Network Diagnostics Tools Feature Overview
By Sherwood Lawrence
Abstract
This technical article describes the network diagnostics tools now available in the Windows® XP operating system. The tools discussed are the Network Diagnostics Web page based on the Windows Management Instrumentation (WMI) framework, the Support Tab now included on network connections, the Task Manager enhancements (Networking Tab), and the Repair link now included on network connections. This document is intended primarily for network engineers and support professionals to help in troubleshooting and diagnosing network-related errors.
Acknowledgements
Network Diagnostics Team, Microsoft Corporation.
Introduction
Network Diagnostics Features
Network Diagnostics Web Page and Netsh Helper
Network Connections Support Tab
Network Connections Repair Link
Task Manager Network Tab
Network Diagnostics Troubleshooting
Summary
Related Links
Diagnosing network related problems can consume a considerable amount of time and lead to frustration for consumers not trained as network experts. Network problems can be the result of a wide range of issues, from minimal disruptions in service to simple configuration problems of the operating system. In order to tackle network problems, the computer industry leans heavily toward a layered network approach, known as the ISO/OSI (International Organization for Standardization Open System Interconnection) model. Another model used is the standard TCP/IP model, also a layered network approach. The layers of both models are shown below in Figure 1. The stratification of the network allows a programmer to focus on a layer within a model, without having to understand the layers above or below.
.gif "Figure 1: The network architecture model")
Figure 1: The network architecture model
While this is an excellent approach for building networks, the layered approach falls short in cooperative error reporting. Applications generally must work independently of the network environment, and lower layers of the network do not generally report meaningful errors to upper layer applications. The result is that lower layer network problems can cause upper layer application problems without giving any information about why the errors are occurring.
Applications do not have sophisticated methods for identifying and correcting network related errors. Because specific problems are not identified for the application by the network, no corrective action can be taken. This results in confusion and frustration for consumers, who must then call support professionals to help solve their application problems.
Support professionals must then embark on one of two strategies, depending on accessibility of the machine. One, spend time teaching the consumer command line utilities such as PING, Telnet, and others (frequently used by phone support) or Two, ask the user to allow the support professional to work at the machine while the consumer/user does something else during the troubleshooting process (frequently used by onsite support).
In both cases, fixing network related problems in a timely fashion requires methodical troubleshooting techniques. The first critical step is gathering information about the consumer's machine. The second critical step is identifying what works and what doesn't. Many of the tools and techniques used in this process only frustrate a consumer who is not interested in the command line tools and interfaces that are necessary to solve the problem. On the other hand, support professionals generally prefer command line utilities for their speed and batch capabilities.
Question How does the support professional gather the required information unobtrusively and solve the actual problem in a timely fashion, assuring a satisfactory customer experience?
The answer is the new suite of Network Diagnostics Tools. For consumers, there are new graphical HTML–based and windows based tools that are simple to click and use, and for administrators, there are still command line tools for batch execution and scripts. This new suite of tools is effective for both the consumer and the administrator.
Regardless of which Network Diagnostics tool is run, the support professional and consumer will find useful information or the immediate resolution to a problem. These tools help eliminate the necessity for consumers to ever have to use a command line utility, while also providing command line tools for the administrator, making the troubleshooting experience easier for everyone.
With the emerging importance of networks within the home, it has become necessary to provide a wide range of troubleshooting and diagnostics tools that are easily run and easily understood. Along these lines, the Network Diagnostics Team now offers several mechanisms for helping diagnose and fix network related problems. The current tool set now includes four primary additions to the Windows XP operating system. These are the Network Diagnostics Web Page, the Network Connections Support Tab, the Network Connections Repair Link, and the Task Manager networking tab. Each of these are summarized below and are further detailed in respective sections that appear later in this document.
Network Diagnostics Web Page and Netsh Helper
The Network Diagnostics Web Page in Windows XP was designed to make it easy for both the consumer and the support professional to quickly gain usable information about the consumer's home network environment.
This tool provides a wealth of information to the user. It includes computer and operating system information, adapter information, ping and connect tests, and many other features for diagnosing network problems.
Network Connections Support Tab
This addition to the network connection status page promises to become widely used for resolving network problems. This enhancement provides all of the information and tasks that the Win9x support tool Winipcfg.exe used to provide while improving it in the process.
Network Connection Repair Link
Quite possibly the coolest network diagnostics tool yet, the repair link performs a series of safe configuration repair steps that support professionals normally ask a customer to perform during the first few minutes of a support call. By automating these initial repair steps into a single task, users now have considerable troubleshooting and problem fixing power within one click of a mouse.
Task Manager Network Tab
Another useful addition to the network diagnostics family is the network tab within Task Manager. This tab displays each network adapter on the machine, LAN or WAN, and displays the percentage network utilization and other metrics for the adapter. This is useful in those situations where a user is not sure whether the network traffic is high or whether a server is just slow in responding. By using this tool, users have a quick guide to how well their network is performing.
As part of the development of the Network Diagnostics Web page and Netsh Helper, it was necessary to achieve two primary objectives: Provide a friendly and usable web application that would be easy for consumers to use and provide a powerful command line tool for administrators and support professionals. The result is the architecture illustrated in Figure 2.
In order to understand this architecture, it is necessary to break it down into functional component areas. The top layer contains applications that consume information, the middle layer consists of providers of information, and the lower layer is the operating system registry, where many parameters are stored.
