Export (0) Print
Expand All

Netdiag

Netdiag is a utility that helps isolate networking and connectivity problems by performing a series of tests to determine the state of your network client and whether it is functional. These tests and the key network status information they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output, rather than training users about tool usage.

Netdiag diagnoses network problems by checking all aspects of a host computer's network configuration and connections. Beyond troubleshooting TCP/IP issues, it also examines a host computer's Internetwork Packet Exchange (IPX) and NetWare configurations.

Run Netdiag whenever a computer is having network problems. The utility tries to diagnose the problem and can even flag problem areas for closer inspection. It can fix simple DNS problems with the optional /fix switch.

For more information about Netdiag, see Windows 2000 Support Tools Help. For information about installing and using the Windows 2000 Support Tools and Support Tools Help, see the file Sreadme.doc in the \Support\Tools folder of the Windows 2000 operating system CD.

Netdiag performs its tests by examining .dll files, output from other tools, and the system registry to find potential problem spots. It checks to see which network services or functions are enabled and then runs the network configuration tests listed in Table 3.5, in the order presented. If a computer is not running one of the services listed, the test is skipped.

Table 3.5 Netdiag Tests

Test Name

Function

Details

NDIS

Network Adapter Status

Lists the network adapter configuration details, including the adapter name, configuration, media, globally unique identifier (GUID), and statistics. If this test shows an unresponsive network adapter, the remaining tests are aborted.

IPConfig

IP Configuration

This test provides most of the TCP/IP information normally obtained from ipconfig /all , pings the DHCP and WINS servers, and checks that the default gateway is on the same subnet as the IP address.

Member

Domain Membership

Checks to confirm details of the primary domain, including computer role, domain name, and domain GUID. Checks to see if NetLogon service is started, adds the primary domain to the domain list, and queries the primary domain security identifier (SID).

NetBTTransports

Transports Test

Lists NetBT transports managed by the redirector. Prints error information if no NetBT transports are found.

Automatic Private IP Addressing (APIPA)

APIPA Address

Checks if any interface is using Automatic Private IP Addressing (APIPA).

IPLoopBk

IP Loopback Ping

Pings the IP loopback address of 127.0.0.1.

DefGw

Default Gateway

Pings all the default gateways for each interface.

NbtNm

NetBT Name Test

Similar to the nbtstat -n command. It checks that the workstation service name <00> is equal to the computer name. It also checks that the messenger service name <03>, and server service name <20> are present on all interfaces and that none of these names are in conflict.

WINS

WINS Service Test

Sends NetBT name queries to all the configured WINS servers.

Winsock

Winsock Test

Uses Windows Sockets WSAEnumProtocols () function to retrieve available transport protocols.

DNS

DNS Test

Checks whether DNS cache service is running, and whether this computer is correctly registered on the configured DNS servers. If the computer is a domain controller, DNS Test checks to see whether all the DNS entries in Netlogon.dns are registered on the DNS server. If the entries are incorrect and the /fix option is on, try to re-register the domain controller record on a DNS server.

Browser

Redirector and Browser Test

Checks whether the workstation service is running. Retrieves the transport lists from the redirector and from the browser. Checks whether the NetBT transports are in the list of NetBT transports test. Checks whether the browser is bound to all the NetBT transports. Checks whether the computer can send mailslot messages. Tests both via browser and redirector.

DsGetDc

DC Discovery Test

First finds a generic domain controller from directory service, then finds the primary domain controller. Then, finds a Windows 2000 domain controller (DC). If the tested domain is the primary domain, checks whether the domain GUID stored in Local Security Authority (LSA) is the same as the domain GUID stored in the DC. If not, the test returns a fatal error; if the /fix option is on, DsGetDC tries to fix the GUID in LSA.

DcList

DC List Test

Gets a list of domain controllers in the domain from the directory services on an active domain controller (DC). If there is no DC info for this domain, tries to get a DC from DS (similar to the DsGetDc test). Tries to get an active DC as the target DC. Gets the DC list from the target DC. Checks the status of each DC. Adds all the DCs into the DC list of the tested domain.
If the above sequence fails, uses the browser to obtain the DCs. Checks the status of all DCs and adds them to the DC list.
If the DcAccountEnum registry entry option is enabled, Netdiag tries to get a DC list from the Security Accounts Manager (SAM) on the discovered DC.

