Monday, October 20, 2008

Admin KnowledgeBase Articles & Tutorials Authors Blogs Hardware Message Boards Newsletters RSS Software White Papers

In the previous part of this article series, I explained that TRACERT could be used to help diagnose connectivity problems between local hosts, and hosts on remote networks. In that article, I showed you how to issue a basic TRACERT command, so in this article I will continue the discussion by showing you how you can interpret the results.

For demonstration purposes, I have performed a TRACERT against www.espn.com. The only reason why I chose this particular site is because it is one of the few sites that I know of off the top of my head that does not block ICMP traffic. You can see the output from the trace route below. I will be referring to this output throughout the rest of the article.

C:\Users\Administrator>TRACERT www.espn.com

Tracing route to www.espn.com [199.181.132.250] over a maximum of 30 hops:

  1 2 ms 1 ms <1 ms 147.100.100.100

  2 10 ms 10 ms 9 ms 208.104.224.1

  3 9 ms 9 ms 9 ms 208.104.1.13

  4 9 ms 8 ms 9 ms 208.104.0.13

  5 10 ms 9 ms 10 ms 208.104.0.1

  6 11 ms 14 ms 10 ms 165.166.125.193

  7 11 ms 10 ms 11 ms gig-1-1-3.core01.ncchrl.infoave.net [165.166.22.61]

  8 31 ms 31 ms 30 ms 64.200.130.17

  9 38 ms 39 ms 40 ms hrndva1wcx2-pos15-3-oc48.wcg.net [64.200.240.213]

 10 31 ms 31 ms 31 ms 64.200.249.170

 11 31 ms 30 ms 31 ms 4.68.110.5

 12 48 ms 35 ms 35 ms vlan99.csw4.Washington1.Level3.net [4.68.17.254]

 13 32 ms 31 ms 33 ms ae-92-92.ebr2.Washington1.Level3.net [4.69.134.157]

 14 60 ms 53 ms 54 ms ae-2.ebr3.Chicago1.Level3.net [4.69.132.69]

 15 86 ms 71 ms 70 ms ae-3.ebr2.Denver1.Level3.net [4.69.132.61]

 16 137 ms 103 ms 102 ms ae-2.ebr2.Seattle1.Level3.net [4.69.132.53]

 17 95 ms 95 ms 95 ms ae-23-52.car3.Seattle1.Level3.net [4.68.105.36]

 18 94 ms 95 ms 95 ms WALT-DISNEY.car3.Seattle1.Level3.net [4.71.152.22]

 19 * * * Request timed out.

 20 97 ms 95 ms 98 ms 199.181.132.250

Trace complete.

If you look at the TRACERT above, you will notice that each line of the output contains several different pieces of information. The first piece of information found on the leftmost side of each line is the hop number. As I explained in the previous article, TRACERT works by sending a ping request to the specified host. Initially, the requests TTL value is set to 1. This insures that the request will fail after the first hop. Information about the hop is presented, and then the ICMP request is transmitted again, but this time with the TTL value set to 2. The process is repeated over and over again, increasing the TTL value by 1 each time until the specified host is finally reached. In doing so, TRACERT is able to report how many hops the request had to make in order to reach the remote host. If you look at the last line of the output above, you will see that it begins with the number 20. That is because it took 20 hops to reach the specified host.

The next three pieces of information on each line display the amount of time that it took to reach the router or host that the particular line refers to. If you look through the list, you will notice that the time links generally increase with each hop. There are two things that you really need to know about the time links that are displayed.

First, three separate time lengths are displayed for each hop. As I mentioned before, trace route is based on the concept of sending multiple ICMP requests. When we worked with the ping command earlier in this article series, you saw the ping command always returned four different values as a way of measuring packet loss. The same concept applies to trace route, except that the length of time the request took is measured three times instead of four.

The second thing that you need to know about the response times are that an asterisk indicates that a request has timed out. This may or may not indicate a problem, depending on how the asterisk appears. If you look at hop number 19 in the output above, you will notice that all three response time values are presented as asterisks. When you see three asterisks in a row, it usually means that the device that is being pinged on at hop has its firewall configured to reject ICMP packets this will cause each of the timers to timeout, and the final column will simply display the words Request Timed Out. 

Keep in mind though that although this is usually the case, it is not the only possibility. Trace route will also display three asterisks when the device in question is unreachable. Of course that raises the question of how you can tell the difference between a site that blocks ICMP packets, and a link failure? Well, it can be a little tricky. 