Applications
The Network Diagnostics Web Page
The Network Diagnostics Netsh Helper (Command Line)
Third-Party Applications/Scripts
Providers
The Network Diagnostics WMI Provider
The Network Diagnostics Log Provider
The Windows XP WMI Providers
Registry
The Windows XP Registry
.gif "Figure 2: The Windows XP Network Diagnostics model")
Figure 2: The Windows XP Network Diagnostics model
For many consumers, the Web page will be the first tool run when trying to diagnose a networking problem.
How Do I Access This Tool?
There are a number of ways to run the Network Diagnostics Web page. Each way results in the tool running and gathering the current network configuration. The following methods will run the Network Diagnostics Web page. Methods to find the Web page may vary slightly depending on menu and window styles:
Windows Classic Style
- Click Start, and then click Help and Support. On the Help and Support page, under Pick a Task, click Use Tools to view your computer information and diagnose problems. In the left hand column of the tools page, click Network Diagnostics.
Windows XP Style
In Control Panel, click Network and Internet Connections in the bottom left corner, and then click the link named Network Diagnostics.
From a command prompt, type netsh diag gui.
Click Start, and then click Run. Enter the Help and Support command syntax: hcp://system/netdiag/dglogs.htm and click OK.
Once run, the Web page for the Network Diagnostics Tool appears as shown in Figure 3.
.gif "Figure 3: The Windows XP Network Diagnostics Tool")
Figure 3: The Windows XP Network Diagnostics Tool
User Interaction
As soon as the Web page is launched, the user is given the choice of whether to set scanning options or to start a diagnostics scan.
Scanning Options
If the User selects the "Set scanning options" link, a drop down page appears allowing the user to check or uncheck the options that the User is interested in diagnosing. This can be useful, particularly if you know certain tests are failing and you want to avoid those for time purposes while troubleshooting a more generic network problem. For instance, you may want to stop the proxy test until you can confirm the default gateway test passes. The available options are shown below.
The "Actions" check boxes on the top indicate actions to take. These actions work in conjunction with the various categories. For instance, it is possible to select only "Ping" and "Internet Proxy Server".
.gif "Figure 4: The Windows XP Network Diagnostics Scanning Options")
Figure 4: The Windows XP Network Diagnostics Scanning Options
Scanning with only these options would result in the Web page only showing the results that occurred when attempting to ping the Internet Proxy server. No other tests would be run in this scenario.
Once the desired options are selected, a user can click Save Options. This saves the currently selected options as the new default for Network Diagnostics. It is not necessary for the user to click this button in order to run a custom set of scanning options. The user only needs to click this button to change to long term behavior of Network Diagnostics.
Note the last five category options. These options are already included in the "Network Adapters" scanning category, but are included separately as well.
The defaults for Network Diagnostics are shown in Figure 4. Once the user has decided to keep the default settings or make custom modifications, the next step is to click the Scan your system link.
Starting a Scan
Clicking the "Scan your system" link begins the gathering and testing of various network components. Once the tool has completed its tests, it displays the results for each test. By default, the tool finds computer information, enumerates network adapters, attempts resource connections, as well as attempting to ping configured network services. It reports both successful and unsuccessful attempts to reach network resources.
Once completed, the Network Diagnostics page appears as shown in Figure 5.
.gif "Figure 5: The Windows XP Network Diagnostics Results")
Figure 5: The Windows XP Network Diagnostics Results
For each test a result could take on several forms. A result of "Not Configured" means the option requested could not be tested because it needs to be configured, or is not configured. If the component is configured, then the user may see results of PASSED or FAILED. If any test results in a FAILED status, the failure is populated up to the top of that section. For instance, under "Network Adapters", if a default gateway test failed, that failure would be populated up to the top of the "Network Adapters" section. A consumer or support professional is quickly able to determine if a network error has occurred and needs to be further investigated.
The results of the Network Diagnostics Tool can be used in two ways. They can be used to find information about the system, or as a quick check to see if there are any network problems.
Navigating Results
Once the tests are completed, the user has the option of expanding/contracting trees of data, by clicking on the '+' or '-' boxes. This is particular useful for the Network Adapter section, where test data may be under several levels of the tree.
Saving Results
They also have the ability to save the results for later inspection, either by themselves or a support professional. A button labeled "Save to File..." is provided so that the user can easily save results.
Sometimes a user or support professional may want to view saved files from previous diagnostics efforts. By selecting the "Show saved files" link, the user is taken directly to the location where Network Diagnostics saves files for archival purposes.
Network Diagnostics by default checks the scanning option for "Save to Desktop" This means that whenever the "save to File" link button is selected, two files are saved, one in the PCHealth directory and one on the desktop. This is done to make it easy for users to locate saved files. This option can be disabled under the scanning options.
Saved files are located in the \%windir%\pchealth\helpctr\system\netdiag directory. File sizes average 21-25K. One of the advantages of saving the log files in the PCHEALTH system directory is that the logs are protected from tampering once they are saved.
Each file is given a unique name to distinguish it from previously saved log files. The format of the saved file is as follows:
Netdiag(Day)(Month)(Year) (Hour)(Minute)(Seconds).htm
For example, a file created on April 3, 2000 at exactly 1:00pm would have the following file name:
Netdiag03042000 130000.htm
Output saved a minute and a half later would have the following filename:
Netdiag03042000 130130.htm
Note the time format is in military time.
