Module 10: Managing and Monitoring Network Access

Module 10: Managing and Monitoring Network Access
Contents Overview Lesson: Managing the Network Access Services Lesson: Configuring Logging on a Network Access Server 1 2 8
Lesson: Collecting and Monitoring Network Access Data 21 Lab A: Managing and Monitoring Remote Access Course Evaluation 29 33
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. 2003 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, Active Directory, MSDN, PowerPoint, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
iii
Instructor Notes
Presentation: 1 hour Lab: 30 minutes This module provides students with the knowledge and ability to manage and monitor network access of dial-up, virtual private network (VPN), and wireless clients. After completing this module, students will be able to:

Manage the network access services. Configure logging on the network access server. Collect and monitor network access data.
Required materials
To teach this module, you need the following materials:

Microsoft PowerPoint file 2277b_10.ppt. The Implementation Plan Values document located in the Appendix at the end of the student workbook.
Important It is recommended that you use PowerPoint 2002 or later to display the slides for this course. If you use PowerPoint Viewer or an earlier version of PowerPoint, all the features of the slides may not be displayed correctly. Preparation tasks To prepare for this module:

Read all of the materials for this module. Complete all practices and the lab. Practice demonstrating all the procedure pages. A procedure page usually has a title that begins with How to Review prerequisite courses and modules.
iv
How to Teach This Module

This section contains information that will help you to teach this module.
How To Pages, Practices, and Labs

Explain to the students how the How To pages, practices, and labs are designed for this course. A module includes two or more lessons. Most lessons include How To pages and a practice. After completing all of the lessons for a module, the module concludes with a lab. How To pages The How To pages are designed for the instructor to demonstrate how to do a task. The students do not perform the tasks on the How To page with the instructor. They will use these steps to perform the practice at the end of each lesson. Important It is recommended that the trainer demonstrate each of the tasks on the How To page. You can use the London or Glasgow computers to demonstrate these How To procedures. It is important not to change any settings that could affect the successful completion of the practices and the lab. Practices After you have covered the contents of the topic and demonstrated the How To procedures for the lesson, explain that a practice will give students a chance for hands-on learning of all the tasks discussed in the lesson. At the end of each module, the lab enables the students to practice the tasks that are discussed and applied in the entire module. Using scenarios that are relevant to the job role, the lab gives students a set of instructions in a two-column format. The left column provides the task. (For example: Create a group.) The right column provides specific instructions that the students will need to perform the task. (For example: From Active Directory Users and Computers, double-click the domain node.) An answer key for each lab exercise is located on the Student Materials compact disc, in case the students need step-by-step instructions to complete the lab. They can also refer to the practices and How To pages in the module.
Labs
Lesson: Managing the Network Access Services

This section describes the instructional methods for teaching this lesson. Guidelines for Managing Network Access Services
Discuss how to apply the guidelines for managing network access services by referring to the slide. This topic has an animated slide, so be sure to review the slide prior to class.
How to Manage Remote Access Clients
Demonstrate how to send a message to a single remote access client. Demonstrate how to send a message to all remote access clients. Demonstrate how to disconnect a remote access client. Demonstrate how to start and stop the Routing and Remote Access service.
Practice: Managing the Remote Access Service
Tell the students that they can refer to the How To pages covered in the lesson. Direct the students to read the scenario. Direct the students to complete the following tasks: Connect to their partners computer by using the VPN connection. Verify the connection duration for the remote access client. Send a message to all remote access clients.
Verify that the message is displayed, and then disconnect from their partners computer.
Verify the connection duration of the remote access client. Stop the Routing and Remote Access service. Start the Routing and Remote Access service.
Reconvene class after all the students have completed the practice and discuss the results of the practice.
Lesson: Configuring Logging on a Network Access Server

This section describes the instructional methods for teaching this lesson. Routing and Remote Access Logging
Introduce the three types of logging that are supported by the Routing and Remote Access service. Describe event logging. Point out that tracing consumes system resources and should only be used sparingly.
Describe local authentication and account logging. Describe Remote Authentication Dial-In User Service (RADIUS)-based authentication and account logging. Define authentication and accounting logging. Explain the benefits of using authentication and accounting logging. Discuss the log file properties. Describe the types of request logging. Demonstrate how to enable Microsoft Windows accounting. Demonstrate how to configure local authentication and accounting logging. Demonstrate how to configure RADIUS-based authentication and account logging. Describe a Point-to-Point Protocol (PPP) log. Describe an audit log. Describe an Oakley log.
Authentication and Accounting Logging
How to Configure Authentication and Accounting Logging
Log Files for Specific Connections
vi