Trust

Trust Relationship Test

Test trust relationships to the primary domain only if the computer is a member workstation, member server, or a Backup Domain Controller (BDC) domain controller that is not a PDC emulator Checks that the primary domain security identifier (SID) is correct. Contacts an active DC. Connects to the SAM server on the DC. Uses the domain SID to open the domain to verify whether the domain SID is correct Queries info of the secure channel for the primary domain. If the computer is a BDCDC, reconnects to the PDC emulator. If the computer is a member workstation or server, sets secure channel to each DC on the DC list for this domain.

Kerberos

Kerberos Test

Tests Kerberos protocols only if the computer is a member computer or DC and the user is not logged onto a local account. Tests Kerberos protocols only when the user is logged onto a Windows 2000 domain account. Connects to LSA and looks up the Kerberos package. Gets the ticket cache of the Kerberos package. Checks if Kerberos package has a ticket for the primary domain and the local computer.

LDAP

Lightweight Directory Access Protocol (LDAP) Test

This per-domain test is run only if the DC is running DS. The computer must be a member computer or DC. NetDiag tests LDAP on all the active DCs found in the domain. It creates an LDAP connection block to the DC, then does a trivial search in the LDAP directory with three types of authentication: "unauthenticated", NTLM, and "Negotiate." If the /v (verbose) option is on, the LDAP test prints out the details of each entry retrieved.

Route

Route test

Displays the static and persistent entries in the routing table, including a destination address, subnet mask, gateway address, interface, and metric.

NetStat

NetStat test

Similar to Netstat tool. Displays statistics of protocols and current TCP/IP network connections.

Bindings

Bindings test

Lists all bindings, including interface name, lower module name, upper module name, whether the binding is currently enabled, and the owner of the binding.

WAN

WAN test

Displays the settings and status of current active remote access connections.

Modem

Modem test

Retrieves all the line devices that are available. Displays the configuration of each line device.

NetWare

NetWare test

Determines whether NetWare is using the directory tree or bindery logon process, determines the default context if Netware is using the directory tree logon process, and finds the server to which the host attaches itself at startup.

IPX

IPX test

Examines the network's IPX configuration, including Frame Type, Network ID, RouterMTU and whether packet burst or source routing are enabled.

IPSec

IP Security test

Tests whether IP security is enabled and displays a list of active IPSec policies.

Netdiag Syntax

The required syntax for Netdiag is simple. The tool can be configured to perform any subset of its exhaustive list of tests by careful use of the /test or /skip options.

Although no parameters or syntax need be specified, several options are available for Netdiag, primarily to increase or decrease the level of detail in its reports. These switches are shown in the Table 3.6. Complete details on the /test and /skip options can be found by typing netdiag /? at a command prompt; this returns a complete list of more than 20 tests that can be singled out or skipped.

Table 3.6 Netdiag Switches

Switch

Name

Function

/q

Quiet output

Lists only tests that return errors.

/v

Verbose output

More extensive listing of test data as tests are performed.

/l

Log output

Stores output in NetDiag.log, in the default directory.

/debug

Most verbose output

Complete list of test data with reasons for success or failure.

/d:< DomainName >

Find DC

Finds a domain controller in the specified domain.

/fix

Fix DNS problems

Compares DNS value to host file.

/DcAccountEnum

Enumerate DC

Enumerates Domain Controller computer accounts.

/test: <test name>

Single test

Runs only the test specified by < test name >. For a complete list, type netdiag /? .

/skip:< test name >

Skip test

Skips the named test.

In general, Netdiag calls Ipconfig and returns a structure that contains most of the general information that ipconfig /all prints. It takes that information from the registry and by calling the various drivers.

Netdiag prints the string [FATAL] when it detects a condition that needs to be fixed immediately. By contrast, the string [WARNING] signals a failure condition that can be put off for a while.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft