3. How to Troubleshoot Name Resolution Problems
Computers use numeric IP
addresses (such as 192.168.10.233 or 2001:db8::1) to identify each other
on networks. However, IP addresses are difficult for people to
remember, so we use more friendly host names (such as www.contoso.com). Name resolution is the process of converting a host name to an IP address, and DNS is by far the most common name resolution technique.
Many apparent connectivity problems are actually name
resolution problems. If any of the following problems occur, the client
will be unable to contact a server using its host name:
DNS servers have failed.
The network connecting the client to the DNS server has failed.
A host name is missing from the DNS database.
A
host name is associated with an incorrect IP address. Often, this
happens because a host has recently changed IP addresses and the DNS
database has not been updated.
The client does not have DNS servers configured or is configured with the incorrect DNS server IP addresses.
To diagnose a name resolution problem, follow these steps:
Open
the Network And Sharing Center by clicking Start, clicking Network, and
then clicking Network And Sharing Center. If a red X is displayed over a
network link, click the link to start Windows Network Diagnostics and
follow the prompts that appear. Windows Network Diagnostics can solve
many common configuration problems. If Windows Network Diagnostics does
not identify or resolve the problem, continue following these steps.
Verify
that you can connect to other computers using IP addresses. If you
cannot connect to servers by using their IP address, the source of your
problem is network connectivity rather than name resolution.
Note:
When your network is working
properly, look up the IP addresses of several different computers,
including computers on your subnet, other subnets on your intranet, and
computers on the Internet. Test the IP addresses to verify that they
respond to Ping requests. Keep this list available so that you can use
the IP addresses to test for network connectivity without relying on name resolution.
Open a command prompt and use Nslookup to look up the host name you are attempting to contact, as the following example shows.
Nslookup www.microsoft.com
Examine the output.
If Nslookup displays addresses or aliases for the host name, name
resolution was successful. Most likely, the server you are trying to
reach is offline, you have a connectivity problem preventing you from
reaching the server, the application you are using is misconfigured, or
the DNS server database is incorrect.
If
Nslookup displays only "DNS request timed out," the DNS server is not
responding. First, repeat the test several times to determine whether it
is an intermittent problem. Then, use the ipconfig
command to verify that the client computer has the correct DNS servers
configured. If necessary, update the client computer's DNS server
configuration. If the DNS server's IP addresses are correct, the DNS
servers or the network to which they are connected are offline. Contact
the server or network administrator for additional assistance.
If
Nslookup displays the message "Default servers are not available," the
computer does not have a DNS server configured. Update the client
network configuration with DNS server IP addresses or configure the
computer to acquire an address automatically.
If you can connect to the server from a different client computer, run ipconfig /all
from a command prompt to determine which DNS servers the client
computer is configured to use. If the IP addresses are different,
consider changing the problematic client computer to use those IP
addresses.
3.1. How to Verify Connectivity to a DNS Server
Although DNS traffic can use
either TCP port 53 or UDP port 53, UDP is almost always used because it
is more efficient for short communications. Because Telnet always uses
TCP, it is not useful for testing UDP DNS connectivity. Instead, you can
install and use the PortQry tool.
To test for connectivity to DNS traffic, install PortQry, and then run the following command.
portqry -n DNS_server_name_or_IP_address -p UDP -e 53
If PortQry can connect to the
specified DNS server, it will respond with "LISTENING." If PortQry
cannot connect, it will respond with "LISTENING OR FILTERED." After
displaying "LISTENING OR FILTERED," PortQry will attempt to issue a DNS
request to the remote computer and then will display whether the server
responded to the request.
If you prefer graphical tools, you can use the PortQueryUI tool to query for UDP port 53, as shown in Figure 2.
3.2. How to Use the Hosts File
You can use the Hosts file as another name
resolution method. You might do this if you know that your DNS server
is unavailable or the database is out of date, you need to access a
server, and you know the server's IP address. It's also useful when
you've recently installed a new server and you want to contact it using a
host name before the DNS database is updated. Although you can
typically contact servers using their IP addresses, Web sites often need
to be reached using the correct host name, and IP addresses might not
work.
Your Hosts
file is located at %WinDir%\System32\Drivers\Etc\Hosts. It is a text
file, and you can edit it using Notepad. To open the Hosts file, run
Notepad using administrative permissions. Then, open the Notepad
%WinDir%\System32\Drivers\Etc\Hosts file (it does not have a file
extension). To add an entry to the Hosts file to enable name resolution without using DNS, add lines to the bottom of the Hosts file, as demonstrated here for IPv4 and IPv6 addresses.
192.168.1.10 www.microsoft.com
10.15.33.25 www.contoso.com
2001:db8::1 www.microsoft.com
After
updating the Hosts file, you can contact servers by using the host
name. When an entry is in the Hosts file, Windows will use the
associated IP address without contacting a DNS server. In fact, the only
application that bypasses the Hosts file is Nslookup, which always
contacts DNS servers directly. Remember to remove entries from the Hosts
file after you finish using them; otherwise, you might have name resolution problems later if the server's IP address changes.
4. How to Troubleshoot Performance Problems and Intermittent Connectivity Issues
Often, network problems
don't result in total loss of connectivity. Network problems also can be
file transfers that take longer than they should for your network
bandwidth, jumpy streaming audio and video, or extremely unresponsive
network applications.
To troubleshoot network
performance problems, you must first identify the source of the problem.
Several different components can cause performance problems:
The local computer
Your local computer might have an application that is using all of the
processor's time, thus slowing down everything on your computer,
including networking. Alternatively, failing hardware or problematic
drivers can cause performance problems or intermittent failures. To
solve these problems, you can stop or reduce the impact of problematic
applications, replace hardware, or upgrade drivers.
