When
a failure or issue is reported regarding a Windows Server 2008 R2
system, the responsible administrator should first perform the standard
validation tests to verify that there is a real issue. The following
sections include basic troubleshooting steps when failure reports are
based around data or application access issues, network issues, data
corruption, or recovery issues.
Access Issues
When end users report
issues accessing a Windows Server 2008 R2 system but the system is
still online, this is categorized as an access issue. Administrators
should start troubleshooting access issues by first verifying that the
system can be accessed from the system console and then verifying that
it can be accessed across the network. After that is validated, the
access issue should be tested to reveal whether the access issue is
affecting everyone
or just a set of users. Access issues can be system or network related,
but they can also be related to security configurations on the network
or local system firewall or application, share, and/or NTFS
permissions. The following sections can be used to help troubleshoot
access issues.
Network Access Troubleshooting
Troubleshooting access to
a system that is suspected to be network related can involve the
networking group as well as the Windows Server 2008 R2 system
administrators. When networking is a suspect, the protocol and system
IP information should be noted before any tests are performed. Tests
should be performed from the Windows system console to determine if the
system can access other devices on the local network and systems on
neighboring networks located across a gateway or router. Tests should
be performed using both the system DNS names as well as IP addresses
and, if necessary, IP Next Generation IPv6 addresses.
Note
Testing connectivity for
web-based applications should be performed using system hostnames,
fully qualified domain names, and IP addresses to ensure that tests
yield the proper results. Many web servers and/or firewalls can receive
a properly formed header in the web GET request and will not respond to
a request made from an IP-based uniform resource locator (URL).
If the system can
communicate out but users still cannot access the system, possible
causes could be an incorrect IP subnet mask default gateway or routing
table or a restriction configured in the Windows or network firewall.
Windows Firewall is enabled by default on Windows Server 2008 R2
systems and the new firewall supports multiple firewall profiles
simultaneously. If a network is identified incorrectly as a public
network instead of a domain network, depending on the firewall profile
settings, this might restrict access undesirably. When administrators
follow the proper procedures for installing roles and role services,
during the installation of the roles, exceptions will be added to the
firewall. Administrators can review the settings using the Windows
Firewall applet from Control Panel but to get very detailed firewall
information, the Windows Firewall with Advanced Security console should
be used. This console is located in the Administrative Tools program
group.
Share and NTFS Permissions Troubleshooting
If network connectivity and
firewall configurations check out, the next step in troubleshooting
access issues is to validate the configured permissions to the affected
application, service, or shared folder. For application access
troubleshooting, refer to the section, “Application Access Troubleshooting,”
and the application vendors’ administration and troubleshooting guides.
For Windows services and share folder permission troubleshooting, Event
Viewer can assist tremendously, especially if auditing is enabled.
Auditing can be enabled within an Active Directory group policy on the
Windows Server 2008 R2 local computer policy, but auditing must also be
enabled on the particular NTFS folder.To troubleshoot share
and NTFS permissions, please review the following sections.
Validating Share Permissions
When share permissions
need to be validated, there are several ways to accomplish this task.
One way to accomplish this task is to use the Share and Storage
Management snap-in, as detailed in the following steps:
1. | Log on to the Windows Server 2008 R2 system with an account with administrator privileges.
|
2. | Click Start, click All Programs, click Administrative Tools, and select Share and Storage Management.
|
3. | When the window opens, locate the desired share in the tasks pane, right-click the share, and choose Properties.
|
4. | Select the Permissions tab and click the Share Permissions button.
|
5. | Review and, if necessary, reconfigure the share permissions as required.
|
6. | Click OK to close the Share Permissions window and click OK again to close the share properties pages.
|
7. | Close the Share and Storage Management console.
|