Beruflich Dokumente
Kultur Dokumente
By Sherwood Lawrence
Microsoft Corporation
Published: November 2001
Abstract
This technical article describes the network diagnostics tools now available in the Windows® XP
operating system. The tools discussed are the Network Diagnostics Web page based on the Windows
Management Instrumentation (WMI) framework, the Support Tab now included on network
connections, the Task Manager enhancements (Networking Tab), and the Repair link now included on
network connections. This document is intended primarily for network engineers and support
professionals to help in troubleshooting and diagnosing network-related errors.
Microsoft® Windows® XP Technical Article
Contents
Acknowledgements...................................................................................................................... v
Introduction................................................................................................................................... 1
Design Objective......................................................................................................................... 4
Applications............................................................................................................................. 4
Providers................................................................................................................................. 4
Registry................................................................................................................................... 4
User Interaction....................................................................................................................... 5
Computer Information............................................................................................................ 10
Design Objective....................................................................................................................... 18
Microsoft® Windows® XP Technical Article
Design Objectives..................................................................................................................... 21
Design Objectives..................................................................................................................... 23
Providing a Solution.................................................................................................................. 25
Common Issues........................................................................................................................ 25
IP Filters Enabled.................................................................................................................. 26
TV Adapters........................................................................................................................... 26
Summary..................................................................................................................................... 28
Related Links................................................................................................................................ 29
Microsoft® Windows® XP Technical Article
Acknowledgements
Network Diagnostics Team, Microsoft Corporation.
v
Microsoft® Windows® XP Technical Article
Introduction
The Network Dilemma
Diagnosing network related problems can consume a considerable amount of time and lead to frustration for
consumers not trained as network experts. Network problems can be the result of a wide range of issues,
from minimal disruptions in service to simple configuration problems of the operating system. In order to
tackle network problems, the computer industry leans heavily toward a layered network approach, known as
the ISO/OSI (International Organization for Standardization Open System Interconnection) model. Another
model used is the standard TCP/IP model, also a layered network approach. The layers of both models are
shown below in Figure 1. The stratification of the network allows a programmer to focus on a layer within a
model, without having to understand the layers above or below.
While this is an excellent approach for building networks, the layered approach falls short in cooperative error
reporting. Applications generally must work independently of the network environment, and lower layers of
the network do not generally report meaningful errors to upper layer applications. The result is that lower
layer network problems can cause upper layer application problems without giving any information about why
the errors are occurring.
Applications do not have sophisticated methods for identifying and correcting network related errors.
Because specific problems are not identified for the application by the network, no corrective action can be
taken. This results in confusion and frustration for consumers, who must then call support professionals to
help solve their application problems.
Support professionals must then embark on one of two strategies, depending on accessibility of the machine.
One, spend time teaching the consumer command line utilities such as PING, Telnet, and others (frequently
used by phone support) or Two, ask the user to allow the support professional to work at the machine while
the consumer/user does something else during the troubleshooting process (frequently used by onsite
support).
In both cases, fixing network related problems in a timely fashion requires methodical troubleshooting
techniques. The first critical step is gathering information about the consumer’s machine. The second critical
step is identifying what works and what doesn’t. Many of the tools and techniques used in this process only
frustrate a consumer who is not interested in the command line tools and interfaces that are necessary to
solve the problem. On the other hand, support professionals generally prefer command line utilities for their
speed and batch capabilities.
Question: How does the support professional gather the required information unobtrusively and solve the actual
problem in a timely fashion, assuring a satisfactory customer experience?
The answer is the new suite of Network Diagnostics Tools. For consumers, there are new graphical HTML–
based and windows based tools that are simple to click and use, and for administrators, there are still
command line tools for batch execution and scripts. This new suite of tools is effective for both the consumer
and the administrator.
Regardless of which Network Diagnostics tool is run, the support professional and consumer will find useful
information or the immediate resolution to a problem. These tools help eliminate the necessity for consumers
to ever have to use a command line utility, while also providing command line tools for the administrator,
making the troubleshooting experience easier for everyone.
