Advanced Novell Network Management: NetWare 6

Chapter 2: Identify Tools for Troubleshooting Novell Network Performance Issues

Objectives:

This chapter discusses procedures for troubleshooting networks that use both the IP and IPX protocol suites. The objectives important to this chapter are:

1. Upgrade Novell Network Management Tools
2. Identify the Troubleshooting Features of Novell NetWork Management Tools
3. Identify the Purpose and Function of IP/IPX Troubleshooting Tools
4. Identify Additional Network Troubleshooting Resources

Concepts:

Introduction

The chapter begins with a short list of common network errors, and the advice that you can begin troubleshooting by investigating whether the error is caused by hardware, software, configuration issues, or human error. From a network administration perspective, you can also look at whether the problem is with the LAN, the server, or eDirectory.

Upgrade Novell Network Management Tools

The chapter continues with the first objective: upgrading network management tools. Upgrading your version of NetWare will upgrade the tools that come with NetWare. Several are listed, as well as specific features about them.

1. ConsoleOne
   • Requirements - vary with the platform: Windows, NetWare, Linux, Solaris, Tru64 UNIX
   • Features - Use to administer eDirectory, files and volumes, eDirectory partition and replication
   • Limitations - no DS process tracking or repair tools
     
     
2. ConsoleOne Reports
   • Requirements - only runs on Windows, must have one NetWare volume, requires 128 MB RAM 
   • Features - Use to administer eDirectory, files and volumes
   • Limitations - install ConsoleOne on the workstation, or map a drive to its server directory; must install report features separately from extending the schema
     
     
3. iMonitor
   • Requirements - web browser 
   • Features - Use to administer eDirectory
   • Limitations - limited proxy capabilities. You can proxy to a server, but you cannot perform a Repair on that server.
   
   
4. Novell Remote Manager
   • Requirements - web browser 
   • Features - Use to perform server maintenance
   • Limitations - Works on individual servers; requires port configuration to use it through a firewall.
   
   
5. iManager
   • Requirements - web browser 
   • Features - Use to administer eDirectory, for server maintenance, licensing, DNS and DHCP, dynamic group management, partition and replication management, rights management
   • Limitations - Works on individual servers; requires port configuration to use it through a firewall; interface limitations
     
     

Identify the Troubleshooting Features of Novell NetWork Management Tools

More discussion follows of the use and features of some of the NetWare tools listed above: ConsoleOne Reports, Novell iMonitor, NetWare Remote Manager, and Novell iManager. Note that you use the https protocol to access these services, not http. This should tell you that a secure login is required, as a user with supervisor rights in the tree.

The text makes special note of th fact that you can access most web management tools (not iManager, sorry) with a web browser, using the URL https://your server IP address:2200, to get to NetWare Web Manager. You can reconfigure NetWare Web Manager to use a different port, but you have to set that port in two files. They are SERVERS.ORG and SERVERS.XML, stored in SYS:\WEBAPPS\WEBADMIN

ConsoleOne Reports - This is a feature available in the Windows environment, if you are running ConsoleOne version 1.3 or later. ConsoleOne Reports needs to be installed on a workstation with 128 MB of RAM to run it. The workstation needs access to a NetWare volume for the report catalog files. The reason this is a troubleshooting tool is that ConsoleOne Reports contains predefined reports about anticipated trouble areas. Three catalog areas are listed:

• eDirectory General Object Reports - reports for NetWare file servers, print servers, and printers.
• eDirectory User Security Reports - reports on eDirectory login and rights security for users in your tree. Specific reports available: Disabled User Accounts, Users Locked by Intruder Detection, Security Equivalence, Template Security Settings, Trustee Security Settings, Trustee Assignments, User Password Requirements, Users Not Logged In, Users with Expired Password
• eDirectory User and Group Reports - report forms to generate reports on users, groups, and organizational roles.

iMonitor - a web based monitoring and diagnostic utility for all servers in your tree. MONITOR was a console based tool that could be run on a NetWare server. iMonitor allows you to look at all the servers in the tree, from one location. Think of is at a tool for eDirectory objects. To access iMonitor, use the following URL:
https://your server IP address:8009/nds-summary

This URL accesses the iMonitor service on one server, but it will provide data on all your servers.

