Fabian Tech Tips
Essential IT Service Desk Troubleshooting: A Guide for Technicians
4 hours ago
10 min read
0
0
0
The IT service desk is the backbone of any organisation, ensuring smooth operations and swift issue resolution. Whether you're handling network issues, managing Active Directory, or addressing hardware failures, having a structured approach is crucial.
The FSMO roles (flexible single master role)
Schama master (forest wide)
Domain naming master (forest wide)
PDC Emulator (specific to domain)
RID master (specific to domain)
Infrastructure master (specific to domain)
Key terms
Schema master
Acts as the authority for changes to active directory schema (The specification of the object types and properties stored in the directory) . One server per forest acts as the schema master.
Domain Naming master
Manages addition and deletions and changes to the domain contained within the active directory forest. One server per forest acts as the domain naming master.
Usually not an urgent problem until you need to add or remove a domain from the forest. (Try to fix before sizing the role)
PDC Emulator
Emulates a win NT4 PDC for compatibility with older systems, one server per domain acts as a PDC emulator.
On failure users may have trouble logging in, especially in mixed mode unless you make an immediate fix, sizing the role and assigning a standby unit.
Relative ID Master (RID)
Manages the identifiers use to associate objects with containers. One server per domain acts as relative ID Master.
Usually not urgent unless objects are added to the domain to cause the current batch of RIDs to ne used up (500). Try to fix before seizing the role.
Infrastructure Master.
Manages association between users and groups. One server per domain acts as infrastructure master.
On failure usually not urgent unless lots of user or group changes.
The user principle name (the full DNS domain name of an object) “ fabian@mydomain.com”
Troubleshooting
Isolate the problem (Possible problems)
Incorrect IP address setting (APIPA 169.254.x.x)
Incorrect DNS settings
Inability to obtain an IP address automatically
Cabling problem
Bad Nic on workstation
Corrupted setting or Firmware on Firewall
Corrupt DSL (ISP) Router settings.
Troubleshooting categories
Hardware issue – Memory, Disk , Nic, VDU, PSU, Mother Board.
OS issues – workstation booting issue, service pack, windows updates.
Printing Issues – use cannot print, wrong tray, printing garbage.
Application Troubleshooting – Ms office, Browser.
Network Issues – Connection to server, internet or other network resources
User issues – user needs extra training.
Some quick Fixes
Remove temp files
Remove temp internet files
Temporary files could indicate pc or application not shutting down correctly, indicating a long-term problem.
Installing application in safe mode as a quick fix. This could indicate the need for an update, soft fix or service pack.
General Troubleshooting Rules
Don’t make a bad situation worse
Make sure you have a recent backup (roll back recent changes)
With more than one possible fix or solution, try the most conservative solution.
Example
Boot safe mode, reinstall old drivers.
Load last known good configuration
Reinstall operating system and restore from backup
Isolate the problem
Cut the problem in half to quickly isolate the problem
Lates software or drivers to fix bugs
Update firmware (test on no production).
Don’t upgrade over existing operating system – Perform a clean installation. Except on rare occasions when an in-place upgrade is needed.
Ask what has changed
When dis this first occur
Is the problem reproducible
What were you doing when it first happened.
When stuck - double check and retrace your steps
Verify the obvious – check cables, reboot.
If a solution does not work return the computer to original state before you try the next solution.
Try something else if the solution does not work try something different.
Try one solution at a time, so you only need to apply one fix to resolve the problem next time.
Work towards building critical mass
Gain more knowledge about current system and any new technology
Understand the conceptually how something works
Make notes daily , review notes weekly.
Walk away from a problem for a while
Mentally prepare
conceptually understand how something works
Take good notes
for use as an internal knowledge base or handover call so your steps are not repeated.
Know when you are over your head
call for outside help when you are
Know what to do when you don’t know what to do
who to escalate too
how to escalate
Before last resort - format and reload OS.
