通过

Netdiag

  • 项目

Applies To: Windows Server 2003

The Netdiag command-line diagnostic tool helps to isolate networking and connectivity problems by performing a series of tests to determine the state of your network client. These tests and the key network status information that they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. Moreover, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output rather than on training users how to use the tool. For examples of how this command can be used, see Examples.

Syntax

netdiag [/q] [/v] [/l] [/debug] [/d:DomainName] [/fix] [/DcAccountEnum] [/test:TestName] [/skip:TestName] [/?]

Parameters

Parameter Description

/q

Specifies quiet output (errors only).

/v

Specifies verbose output.

/l

Sends output to Netdiag.log. This log file is created in the same directory where Netdiag.exe was run.

/debug

Specifies even more verbose output. With this parameter, NetDiag takes a few minutes to complete.

/d: DomainName

Finds a domain controller in the specified domain.

/fix

Fixes minor problems.

/DcAccountEnum

Enumerates domain controller computer accounts.

/test: TestName

Runs only the listed test(s). TCP/IP must be bound to one or more adapters before running any of the tests. Nonskippable tests are still run.

Valid TestName values are:

  • Autonet - Automatic Private IP Addressing (APIPA) address test. Tests whether APIPA is in use for the network adapters.

  • Bindings - Bindings test. Lists all bindings, including interface name, lower module name, upper module name, whether the binding is currently enabled, and the owner of the binding.

  • Browser - Redirector and Browser test. Lists the protocols bound to the Browser service and the redirector.

  • DcList - Domain controller list test. Obtains a list of domain controllers for the domain.

  • DefGw - Default gateway test. Attempts to contact each configured default gateway.

  • DNS - DNS test. Tests the availability of the configured DNS servers and verifies the current client's DNS registrations.

  • DsGetDc - Domain controller discovery test. First finds a generic domain controller from directory service, then finds the primary domain controller. Then, finds a Windows 2000 domain controller (DC). If the tested domain is the primary domain, checks whether the domain GUID stored in Local Security Authority (LSA) is the same as the domain GUID stored in the DC. If not, the test returns a fatal error; if the /fix option is on, DsGetDC tries to fix the GUID in LSA.

  • IpConfig - IP address configuration test. Enumerates the TCP/IP configuration information for each network adapter.

  • IpLoopBk - IP address loopback ping test. Pings the IP loopback address of 127.0.0.1 for each adapter.

  • IPsec – Internet Protocol Security (IPsec) test. Tests whether IPsec is enabled and displays a list of active IPsec policies for the computer.

  • IPX - IPX test. Lists statistics for the IPX protocol installed on the computer.

  • Kerberos - Kerberos test. Checks whether the Kerberos package information is up-to-date.

  • Ldap - Lightweight Directory Access Protocol (LDAP) test. Contacts all available domain controllers and determines which LDAP authentication protocol is in use.

  • Member - Domain membership test. Checks to confirm details of the primary domain, including computer role, domain name, and domain GUID. Checks to see if NetLogon service is started, adds the primary domain to the domain list, and queries the primary domain security identifier (SID).

  • Modem - Modem diagnostics test. Lists configuration information for each modem found.

  • NbtNm - NetBT name test. Similar to the nbtstat -n command. It checks that the workstation service name <00> is equal to the computer name. It also checks that the messenger service name <03>, and server service name <20> are present on all interfaces and that none of these names are in conflict.

  • Ndis - Netcard queries test. Lists the network adapter configuration details, including the adapter name, configuration, media, globally unique identifier (GUID), and statistics. If this test shows an unresponsive network adapter, the remaining tests are aborted.

  • NetBTTransports - NetBT transports test. Lists the transport protocols that are bound to NetBT.

  • Netstat - Netstat information test. Lists protocol statistics and current TCP/IP connections.

  • Netware - Netware test. Queries the nearest Netware server for current login information.

  • Route - Routing table test. Lists static routes and whether they are persistent.

  • Trust - Trust relationship test. Tests trust relationships to the primary domain only if the computer is a member workstation, member server, or a Backup Domain Controller (BDC) domain controller that is not a PDC emulator. Checks that the primary domain security identifier (SID) is correct. Contacts an active DC. Connects to the SAM server on the DC. Uses the domain SID to open the domain to verify whether the domain SID is correct. Queries info of the secure channel for the primary domain. If the computer is a BDCDC, reconnects to the PDC emulator. If the computer is a member workstation or server, sets secure channel to each DC on the DC list for this domain.

  • WAN - Wide Area Network (WAN) configuration test. Lists settings and status on each COM port currently in use.

  • WINS - Windows Internet Name Service (WINS) service test. Tests the availability of the configured WINS server and the validity of the client registrations.

  • Winsock - Winsock test. Lists protocols and ports available to the WinSock service.

/skip: TestName

Skips the test specified by TestName. Nonskippable tests will still run.

Valid TestName values are:

  • Autonet - Automatic Private IP Addressing (APIPA) address test.

  • Bindings - Bindings test.

  • Browser - Redir and Browser test.

  • DcList - Domain controller list test.

  • DefGw - Default gateway test.

  • DNS - DNS test.

  • DsGetDc - Domain controller discovery test.

  • IpConfig - IP address configuration test.

  • IpLoopBk - IP address loopback ping test.

  • IPX - IPX test.

  • Kerberos - Kerberos test.

  • Ldap - Lightweight Directory Access Protocol (LDAP) test.

  • Modem - Modem diagnostics test.

  • NbtNm - NetBT name test.

  • Netstat - Netstat information test.

  • Netware - Netware test.

  • Route - Routing table test.

  • Trust - Trust relationship test.

  • WAN - Wide Area Network (WAN) configuration test.

  • WINS - Windows Internet Name Service (WINS) test.

  • Winsock - Winsock test.

Remarks

The NetDiag tool:

  • Gathers static network information and tests the network driver, protocol driver, send/receive capability, and well-known target accessibility.

  • Can be used by network administrators in conjunction with the Scheduler Service, to generate reports at regularly scheduled intervals.

Examples

If you have a problem connecting to a network resource and you only receive a “Network path not found” error message you can type the following at a command prompt:

netdiag

When executed in this scenario, NetDiag performs tests on each network adapter, and a set of global tests. The tests on the network adapters are performed in the following order:

  • Netcard queries test

  • IpConfig test

  • Autoconfiguration test (APIPA)

  • Default gateway test

  • NetBT name test

  • WINS Service test

Next in this example NetDiag performs a set of global tests in the following order:

  • Domain membership test

  • NetBT transports test

  • Autonet address test (APIPA)

  • IP loopback ping test

  • Default gateway test

  • NetBT name test

  • Winsock test

  • DNS test

  • Redir and Browser test

  • DC discovery test

  • DC list test

  • Trust relationship test

  • Kerberos test

  • LDAP test

  • Bindings test

  • WAN configuration test

  • Modem configuration test

  • IP Security test

The results of these tests show that the network adapter protocol, bindings, and IP address tests succeed. The DNS ping test fails and reports that the DNS server cannot be contacted.

With this information, the administrator knows that either the DNS server address is incorrect, or the DNS server is not responding. Because the DNS address is also displayed as output, you can easily verify whether it is correct.

After the problem is isolated, the administrator can perform additional troubleshooting to determine why the DNS server is down.

Sample NetDiag Output:

Computer Name: RKSRVR-2
    DNS Host Name: rksrvr-2.reskita.microsoft.com
    System info : Windows 2000 Server (Build 2467)
    Processor : x86 Family 6 Model 6 Stepping 0, GenuineIntel
    List of installed hotfixes :
        Q147222


Netcard queries test . . . . . . . : Passed
    [WARNING] The net card 'Intel(R) PRO/100+ Management Adapter' may not be working.



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : rksrvr-2
        IP Address . . . . . . . . : 10.10.1.51
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.10.1.77


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Failed
        NetCard Status:          DISCONNECTED
            Some tests will be skipped on this interface.

        Host Name. . . . . . . . . : rksrvr-2
        Autoconfiguration IP Address : 169.254.74.217
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . :



Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{A2D04C22-3BB8-4FA0-B7DA-414DC1DD08A7}
        NetBT_Tcpip_{56079E37-8246-4712-8B36-F503FF6F9873}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

    [FATAL] NO GATEWAYS ARE REACHABLE.
    You have no connectivity to other network segments.
    If you configured the IP protocol manually then
    you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'bdover.reskita.microsoft.com.'. [ERROR_TIMEOUT]
            The name 'bdover.reskita.microsoft.com.' may not be registered in DNS.

       [WARNING] The DNS entries for this DC cannot be verified right now on DNS
 server 10.10.1.77, ERROR_TIMEOUT.
    [FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{A2D04C22-3BB8-4FA0-B7DA-414DC1DD08A7}
        NetBT_Tcpip_{56079E37-8246-4712-8B36-F503FF6F9873}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{A2D04C22-3BB8-4FA0-B7DA-414DC1DD08A7}
        NetBT_Tcpip_{56079E37-8246-4712-8B36-F503FF6F9873}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Failed
    Secure channel for domain 'RESKITA' is to '\\a-dcp.reskita.microsoft.com'.
    [FATAL] Cannot set secure channel for domain 'RESKITA' to PDC emulator. [ERR
OR_NO_LOGON_SERVERS]


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [WARNING] Failed to query SPN registration on DC 'a-dcp.reskita.microsoft.com'.
    [WARNING] Failed to query SPN registration on DC 'a-dc1.reskita.microsoft.com'.
    [WARNING] Failed to query SPN registration on DC 'a-dc3.reskita.microsoft.com'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    Service status  is: Started
    Service startup is: Automatic
    IPSec service is available, but no policy is assigned or active

    Note: run "ipseccmd /?" for more detailed information

The command completed successfully

Additional references