Using Network Diagnostics Framework and Network Tracing to Troubleshoot Connectivity Problems
Published: October 29, 2009
Updated: December 23, 2009
Applies To: Windows 7, Windows Server 2008 R2
Anyone who has spent time trying to troubleshoot connectivity problems know that determining the cause of those problems can be time consuming and difficult. Even small home networks have numerous components that must all function for clients to connect to the Web or to network resources. And as the complexity of a network increases, the potential problem points also increase. Experienced users can frequently diagnose common issues with stand-alone tools like ping, ipconfig, nslookup, but most end users do not know how to use these tools.
In an effort to improve the troubleshooting process for network connectivity problems, Microsoft introduced the Network Diagnostics Framework (NDF) in Windows Vista®. NDF is a feature that can detect and diagnose many common connectivity problems. NDF provides a way for end users, as well as component and application developers, to simplify network troubleshooting by automating common troubleshooting steps and solutions.
In Windows® 7, NDF is redesigned to improve the user experience and enhance the scope of diagnostics, to meet the following goals:
Help users to get and stay connected.
Reduce support costs for the entire Windows ecosystem.
Make user assistance as easy and efficient has possible.
The main objective for NDF is to avoid support calls by providing users with automated resolutions to connectivity problems, or actionable steps that the user can take to resolve the problem when an automated fix is not possible. An example of actionable steps is the detection of an unplugged Ethernet cable which renders a message instructing the user to plug in their network cable.
For situations in which NDF alone cannot provide a resolution to a problem, NDF functionality in Windows 7 is extended to support advanced tracing. In Windows 7, NDF is closely integrated with Event Tracing for Windows (ETW), which enables tracing sessions to log network events and packets into a single file. This integrated functionality is commonly known as Network Tracing. Because Windows 7 NDF automatically collects network events that are marked with the DIAGNOSTICS keyword every time NDF troubleshooting is launched, Windows 7 NDF is able to provide a more efficient method of troubleshooting network connectivity issues. When a user clicks on a Diagnose button in an error message, or chooses one of the pre-defined troubleshooting scenarios in Troubleshoot problems, a diagnostics session log is automatically generated. Each incident contains a report with diagnostics results, along with the Event Trace Log (ETL) file. The ETL file typically contains events from diagnostics, and event data from networking components.
In Windows 7 NDF and tracing, events related to a specific issue are categorized using activity-ID-based correlation (known as “grouping”), and then output in the ETL file. Grouping captures all issue-related events across the stack and groups them together. For example, if you are running a tracing session and you attempt to browse to http://www.microsoft.com and the browse fails, then all of the events related to that activity (WinSock, DNS, TCP, NDIS, WFP, etc.), are captured and grouped together. The benefit is that you can then examine the entire transaction throughout the stack as a single collection of events.
Windows 7 includes a new Netsh context, Netsh trace, which enables you to perform comprehensive tracing, along with network packet capturing.
You can use Netsh trace to enable pre-defined scenarios for troubleshooting specific issues, and to configure detailed tracing parameters for a tracing session. Scenarios include, but are not limited to the following:
DirectAccess related issues.
Common file and printer sharing problems.
Web connectivity issues.
Layer-2 authentication issues.
Issues with network connections.
Issues related to Wireless or Wired LAN connectivity.
An additional benefit of Windows 7 NDF is that the user can run diagnostics on the computer that is experiencing connectivity problems and then provide the resulting diagnostics files to someone else for examination. Network Monitor is only needed on the computer that is being used to examine the packets; installation of Network Monitor on the computer experiencing connectivity problems is not required. The user need only e-mail the .cab file to their support professional, or provide it on some type of removable media, such as a CD or Flash Drive.