Not all users of the Network Diagnostics tool will want to run the HTML version of the tool, preferring instead to run tests from a command line or use the command line accessibility in automated scripts. By integrating Network Diagnostics into the Netsh interface, both user needs and automation needs can both be achieved.
How Do I Access this Tool from the Command Line?
Network diagnostics is now provided as a "helper" to the Netsh utility. In order to access this helper, go to a command prompt and type netsh -c diag. This loads the "diag" helper and allows input of diagnostic commands. Once in the "diag" context, the following commands are available:
? or help |
Displays help or actions available |
connect |
Connect to network resources (type "connect help") |
ping |
Ping network resources (type "ping help") |
show |
Show network resources (type "show help") |
gui |
Runs the web based version of Network Diagnostics |
? or help
Use of this command prints the command options of Diag if you are in the Diag context. Otherwise, it shows you the available commands of netsh or of any other helper you might be in.
Connect
The connect command allows you to perform connection tests to the following:
IE Proxy – Tests connection to the default IE Proxy port
IP host – Tests connection to a user-defined port
Mail – Tests connection to the default Outlook Express mail server
News – Tests connection to the default Outlook Express news server
Ping
The ping command allows you to perform ping tests to the following:
Adapter – Tests ability to ping all configured addresses on each adapter
DHCP – Tests ability to ping a DHCP server, if configured
DNS – Tests ability to ping all configured DNS servers
Gateway – Tests ability to ping all configured default gateways
IE Proxy – Tests ability to ping default IE Proxy server
IP – Tests ability to ping the IP addresses of each adapter
IP host – Tests ability to ping user-defined IP address or hostname
Loopback – Tests ability to ping the loopback adapter
Mail – Tests the ability to ping the default Outlook Express Mail server
News – Tests the ability to ping the default Outlook Express News server
WINS – Tests the ability to ping all configured WINS servers
Show
The show command allows you to see the configuration of the following:
Adapter – Shows all adapters with an IP address bound
All – Shows everything below, but does not run tests
Client – Shows the currently installed network clients on the system
Computer – Shows the current computer information of the system
DHCP – Shows any configured DHCP server IP addresses for all adapters
DNS – Shows any configured DNS servers for all adapters
Gateway – Shows any configured default gateways for all adapters
IE Proxy – Shows the default configured IE Proxy server
IP – Shows any configured IP addresses for all adapters
Mail – Shows the default configured Outlook Express Mail server
Modem – Shows any configured modems on the system
News – Shows the default configured Outlook Express News server
OS – Shows the current operating system information of the system
Test – Special command that runs and displays all tests
Version – Shows the version information of WMI and the OS
WINS – Shows any configured WINS servers for all adapters
The show command has two switches that can be used to gain different levels of information detail.
/p- shows all properties with values
/v- show all properties, including properties with no values
Special Syntax
Often administrators and support professionals want the same information the Web page would have provided, but through a command line syntax or batch file. The following command run from the Diag helper performs all of the same steps that would be run by default using the Web page:
show test
An additional command allows administrators and support professionals to run the Web page from typing netsh diag gui at the Start -> Run command or at a command prompt.
Before running the Network Diagnostics Web page or Netsh Diag helper, it is useful to know exactly what information will be provided when these tools are run. The following sections display complete lists of information that is reported and information that is tested. This list is a combination of the information provided by the Network Diagnostics WMI provider and several of the Windows XP WMI providers of the operating system.
The following is an example of the items and information that are reported:
Services
Outlook Express default mail server.
Outlook Express default news server.
Internet Explorer proxy server (Winsock Proxy is not detected).