This tool provides a wealth of information to the user. It includes computer and operating system information,
adapter information, ping and connect tests, and many other features for diagnosing network problems.
In order to understand this architecture, it is necessary to break it down into functional component areas. The
top layer contains applications that consume information, the middle layer consists of providers of
information, and the lower layer is the operating system registry, where many parameters are stored.
Applications
The Network Diagnostics Web Page
The Network Diagnostics Netsh Helper (Command Line)
Third-Party Applications/Scripts
Providers
The Network Diagnostics WMI Provider
The Network Diagnostics Log Provider
The Windows XP WMI Providers
Registry
The Windows XP Registry
Windows XP Style
In Control Panel, click Network and Internet Connections in the bottom left corner, and then click the
link named Network Diagnostics.
From a command prompt, type netsh diag gui.
Click Start, and then click Run. Enter the Help and Support command syntax:
hcp://system/netdiag/dglogs.htm and click OK.
Once run, the Web page for the Network Diagnostics Tool appears as shown in Figure 3.
User Interaction
As soon as the Web page is launched, the user is given the choice of whether to set scanning options or to
Scanning Options
If the User selects the “Set scanning options” link, a drop down page appears allowing the user to check or
uncheck the options that the User is interested in diagnosing. This can be useful, particularly if you know
certain tests are failing and you want to avoid those for time purposes while troubleshooting a more generic
network problem. For instance, you may want to stop the proxy test until you can confirm the default gateway
test passes. The available options are shown below.
The “Actions” check boxes on the top indicate actions to take. These actions work in conjunction with the
various categories. For instance, it is possible to select only “Ping” and “Internet Proxy Server”.
Scanning with only these options would result in the Web page only showing the results that occurred when
attempting to ping the Internet Proxy server. No other tests would be run in this scenario.
Once the desired options are selected, a user can click Save Options. This saves the currently selected
options as the new default for Network Diagnostics. It is not necessary for the user to click this button in order
to run a custom set of scanning options. The user only needs to click this button to change to long term
behavior of Network Diagnostics.
Note the last five category options. These options are already included in the “Network Adapters” scanning
The defaults for Network Diagnostics are shown in Figure 4. Once the user has decided to keep the default
settings or make custom modifications, the next step is to click the Scan your system link.
Starting a Scan
Clicking the “Scan your system” link begins the gathering and testing of various network components. Once
the tool has completed its tests, it displays the results for each test. By default, the tool finds computer
information, enumerates network adapters, attempts resource connections, as well as attempting to ping
configured network services. It reports both successful and unsuccessful attempts to reach network
resources.
For each test a result could take on several forms. A result of “Not Configured” means the option requested
could not be tested because it needs to be configured, or is not configured. If the component is configured,
then the user may see results of PASSED or FAILED. If any test results in a FAILED status, the failure is
populated up to the top of that section. For instance, under “Network Adapters”, if a default gateway test
failed, that failure would be populated up to the top of the “Network Adapters” section. A consumer or support
professional is quickly able to determine if a network error has occurred and needs to be further investigated.
The results of the Network Diagnostics Tool can be used in two ways. They can be used to find information
about the system, or as a quick check to see if there are any network problems.
Navigating Results
Once the tests are completed, the user has the option of expanding/contracting trees of data, by clicking on
the ‘+’ or ‘-‘ boxes. This is particular useful for the Network Adapter section, where test data may be under
several levels of the tree.
Saving Results
They also have the ability to save the results for later inspection, either by themselves or a support
professional. A button labeled “Save to File…” is provided so that the user can easily save results.
Sometimes a user or support professional may want to view saved files from previous diagnostics efforts. By
selecting the “Show saved files” link, the user is taken directly to the location where Network Diagnostics
saves files for archival purposes.