At first glance, a link failure looks identical to what you see when a router or a host blocks ICMP requests. When a failure occurs, you are not going to see an error message. In fact, the process ends with the standard Trace Complete message.

There are two good signs that a link failure has occurred. One sign is that beyond a certain point in the trace, every result that is returned times out. Another sign of a link failure is that the TRACERT proceeds for a full 30 hops. Neither of these conditions guarantee that a link failure has occurred even when they occur together. For example, my Web site (www.brienposey.com) is working fine at the moment, and yet when I run a TRACERT against it, both of these symptoms show up, as shown in the output below:

C:\Users\Administrator>TRACERT www.brienposey.com

Tracing route to www.brienposey.com [24.235.10.4]

over a maximum of 30 hops:

  1 1 ms 1 ms <1 ms 147.100.100.100

  2 8 ms 12 ms 8 ms 208.104.224.1

  3 9 ms 8 ms 9 ms 208.104.1.9

  4 10 ms 9 ms 8 ms 208.104.0.9

  5 10 ms 12 ms 11 ms 208.104.0.5

  6 12 ms 10 ms 9 ms 165.166.18.1

  7 15 ms 23 ms 13 ms gig2-2-1.c01.scclma.infoave.net [165.166.22.17]

  8 13 ms 12 ms 13 ms 66.192.166.9

  9 31 ms 30 ms * peer-01-ge-0-0-0-1.asbn.twtelecom.net [64.129.249.10]

 10 56 ms 57 ms 55 ms bb2-p6-0.ipltin.sbcglobal.net [151.164.242.59]

 11 55 ms 53 ms 55 ms ded2-g8-0.ipltin.sbcglobal.net [151.164.42.159]

 12 59 ms 56 ms 56 ms Winnet-1148485.cust-rtr.ameritech.net [66.73.221.254]

 13 64 ms 63 ms 68 ms 216-24-2-237.ip.win.net [216.24.2.237]

 14 68 ms 68 ms 64 ms fa0-0.cust-gw2.noc.win.net [216.24.30.69]

 15 * * * Request timed out.

 16 * * * Request timed out.

 17 * * * Request timed out.

 18 * * * Request timed out.

 19 * * * Request timed out.

 20 * * * Request timed out.

 21 * * * Request timed out.

 22 * * * Request timed out.

 23 * * * Request timed out.

 24 * * * Request timed out.

 25 * * * Request timed out.

 26 * * * Request timed out.

 27 * * * Request timed out.

 28 * * * Request timed out.

 29 * * * Request timed out.

 30 * * * Request timed out.

Trace complete.

If you see an output like the one above, it may indicate that a link failure has occurred, but it does not guarantee it. The only way to know for sure is to try running a TRACERT against multiple sites, and see if you keep getting the same types of results. Keep in mind that higher numbered hops are further away from you. The further away a failure is, the harder it will be to diagnose because tests of other sites may take alternate routes. When you perform TRACERT tests against multiple sites, you will have to look at the routes that were actually taken to determine whether or not a link failure is occurring.

The final piece of information displayed on each row is the identity of the router or host that responded to the ICMP request. TRACERT will identify each host or router by name whenever possible, but you will not always get a full name resolution. For example, if you look at the output above, you can see that about half of the routers are identified by name, while the others are not. That in and of itself is not usually a big deal.

What you might find interesting is that the host that you are tracing the route to is not always going to be identified. For example, if you look at the very beginning of the first sample output above, you will notice that we entered the command TRACERT WWW.ESPN.COM. Immediately after doing so, TRACERT resolved www.espn.com to the IP address 199.181.132.250. If you skip ahead to the end of the sample output, you will notice that TRACERT eventually reaches its destination, but it does not identify the destination by name (at least not in this case).

This behavior is not problematic, it is by design. The reason why I showed you this is so that you would not try to perform a TRACERT to a site, and think that the process failed because the destination host is not identified by name.
Conclusion

In this article, I have shown you how to decipher the output of a TRACERT. In the next article in this series, I will show you how to use the Route command to examine a machine’s routing tables.


Deploying Vista – Part 10: Understanding the Windows Preinstallation Environment

What is Windows PE?

Basically, Windows PE is a minimal version of Windows you can use to boot a bare-metal system (a computer with no operating system installed) and then connect to a network share, download the installation files for the full version of Windows, launch Setup.exe, and install Windows on the computer. Why do we need Windows PE to do this? Well, it’s simple: you’ve got a file server over there with a shared folder on it that contains the Windows installation files, and you’ve got a bare-metal system over here with no operating system on it, and you’ve got them both connected to the network, so you turn on your bare-metal system and…well, how is a computer with no operating system on it supposed to be able to connect to a shared folder over the network and launch Setup.exe from that folder? 

