Interpreting CDiag Output and Solving Windows Networking Problems
In any Client - Server relationship, if there is a problem, how do you identify if the problem is with the Client or the Server? What if there are actually two problems - how do you isolate each problem?
Every desktop support or network tech doubtless has his (her) own approach to this problem. But when you work face to face with a problem, it's easy to overlook the details, so how do you tell someone else how you solved a problem?
What if you can't work face to face with a problem? What if you have to ask questions, and have the symptoms described to you, by someone that you can't see? How about someone you can't even talk to (using realtime voice communication)? How do you gather enough diagnostic data to decide if a networking issue is related to connectivity, name resolution, or permissioning?
I start with CDiag. The CDiag log, from each computer on a LAN, can usually help isolate the source of a problem or problems that affect Windows File Sharing. My previous article What Is CDiag ("Comprehensive Diagnosis Tool")? explained how to setup a CDiag run, so the owner of a LAN can gather diagnostic data, and pass it to you (if you're providing assistance), or so you can setup and run CDiag (if you're using it in self-assist mode).
Now that you have two or more CDiag logs, how do you interpret them?
With one exception, the tests in CDiag are binary. Can Computer A ping Computer B successfully (by name / ip address)? Can Computer A view shares ("net view") of Computer B? By observing which test is successful, and which test is not, we can isolate the problem(s) between Computers A and B.
A successful ping by name, from Computer A to Computer B, verifies connectivity between Computers A and B, and verifies successful address resolution of Computer B. If the ping is unsuccessful, what error do you see? Does it show an inability to resolve the address of Computer B ("...could not find host..."), or does it show a connectivity problem ("Pinging nnn.nnn.nnn.nnn ... Request timed out")?
Similarly, successful viewing of network shares, as in Computer A able to get results from a "net view" of Computer B, verifies successful file sharing from Computer B to Computer A. In cases where Computer B can't be pinged from Computer A, but the results of "net view" of Computer B is successful, one can suspect a problem with TCP/IP (and look for gratuitous protocols like IPX/SPX).
There is also three-level pinging to observe. We can compare the results of pinging Computer B from Computer A, pinging Computer A from itself (by public ip address), and pinging Computer A from itself (by loopback ip address - 127.0.0.1). An inability to ping either Computer B, or Computer A, from Computer A, means we must first look for a problem on Computer A. Success or failure in pinging the loopback address identifies the network adapter or the IP stack, respectively, as the initial problem to be resolved.
If a third computer is involved, a single problem is somewhat easier to isolate. Where simple inability to ping Computer B from Computer A could point to a problem with either Computer A or B, inability for both Computers A and C to ping Computer B probably indicates a problem with Computer B.
Oh yes, the one non-binary test? When you ping Computer B by name, observe the resolved address. Is it equal to the ip address by which we ping Computer B (from "ipconfig /all")? A discrepancy here can indicate an address resolution problem, which will indeed lead to a variance of "access denied".
When all pinging between computers is successful, ruling out connectivity problems, one turns to analysis of the "net view" commands, and similar possibilities.
Let me try and describe what tests are included in a single run of CDiag.
- Share Enumeration
- Ad-Hoc Browser View
- FullTarget Tests
- PingTarget Tests
The FullTarget Test is run against a host which is expected to be running as a server (here you will need a consistent NetBIOS Over TCP/IP setting, on all computers). A FullTarget Test involves:
- Ping the target.
- Net view the target.
The PingTarget Test is run against a host which is running TCP/IP only. A PingTarget Test involves:
- Ping the target.
In this example, I have 5 FullTargets (Pchuck1 by name and by IP address, PChuck2 by name and by IP address, and "127.0.0.1") ("127.0.0.1" automatically set as a target), and 3 PingTargets (Yahoo by name and by IP address, and the router).
set FullTarget1=PChuck1 192.168.1.50
set FullTarget2=PChuck2 192.168.1.51
set PingTargets=www.yahoo.com 66.94.230.32 192.168.1.1
This results in the following tests:
- Net Share
- Net View
- Ping Pchuck1
- Net View PChuck1
- Ping 192.168.1.50
- Net View 192.168.1.50
- Ping Pchuck2
- Net View PChuck2
- Ping 192.168.1.51
- Net View 192.168.1.51
- Ping 127.0.0.1
- Net View 127.0.0.1
- Ping www.yahoo.com
- Ping 66.94.230.32
- Ping 192.168.1.1
Note that this is simply one set of tests, from a 2 computer LAN. Tests for a 3 computer LAN will be proportionally more complex.
