Dial-up Remote Access Tools and Settings
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Dial-up Remote Access Tools and Settings
In this section
Dial-up Remote Access Tools
Dial-up Remote Access Registry Entries
The “Dial-up Remote Access Tools” section describes tools that are useful for auditing, customizing, and troubleshooting dial-up remote access connections.
The “Dial-up Remote Access Registry Entries” section describes the registry entries that enable the configuration of Internet Protocol (IP) addresses and the storage of Point-to-Point Protocol (PPP) settings.
Dial-up Remote Access Tools
The following tools are associated with dial-up remote access.
Connection Manager
Category
Connection Manager is client connection software that is available as part of the operating system.
Version compatibility
Connection Manager is available in Windows Server 2003 and Windows Server 2000 and is compatible with Windows XP, Windows Millennium Edition, Windows 98 and Windows NT 4.0.
Connection Manager is client connection software that administrators can customize and distribute to users. The customized and distributed Connection Manager software includes a service profile, which contains all of the files required to install Connection Manager.
Connection Manager also contains the Connection Manager Administration Kit (CMAK) component and Connection Point Services (CPS).
Connection Manager Administration Kit
CMAK is a wizard that creates the Connection Manager service profile and then builds the service profile as a compressed, self-installing executable file that administrators can distribute to users.
Connection Point Services
CPS enables you to automatically distribute and update custom phone books. These phone books contain one or more point of presence (POP) entries, with each POP supplying a telephone number that provides dial-up access to an Internet access point. The phone books give users complete POP information, so when they travel they can connect to different Internet access points rather than being restricted to a single POP.
Without the ability to update phone books (a task CPS handles automatically), users would have to contact technical support to be informed of changes in POP information and to reconfigure their client dialer software.
CPS contains two major components:
Phone Book Administrator (PBA)
Phone Book Services (PBS)
Phone Book Administrator
PBA creates and maintains phone book files for use with Connection Managerservice profiles. Each phone book is a collection of POPs provided by either the administrator or one or more Internet service providers (ISPs) that the organization uses to provide Internet access. Each POP provides a local access number and connection settings for a specific region within a country/region or dependency.
Phone Book Services
PBS is an Internet Information Services (IIS) extension. When a service profile that is configured to check for phone book updates establishes a connection, Connection Manager queries the PBS server for a phone book update. PBS compares the version of the phone book that the service profile is using with the most recent files in the phone book database and then sends any updates to the service profile.
For more information about Connection Manager, see the “Connection Manager Technical Reference.”
Netdiag
Category
Netdiag is a diagnostic tool available as part of the operating system as Netdiag.exe.
Version compatibility
Netdiag is available in Windows Server 2003, Windows XP, and Windows Server 2000.
Netdiag helps isolate networking and connectivity problems by performing a series of tests to determine the state of your network client. These tests and the network status information they expose give network administrators and support personnel a more direct means of identifying and isolating network problems. In addition, because this tool does not require parameters or switches to be specified, support personnel and network administrators can focus on analyzing the output rather than on training users about how to use the tool.
For more information about Netdiag, see “Windows Support Tools” in the Tools and Settings Collection.
Netsh
Category
Netsh is a command-line scripting tool available as part of the operating system.
Version compatibility
Netsh is available in Windows Server 2003, Windows 2000 Server, and all versions of Windows that include TCP/IP.
Netsh enables you to display or modify the network configuration of a local or remote computer. You can also use Netsh to enable the components in Windows Server 2003 to log tracing information to files. You can enable and disable tracing for specific components or for all components.
For more information about Netsh, see “Command-Line References” in the Tools and Settings Collection.
Network Monitor
Category
Network Monitor is a tool for monitoring, recording, and analyzing network traffic. Network Monitor is part of Microsoft Systems Management Server (SMS). A limited version, which can capture frames that are sent to or from the network adapter of the computer on which Network Monitor is installed, is included with Windows Server 2003 and can be installed as an optional networking component.
Version compatibility
Network Monitoris available in Windows Server 2003 and Windows Server 2000.