Computer Information
Operating System
BootDevice = \\Device\Harddisk0 BuildNumber = 2514 BuildType (empty) Caption = Microsoft Windows CodeSet = 1252 CountryCode = 1 CreationClassName = Win32_OperatingSystem CSCreationClassName = Win32_ComputerSystem CSDVersion = CSName = COLUMBO-TEST CurrentTimeZone = -480 Debug (empty) Description = Test Machine Distributed (empty) ForegroundApplicationBoost (empty) FreePhysicalMemory = 54148 FreeSpaceInPagingFiles = 1929044 FreeVirtualMemory = 1983192 InstallDate = 20000307055202.000000-480 LastBootUpTime (empty) LocalDateTime = 20000309121053.060000-480 Locale = 0409 Manufacturer = Microsoft Corporation MaxNumberOfProcesses = -1 MaxProcessMemorySize = 2093056 Name = Microsoft Windows ME|C:\WINDOWS| NumberOfLicensedUsers (empty) NumberOfProcesses = 14 NumberOfUsers (empty) Organization = msft OSLanguage = 1033 OSProductSuite (empty) OSType = 17 OtherTypeDescription (empty) PlusProductID (empty) PlusVersionNumber (empty) Primary = True QuantumLength (empty) QuantumType (empty) RegisteredUser = test SerialNumber (empty) ServicePackMajorVersion (empty) ServicePackMinorVersion (empty) SizeStoredInPagingFiles = 1966632 Status = OK SystemDevice (empty) SystemDirectory = C:\WINDOWS\SYSTEM TotalSwapSpaceSize (empty) TotalVirtualMemorySize = 2097148 TotalVisibleMemorySize = 130516 Version = 4.90.2514 WindowsDirectory = C:\WINDOWS
Miscellaneous
OS Version = 4.90.2514 WMI Version = 1164.0003
Modems and Network Adapters
Modems
AnswerMode (empty) AttachedTo = COM3 Availability (empty) BlindOff = X4 BlindOn = X3 Caption = MT5634ZBA-USB Modem CompatibilityFlags (empty) CompressionInfo (empty) CompressionOff = %C0 CompressionOn = %C1 ConfigManagerErrorCode (empty) ConfigManagerUserConfig (empty) ConfigurationDialog = modemui.dll CountrySelected = United States of America CreationClassName = Win32_PotsModem Description = MT5634ZBA-USB Modem DeviceID = USB\MULTIUSB\WDMMDM0 DeviceLoader = *vcomm DeviceType = External Modem DialType (empty) DriverDate (empty) ErrorCleared (empty) ErrorControlForced = \N4 ErrorControlInfo (empty) ErrorControlOff = \N1 ErrorControlOn = \N3 ErrorDescription (empty) FlowControlHard = &K3 FlowControlOff = &K0 FlowControlSoft = &K4 InactivityScale = "3c000000" InactivityTimeout (empty) Index (empty) InstallDate (empty) LastErrorCode (empty) MaxBaudRateToPhone (empty) MaxBaudRateToSerialPort (empty) MaxNumberOfPasswords (empty) Model = MT5634ZBA-USB Modem ModemInfPath = MDMLUC.INF ModemInfSection = Modem2 ModulationBell = B1B16B2 ModulationCCITT = B0B15B2 ModulationScheme (empty) Name = Unimodem.vxd PNPDeviceID = USB\MULTIUSB\WDMMDM0 PortSubClass = "02" PowerManagementSupported (empty) Prefix = AT ProviderName = Lucent Pulse = P Reset = AT&F ResponsesKeyName (empty) RingsBeforeAnswer (empty) SpeakerModeDial = M1 SpeakerModeOff = M0 SpeakerModeOn = M2 SpeakerModeSetup = M3 SpeakerVolumeHigh = L3 SpeakerVolumeInfo (empty) SpeakerVolumeLow = L0 SpeakerVolumeMed = L2 Status = OK StatusInfo = 3 StringFormat (empty) SupportsCallback (empty) SupportsSynchronousConnect (empty) SystemCreationClassName = Win32_ComputerSystem SystemName = COLUMBO-TEST Terminator = TimeOfLastReset (empty) Tone = T VoiceSwitchFeature (empty) Network Adapters Caption = [0003] Intel(R) PRO PCI Adapter ArpAlwaysSourceRoute = (empty) ArpUseEtherSNAP = (empty) DeadGWDetectEnabled = (empty) Description = Intel(R) PRO PCI Adapter MACAddress = 00:D0:B7:1F:D7:29 ServiceName = (empty) DatabasePath = (empty) DefaultGateway = + 20.0.0.1 PASSED is in the same subnet. Successful ping - pinging (20.0.0.1) 64 bytes from 20.0.0.1: icmp_seq = 0. time: 2 ms 64 bytes from 20.0.0.1: icmp_seq = 1. time: 0 ms 64 bytes from 20.0.0.1: icmp_seq = 2. time: 2 ms 64 bytes from 20.0.0.1: icmp_seq = 3. time: 0 ms + 20.0.0.2 PASSED is in the same subnet. Successful ping - pinging (20.0.0.2) 64 bytes from 20.0.0.2: icmp_seq = 0. time: 2 ms 64 bytes from 20.0.0.2: icmp_seq = 1. time: 0 ms 64 bytes from 20.0.0.2: icmp_seq = 2. time: 1 ms 64 bytes from 20.0.0.2: icmp_seq = 3. time: 1 ms DefaultTOS = (empty) DefaultTTL = (empty) DHCPEnabled = TRUE DHCPLeaseObtained = 03/09/00 12:09:21: DHCPLeaseExpires = 03/09/00 12:12:21: DHCPServer = 10.0.0.4 Successful ping - pinging (20.0.0.4) 64 bytes from 20.0.0.4: icmp_seq = 0. time: 2 ms 64 bytes from 20.0.0.4: icmp_seq = 1. time: 1 ms 64 bytes from 20.0.0.4: icmp_seq = 2. time: 0 ms 64 bytes from 20.0.0.4: icmp_seq = 3. time: 2 ms DNSDomain = columbo.test.com DNSDomainSuffixSearchOrder = (empty) DNSEnabledForWINSResolution = (empty) DNSHostName = COLUMBO-TEST DNSServerSearchOrder = 10.0.0.11 PASSED Successful ping - pinging (10.0.0.11) 64 bytes from 10.0.0.11: icmp_seq = 0. time: 1 ms 64 bytes from 10.0.0.11: icmp_seq = 1. time: 2 ms 64 bytes from 10.0.0.11: icmp_seq = 2. time: 1 ms 64 bytes from 10.0.0.11: icmp_seq = 3. time: 1 ms 10.0.0.12 PASSED Successful ping - pinging (10.0.0.12) 64 