The network infrastructure
Overutilized routers cause increased latency and dropped packets, both
of which can cause performance problems and intermittent failures.
Routing problems, such as routing loops, can cause traffic to be routed
through an unnecessarily long path, increasing network latency.
Sometimes, such as when you are using a satellite link, latency and the
performance problems caused by latency are unavoidable.
The server If the server is overutilized, all network communication to that server will suffer performance
problems.
To identify the
source of a network performance problem, follow these steps. After each
step, test your network performance to determine whether the problem
still exists.
Start
Task Manager by right-clicking the taskbar, clicking Task Manager, and
then clicking the Performance tab. If processor utilization is near 100
percent, that might cause the perceived network performance problem.
Click the Processes tab, find the process that is using the processor
time, and close it.
In
Task Manager, click the Networking tab. This tab shows a chart for each
network adapter installed in the computer. If network utilization is
near the practical capacity of the network link, that is the cause of
your performance problem. For wired Ethernet networks (such as 10
megabits-per-second [Mbps], 100-Mbps, or 1,000-Mbps links), utilization
cannot typically exceed about 60 to 70 percent of the link speed. For
wireless networks, utilization cannot exceed about 50 percent of the
link speed. However, wireless utilization often peaks at much lower than
50 percent of the link speed, so even 15 or 20 percent utilization may
indicate that your performance problems are caused by insufficient
bandwidth on the wireless network. To identify the source of the
bandwidth, click the Performance tab in Task Manager and then click
Resource Monitor. In Resource Monitor, expand the Network section, as
shown in Figure 3.
Identify the process that is creating the most bandwidth, the PID, and
the destination server. You can then return to Task Manager to identify
the specific process creating the network bandwidth. Stop the process to
determine whether it is the cause of your performance problems.
Note:
The network utilization
displayed in Task Manager and Resource Monitor only accounts for traffic
sent to or from your computer. If another computer on your network is
using bandwidth, that bandwidth won't be available to you—but neither
Task Manager nor Resource Monitor can show you bandwidth used by other
hosts.
If
possible, use the same application to connect to a different server. If
the performance problem occurs when connecting to different servers,
the problem is probably local host or network related. Performing the
following steps will help you further isolate the problem. If the
problem occurs only when connecting to a single server, the problem
might be related to the server's performance or performance problems with the network to which the server is attached. Contact the server administrator for assistance.
If
possible, run the same application from a different computer on the
same network. If both computers experience the same problem, the problem
is probably related to network performance. The following steps will
help you further isolate that problem. If other computers on the same
network do not experience the same problem, it is probably related to
your local computer. First, apply any updates and restart the computer.
Then, install any network adapter driver updates. If problems persist,
replace network cables and replace the network adapter.
At this point in the troubleshooting
process, you have identified the network infrastructure as the most
likely source of your problem. Open a command prompt and then run the
PathPing tool, using your server's host name. PathPing will identify the
route between your computer and the server and then spend several
minutes calculating the latency of each router and network link in the
path.
Ideally, each network link
will add only a few milliseconds of latency (displayed in the RTT
column) onto the time measured for the prior link. If latency increases
more than 100 milliseconds for a single link and stays at that level for
following links, that link may be the cause of your performance
problems. If the link is a satellite or intercontinental link, that
latency is to be expected and probably cannot be improved.
If, however, the link is
your Internet connection or another network that is part of your
intranet, your performance problems may be caused by overutilized
network infrastructure. For example, if several computers are backing up
their disk content to a folder on the network, a link can become
overutilized, which can cause performance problems. Similarly, if
several users are transferring large files across your Internet
connection, other applications (especially real-time video or audio
streaming, such as Voice over IP [VoIP]), may suffer. Contact network
support for assistance. You might also be able to use Quality of Service
(QoS) to prioritize time-sensitive traffic over file transfers.
Note:
If you are an
administrator on a Small Office/Home Office (SOHO) network, you can
quickly determine whether other computers on the network are causing
Internet performance problems by connecting your computer directly to
your Internet connection and disconnecting all other computers. If the
problems disappear, another computer on your network is causing the
problem.
If the same gateway
appears multiple times in the PathPing route, the network is
experiencing a routing loop. Routing loops can cause performance
problems or cause communications to fail entirely. Networks that use
routing protocols typically fix routing loops automatically; however,
you should contact your network support team to make sure they are aware
of the problem. The following PathPing output demonstrates a routing
loop, because nodes 5, 6, and 7 repeat.
C:\>pathping www.contoso.com
Tracing route to www.contoso.com [10.73.186.238]
over a maximum of 30 hops:
0 d820.hsd1.nh.contoso.com. [192.168.1.196]
1 192.168.1.1
2 c-3-0-ubr01.winchendon.ma.boston.contoso.com [10.165.8.1]
3 ge-3-37-ur01.winchendon.ma.boston.contoso.com [10.87.148.129]
4 ge-1-1-ur01.gardner.ma.boston.contoso.com [10.87.144.225]
5 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
6 te-9-2-ur01.marlboro.ma.boston.contoso.com [10.87.144.77]
7 10g-8-1-ur01.natick.ma.boston.contoso.com [10.87.144.197]
8 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
9 te-9-2-ur01.marlboro.ma.boston.contoso.com [10.87.144.77]
10 10g-8-1-ur01.natick.ma.boston.contoso.com [10.87.144.197]
11 10g-9-1-ur01.sterling.ma.boston.contoso.com [10.87.144.217]
12 te-9-2-ur01.marlboro.ma.boston.contoso.com [10.87.144.77]
13 10g-8-1-ur01.natick.ma.boston.contoso.com [10.87.144.197]