Run option past someone else to check you have not missed anything
Check you have a good backup
Practice troubleshooting skills regularly
Q and A different scenarios
Document all fixes ASAP to ensure accuracy.
Server Troubleshooting tools.
Server event viewer – use Microsoft knowledge base to identify event ( or AI)
Task manager – Performance problems caused by CPU more than 50% for more than a minute (caused by SQL stored Procedure, virus scan or backup.)
Killing a process after hours to see if it resolves the problem (after hours minimize business data loss).
Performance Monitor – help you determine best hardware upgrade. Also to determine where bottle neck is.
Troubleshot server performance
Disk hardware problems
Disk or scsi transmission errors
Disk hardware problems. Excessive read and writes on disk
Check for error messages in the system event viewer
Multi-channel application or Virus
Can cause excessive disk access.
Memory leak that can cause excessive page file.
Replicating virus can cause excessive disk access.
Not enough memory in server
In adequate memory can cause excess page file access (Idaly using physical memory and minimal use of page file.)
Excessive page file
In adequate memory in server.
Slow overworked disk
Adding raid or faster disks (SSD)
Windows server troubleshooting
Disk partition
Keeping OS separate from data making recovery easy
Keeping DISM (Deployment Image servicing and Management) update
Integrate updates by slipstreaming updates into the windows image using the “dism” command. (ensuring the latest updates are part of the installation media. Simplifying recovery.)
Reset DNS
Ipconfig /flushdns
Ipconfig /registerdns
Update DHCP – to force update to DNS information by reducing the lease time.
Configure forwarders or /root hints (so any query knot resolved locally are resolved by external ISP-DNS
Static ip reserved for servers, printers, routers, firewall, switches, video conference units. And any other device requiring fixed IP address.
Server problem Categories
Hardware problems
Make sure you have the lates firmware and software drivers
Make suer you use the manufacturers diagnostics.
Operating system problems
Latest service packs or security updates related to problem.
Review news groups, blogs and the internet for related problems.
Application Problems.
Stop or unload application to see If server stabilise.
Network Problems
Becoming hubs, switch, bad Nic, ( usually affect a segment or a group of computers.
Check for increased traffic or fragmented packets.
Wide area networks and ip Routing
Wan Topology and carrier
Type of WAN connection
Point-to-point connection
Point-to -point T1 connection in same local access and transport area (LATA)
Frame Relay
Connection not the same as LATA by using Multiple T1 connections to join Frame relay cloud – minimum 384k for video conference.
Multi-protocol label switching (MPLS) / Hybrid networks
MPLS mor efficient than Fram Relay and cheaper, but can be less reliable.
Virtual Private Network (VPN)
No need for QoS (quality of service ) can be used over the internet at a cheap cost.
Wireless /Laser
Used for line of site connection between WAN connections.
AD Site Replication nearer to 15 Minutes. The default is one hour.
Terminal server has the effect of applications running over a WAN, as the same speed as if the application was locally installed.
WAN Troubleshooting steps
Ping test
Telenet into cisco router and view statistics
Ipconfig /all workstation
Check firewall configuration
Delete and add users in AD
Service pack server
Run tracert
Static Verse Dynamic routing
Static needs to be manually configured for each hope
Dynamic will learn routes on the fly
Router failure static rout will need to be configured
Router failure dynamic route , will find new route automatically
Troubleshooting routes using window PC
Route print – used to view routes
Route add – configure and ad new routes
Route delete – used to remove routes.
Ping / pathping – check if host is reachable.
Tracert – view path packets go.
Wireless networking
Troubleshooting steps wireless client
Verify installation and configuration
Check certificate – installed and not expired
Latest driver
Latest firmware
Workstation member of AD domain – auto enrolment to get certificate.
Back to basic – test with no authentication.
Apply patches
Run IIS lockdown tool
Upgrade firewall
Change password
Evaluate log files
Check for any relevant changes
Try a different access point.
Verify problem – search manufacturer support site.
Review release notes.
Verify connection to AP – turn of encryption.
Test using require mac authentication.
Update client with support software.
Update network card driver.
Virtual Privat network Troubleshooting
Dedicated videoconference requires minimum 384k
VoIP require 8k to 64k
Longer the VPN distance the more potential problems.
Ideally VPN both ends should be Tier 1 ISP
VPN with static IP easier to configure.
Check if ISP is blocking or throttling VPN
Check for cross vendor compatibility for VPN and Firewall.
Mobile client software - multiple version on same pc can case pc to crash.
Defining VPN connection on any firewall on the network path.
Ip address of remote firewall
Remote subnet
Data integrity algorithm
Data encryption method
Shared secret key or certificate.
VPN troubleshooting tools
Firewall log
Enable ping – ping test to help troubleshoot.
Reset the firewall
Verify problem
Verify line is working
Check firewall Lan/wan interface configuration
Reset firewall and cable modem
Test internet access – speed test
Boot in safe mode - uninstall programmes.
Check firewall logs
Double check VPN settings
Search internet for answers.
Ping the remote server
Isolate the problem
Use net use <ip> then use net use <server name> (dns resolution test)
Review firewall log
Recreate the tunnel
Check provides not blocking traffic
Upgrade firmware
Firewall Troubleshooting
Headers of each packet are checked against a historical record of blocked traffic
Stateful packet inspection – Deep packet inspection needs more cpu to run
Verify problem
Try another site
Test from another workstation
Check firewall logs
Verify problem on multiple workstations
Check the firewall
Verify the line is up
Troubleshoot the firewall
Review lights on router
Check firewall rules
Check firewall log
Check for DNS 53 traffic
Verify DNS at the workstation
Ping known IP on the internet
Ping same ip by name
Double check configuration
Troubleshoot one item at a time
If stuck move on
Replace firewall
Test load balance, can be done in three ways
Round robin
Spil over
Percentage based
Test the VPN
Web server testing
Call support (escalate for help)
Upgrade firmware
Troubleshoot with tech support
Verify the obvious
Start with simple rule
Contact cisco tech support (firewall support)
Update IOS
Flush firewall
Test firewall after flush
Reinstall old firewall
Isolate the problem
Verify the problem exist (not caused by user. check lights check other PCs)
Has anything changed (a recent change)
Lan or WAN problem (is it local or remote)
Verify ip address settings (ipconfig /all verify ip address, subnet mask, default gateway, dns are correctly listed.
Ping a known ip address on the internet.
Ping the workstation (verify ip stack and network card is working on the pc)
Ping the default gateway (verify pc cable switch hub firewall is working ok )
Verify that the DNS is working (ping internal server on network with FQDN which resolves to ip = DNS works)
Examine the firewall (login to firewall verify ip settings, wan address, wan subnet mask, wan default gateway, local area network address and Lan subnet mask. Verify that a rule was created to allow http traffic out to the internet.)
Perform ping tests from the firewall, ping the default gateway on the firewall.
Visually inspect the DSL router (error lights, switch router off and on)
Call the ISP ( tell them all the test run and the router has been restarted)
Exchange server internet mail
Register your domain (MX record) – in order to receive email on your company domain – ie .com .co etc.
Mail exchange (MX) record is created after you have registered your domain. – A revers PTR record is needed for your mail server.
Internet mail connector – needs to be created to send and receive email.
Firewall – if you are running NAT you will need to create NAT mapping between public IP addresses where MX record points, and your private mail server.
Telnet on port 25 to troubleshoot Exchange.
Setup Authoritative name server – where your DNS records points – your ISP provide two (primary and secondary) or you can host your own DNS server.
Exchange server troubleshooting
Exchange Databases
EDB files – Main database files
STM files – New streaming database file
Log files – contain history of traction
Distribute the mail store across several physical databases.
Exchange server performance – suitable disk array RAID 1+0 or SAN for large user database
Performance monitor to identify bottle necks
Run out of disk space
Clear space
Restart server
Backup mail store
Try running Eseutil /p /g
Cach mode reduces network load.
Exchange Troubleshooting scenario checks
Review task manager
Check for open relay
Restart Exchange system manger
Check ip address of spam
Clear connection of default virtual server
Check AD for Rouge users
Check for root kits and viruses.
Firewall to block bad IP addresses
Review sites being accessed
Rebuild repair OS
Review SMTP que
Check if on block list
Use nslookup for DNS test
Change outside IP of mail server.
telnet test
restart server
apply service pack and updates
check for MS KB
check MX and Authoritative DNS
check OWA inside and outside network
check event log
check exchange services
Disable AV and other 3rd party applications and services on the server.
Contact 3rd party software support.
Run Eseutil /p/g
Remove and create public folders
Free disk space
Antispam filtering
Bayesian filtering – uses fuzzy logic
Whitelist – messages not blocked on list
Blacklist – messages on list are blocked
Keyword search – keyword in message in spam
Open-relay checking – open relay server treated like spam – if your server is on the open relay list you will need to get it removed.
Secure socket layer certificate on OWA
Certificate must be installed on the IIS server
Issue a ssl request from IIS
Submit the certificate request file to online authority
Install the ssl certificate on IIS
Turn on SSL from OWA
SQL server troubleshooting
SQL server structure
Master – contains SQL configuration and login account (must be backup)
Model – contains template to create new databases
Msdb – database used for scheduling alerts, jobs and recoding operators
Tempdb – Temporary database used to store temporary tables and stored procedures.
The alter database command is used to set the tempdb size
Login Problems
SQL can be configured for window integrated Authentication or windows integrated and SQL authentication.
Connect on the allowed authentication method
Physical file location for database
Database files ar stored in two physical files data and log files
Data contains contains actual database information
Log file contains a record of every change of every change in the database since the last backup
Right click database to see the location of the data and the log file
Connecting to SQL server
Verify SQL server is running – check SQL services
Ping the SQL server
Verify the SQL serve protocols – check TCP/IP and named pipes are enabled. Verify aliases are properly setup.
SQL server security
Keep upto date with service packs and critical update
Keep IIS and SQL server on separate servers
Use integrated authentication only
Separate service account for IIS and SQL server
Use Integrated windows Authentication only
Disable guest account
Upgrade IIS to latest version
Install an SSL certificate for you web application
Use stored procedure to access data from a web application
Always ensure you have a good backup
Backup / Maintenance of SQL server
Backup Type
Complete backup ��– backup entire database
Differential backup – backup changes since last backup
Transaction log backup – truncating or not truncating the log file. Truncating is the same as incremental backup – the log information is deleted as part of the backup process.
File groups – backup file group configuration on SQL server
Database maintenance plans
Created via a wizard task performed.
Reorganise data and index pages
Update statistics
Remove unused space from database files
Check database integrity
Backup database
Backup transaction logs
Reports
Firewall selection can be based on several factors
Web server hosting
Connections to the internet
Fault tolerance requirement
Growth requirements
WAN connection
Need for segregated network
Number of users
Traffic load (firewall bottle neck)
VPN Encryption Decryption traffic (CPU intensive)
Firewall maintenance
Stay current with firewall software and firmware
Review logs , get a feel for normal / abnormal traffic
Backup firewall config
Run port scan to check firewall config.
Basic firewall trouble shooting tools
Attempt to run application
Create a rule on the firewall the application needs to run.
Test the application
Have a hacking recovery plan
Regular security audit
Firewall monitoring
Syslog
Assess damage
Review firewall logs
Check the run and run once registry keys.
Check for root kits
Check for hidden files
Check the recycle bin
Unusual heavy loads on server
Rouge users
Check administrator group
Patch holes
Repair the damage
Additional monitoring
Notify authorities ( ie data loss users details. Contact users of access data )
Review the plan regularly.