to bridge looping.
The Internetwork Level
The Internetwork layer of the DoD model (equivalent to the Network layer
in OSI) is responsible for routing. Windows 2000 allows a computer to
function as an IP router (also called a gateway) when two network inter-
faces are installed and RRAS is properly configured for IP forwarding.
IP routing involves finding a pathway from the sending computer or for-
warding router to the destination computer, whose address is designated in
the IP header. The distance from one router to the next is called a hop.
There are two types of routing: direct and indirect. Indirect routing
refers to routing data to a computer on the same subnet, while indirect
routing refers to sending data through a gateway or gateways to a com-
puter on a different subnet.
Each TCP/IP computer on a routed network has a designated default
gateway to which packets addressed to a destination with a different net-
work ID are sent. Windows 2000 allows you to configure multiple default
gateways, but only one is active at a given time. If the first fails, the sec-
ond is used. The default gateway must be on the same IP subnet as the
IP address assigned to the interface.

91_tcpip_13.qx 2/25/00 11:21 AM Page 658
Windows 2000 TCP/IP Fast Track • Chapter 13 659
A router’s interface can connect to a LAN or a WAN. Each interface
must have an IP address with a network ID appropriate for the network
on which it is connected.
Routing Tables
Each Windows 2000 computer that functions as a router has a routing
table. This is a database that contains the routes, designating the net-
work IDs on the internetwork. Host computers can also have routing
tables. Three types of routes can be entered in a routing table:
■
Network route
■
Host route
■
Default route
You can make a route persistent across reboots of the system by
using the route –p command.
To view the routing table, use the route print command, or you can
view the table from the GUI using the RRAS management console.
The routing table has the following columns:
■
Destination
■
Gateway
■
Interface
■
Metric
■

Protocol
Features of the Windows 2000 Router
A Windows 2000 computer running RRAS and providing routing services
supports the following features:
■
Multiprotocol routing (IP, IPX, and AppleTalk)
■
Support for standard dynamic routing protocols (RIP and OSPF)
■
Packet filtering
■
Router advertisement and discovery (ICMP)
■
Multicast services (IGMP)
■
Unicast routing
Routing Protocols
Routing can be either static or dynamic. Static routing requires manually
entering routes into the routing table. Dynamic routing requires special
protocols. Windows 2000 supports the following dynamic routing proto-
cols:
91_tcpip_13.qx 2/25/00 11:21 AM Page 659
660 Chapter 13 • Windows 2000 TCP/IP Fast Track
■
RIPv1
■
RIPv2
■
OSPF
RIP Features

Windows 2000’s Routing Information Protocol (RIP) supports split hori-
zon, poison reverse, and triggered updates, which are designed to avoid
some of RIP’s problems such as routing loops.
RIP listening (Silent RIP) is also supported. With Silent RIP, hosts that
are not routers themselves can listen to RIP messages sent by other com-
puters and use them to update their tables.
Both hosts and gateways can implement RIP. RIP is relatively easy to
set up, but has the following disadvantages and problems:
■
Hop count limit of 15
■
Excessive network traffic caused by RIP broadcasts
■
High convergence time
■
Possibility of routing loops
■
Count-to-infinity problem
■
Rogue RIP routers
RIPv2 supports password authentication so the origin of RIP
announcements can be confirmed. RIP is a distance vector protocol.
OSPF Features
Open Shortest Path First (OSPF) is a link state protocol. As such, it is
efficient and doesn’t require much overhead. The Shortest Path First algo-
rithm is not vulnerable to routing loops. SPF calculates the shortest path
between the router and remote networks by creating and maintaining a
map of the network, called the Link State Database (LSDB).
Windows 2000’s OSPF can be used on a broadcast network like
Ethernet, a nonbroadcast network like ATM, or a point-to-point network

using a dedicated leased line. OSPF’s routing table structure is hierarchi-
cal, unlike RIP’s flat structure.
Areas and Router Classifications
OSPF divides the network into areas, which are assigned an area number.
There is always a “backbone” area, called Area 0, to which the Area
Border Router (ABR) of every other area is connected. An area can consist
of one or more networks or subnets. ABRs can summarize their routes,
which decreases the need for OSPF to recalculate routes.
OSPF routers are classified as:
91_tcpip_13.qx 2/25/00 11:21 AM Page 660
Windows 2000 TCP/IP Fast Track • Chapter 13 661
■
ABRs (Area Border Routers)
■
IRs (Internal Routers)
■
BR (The Backbone Router)
■
ASBR (Autonomous System Border Routers)
OSPF Protocols
OSPF uses the following protocols: common header protocol, hello proto-
col, exchange protocol, flooding protocol, and the aging link state record
protocol.
OSPF Advantages
Although it is more complex and requires more technical expertise to
implement, OSPF enjoys the following advantages over RIP:
■
More efficient calculation of routes
■
Faster convergence times