Network Monitor, a packet capture and analysis tool, can capture and view the traffic sent between a remote access server and a remote access client during the remote access connection process and during data transfer. Network Monitor captures all PPP packets sent over a serial link, including connection establishment and PPP-encapsulated user data.
Note
- If compression or encryption are used, then the PPP payload is not interpreted by Network Monitor. Compressed or encrypted payloads are indicated by the PPP protocol ID of 3D (assuming protocol ID compression). To see the structure of user data within PPP payloads, disable compression and encryption.
To use Network Monitor to interpret unencrypted remote access traffic, you must be familiar with PPP. For more information about PPP and Network Monitor, see “Dial-up Remote Access Protocols” and “Dial-up Remote Access Processes and Interactions” in How Dial-up Remote Access Works. Network Monitor captures can be saved as files and sent to Microsoft Product Support Services for analysis.
To capture PPP packets with Network Monitor, you set the capture network to the network corresponding to the dial-up connection. You can use Network Monitor to:
Troubleshoot the PPP connection establishment process.
Ensure that PPP payloads are being encrypted.
Ensure that PPP payloads are being compressed.
When using Network Monitor, keep the following in mind:
Captured PPP frames do not contain a Flag character but do contain an Ethernet-like source address and destination address. This behavior is due to Network Monitor’s receipt of packets from Ndiswan.sys, an intermediate NDIS driver that provides an IEEE 802.3 miniport interface to protocol drivers. Ndiswan.sys looks like an Ethernet adapter to protocols.
For each PPP frame, the Ethernet-like source and destination addresses are both set to either SEND or RECV to indicate that the PPP frame was either sent or received by the computer on which the capture was taken. The SEND and RECV addresses do not necessarily identify the traffic of a remote access server or remote access client. If the capture was taken on the remote access server, then SEND frames were sent by the remote access server and RECV frames were sent by the remote access client. If the capture was taken on the remote access client, then SEND frames were sent by the remote access client and RECV frames were sent by the remote access server.
Captured PPP frames contain an Address or Control field regardless of whether address and control field compression are negotiated.
Protocol ID compression is usually negotiated with Microsoft PPP peers, making the PPP Protocol ID a single byte when possible.
Use Network Monitor display to view only the traffic of desired protocols. For example, to view the Internet Protocol Control Protocol (IPCP) negotiation only, set the display filters to disable the display of all protocols except IPCP.
Sample PPP Connection Captured with Network Monitor
The following printout is an example of a PPP connection establishment process captured with Network Monitor showing only the frame summaries. The entries are indented to improve readability.
1 8.726 SEND SEND LCP
Config Req Packet, Ident = 0x00, Length = 36
2 8.796 RECV RECV LCP
Config Req Packet, Ident = 0x00, Length = 25
3 8.796 SEND SEND LCP
Config Ack Packet, Ident = 0x00, Length = 25
4 8.816 RECV RECV LCP
Config Reject Packet, Ident = 0x00, Length = 17
5 8.816 SEND SEND LCP
Config Req Packet, Ident = 0x01, Length = 23
6 8.886 RECV RECV LCP
Config Ack Packet, Ident = 0x01, Length = 23
7 8.886 SEND SEND LCP
Ident Packet, Ident = 0x02, Length = 18
8 8.886 SEND SEND LCP
Ident Packet, Ident = 0x03, Length = 23
9 8.886 RECV RECV PPPCHAP
Challenge, ID = 0x 1: Challenge
10 8.886 SEND SEND PPPCHAP
Challenge, ID = 0x 1: Response, administrator
11 8.976 RECV RECV PPPCHAP
Challenge, ID = 0x 1: Success
12 8.976 RECV RECV CBCP
Callback Request, Ident = 0x01
13 8.976 SEND SEND CBCP
Callback Response, Ident = 0x01
14 8.996 RECV RECV CBCP
Callback Acknowledgement, Ident = 0x01
15 8.996 SEND SEND CCP
Configuration Request, Ident = 0x04
16 8.997 SEND SEND IPCP
Configuration Request, Ident = 0x05
17 8.997 RECV RECV CCP
Configuration Request, Ident = 0x01
18 9.017 RECV RECV IPCP
Configuration Request, Ident = 0x02
19 9.037 RECV RECV NBFCP
Configuration Request, Ident = 0x04
20 9.147 SEND SEND CCP
Configuration Acknowledgement, Ident = 0x01
21 9.147 SEND SEND IPCP
Configuration Acknowledgement, Ident = 0x02
22 9.167 SEND SEND LCP
Protocol Reject Packet, Ident = 0x07, Length = 32
23 9.237 RECV RECV CCP
Configuration Reject, Ident = 0x04
24 9.237 RECV RECV IPCP
Configuration Reject, Ident = 0x05
25 9.237 SEND SEND IPCP
Configuration Request, Ident = 0x08
26 9.287 RECV RECV IPCP
Configuration No Acknowledgement, Ident = 0x08
27 9.287 SEND SEND IPCP
Configuration Request, Ident = 0x0A
28 9.327 RECV RECV IPCP
Configuration Acknowledgement, Ident = 0x0A
29 10.729 SEND SEND CCP
Configuration Request, Ident = 0x04
30 10.960 RECV RECV CCP
Configuration Reject, Ident = 0x04
31 10.960 SEND SEND CCP
Configuration Request, Ident = 0x0B
32 10.960 RECV RECV CCP
Configuration Acknowledgement, Ident = 0x0B
The trace was captured on the remote access client. Therefore, the SEND frames were sent from the remote access client and the RECV frames were sent from the remote access server. In this trace, you can see the four phases of the establishment of the PPP connection:
Phase 1: PPP configuration is performed in frames 1 through 8 by using the exchange of Link Control Protocol (LCP) configuration packets.
Phase 2: Authentication, in which the user’s credentials are verified, is performed in frames 9 through 11.
Phase 3: Callback is performed in frames 12 through 14.
Phase 4: Protocol configuration, in which compression, encryption, and IP are configured, is performed in frames 15 through 38.
In addition to the summary view, Network Monitor can also expand frames for detailed analysis. For example, frame 1 from this trace is displayed as:
FRAME: Base frame properties
FRAME: Time of capture = Nov 18, 1998 15:23:6.967
FRAME: Time delta from previous physical frame: 0 milliseconds
FRAME: Frame number: 1
FRAME: Total frame length: 50 bytes
FRAME: Capture frame length: 50 bytes
FRAME: Frame data: Number of data bytes remaining = 50 (0x0032)
PPP: Link Control Protocol Frame (0xC021)
PPP: Destination Address = SEND_
PPP: Source Address = SEND_
PPP: Protocol = Link Control Protocol
LCP: Config Req Packet, Ident = 0x00, Length = 36
LCP: Code = Configuration Request
LCP: Identifier = 0 (0x0)
LCP: Length = 36 (0x24)
LCP: Options: ASYNC.MAP:00 00 00 00-MAGIC#:0x0C05-PROT.COMP- ADR/CF.COMP-CALL.BACK:Unkn---
LCP: ASYNC.MAP:00 00 00 00
LCP: Option Type = Async Control Character Map
LCP: Option Length = 6 (0x6)
LCP: Async Control Character Map = 00 00 00 00
LCP: MAGIC#:0x0C05
LCP: Option Type = Majic Number
LCP: Option Length = 6 (0x6)
LCP: Magic Number = 3077 (0xC05)
LCP: PROT.COMP
LCP: Option Type = Protocol Field Compression
LCP: Option Length = 2 (0x2)
LCP: ADR/CF.COMP
LCP: Option Type = Address and Control Field Compression
LCP: Option Length = 2 (0x2)
LCP: CALL.BACK:Unkn
LCP: Option Type = Callback
LCP: Option Length = 3 (0x3)
LCP: CallBack = 0x06
LCP: Multilink Maximum Receive Reconstructed Unit
LCP: Option Type = 0x11
LCP: Option Length = 4 (0x4)
LCP: Multilink Endpoint Discriminator
LCP: Option Type = 0x13
LCP: Option Length = 9 (0x9)
PPP Tracing
Category
PPP tracing is an operating system tool available in Routing and Remote Access.
Version compatibility
PPP tracing is supported in Windows Server 2003 and Windows 2000 Server. PPP tracing is the same as the PPP logging feature in Windows NT 4.0 and earlier.
To use PPP tracing to troubleshoot PPP connection failures, you must be familiar with PPP. For more information about PPP and PPP tracing, see “Dial-up Remote Access Protocols” and “Dial-up Remote Access Processes and Interactions” in How Dial-up Remote Access Works.
Tracing is a facility of Windows Server 2003 remote access and routing components that allows you to optionally enable and disable the recording of programming code and network events to a file. PPP tracing logs the PPP packets exchanged during the PPP connection establishment process and is valuable for troubleshooting the failure of a PPP connection.
By default, the PPP log is stored in the Ppp.log file in the systemroot\Tracing folder. The PPP log generated by PPP tracing contains the programming calls and contents of PPP packets for PPP control protocols. PPP tracing cannot be used to view PPP user data sent across the connection.
Sample PPP Trace
The following printout is an excerpt from a PPP trace of a PPP connection establishment process. The entries are indented to improve readability.
[1472] 15:57:50:094: Line up event occurred on port 5
[1472] 15:57:50:104: Starting PPP on link with IfType=0x0,IPIf=0x0
[1472] 15:57:50:104: RasGetBuffer returned ae70054 for SendBuf
[1472] 15:57:50:104: FsmInit called for protocol = c021, port = 5
[1472] 15:57:50:104: ConfigInfo = 273e
[1472] 15:57:50:104: APs available = 1
[1472] 15:57:50:104: FsmReset called for protocol = c021, port = 5
[1472] 15:57:50:104: Inserting port in bucket # 5
[1472] 15:57:50:104: Inserting bundle in bucket # 6
[1472] 15:57:50:104: FsmOpen event received for protocol c021 on port 5
[1472] 15:57:50:104: FsmThisLayerStarted called for protocol = c021,
port = 5
[1472] 15:57:50:104: FsmUp event received for protocol c021 on port 5
[1472] 15:57:50:104: <PPP packet sent at 11/04/1998 23:57:50:104
[1472] 15:57:50:104: <Protocol = LCP, Type = Configure-Req, Length =
0x2f, Id = 0x0, Port = 5
[1472] 15:57:50:104: <C0 21 01 00 00 2D 02 06 00 00 00 00 03 05 C2 23
|.!...-.........#|
[1472] 15:57:50:104: <80 05 06 72 5F 50 9A 07 02 08 02 0D 03 06 11 04
|...r_P..........|
[1472] 15:57:50:104: <06 4E 13 09 03 00 60 08 3E 46 07 17 04 00 03 00
|.N....`.>F......|
[1472] 15:57:50:104: InsertInTimerQ called portid=6,Id=0,Protocol=c021,
EventType=0,fAuth=0
[1472] 15:57:50:104: InsertInTimerQ called portid=6,Id=0,Protocol=0,
EventType=3,fAuth=0
[1472] 15:57:50:104: >PPP packet received at 11/04/1998 23:57:50:104
[1472] 15:57:50:104: >Protocol = LCP, Type = Configure-Req, Length =
0x26, Id = 0x0, Port = 5
[1472] 15:57:50:104: >C0 21 01 00 00 24 02 06 00 00 00 00 05 06 00 00
|.!...$..........|
[1472] 15:57:50:104: >C0 05 07 02 08 02 0D 03 06 11 04 06 4E 13 09 03
|._..........N...|
[1472] 15:57:50:104: >00 60 08 52 F9 D8 00 00 00 00 00 00 00 00 00 00
|.`.R............|
The last three lines are a hexadecimal display of the same LCP packet in frame 1 of the preceding Network Monitor trace. To understand this frame, you must manually parse this frame according to the PPP and LCP packet structure. An example of the parsing of this PPP frame is listed in the following table.