NetWare Remote Manager - The text also refers to this utility as Novell Remote Manager. It provides secure access to NetWare servers from any workstation to perform specific server management tasks. Access NetWare Remote Manager with a web browser: https://your server IP address:8009. Think of it as a tool for servers, patitions, and file systems. Troubleshooting tools in Remote Manager include Health monitor, Profile/debug server, and several Report/log files: Server personal log book, System error log file, Abend log file, and Server health log file.

Novell iManager - a web-based application for managing, maintaining, and monitoring eDirectory. One difference between this and other utilities is that you can use wired and wireless devices. Another difference is that you don't need to add snap-ins to iManager to use it with new object types. NetWare Administrator and ConsoleOne both require snap-ins for new object types.You need to know a URL to use iManager: https://your server IP address:2200/eMFrame/iManager.

A new feature to using iManager is that you can create administrative roles, assign specific management tasks to those roles, and assign those roles to users in your tree. This gives you the ability to give users the rights to perform tasks with iManager that are more linked to the task than the rights.

The text offers a list of some of the tools available in iManager:

• Dynamic group management
• eDirectory administration
• eDirectory maintenance utilities
• Group management
• Novell certificate server management
• Partition and replication management
• Rights management

The text offers a list of troubleshooting tasks iManager tools can be used for:

• Links to iMonitor, to perform repair tasks
• A link to Novell Remote Manager, to perform server maintenance
• Rights management
• Schema management
• Server management
• WAN traffic management

Identify the Purpose and Function of IP/IPX Troubleshooting Tools

The next section of the chapter discusses more troubleshooting tools. Some of the ones in this list are useful for troubleshooting both IP and IPX issues, some for only one of them:

• CONFIG - Shows configuration settings, including server name, LAN drivers, bound protocols, frame types, IPX and IP addresses on this server.
• NSLOOKUP - Only works if TCP/IP is installed. Lets you resolve IP addresses to DNS names, and DNS names to IP addresses. Uses the SYS:\ETC\RESOLV.CFG file to obtain DNS configuration information.
• HOSTS - This is actually not another utility, but a reference to two text files on the server: SYS:ETC\HOSTS and SYS:ETC\HOSTNAME.
  The format of the HOSTS file is simple:
  IP_address     hostname     optional_alias
  Each line in this file is a record of the IP address and name of a host on your network. The IP address and hostname are required, and must be separated by at least one space. Aliases are optional, but there can be up to ten aliases for each address. Each record must be on one line. A record ends with a carriage return character.
  
  The HOSTNAME file is even simpler, following the same format, but using no aliases.
• TCPCON - Provides general TCP/IP stack configuration and performance statistics. See the text for a description of use.
• PING - Like the command line Ping utility, but menu-driven. Ping is used to send an ICMP echo request (that's what a ping really is) to an IP address or a DNS name. If you ping a name, you can see what IP address it resolves to in the reply. If you are having network problems, ping your own address first, then your server, your router, and other addresses you are wondering about. See what responds and what does not.
• DEBUG - The text warns that the DEBUG utility puts a large load on the server processor, and should be used cautiously. Some examples of its use are given:
  SET TCP IP DEBUG = 1
  This will show all incoming and outgoing packets. Set the value to 0 to turn this function off.
  SET TCP TRACE = 0-4
  The value can be set to 0 (off), 1 (shows basic information on the console), 2 (shows basic information on the console and records it as SYS:ETC\TCPxxxx.LOG), 3 (shows advanced information on the console), or 4 (shows advanced information on the console and records it as SYS:ETC\TCPxxxx.LOG).

The next section of the chapter describes some troubleshooting tools that can be used on a workstation.

