Troubleshooting Tools

The following tools, which enable you to gather additional information about the source of your problem, are included with Windows 2000.

Authentication and Accounting Logging

A remote access server running Windows 2000 supports the logging of authentication and accounting information for remote access connections in local logging files when Windows authentication or Windows accounting is enabled. This logging is separate from the events recorded in the system event log. You can use the information that is logged to track remote access usage and authentication attempts. Authentication and accounting logging is especially useful for troubleshooting remote access policy issues. For each authentication attempt, the name of the remote access policy that either accepted or rejected the connection attempt is recorded.

The authentication and accounting information is stored in a configurable log file or files stored in the % SystemRoot %\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) 1.0 or database format, meaning that any database program can read the log file directly for analysis.

If the remote access server is configured for RADIUS authentication and accounting and the RADIUS server is a Windows 2000 computer running IAS, then the authentication and accounting logs are stored in the % SystemRoot %\System32\LogFiles folder on the IAS server computer.

Event Logging

On the Event logging tab on the properties of a remote access server, there are four levels of logging. Select Log the maximum amount of information and try the connection again. After the connection fails, check the system event log for events logged during the connection process. After you are done viewing remote access events, select the Log errors and warnings option on the Event logging tab.

Tracing

Tracing records the sequence of programming functions called during a process to a file. Enable tracing for remote access components and try the connection again. After you are done viewing the traced information, reset the tracing settings back to their default values. You can enable PPP tracing from the Event logging tab on the properties of a remote access server.

The tracing information can be complex and very detailed. Most of the time this information is useful only to Microsoft support professionals, or to network administrators who are very experienced with the Routing and Remote Access service. The tracing information can be sent to Microsoft support for analysis.

Network Monitor

Network Monitor is a packet capture and analysis tool that you can use to view the traffic sent between a remote access server and remote access client during the remote access connection process and during data transfer. Network Monitor does not interpret the compressed or encrypted portions of remote access traffic.

The proper interpretation of the remote access traffic with Network Monitor requires an understanding of PPP protocols described in this chapter and the referenced RFCs. Network Monitor captures can be saved as files and sent to Microsoft support for analysis.