Network Diagnostics by default checks the scanning option for “Save to Desktop”. This means that whenever
the “Save to File” link button is selected, two files are saved, one in the PCHealth directory and one on the
desktop. This is done to make it easy for users to locate saved files. This option can be disabled under the
scanning options.
Saved files are located in the \%windir%\pchealth\helpctr\system\netdiag directory. File sizes average 21-
25K. One of the advantages of saving the log files in the PCHEALTH system directory is that the logs are
protected from tampering once they are saved.
Each file is given a unique name to distinguish it from previously saved log files. The format of the saved file
is as follows:
Netdiag(Day)(Month)(Year) (Hour)(Minute)(Seconds).htm
For example, a file created on April 3, 2000 at exactly 1:00pm would have the following file name:
Netdiag03042000 130000.htm
Output saved a minute and a half later would have the following filename:
Netdiag03042000 130130.htm
? or help
Use of this command prints the command options of Diag if you are in the Diag context. Otherwise, it shows
you the available commands of netsh or of any other helper you might be in.
Connect
The connect command allows you to perform connection tests to the following:
Ping
The ping command allows you to perform ping tests to the following:
The show command allows you to see the configuration of the following:
The show command has two switches that can be used to gain different levels of information detail.
Special Syntax
Often administrators and support professionals want the same information the Web page would have
provided, but through a command line syntax or batch file. The following command run from the Diag helper
performs all of the same steps that would be run by default using the Web page:
show test
An additional command allows administrators and support professionals to run the Web page from typing
netsh diag gui at the Start -> Run command or at a command prompt.
The following is an example of the items and information that are reported:
Services
Computer Information
Operating System
BootDevice = \\Device\Harddisk0
BuildNumber = 2514
BuildType (empty)
Caption = Microsoft Windows
CodeSet = 1252
CountryCode = 1
CreationClassName = Win32_OperatingSystem
CSCreationClassName = Win32_ComputerSystem
CSDVersion =
CSName = COLUMBO-TEST
CurrentTimeZone = -480
Debug (empty)
Description = Test Machine
Distributed (empty)
ForegroundApplicationBoost (empty)
FreePhysicalMemory = 54148
FreeSpaceInPagingFiles = 1929044
FreeVirtualMemory = 1983192
InstallDate = 20000307055202.000000-480
LastBootUpTime (empty)
LocalDateTime = 20000309121053.060000-480
Locale = 0409
Manufacturer = Microsoft Corporation
MaxNumberOfProcesses = -1
MaxProcessMemorySize = 2093056
Name = Microsoft Windows ME|C:\WINDOWS|
NumberOfLicensedUsers (empty)
NumberOfProcesses = 14
NumberOfUsers (empty)
Organization = msft
OSLanguage = 1033
OSProductSuite (empty)
OSType = 17
OtherTypeDescription (empty)
PlusProductID (empty)
PlusVersionNumber (empty)
Primary = True
QuantumLength (empty)
QuantumType (empty)
RegisteredUser = test
SerialNumber (empty)
ServicePackMajorVersion (empty)
ServicePackMinorVersion (empty)
SizeStoredInPagingFiles = 1966632
Status = OK
SystemDevice (empty)
SystemDirectory = C:\WINDOWS\SYSTEM
TotalSwapSpaceSize (empty)
TotalVirtualMemorySize = 2097148
TotalVisibleMemorySize = 130516
Version = 4.90.2514
WindowsDirectory = C:\WINDOWS
Miscellaneous
OS Version = 4.90.2514
WMI Version = 1164.0003
Availability (empty)
BlindOff = X4
BlindOn = X3
Caption = MT5634ZBA-USB Modem
CompatibilityFlags (empty)
CompressionInfo (empty)
CompressionOff = %C0
CompressionOn = %C1
ConfigManagerErrorCode (empty)
ConfigManagerUserConfig (empty)
ConfigurationDialog = modemui.dll
CountrySelected = United States of America
CreationClassName = Win32_PotsModem
Description = MT5634ZBA-USB Modem
DeviceID = USB\MULTIUSB\WDMMDM0
DeviceLoader = *vcomm
DeviceType = External Modem
DialType (empty)
DriverDate (empty)
ErrorCleared (empty)
ErrorControlForced = \N4
ErrorControlInfo (empty)
ErrorControlOff = \N1
ErrorControlOn = \N3
ErrorDescription (empty)
FlowControlHard = &K3
FlowControlOff = &K0
FlowControlSoft = &K4
InactivityScale = "3c000000"
InactivityTimeout (empty)
Index (empty)
InstallDate (empty)
LastErrorCode (empty)
MaxBaudRateToPhone (empty)
MaxBaudRateToSerialPort (empty)
MaxNumberOfPasswords (empty)
Model = MT5634ZBA-USB Modem
ModemInfPath = MDMLUC.INF
ModemInfSection = Modem2
ModulationBell = B1B16B2
ModulationCCITT = B0B15B2
ModulationScheme (empty)
Name = Unimodem.vxd
PNPDeviceID = USB\MULTIUSB\WDMMDM0
PortSubClass = "02"
PowerManagementSupported (empty)
Prefix = AT
ProviderName = Lucent
Pulse = P
Reset = AT&F
ResponsesKeyName (empty)
RingsBeforeAnswer (empty)
SpeakerModeDial = M1
SpeakerModeOff = M0
SpeakerModeOn = M2
SpeakerModeSetup = M3
SpeakerVolumeHigh = L3
SpeakerVolumeInfo (empty)
SpeakerVolumeLow = L0
SpeakerVolumeMed = L2
Status = OK
StatusInfo = 3
StringFormat (empty)
SupportsCallback (empty)
SupportsSynchronousConnect (empty)
SystemCreationClassName = Win32_ComputerSystem
SystemName = COLUMBO-TEST
Terminator =
TimeOfLastReset (empty)
Tone = T
VoiceSwitchFeature (empty)
Network Adapters
Caption = [0003] Intel(R) PRO PCI Adapter
ArpAlwaysSourceRoute = (empty)
ArpUseEtherSNAP = (empty)
DeadGWDetectEnabled = (empty)
Description = Intel(R) PRO PCI Adapter
MACAddress = 00:D0:B7:1F:D7:29
ServiceName = (empty)
DatabasePath = (empty)
DefaultGateway =
DefaultTOS = (empty)
DefaultTTL = (empty)
DHCPEnabled = TRUE
DHCPLeaseObtained = 03/09/00 12:09:21:
DHCPLeaseExpires = 03/09/00 12:12:21:
DHCPServer = 10.0.0.4
DNSDomain = columbo.test.com
DNSDomainSuffixSearchOrder = (empty)
DNSEnabledForWINSResolution = (empty)
DNSHostName = COLUMBO-TEST
DNSServerSearchOrder =
ForwardBufferMemory = (empty)
GatewayCostMetric = (empty)
IGMPLevel = (empty)
IPAddress = 10.0.0.193
IPFilterSecurityEnabled = (empty)
IPPortSecurityEnabled = (empty)
IPSecPermitIPProtocols = (empty)
IPSecPermitTCPPorts = (empty)
IPSecPermitUDPPorts = (empty)
IPSubnet = 255.255.255.0
IPUseZeroBroadcast = (empty)
KeepAliveInterval = (empty)
KeepAliveTime = (empty)
MTU = (empty)
NumForwardPackets = (empty)
PMTUBHDetectEnabled = (empty)
PMTUDiscoveryEnabled = (empty)
TCPMaxConnectRetransmissions = (empty)
TCPMaxDataRetransmissions = (empty)
TCPNumConnections = (empty)
TCPUseRFC1122UrgentPointer = (empty)
TCPWindowSize = (empty)
WINSEnableLMHostsLookup = (empty)
WINSHostLookupFile = (empty)
WINSPrimaryServer = 10.0.0.11
WINSScopeID = (empty)
WINSSecondaryServer = 10.0.0.12
IPXEnabled = (empty)
Installed Clients
Description = Client for Microsoft Networks
InstallDate = 20000305160000.000000-480
Manufacturer = Microsoft
Name = Client for Microsoft Networks
Status = OK
PING Tests
IE Proxy Server (Winsock Proxy is not detected) tests the following ports:
User configured IE Proxy port in IE settings – IP address or hostname
The Network Diagnostics provider resides within the root\cimv2 namespace. Once the namespace has been
connected to, enumerate an instance of NetDiagnostics and the instance data for diagnostics should be
available.
Developers also have a choice in the tools they wish to use to access this information. They can use
JavaScript, VBScript, C, C++, and many other programming languages supported by the WMI framework.
Examples of the properties that can be accessed via the Network Diagnostics WMI provider are shown here:
Examples of the methods provided by the Network Diagnostics WMI provider are shown here:
When either the netsh context is launched or the HTML page is launched, the Network Diagnostics Log
Provider gathers network resource information from the Windows XP WMI providers and the Network
Diagnostics WMI provider. The Log Provider sends the necessary instructions to the Network Diagnostics
WMI provider for testing the availability of the resources configured on the machine.
The information available via the provider includes all of the same information available via the WMI provider,
but with extended functionality. For instance, if a developer wanted to use the WMI provider to write a web
page that pinged the proxy server, the developer would first have to find out what the proxy server settings
were, and then pass that information to the ping function. By using the Log provider, the developer would only
have to use one function and set the flags indicating that the proxy server should be pinged. The difference is
that the WMI provider provides the result data in raw format and the Log provider provides the data in XML
format.
Developers also have a choice in the tools they wish to use to access this information. They can use
JavaScript, VBScript, C, C++, and many other programming languages, as long as the XML data is desired.
Win32_NetworkAdapterConfiguration
Win32_ComputerSystem
Win32_POTSModem
Win32_NetworkClient
Win32_OperatingSystem
Win32_WMISetting
Click the information balloon that appears in the system tray when your IP configuration becomes
invalid.
o Assigned by DHCP
o Manually Configured
IP address conflict
Clicking the Details Tab lets you view more detailed information about the network adapter information,
including:
Right-click a network connection icon in the Network Connections folder and click Repair Link.
Right-click the information balloon that appears in the system tray when your IP configuration
becomes invalid and click Repair Link.
From the Status dialog box, click the Support tab, and then click Repair.
When selecting a network connection, look in the left-hand column (if shown) for the Repair this
connection link.
The Repair link initiates six of the most common troubleshooting steps that support professionals generally
ask customers to perform when starting to diagnose a problem. These steps are shown below in the order
Note: If your organization relies on static ARP cache entries, make sure there is a mechanism for adding the entries
back in once this tool is run.
Nbtstat –R
Many times, the NetBIOS cache can have stale entries and communication cannot occur. This step simply
clears the NetBIOS name cache and reloads any NetBIOS name entries in the Lmhosts file with the #PRE
flag.
Nbtstat -RR
This step is the equivalent of re-registering the machines names with a WINS server. This can be very useful
in troubleshooting NetBIOS name resolution problems. It is important to note that both nbtstat –RR, and thus
the repair link functionality, simply schedule the name refresh with the operating system and return without
checking to determine if the refresh was successful.
Right-click the taskbar and choose Task Manager. When Task Manager opens, select the
Networking Tab.
Simultaneously press the Crtl – Alt – and ESC keys. When Task Manager opens, select the
Networking Tab.
Show Cumulative Data. This selection allows the user to see the cumulative data collected for
summary categories since Task Manager was opened.
Auto Scale. The graphs maintain the scale dynamically by looking at the largest amount of traffic
that appears within the specified interval.
Show Scale. This selection displays the scale currently used to draw the graph, this is useful in low
bandwidth scenarios.