In this example, starting from the CDiag Assembled Code, and run from PChuck1, we get this output log (showing no problems, with all tests returning positive results):
CDiagnosis V1.33
Start diagnosis for PChuck1
Enumerate Shares
Share name Resource Remark
-------------------------------------------------------------------------------
E$ E:\ Default share
IPC$ Remote IPC
D$ D:\ Default share
ADMIN$ C:\WINDOWS Remote Admin
C$ C:\ Default share
EDrive E:\
Shared Data E:\Data\Shared Data
The command completed successfully.
Adhoc Browser View
Server Name Remark
-------------------------------------------------------------------------------
\\PChuck1
\\PChuck2
The command completed successfully.
Full Targets PChuck1 192.168.1.50 PChuck2 192.168.1.51 127.0.0.1
Target PChuck1
"PChuck1 ping PChuck1"
Pinging PChuck1 [192.168.1.50] with 32 bytes of data:
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
"PChuck1 net view PChuck1"
Shared resources at PChuck1
Share name Type Used as Comment
-------------------------------------------------------------------------------
EDrive E:\
Shared Data E:\Data\Shared Data
The command completed successfully.
Target 192.168.1.50
"PChuck1 ping 192.168.1.50"
Pinging 192.168.1.50 with 32 bytes of data:
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Reply from 192.168.1.50: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
"PChuck1 net view 192.168.1.50"
Shared resources at 192.168.1.50
Share name Type Used as Comment
-------------------------------------------------------------------------------
EDrive E:\
Shared Data E:\Data\Shared Data
The command completed successfully.
Target PChuck2
"PChuck1 ping PChuck2"
Pinging PChuck2 [192.168.1.51] with 32 bytes of data:
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.51:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
"PChuck1 net view PChuck2"
Shared resources at PChuck2
Share name Type Used as Comment
-------------------------------------------------------------------------------
CDrive Disk M:
Data Disk
DDrive Disk N:
Dnload 2004 Disk
EDrive Disk O:
HPDeskJet Print HP DeskJet 952C
Quarantine Disk
System Resources Disk
Utility Disk
The command completed successfully.
Target 192.168.1.51
"PChuck1 ping 192.168.1.51"
Pinging 192.168.1.51 with 32 bytes of data:
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Reply from 192.168.1.51: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.1.51:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
"PChuck1 net view 192.168.1.51"
Shared resources at 192.168.1.51
Share name Type Used as Comment
-------------------------------------------------------------------------------
CDrive Disk
Data Disk
DDrive Disk
Dnload 2004 Disk
EDrive Disk
HPDeskJet Print HP DeskJet 952C
Quarantine Disk
System Resources Disk
Utility Disk
The command completed successfully.
Target 127.0.0.1
"PChuck1 ping 127.0.0.1"
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
"PChuck1 net view 127.0.0.1"
Shared resources at 127.0.0.1
Share name Type Used as Comment
-------------------------------------------------------------------------------
EDrive E:\
Shared Data E:\Data\Shared Data
The command completed successfully.
Ping Targets www.yahoo.com 66.94.230.32 192.168.1.1
Target www.yahoo.com
"PChuck1 ping www.yahoo.com"
Pinging www.yahoo.akadns.net [66.94.230.50] with 32 bytes of data:
Reply from 66.94.230.50: bytes=32 time=19ms TTL=57
Reply from 66.94.230.50: bytes=32 time=17ms TTL=57
Reply from 66.94.230.50: bytes=32 time=18ms TTL=57
Reply from 66.94.230.50: bytes=32 time=17ms TTL=57
Ping statistics for 66.94.230.50:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 19ms, Average = 17ms
Target 66.94.230.32
"PChuck1 ping 66.94.230.32"
Pinging 66.94.230.32 with 32 bytes of data:
Reply from 66.94.230.32: bytes=32 time=17ms TTL=57
Reply from 66.94.230.32: bytes=32 time=17ms TTL=57
Reply from 66.94.230.32: bytes=32 time=19ms TTL=57
Reply from 66.94.230.32: bytes=32 time=18ms TTL=57
Ping statistics for 66.94.230.32:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 17ms, Maximum = 19ms, Average = 17ms
Target 192.168.1.1
"PChuck1 ping 192.168.1.1"
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=150
Reply from 192.168.1.1: bytes=32 time<1ms TTL=150
Reply from 192.168.1.1: bytes=32 time<1ms TTL=150
Reply from 192.168.1.1: bytes=32 time<1ms TTL=150
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
End diagnosis for PChuck1
Since your computer(s) have problem(s) (or why are you here?), the logs from your computers will lack at least one, and maybe more, of the above tests showing similar results.
Your job, or mine, will be to read the logs, and interpret the failed test(s) as pointing to specific computer(s), and specific component(s) on those computer(s).
Share This Post!
Del.icio.us
Digg
Facebook
StumbleUpon
Technorati
Twitter
Posts
0 comments:
Post a Comment