■
Support for load balancing
■
Low bandwidth utilization
■
No routing loops or count-to-infinity problems
■
Hierarchical structure isolates instability within an area
■
More scalable, appropriate for larger networks
■
Secure password authentication for transmission of update
messages
Windows 2000 Router Logging
You can enable logging to assist in troubleshooting the Windows 2000
router in one of two ways:
■
Enable event logging: Writes events to the system log in Event
Viewer
■
Enable tracing: Logs to a file
To enable tracing, you must edit the Windows 2000 Registry. For
instructions on how to do so, see Chapter 11, “Troubleshooting Windows
2000 Connectivity Problems at the Internetwork Level.”
Selected Services
Windows 2000 includes the Internet Information Services (IIS 5.0): Web
server, FTP server, NNTP news server, gopher and SMTP mail server. All of
these services depend on the TCP/IP suite and are fully integrated with
the operating system.
91_tcpip_13.qx 2/25/00 11:21 AM Page 661

662 Chapter 13 • Windows 2000 TCP/IP Fast Track
Site Logging
You can enable site logging to assist with troubleshooting the Web and
FTP services. This is done through the IIS management console. There are
four types of logging formats from which to choose:
■
W3C Extended Log File Format
■
Logging to an ODBC database
■
NCSA Common Log File Format
■
Microsoft IIS Log Format
WC3 and ODBC logging can be customized, while NCSA and Microsoft
IIS formats are fixed (noncustomizable) file formats.
Web Server
The Web server is subject to the following common problems:
■
Connection capacity bottleneck To solve this, you can throttle
network bandwidth.
■
CPU utilization bottleneck To solve this, you can enable
processor throttling, upgrade the CPU, add additional CPUs
(multiprocessing), or move applications that use a great deal of
processor time to another computer.
■
Site name resolution problems You can use IPCONFIG and
standard name resolution troubleshooting techniques.
■
Inaccessible virtual directories You must add the virtual

directory to every individual site.
■
Problems hosting multiple site You must properly configure
appended port numbers, assign multiple IP addresses, or
configure host headers.
■
Permissions problems Check NTFS permissions, ensure that
IIS is not set to deny access to that IP address or domain, and
check the user account.
IIS configuration information is stored in the metabase, which is a
hierarchical database similar to the Registry. Changes can be made to the
metabase using the IIS snap-in to the MMC or the HTML Web-based
Internet Services Manager.
FTP Server
Most FTP problems are authentication or permissions problems, or con-
nectivity problems. Troubleshoot general network connectivity using
PING.
91_tcpip_13.qx 2/25/00 11:21 AM Page 662
Windows 2000 TCP/IP Fast Track • Chapter 13 663
FTP commands and arguments are all sent together in the same pack-
et, which makes it easy to troubleshoot the service with a protocol analy-
sis tool like Sniffer because you don’t have to reassemble the packets.
Ensure that you know how to restart a paused or stopped FTP site.
You can do this within the Internet Services MMC or from the command
line.
NNTP Server
The NNTP service can be monitored using System Monitor (Performance).
You can also use Event Viewer’s system log, to which NNTP error mes-
sages are written.
Common NNTP problems involve network connectivity, or NNTP serv-

ice availability. Both of these can be checked using standard TCP/IP com-
mand-line utilities. For detailed instructions on how to do so, see Chapter
11. Another common source of problems involves security settings.
Always check the permissions on the directories where the newsgroup
resides, ensure that the IP address or domain has not been restricted,
and check to see if SSL is required.
Summary
The TCP/IP protocol suite has been around for—in the context of comput-
er technology—a long time. The Windows 2000 operating system is new.
Together, they work effectively to provide reliable network communica-
tions over networks of all sizes. They also present some unique trou-
bleshooting challenges (also known as opportunities) to the network
administrator. Learning to live with (and love) them is more a job require-
ment than an option; it looks as if both will be around for some time to
come.
91_tcpip_13.qx 2/25/00 11:21 AM Page 663
91_tcpip_13.qx 2/25/00 11:21 AM Page 664