bytes from 10.0.0.12: icmp_seq = 0. time: 1 ms 64 bytes from 10.0.0.12: icmp_seq = 1. time: 2 ms 64 bytes from 10.0.0.12: icmp_seq = 2. time: 1 ms 64 bytes from 10.0.0.12: icmp_seq = 3. time: 2 ms ForwardBufferMemory = (empty) GatewayCostMetric = (empty) IGMPLevel = (empty) IPAddress = 10.0.0.193 Successful ping - pinging (20.0.0.193) 64 bytes from 20.0.0.193: icmp_seq = 0. time: 1 ms 64 bytes from 20.0.0.193: icmp_seq = 1. time: 0 ms 64 bytes from 20.0.0.193: icmp_seq = 2. time: 0 ms 64 bytes from 20.0.0.193: icmp_seq = 3. time: 1 ms IPFilterSecurityEnabled = (empty) IPPortSecurityEnabled = (empty) IPSecPermitIPProtocols = (empty) IPSecPermitTCPPorts = (empty) IPSecPermitUDPPorts = (empty) IPSubnet = 255.255.255.0 IPUseZeroBroadcast = (empty) KeepAliveInterval = (empty) KeepAliveTime = (empty) MTU = (empty) NumForwardPackets = (empty) PMTUBHDetectEnabled = (empty) PMTUDiscoveryEnabled = (empty) TCPMaxConnectRetransmissions = (empty) TCPMaxDataRetransmissions = (empty) TCPNumConnections = (empty) TCPUseRFC1122UrgentPointer = (empty) TCPWindowSize = (empty) WINSEnableLMHostsLookup = (empty) WINSHostLookupFile = (empty) WINSPrimaryServer = 10.0.0.11 Successful ping - pinging (10.0.0.11) 64 bytes from 10.0.0.11: icmp_seq = 0. time: 1 ms 64 bytes from 10.0.0.11: icmp_seq = 1. time: 2 ms 64 bytes from 10.0.0.11: icmp_seq = 2. time: 1 ms 64 bytes from 10.0.0.11: icmp_seq = 3. time: 1 ms WINSScopeID = (empty) WINSSecondaryServer = 10.0.0.12 Successful ping - pinging (10.0.0.12) 64 bytes from 10.0.0.12: icmp_seq = 0. time: 1 ms 64 bytes from 10.0.0.12: icmp_seq = 1. time: 2 ms 64 bytes from 10.0.0.12: icmp_seq = 2. time: 0 ms 64 bytes from 10.0.0.12: icmp_seq = 3. time: 2 ms IPXEnabled = (empty)
Installed Clients
Description = Client for Microsoft Networks InstallDate = 20000305160000.000000-480 Manufacturer = Microsoft Name = Client for Microsoft Networks Status = OK
The following list details the items tested by the Network Diagnostics Tool. The two tests used are a PING test and a TCP connection test. The following list shows each service or parameter that may be tested and which tests are used for that service or parameter. Individual machines may not have all of these parameters configured or they may not be applicable, and therefore Network Diagnostics may not perform all of the listed tests.
PING Tests
Loopback address – Pings 127.0.0.1 IP address(s) per adapter – Manual or assigned by DHCP Default Gateway(s) per adapter – Manual or assigned by DHCP DHCP server(s) per adapter- Only if adapter has a DHCP assigned IP address DNS server(s) per machine – Manual or assigned by DHCP WINS server(s) per adapter – Manual or assigned by DHCP Outlook Express Default Mail Server – IP address or hostname Outlook Express Default News Server – IP address or hostname IE Web Server (Winsock Proxy is not detected) – IP address or hostname User-defined IP address – IP address or hostname
TCP Connection Tests
Outlook Express Default Mail Server tests the following ports: POP3 port 110 – IP address or hostname POP2 port 109 – IP address or hostname SMTP port 25 – IP address or hostname IMAP port 143 – IP address or hostname User configured SMTP port – IP address or hostname Outlook Express Default News Server tests the following ports: NNTP port 119 – IP address or hostname User configured News port – IP address or hostname IE Proxy Server (Winsock Proxy is not detected) tests the following ports: User configured IE Proxy port in IE settings – IP address or hostname
Web-Based Enterprise Management (WBEM) describes a collection of technologies designed to integrate existing standards of systems management into an architecture that can be managed using any Web browser. Microsoft’s implementation of WBEM is Windows Management Instrumentation (WMI). The Network Diagnostics Web page and Netsh helper use WMI extensively. The Network Diagnostics WMI provider is the component responsible for querying the system registry for parameters of interest, such as mail and news configuration. It is also responsible for running tests and reporting results to the Network Diagnostics Log provider or other scripting mechanism.
How to access the WMI provider
The Network Diagnostics WMI provider exposes an interface for developers to initiate network tests both locally and remotely. The Network Diagnostics WMI provider supports the ability to query for information and provides two methods of testing network resources via PING and TCP connections.
The Network Diagnostics provider resides within the root\cimv2 namespace. Once the namespace has been connected to, enumerate an instance of NetDiagnostics and the instance data for diagnostics should be available.
Developers also have a choice in the tools they wish to use to access this information. They can use JavaScript, VBScript, C, C++, and many other programming languages supported by the WMI framework.