• IPCONFIG - shows useful information like the IP address, default router, and subnet mask. More information is shown if the command is entered as IPCONFIG /all
  
  IPCONFIG /release will release the currently held IP address to the DHCP server that gave it
  
  IPCONFIG /renew will obtain a new lease from the DHCP server for an IP address
• PING - can be issued on a command line, and has an extensive list of options. Usually, the options are unnecessary. The text offers the fact that you can ping the address 127.0.0.1, which stands for the IP stack on the machine you are using.
• ROUTE - This command will show the path that a packet takes to a specific host.
• TRACERT (Trace Route) - This command will show how long each link in a route takes, as well as showing links that fail to pass packets to the next link. Successful transfers of data will report the total time to the destination.
• NSLOOKUP - This can be used to report the IP address of a DNS name. It does not send a ping to the named server. The example in the text shows that the command will result in two responses in the format:
  Server: server name
  Address: IP address
  Name: DNS name
  Address: IP address
  The first pair of responses are about the DNS server on your network. The second pair are about the DNS name you are looking up. When I tried this with nslookup microsoft.com, I received two IP addresses in the line about Microsoft's server. Not unexpected, since a busy network will have more than one server responding to requests.
• ARP - ARP stands for Address Resolution Protocol. In standard Ethernet networks, machines may communicate inside the network with their MAC addresses. Communications across networks are more likely to use IP addresses. An ARP cache is a table that lists the IP addresses and MAC addresses of devices on a network. This table is consulted to change from one kind of addressing to the other. For example, I have jus issued the command
  ARP -a
  to my workstation. It has responded with the contents of its ARP cache: its own IP and MAC addresses, and those of my default router.
• NETSTAT - Can be used to view the status of current connections using TCP, UDP, ICMP, and IP. The status messages are a bit cryptic, so you will want to keep a reference for them handy when using this command.

An example is given in the text of troubleshooting tools used by one of the authors when an attempt to access a web site failed.

1. The author pinged the URL for the web site. This test showed that the author was able to access a DNS server, and was able to have the URL translated to an IP address.
2. The author used the TRACERT command to determine that a route to the IP address could be found and completed.
3. The author use NSLOOKUP to determine the IP address of the site. This information should have been available from the results of the ping, as well.
4. The author then performed a port scan on the IP address of the web server, and found that port 80, used for http services, was not active. Their web service was down.

Although the technique above was successful in determining where the problem was, it should be observed that scanning ports on most networks is not an acceptable procedure, except for network staff. Scanning ports may attract the attention of an administrator who will want to know why you are probing the network.

The next topic under this objective is Protocol Analyzers. There are several tools available to a network administrator for examining the performance of the network. When using them, you follow a general procedure that is the same regardless of the tool:

1. Access the network.
2. Capture the traffic.
3. View the captured traffic.
4. Filter out and view just the needed traffic.
5. Document your findings.

Data packets are held in a capture buffer in step 2. Steps 3 and 4 can be repeated to view particular types of data, as you probe to discover what problems might exist. With information from the protocol analyzer, you can troubleshoot, optimize, and test the network.

Troubleshooting examples with captured packets:

• If there is something wrong with a cable segment, you will not detect any packets from devices on that segment.
• If a client is properly authenticating to the server, you will see packet for this.
• If a client makes a request for services, there will be packets for it. Likewise for responses to the requests.

TCP/IP Toolkits

The text describes features of two commercially available products for analyzing networks. The point is that there are products with features not included in NetWare itself. It is suggested that an administrator will want to try out demo versions of several products before choosing one.

IP Address Calculators

The text suggests that you might benefit from a calculator that help plan subnets on your network. A link is given to the Wild Packets web site where you can download a free calculator for this purpose.

Identify Additional Network Troubleshooting Resources

The text recommends that you explore the resources on Novell's web site, to become familiar with the various kinds of information and advice on it. It is important to learn to navigate the Information Base interface on Novell's site. It it also recommended to become familiar with Novell's Cool Solutions web site.

The text also offers links to two web sites for freeware tools.

• http://www.bankes.com/nslookup.htm
• http://www.jimprice.com/jim-soft.htm