Parsing of the LCP Configure-Request
| Bytes | Meaning |
|---|---|
C0 21 |
PPP Protocol ID for LCP. |
01 |
LCP code for a Configure-Request. |
00 |
LCP identifier for this Configure-Request. |
00 24 |
Length, in bytes, of the LCP packet (36 bytes long). |
02 |
LCP option for Asynchronous Control Character Map (ACCM). |
06 |
Length, in bytes, of the ACCM option. |
00 00 00 00 |
Data for the ACCM option. |
05 |
LCP option for the magic number. |
06 |
Length, in bytes, of the magic number option. |
00 00 C0 05 |
Data for the magic number option. |
07 |
LCP option for protocol compression. |
02 |
Length, in bytes, of the protocol compression option. |
08 |
LCP option for address and control field compression. |
02 |
Length, in bytes, of the address and control field compression option. |
0D |
LCP option for callback. |
03 |
Length, in bytes, of the callback option. |
06 |
Callback option data. |
11 |
LCP option for the Multilink Maximum Receive Reconstructed Unit. |
04 |
Length, in bytes, of the Multilink Maximum Receive Reconstructed Unit option. |
06 4E |
Multilink Maximum Receive Reconstructed Unit option data. |
13 |
LCP option for the Multilink Endpoint Discriminator option. |
09 |
Length, in bytes, of the Multilink Endpoint Discriminator option. |
03 00 60 08 52 F9 D8 |
Multilink Endpoint Discriminator option data. |
Rasdiag
Category
Rasdiag is a diagnostic tool for remote access clients that is available as part of the Windows XP operating system as Rasdiag.exe.
Version Compatibility
Rasdiag is available in Windows XP.
Rasdiag collects diagnostic information about remote services and places that information in a file. You can use this tool to work with Microsoft Product Support Services to troubleshoot remote connection issues by taking a snapshot of the configuration data and capturing an attempted remote connection.
Rasdiag is not described in the Support Tools section of Windows XP Help. For more information about Rasdiag, see “Windows Support Tools” in the Tools and Settings Collection.
Rasdial
Category
Rasdial is a command-line tool that automates the process of dialing up a network connection and is available as part of the operating system.
Version Compatibility
Rasdial is available in Windows Server 2003, Windows XP, and Windows Server 2000.
Rasdial creates a simple batch file that connects to a dial-up network connection by specifying an entry in the current rasphone.pbk file, located in the ../Documents and Settings/username/ folder for an individual user connection, and the ../Documents and Settings/All Users/ folder for all user connections. You can also use Rasdial to connect to or disconnect from a network connection.
Rasdial is different from Autodial:
- Rasdial does not automatically detect your network connection status before dialing a connection and does not depend on the Remote Access Auto Connection Manager service. Rasdial requires that there is an existing phone book entry that can be used or modified.
Rasdial is different from Rasphone:
- Rasdial provides unattended dialing. It does not support the following features available in Rasphone: prefix/suffix, auto-redial, change password, retry authentication, statistics, operator-assisted dialing, and connections requiring Terminal mode input.
For more information about Rasdial, see “Windows Support Tools” in the Tools and Settings Collection.
Dial-up Remote Access Registry Entries
The following registry entries are associated with dial-up remote access.
The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.
HKEY_LOCAL_MACHINE\SYSTEM\
The following registry key is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \RemoteAccess\Parameters\Ip
Ip
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services \RemoteAccess\Parameters\
Version
The Ip registry setting is available in Windows Server 2003 and Windows 2000 Server.
When the remote access server is configured to use Dynamic Host Configuration Protocol (DHCP) to obtain IP addresses, Routing and Remote Access instructs the DHCP client component to obtain 10 IP addresses from a DHCP server. When all 10 IP addresses are used, the remote access server uses the DHCP client component to obtain 10 more. You can modify the number of IP addresses obtained at a time by changing the value of InitialAddressPoolSize.
If you do not want the remote access server to assign Domain Name System (DNS) and Windows Internet Name Service (WINS) IP addresses, set the values of SuppressDNSNameServers and SuppressWINSNameServers to 1.
To globally configure DNS and WINS server IP addresses for remote access clients, enter the IP addresses in the values of DNSNameServers and WINSNameServer.
HKEY_LOCAL_MACHINE\SYSTEM\
The following registry key is located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP
PPP
Registry path
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\
Version
The PPP registry setting is available in Windows Server 2003 and Windows 2000 Server.
Routing and Remote Access stores PPP settings at this location.