Examples of the properties that can be accessed via the Network Diagnostics WMI provider are shown here:
Netdiag.IEProxy |
What is the currently configured proxy server? |
Netdiag.IEProxyPort |
What proxy port is IE using? |
Netdiag.NewsServer |
What is the currently configured news server? |
Netdiag.NewsNNTPPort |
What news port is Outlook Express using? |
Examples of the methods provided by the Network Diagnostics WMI provider are shown here:
Netdiag.Ping (addr, str) |
PING address |
Netdiag.ConnectToPort (addr, port) |
Connect to address and port |
The Network Diagnostics Log Provider is the central mechanism for delivering information to the Web page and the Netsh helper. It is also possible for 3rd party scripting mechanisms to access this provider through scripts.
When either the netsh context is launched or the HTML page is launched, the Network Diagnostics Log Provider gathers network resource information from the Windows XP WMI providers and the Network Diagnostics WMI provider. The Log Provider sends the necessary instructions to the Network Diagnostics WMI provider for testing the availability of the resources configured on the machine.
How to Access the Log provider
The Network Diagnostics Log provider exposes a single interface for developers to initiate network tests both locally and remotely. Numerous flags can be set depending on what information is desired. All information that is queried through the Log provider is returned in XML format.
The information available via the provider includes all of the same information available via the WMI provider, but with extended functionality. For instance, if a developer wanted to use the WMI provider to write a web page that pinged the proxy server, the developer would first have to find out what the proxy server settings were, and then pass that information to the ping function. By using the Log provider, the developer would only have to use one function and set the flags indicating that the proxy server should be pinged. The difference is that the WMI provider provides the result data in raw format and the Log provider provides the data in XML format.
Developers also have a choice in the tools they wish to use to access this information. They can use JavaScript, VBScript, C, C++, and many other programming languages, as long as the XML data is desired.
The best way to access the list of available WMI providers in Windows XP is to install the WBEM SDK and use the web browse tool to view all of the different providers available. The Network Diagnostics tool specifically looks at information from the providers below, although many more are available:
Win32_NetworkAdapterConfiguration
Win32_ComputerSystem
Win32_POTSModem
Win32_NetworkClient
Win32_OperatingSystem
Win32_WMISetting
The popularity of the Winipcfg.exe tool for Windows 95, Windows 98, and Windows Millennium Edition made it clear that consumers, administrators, and support professionals found it useful to be able to display the IP configuration information on LAN and WAN adapters. Therefore the challenge for the Network Diagnostics team was to provide the same or better functionality in the Windows XP operating system. The solution was to provide an additional tab called Support to the normal status page of an adapter.
There are two ways to access the Support tab.
Double-click a network connection icon in the connections folder to bring up the status page, then click the Support tab.
Click the information balloon that appears in the system tray when your IP configuration becomes invalid.
Either of these steps brings up the window as shown in Figure 6.
.gif "Figure 6: The Windows XP Network Support Tab")
Figure 6: The Windows XP Network Support Tab
The Support tab now contains all of the information that used to be available with winipcfg.exe and improves the old Winipcfg.exe functionality by including a button link to the Repair feature. It includes the following information:
Address Type – In any of the below configurations
Assigned by DHCP
Manually Configured
Automatic Private Address (169.255.x.x)
Invalid IP Address (0.0.0.0) because of:
IP address conflict
DHCP unavailable and Autonet disabled
IP Address – Manual or assigned by DHCP
Subnet Mask – Manual or assigned by DHCP
Default Gateway – Manual or assigned by DHCP
Clicking the Details Tab lets you view more detailed information about the network adapter information, including:
Physical Address – Mac address
IP Address
Subnet Mask
Default Gateways – If configured
DHCP Server – If configured
DHCP Lease Obtained – If configured
DHCP Lease Expires – If configured
DNS Servers – Manual or assigned by DHCP
WINS Servers – Manual or assigned by DHCP
.gif "Figure 7: Network Connection details")
Figure 7: Network Connection details
When consumers find it necessary to call support or a help center, they are generally told to perform a common series of network diagnostics steps to help the support professional locate the actual networking problem. The goal of the Repair link was to automate many of the common troubleshooting steps that are useful in solving these problems. It was also critically important during the development of the Repair link that the team choose repair steps that would not put the consumer in a worse position than they were in when they ran this feature.
The Repair Link can be accessed three ways:
Right-click a network connection icon in the Network Connections folder and click Repair Link.
Right-click the information balloon that appears in the system tray when your IP configuration becomes invalid and click Repair Link.
From the Status dialog box, click the Support tab, and then click Repair.
When selecting a network connection, look in the left-hand column (if shown) for the Repair this connection link.
.gif "Figure 8: The Windows XP Networking Repair Functionality")
Figure 8: The Windows XP Networking Repair Functionality
.gif "Figure 8: The Windows XP Networking Repair Functionality")
When deciding what repair steps would be taken, it was vitally important to the Network Diagnostics team that it be impossible to put the consumer in a worse position than they were already in. With this key objective in mind, the following steps are run when the Repair Link is selected.
The Repair link initiates six of the most common troubleshooting steps that support professionals generally ask customers to perform when starting to diagnose a problem. These steps are shown below in the order that they are initiated:
Broadcast DHCP Lease Renew
This is the equivalent of a DHCP broadcast renewal at 87.5% of the lease time. This was chosen because it is far safer than actually doing an DHCP release, then a DHCP renew. If a DHCP server is unavailable to renew the address, the consumer machine keeps the current one it has, while if a new DHCP server comes online, the DHCP can NACK the client and restart the lease process, potentially fixing a computer's IP address problems.
