Chapter 8 - Maintenance And Troubleshooting
| Archived content. No warranty is made as to technical accuracy. Content may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
After you have installed RAS, routine maintenance consists of the following tasks:
Monitoring servers and users systematically with Remote Access Administrator.
Reviewing the Windows NT Server Event Viewer regularly to see whether network security is intact. (See "Troubleshooting" and "Audits" later in this chapter. For complete information about using Event Viewer, see Windows NT Server Concepts and Planning.)
Viewing status and connection information with Dial-Up Networking Monitor.
By conveying real-time information about users, ports, modems, and data transmissions, the Remote Access Administrator's utility simplifies the monitoring of servers and users and provides valuable clues that assist in troubleshooting. By running the utility continuously, you can track activity on your Remote Access servers and respond promptly to problems with user accounts and hardware.
With the Remote Access Administrator's utility, you can look at two aspects of a Remote Access Service domain:
The Remote Access servers in a domain. This view of the domain lets you manage multiple Remote Access servers from a central location.
All users connected to those Remote Access servers.
This view lets you monitor user activity on all Remote Access servers in the domain.
The Remote Access Admin window shows a single RAS server or all RAS servers in a domain. The default view is whatever you last viewed. You can change the focus to a different domain, or you can focus on a single server in the current domain.
The Remote Access Administrator utility requires the user to be logged on as an Administrator.
Troubleshooting
The Administrator's utility provides real-time information about active users and current connections and is often the best place to begin troubleshooting. Consider the following examples that put the utility to use:
The Remote Access Admin window might show that fewer ports than expected are in constant use on a server. This suggests that one or more of them might not be operating properly.
If users cannot make a connection, ask them to attempt to reconnect while you monitor their efforts in the Port Status dialog box.
When real-time data is insufficient to solve a problem, refer to the audit and error messages generated by Remote Access. The Windows NT Server Event Viewer records all audits and error messages for Remote Access.
Events are classified into three categories:
Event |
Description |
|---|---|
Audit |
Normal behavior recorded for administration, for example, information about a connected client—user name, connection time, and current status. |
Warning |
An irregular or unexpected condition that doesn't affect the system's functionality. |
Error |
A major function fails or a network error occurs. |
Audits are further divided into two categories:
Category of Audit |
Example |
|---|---|
Success audit |
Client connects and disconnects normally. |
Failure audit |
Server disconnects a client that's been inactive too long, or a client tries to connect with the wrong password. |
Note For a list of error messages and what they mean, see the online Help topic, "Error Messages." For a list of idiosyncrasies in modems supported by RAS see the online Help topic, "Modem Idiosyncrasies."
Audits
The Windows NT Server Event Viewer records activity on each Remote Access server. Because audits recorded in the log are the best evidence of possible attempts to violate network security, you should review them regularly. For information about using Event Viewer, see Windows NT Server Concepts and Planning.
To enable audits, make sure the EnableAudit parameter is set to the default value of 1. For more information, see Appendix A, "RAS Registry Values."
The Remote Access Service generates, among others, the following audit records:
Success Audits
Message |
Explanation |
|---|---|
The user username has connected and has been successfully authenticated on port portname. |
This message signifies a normal connection by a certain user on a given port. |
User username has disconnected from port portname. |
This message records a successful disconnection initiated by the user. |
The user domainname\username on port number was called back at the number callback number. |
This records a successful callback to a user at the specified phone number. |
Failure Audits
Message |
Explanation |
|---|---|
The user connected to port portname has been disconnected due to inactivity. |
The line was idle for a period longer than configured using the AutoDisconnect parameter in the Registry. |
The user has connected and failed to authenticate on port portname. The line has been disconnected. |
The user supplied an incorrect username, password, or both. The number of failed authentications before access is denied and the line is dropped depends on the value of the AuthenticateRetries parameter in the Registry. |
The user connected to port portname has been disconnected due to authentication timeout. |
Authentication took longer than the value set for timing out. You might need to increase the value of the AuthenticateTime parameter. See "Remote Access Parameters" in Appendix A, "RAS Registry Values." |
The user connected to port portname has been disconnected because of a transport-level error during the authentication conversation. |
Too many errors occurred during the authentication conversation, possibly because of noisy lines or incompatible modems. Ask the user to try connecting with a lower initial speed. |
The user connected to port portname has been disconnected because the port could not be projected onto the network. |
Most likely the user's computer name already exists on the network. Ask the user to configure the remote computer with a different computer name or to make sure the computer is not already connected to the network through another means, such as the Ethernet or token ring. |
Note If the Remote Access Service fails to start, check Event Viewer for a description of the error that occurred. For information about using Event Viewer, see Windows NT Server Concepts and Planning. After you find the error, look it up in the online error messages Help file on the Windows NT Server Resource Kit CD, and take the recommended corrective action.
Client Problems
Because client problems usually stem from improper hardware or software configuration on the computer, first check the error message and audit logs for clues. If this doesn't help, see "Answers to Common Questions" in the Remote Access online Help.
RAS-Specific Logs
To enable two RAS-specific logs (the PPP log and the device log), change parameters in the Registry. These logs are text files and can be viewed in any text editor or at the command prompt. They cannot be viewed using Event Viewer.
The PPP Log
When enabled, the PPP log records all PPP events in the file \systemroot\SYSTEM32\RAS\PPP.LOG. This log file can help you determine problems with PPP connections. To enable the PPP log, go to the following key and change the Logging parameter to 1:
HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \RasMan \PPP
The Device Log
When enabled, the device log is created in the file \systemroot\SYSTEM32\RAS \DEVICE.LOG. The device log records all communication from serial ports to the device connected to them during command mode. Logging stops after successful connection to the device and after data is transmitted. To enable the device log, go to the following key and change the Logging parameter to 1:
HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \RasMan \Parameters
For more information about enabling these logs, see Appendix A, "RAS Registry Values."
Status Reporting
The Dial-Up Networking Monitor (located in Control Panel) provides the status of a call, and allows you to see
the speed at which you connected
the duration of the connection
the names of users connected to a RAS server
protocols used during the connection
which devices are part of a connection
You also use the Dial-Up Networking Monitor to hang-up active connections. If you have Multilink connections, you can hang up a specific device if you want to use it for another call.
By default, the Dial-Up Networking Monitor appears on the taskbar as you dial out. Use the Preferences tab to change the view and configure it to appear as window. The Dial-Up Networking Monitor displays lights to indicate traffic over dial-up lines: A button flashes blue when sending or receiving data, and a button flashes red when an error occurs.
Also, when Dial-Up Monitor is viewed as a window, you can configure it to show rows of lights for multiple devices. To do this, in the Preferences tab, click Lights.
For detailed information on the dialog box properties, see online Help.
.gif "Cc751467.spacer(en-us,TechNet.10).gif")