In the old days, we used a network boot floppy to make this happen. This was a bootable floppy disk from which you could run a network-aware version of MS-DOS, and to install, say, Windows 95, you would stick the floppy in your bare-metal system, turn the computer on, boot to DOS, and then manually (or automatically by launching a script) connect to the installation share on the network and run Setup.exe to begin the process of downloading the Windows installation files to the computer and running Setup on it to install Windows. Unfortunately, network boot floppies are no longer viable for a variety of reasons including lack of support for the NTFS file system, lack of support for 32- or 64-bit Windows device drivers, limited TCP/IP networking capabilities, and other reasons. What worked fine for installing Windows 95 or Windows 98 onto computers just doesn’t cut it anymore with Windows Vista.

By contrast, using the Windows AIK you can now create Windows PE boot media that supports NTFS, supports 32- and 64-bit Windows drivers, has full TCP/IP capabilities and which can be booted from a CD, a DVD, or even a USB flash drive. Then once you have booted your bare-metal system, you can manually (or automatically by using a script) connect to a network share that has the Windows Vista installation files stored on it and launch Setup.exe to install Vista onto the computer in completely unattended fashion using an answer file you created using Windows SIM.
Limitations of Windows PE

This doesn’t mean Windows PE can do everything however. For example, while Windows PE is a stripped-down version of the Windows operating system and provides you with a command prompt and can do networking and has a registry and so on, you can’t use it as your daily operating system for the simple reason that it automatically stops working and automatically after 72 hours of use. Windows PE also doesn’t support installing applications that use Windows Installer (.msi) files, and it doesn’t include the .NET Framework or the Common Language Runtime (CLR), so you really can’t run any office productivity applications on it. Windows PE also supports only a limited subset of the full Win32 application programming interfaces (APIs) so you really can’t develop useful applications to run on it either. So while Window PE is indeed Windows itself, it’s a very stripped-down version of Windows, not the full-blown version you’re used to working with each day.

All these limitations mean that Windows PE is really only useful for two things: to boot bare-metal systems so you can install Windows on them, and to boot into the Windows Recover Environment (WinRE) in order to troubleshoot a computer that has problems with its Windows installation. Actaully, Windows PE is used for one additional thing: each time you install Windows Vista (or Windows Server 2008) on a system, the very first phase of Setup is actually Windows PE at work. 
Examining Windows PE Tools

As you can see from Figure 1 below, when Windows PE initializes it displays a command prompt.
Figure 1: The Windows PE command prompt

This command prompt is the only user-interface that Windows PE provides—there is no desktop and no GUI tools in Windows PE. There are a number of command-line tools available in Windows PE however, and these include the following:

This tool can be used to edit the boot configuration data (BCD) store, a store that describes boot applications and boot application settings. The BCD store in Windows Vista and Windows Server 2003 replaces the Boot.ini used by earlier versions of Windows.

Bootsect - Used to restore your computer’s boot sector (replaces FixFAT and FixNTFS used by previous versions of Windows)

DiskPart – Used to create and format partitions and volumes and perform other disk management tasks.

Drvload - Used for adding out-of-box drivers to a booted Windows PE image.

Oscdimg - Used for creating an .iso image of Windows PE so you can burn the operating system onto CD or DVD media to create a customized, bootable Windows PE CD or DVD. 

PEImg - Used to create or modify a Windows PE image by adding drivers, importing packages, and so on. 

In addition to the above tools there are others that are built into Windows PE. Plus you can add additional command-line tools to your customized Windows PE CD or DVD. For example, in the next article of this series we’ll walk through the steps of creating a bootable Windows PE CD that includes the ImageX.exe tool on it, and later on I’ll show you how you can use this tool on a Windows PE CD to capture an image of a sysprepped master computer so you can deploy the captured image onto bare-metal destination computers—a deployment scenario called image-based deployment that is popular with OEMs and large enterprises. But that is for next time.




Deploying Vista – Part 9: Automating the Machine OOBE

Opening your Minimal Answer File

On your technician computer, start Windows SIM, open your Vista SP1 Enterprise install image in the Image Pane, and then in the Answer File pane open the autounattend.xml file you created in article seven previously (see Figure 1):

Figure 1: Minimal answer file created in article seven earlier
Specifying a User Name and Password

In the Windows Image pane, expand the Components node to display the Microsoft-Windows-Shell-Setup node beneath it. Then expand Microsoft-Windows-Shell-Setup node to display the UserAccounts, then LocalAccounts, then LocalAccount. Right-click on LocalAccount and select Add Setting to pass 7 oobeSystem as shown in Figure 2:

Figure 2: Adding the Microsoft-Windows-Shell-Setup\UserAccounts\LocalAccounts\LocalAccounts component to the oobeSystem configuration pass of your answer file.