Flush ARP cache
Sometimes, an ARP cache entry can become stale and communication cannot occur again until the bad ARP cache entry expires. It is also possible that a bad static ARP cache entry could have been placed on the machine and would never expire. The ARP cache is naturally flushed at 2 and 10 minute intervals, so this operation is considered safe.
Note: If your organization relies on static ARP cache entries, make sure there is a mechanism for adding the entries back in once this tool is run.
Nbtstat –R
Many times, the NetBIOS cache can have stale entries and communication cannot occur. This step simply clears the NetBIOS name cache and reloads any NetBIOS name entries in the Lmhosts file with the #PRE flag.
Nbtstat -RR
This step is the equivalent of re-registering the machines names with a WINS server. This can be very useful in troubleshooting NetBIOS name resolution problems. It is important to note that both nbtstat –RR, and thus the repair link functionality, simply schedule the name refresh with the operating system and return without checking to determine if the refresh was successful.
Flush DNS cache
This step clears the DNS cache entries from memory and flushes any potentially old or bad name to IP mappings. This can be very useful in troubleshooting DNS name resolution problems.
Register DNS name
This step is the equivalent of re-registering the machines DNS name with a Dynamic DNS server.
This tool was designed to help visually interpret the amount of network traffic occurring on a network connection. This tool is designed to help in troubleshooting possible network congestion issues by giving the user a quick snapshot of network availability. As part of the current client-centric design of the tool, it only supports LAN connections and outgoing WAN connections. Incoming WAN connections are not monitored.
The Networking Tab can be accessed two ways:
Right-click the taskbar and choose Task Manager. When Task Manager opens, select the Networking Tab.
Simultaneously press the Crtl – Alt – and ESC keys. When Task Manager opens, select the Networking Tab.
.gif "Figure 9: The Windows XP Networking Tab in Task Manager")
Figure 9: The Windows XP Networking Tab in Task Manager
.gif "Figure 9: The Windows XP Networking Tab in Task Manager")
The Networking tab provides a wide range of features. For a complete look at the new menus that have been added, see below:
New Task Manager Networking Options
Tab Always Active. This selection indicates whether the Networking Tab should collect information, even though the networking tab is not selected.
Show Cumulative Data. This selection allows the user to see the cumulative data collected for summary categories since Task Manager was opened.
Auto Scale. The graphs maintain the scale dynamically by looking at the largest amount of traffic that appears within the specified interval.
Reset. Resets current window data and counters.
Show Scale. This selection displays the scale currently used to draw the graph, this is useful in low bandwidth scenarios.
New Task Manager Networking View
Refresh Now. Resets the current view data and resets display counters to zero.
Update Speed. Determines how often the adapters are polled to create the graphs. Polling can be set to occur at High (.5 seconds), Normal (1 seconds), Low (2 seconds), or Paused (discontinues polling)
Network Adapter History. It is possible to display three different kinds of data sets: Bytes Sent, Bytes Received, and Bytes Total.
Select columns. Select columns allows the user to display a large range of data below the graphs, as evidenced by Figure 10.
.gif "Figure 10: The Windows XP Networking Tab Columns View in Task Manager")
Figure 10: The Windows XP Networking Tab Columns View in Task Manager
.gif "Figure 10: The Windows XP Networking Tab Columns View in Task Manager")
Many network-troubleshooting tools are available for Windows XP. Most are included in the product or the Windows Resource Kit. Troubleshooting tools include ipconfig, ping, tracert, telnet, nbtstat, netstat, and others. When troubleshooting any problem where the validity of the data is in question, it is always helpful to have more than one tool to diagnose the problem. The Network Diagnostics suite of tools are powerful additions for quickly gathering and testing the network characteristics of a consumers machine.
Note: Network Diagnostics combines the effectiveness of standard troubleshooting tools. It answers many of the initial questions a support professional would ask when diagnosing a network problem. It saves valuable troubleshooting time and helps create a positive support experience for the consumer.
As an example, when a support professional first takes a call from a customer having a problem gaining access to network resources, the first questions asked are typically:
What are you trying to reach?
What is your IP address?
Are you using WINS or DNS?
Can you resolve names?
Can you resolve IP addresses?
The Network Diagnostics Tool can immediately answer four of the five questions. All that is required is showing the consumer where to go to launch the tool. This is valuable for consumers unfamiliar with network concepts.
In some situations, the Network Diagnostics Tool may appear to report an error or unreachable status when there is not really an error condition This next section describes a couple of scenarios to pay attention to when troubleshooting issues.
Dial-up and VPN Scenarios
It can be easy to forget the simple routing involved in dial-up networking scenarios. This is especially true in dial-up scenarios where you are using a combination of dial-up networking and network cards or dial-up networking and VPNs. You may see errors connecting to resources when using a combination of these connection methods. The most common situation where you’ll see errors involves the use of the default gateway. For instance, if a consumer has a machine with a network card, it may be configured with a default gateway to internal resources. If consumers then dial up the Internet, they will have a new default gateway to the Internet. Now any packet destined for non-local traffic will be routed to the Internet, not to the internal network or internal router. The routing table makes this decision. The Network Diagnostics Tool will report that it cannot reach the configured resources on the network card and mark them UNREACHABLE. This is true and expected, but may seem odd at first. Always keep in mind how the machines configuration can alter interpretation of the Network Diagnostics data.