Update Speed. Determines how often the adapters are polled to create the graphs. Polling can be
set to occur at High (.5 seconds), Normal (1 seconds), Low (2 seconds), or Paused (discontinues
polling)
Network Adapter History. It is possible to display three different kinds of data sets: Bytes Sent,
Bytes Received, and Bytes Total.
Select columns. Select columns allows the user to display a large range of data below the graphs,
as evidenced by Figure 10.
Figure 10. The Windows XP Networking Tab Columns View in Task Manager
Note: Network Diagnostics combines the effectiveness of standard troubleshooting tools. It answers many of the initial
questions a support professional would ask when diagnosing a network problem. It saves valuable troubleshooting time
and helps create a positive support experience for the consumer.
As an example, when a support professional first takes a call from a customer having a problem gaining
access to network resources, the first questions asked are typically:
The Network Diagnostics Tool can immediately answer four of the five questions. All that is required is
showing the consumer where to go to launch the tool. This is valuable for consumers unfamiliar with network
concepts.
Common Issues
In some situations, the Network Diagnostics Tool may appear to report an error or unreachable status when
there is not really an error condition This next section describes a couple of scenarios to pay attention to
when troubleshooting issues.
IP Filters Enabled
Since the primary tests used by Network Diagnostics involve pinging and connecting via TCP, if a remote
location is blocking certain traffic, the Network Diagnostics Tool may report a failure when none exists.
For instance, if a consumer is connecting to an e-mail server that is blocking Internet Control Message
Protocol (ICMP) traffic, you may see results that look like this:
The fact that the ping failed does not represent an actual error, although it does give you good
information about the remote site.
TV Adapters
The Microsoft TV adapter assumes an IP address based on a device ID generated during boot. The IP
address that it takes will vary, but may appear to look like an IP network address. The Network
Diagnostics Tool tests for valid IP addresses within the network adapter IP field and does not accept
network addresses. This can result in an error condition when nothing is actually wrong. For instance,
with the Microsoft TV adapter installed, you may see something similar to the following:
Be aware that the IP address enumerated is not actually used and thus should not interfere with normal
network activity.
PC card (PCMCIA) adapters that have been removed from their slots will no longer have WMI
properties and therefore will no longer show up in the Network Diagnostics Tool.
IEEE 1394 adapters will not be enumerated by WMI until they are connected to another IEEE
1394 device or hub. Although the adapter and IP bindings will be viewable in system
properties, neither Ipconfig nor Winipcfg will show the adapter. This also means that the
Network Diagnostics Tool will not see the adapter either.
Summary
The Network Diagnostics Team offers several mechanisms for helping diagnose and fix network related
problems. The current tool set now includes four primary additions to the Windows XP operating system:
Network Diagnostics Web Page and Netsh Helper. This tool includes computer and operating
system information, adapter information, ping and connect tests, and many other features for
diagnosing network problems.
Network Connections Support Tab. This addition to the network connection status page promises
to become widely used for resolving network problems. This enhancement provides all of the
information and tasks that the Win9x support tool Winipcfg.exe used to provide while improving it in
the process.
Network Connection Repair Link. The repair link performs a series of safe configuration repair
steps that support professionals normally ask a customer to perform during the first few minutes of
a support call. By automating these initial repair steps into a single task, users now have
considerable troubleshooting and problem fixing power within one click of a mouse.
Task Manager Network Tab. This tab displays each network adapter on the machine, LAN or
WAN, and displays the percentage network utilization and other metrics for the adapter. This is
useful in those situations where a user is not sure whether the network traffic is high or whether a
server is just slow in responding. By using this tool, users have a quick guide to how well their
network is performing.
Related Links
See the following resources for further information:
For the latest information about Windows XP, see the Windows XP Web site at
http://www.microsoft.com/Windows XP.
Release Note: If you have comments or suggestions for the Network Diagnostics team, please submit them
to pubnetdg@microsoft.com and include “Network Diagnostics Feedback” in the title. Depending upon
volume, you may not receive a reply; however, we appreciate your contributions and will read all of your
comments.