In the Answer File pane you should now have the LocalAccounts component selected under the oobeSystem pass. 

Now in the Properties pane, type the user’s name (logon and display names), Administrators for the user’s local group, and an optional description (Figure 3):

Figure 3: Specifying a local user account and password

Note that we’re only creating a local user account here on the computer. If the computer will belong to a domain, you would typically create the domain user account ahead of time in Active Directory. You still have to create a local computer account as a fallback however, and it should belong to the local Administrators group on the machine since the default Administrator account is disabled in Vista.

In the Answer File, select the Password component beneath LocalAccount. Then in the Properties pane type a password for the user account you’re creating on the computer (Figure 4):

Figure 4: Assigning a password to the local user account you are creating on the computer
Specifying a Computer Name and Default Theme

Back in the Windows Image pane, right-click on the Microsoft-Windows-Shell-Setup node and select Add Setting to pass 4 specialize as shown in Figure 5:

Figure 5: Adding the Microsoft-Windows-Shell-Setup component to the specialize configuration pass of your answer file

In the Answer File pane you should now have the Microsoft-Windows-Shell-Setup component selected under the specialize pass. 

Now in the Properties pane, type a name for the computer in the value box to the right of the ComputerName setting (Figure 6):

Figure 6: Specifying a name for the computer

Now wait just a minute. Why do we have to add the Microsoft-Windows-Shell-Setup component to our answer file when we did this in the previous section above where we added a local user account for the computer? Because (a) you can add many answer file components to more than one configuration pass and (b) the computer name can only be specified using an answer file in the specialize configuration pass and not during the oobeSystem configuration pass (see Figure 7):

Figure 7: There is no ComputerName setting under Microsoft-Windows-Shell-Setup for the oobeSystem configuration pass!

Now let’s specify the default Aero theme. In the Answer File pane, select Microsoft-Windows-Shell-Setup\Themes. Then in the Properties pane type the path to the default Aero theme as shown in Figure 8:

Figure 8: Specifying the default Aero theme
Specifying the Protect Your PC and Network Location Settings

Now let’s configure the Protect Your PC setting, which determines whether Vista will automatically download and install updates or not. In the Windows Image pane, right-click on OOBE under Microsoft-Windows-Shell-Setup and select Add Setting to pass 7 oobeSystem (Figure 9)

Figure 9: Adding the Microsoft-Windows-Shell-Setup\OOBE component to the oobeSystem configuration pass of your answer file

In the Answer File pane you should now have the Microsoft-Windows-Shell-Setup\OOBE component selected under the oobeSystem pass. 

In the Properties pane, click in the value box to the right of the ProtectYourPC setting and type 1 to specify that Vista should automatically download and install updates when they become available.

Then in the Properties pane again, click the value box to the right of the NetworkLocation setting until a drop-down arrow appears. Click the arrow and select Work to indicate that the computer will be used at work (Figure 10):

Figure 10: The computer will automatically download and install updates when they become available on Windows Update, and the network location is configured as Work
Specifying the Time Zone

We’re almost done. In the Answer File pane, under oobeSystem, select the Microsoft-Windows-Shell-Setup component. Then in the Properties pane, I would type Canada Central Standard Time in the value box to the right of the TimeZone setting, but you would probably type something different—see this page on TechNet for what you can type here. The result is shown in Figure 11:

Figure 11: Specifying your time zone
Validating and Testing the Answer File

Now from Windows SIM’s menu, select Tools, then Validate Answer File. You should only see a series of Information messages in the Messages pane, and these you can ignore. If you see any Error or Warning messages, double-click on them and correct any errors you find in your answer file until validation succeeds.

Save your modified answer file using the same file name (autounattend.xml) as before. Then copy it to a USB flash drive and try using it together with your Vista SP1 Enterprise product DVD to perform an Unattended Install From DVD installation of Vista on a bare-metal system. Your installation should proceed in a completely unattended fashion, after which Vista will run is performance check (this can’t be prevented) and then you’ll be presented with a logon screen for Bob Smith. Bob can then type his password, log on, and start working on his computer.
Figure 11: Specifying your time zone
Validating and Testing the Answer File














Comment Box is loading comments...