Primary and Secondary WINS servers
The IP stack in Windows XP is configured to adjust for temporary or permanent outages of a primary WINS server. If a machine is configured with a primary and secondary WINS server, and the primary WINS server is unavailable, the IP stack will swap the addresses of the primary and secondary. At first, this may seem like an error, because the network adapter settings do not change when this occurs. However, this is not an error, so if encountered, is usually a sign that the primary WINS server is not functioning.
IP Filters Enabled
Since the primary tests used by Network Diagnostics involve pinging and connecting via TCP, if a remote location is blocking certain traffic, the Network Diagnostics Tool may report a failure when none exists. For instance, if a consumer is connecting to an e-mail server that is blocking Internet Control Message Protocol (ICMP) traffic, you may see results that look like this:
MailServer: smtp.email.msn.com UNREACHABLE Cound not ping - pinging (smtp.email.msn.com) timed out timed out timed out timed out Mail server appears to be running [SMTP].
The fact that the ping failed does not represent an actual error, although it does give you good information about the remote site.
TV Adapters
The Microsoft TV adapter assumes an IP address based on a device ID generated during boot. The IP address that it takes will vary, but may appear to look like an IP network address. The Network Diagnostics Tool tests for valid IP addresses within the network adapter IP field and does not accept network addresses. This can result in an error condition when nothing is actually wrong. For instance, with the Microsoft TV adapter installed, you may see something similar to the following:
[0003] Microsoft TV Data Adapter. UNREACHABLE IP Address = 5.0.0.0 UNREACHABLE
Could not ping - pinging (5.0.0.0)
timed out
timed out
timed out
timed out
Be aware that the IP address enumerated is not actually used and thus should not interfere with normal network activity.
IEEE 1394 and PC Card (PCMCIA) Adapters
It is important to note that for many adapters, the drivers may or may not be loaded depending on whether the adapter is attached to the system or to other networking devices, such as hubs or switches. Below are a few examples of where this can be important.
PC card (PCMCIA) adapters that have been removed from their slots will no longer have WMI properties and therefore will no longer show up in the Network Diagnostics Tool.
IEEE 1394 adapters will not be enumerated by WMI until they are connected to another IEEE 1394 device or hub. Although the adapter and IP bindings will be viewable in system properties, neither Ipconfig nor Winipcfg will show the adapter. This also means that the Network Diagnostics Tool will not see the adapter either.
Empty DNS Server Scope Options
There can be rare cases where an administrator has configured a DNS scope option, but has not entered any DNS server information into the scope. When this occurs, WMI reports that the DNS server address is 0.0.0.0. The Network Diagnostics Tool will fail on this address, indicating that a DNS server was not available. While rare, this test case can inform administrators if they have overlooked assigning the DNS servers within a scope. If the scope is removed or if valid DNS servers are added to the scope option, the Network Diagnostics error does not occur.
Proxy Server Settings Appear When Proxy Server is Not Enabled
Internet Explorer settings are accessed based on how they appear in the registry. There are two primary registry keys that are read. The first is whether the proxy server is enabled, the second is the name of the configured proxy server. These registry keys are independent of each other. If a consumer configures a proxy server and enables it, the Network Diagnostics Tool displays the proxy server information and determines whether it can connect to the proxy server. If the consumer configures a proxy server and disables it, the registry information for the proxy server is still maintained. If Network Diagnostics is run, it displays the proxy server information in the registry, but is smart enough to know not to actually try to connect to the server, since this functionality is disabled. This can be helpful when determining whether the Internet Explorer settings have changed or are not what the consumer expects.
The Network Diagnostics Team offers several mechanisms for helping diagnose and fix network related problems. The current tool set now includes four primary additions to the Windows XP operating system:
Network Diagnostics Web Page and Netsh Helper. This tool includes computer and operating system information, adapter information, ping and connect tests, and many other features for diagnosing network problems.
Network Connections Support Tab. This addition to the network connection status page promises to become widely used for resolving network problems. This enhancement provides all of the information and tasks that the Win9x support tool Winipcfg.exe used to provide while improving it in the process.
Network Connection Repair Link. The repair link performs a series of safe configuration repair steps that support professionals normally ask a customer to perform during the first few minutes of a support call. By automating these initial repair steps into a single task, users now have considerable troubleshooting and problem fixing power within one click of a mouse.
Task Manager Network Tab. This tab displays each network adapter on the machine, LAN or WAN, and displays the percentage network utilization and other metrics for the adapter. This is useful in those situations where a user is not sure whether the network traffic is high or whether a server is just slow in responding. By using this tool, users have a quick guide to how well their network is performing.
See the following resources for further information:
- Windows 2000 Communications and Networking Services at https://www.microsoft.com/windows2000/technologies/communications/default.asp
For the latest information about Windows XP, see the Windows XP Web site at https://www.microsoft.com/windowsxp/default.asp.
Release Note If you have comments or suggestions for the Network Diagnostics team, please submit them to pubnetdg@microsoft.com and include Network Diagnostics Feedback in the title. Depending upon volume, you may not receive a reply; however, we appreciate your contributions and will read all of your comments.