How to Configure Logging for Specific Connection Types
Demonstrate how to configure PPP logging. Demonstrate how to configure Oakley logging for a Layer Two Tunneling Protocol/Internet Protocol security (L2TP/IPSec) connection. Demonstrate how to configure audit logging for an L2TP/IPSec connection. Tell the students that they can refer to the How To pages covered in the lesson. Direct the students to read the scenario. Direct the students to complete the following tasks: Configure local authentication logging on their remote access server. Verify that the log file does not exist. Stop and start the Routing and Remote Access service. Verify that the log file does exist. Reconvene class after all the students have completed the practice and discuss the results of the practice.
Practice: Configuring Logging on a Network Access Server
Lesson: Collecting and Monitoring Network Access Data

This section describes the instructional methods for teaching this lesson. Why Collect Performance Data? Tools for Collecting Network Access Data

Discuss the reasons for collecting performance data. Describe the tools for collecting network access data including System Monitor, Performance Logs and Alerts, and Wireless Monitor. Discuss the types of information that the students can gather by using these tools and the network access issues this information helps to isolate.
Provide examples and descriptions of the most commonly used objects and counters for monitoring network access servers. Demonstrate how to enable or disable wireless client information logging. Demonstrate how to view details about wireless network access points. Demonstrate how to view details about wireless network clients. Tell the students that they can refer to the How To pages covered in the lesson. Direct the students to read the scenario. Direct students to complete the following tasks: Determine the tools to use. Configure their Performance Logs. Reconvene class after all the students have completed the practice and discuss the results of the practice.
How to Monitor Wireless Network Activity
Practice: Collecting and Monitoring Network Access Data
Overview
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This module introduces the skills and knowledge that are necessary to manage and monitor the network access of dial-up, virtual private network (VPN), and wireless clients. After completing this module, you will be able to:

Objective
Manage the network access services. Configure logging on the network access server. Collect and monitor network access data.
Lesson: Managing the Network Access Services
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This lesson presents the skills and knowledge that are necessary to enable you to perform basic management functions on the network access services provided by the Routing and Remote Access service. After completing this lesson, you will be able to:

Objectives
Apply guidelines for managing a remote access server. Manage remote access clients.
Guidelines for Managing Network Access Services
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Guidelines for stopping and starting the Routing and Remote Access service Periodically, it is necessary to shut down the Routing and Remote Access service. For example, you may need to change the location of a remote access server that is in your organizations building. Or, you may need to shut down the service to repair or upgrade hardware. You can follow a few simple guidelines to help ensure that your clients are minimally affected during the scheduled service shut down. When you need to shut down the Routing and Remote Access service, you should: 1. Configure a replacement remote access server. 2. Schedule the downtime during the least busy time of business. 3. Send a message to your clients to alert them of the time and length of the scheduled downtime. 4. Use the Routing and Remote Access console to disconnect any clients that did not disconnect from the remote access servers. 5. Stop the Routing and Remote Access service.
How to Manage Remote Access Clients
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You use the Routing and Remote Access console to:
Send a message to clients to notify them that they need to switch to a different remote access server. Disconnect any clients that did not switch to remote access servers.
Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to perform this task. Procedure for sending a message to a single remote access client To send a message to a single remote access client: 1. Log on with a non-administrative user account. 2. Click Start, and then click Control Panel. 3. In Control Panel, open Administrative Tools, right-click Routing and Remote Access, and then select Run as. 4. In the Run As dialog box, select The following user, and then type a user account and password that has the appropriate permissions to complete the task. Click OK. 5. Open Routing and Remote Access, and click Remote Access Clients. 6. Right-click the appropriate user name, click Send message, and then click OK.
Procedure for sending a message to all remote access clients
To send a message to all remote access clients: 1. Open the Routing and Remote Access console, and right-click Remote Access Clients. 2. Select Send to All, and then click OK.
Procedure for disconnecting a remote access client
To disconnect a remote access client: 1. Open the Routing and Remote Access console, and right-click Remote Access Clients. 2. Select the appropriate user name, and then click Disconnect.
Procedure for starting and stopping the Routing and Remote Access service
After you disconnect all clients from a remote access server, you can properly shut down the service for that server. To start and stop the Routing and Remote Access service: 1. In the Routing and Remote Access console, in the console tree, click Server Status. 2. In the details pane, right-click a server name, point to All Tasks, and perform one of the following steps: To start the service, click Start. To stop the service, click Stop. Note You can also start and stop the Routing and Remote Access Service by using the net start remoteaccess and net stop remoteaccess commands.
Practice: Managing the Remote Access Service
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective Instructions In this practice, you will manage the Remote Access service. To complete this practice, refer to the Implementation Plan Values document, located in the Appendix at the end of your student workbook. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to complete the task. Scenario The remote access server in your Lab department is scheduled to be shut down for a hardware upgrade. The systems engineer has created a replacement remote access server to support remote access clients during the scheduled outage. You will properly shut down the remote access server.
Practice
Connect to your partners computer by using the VPN connection
Complete this task from the higher number student computer.
1. On the desktop, double-click VPN ComputerName (where ComputerName is your partners computer). 2. In the Connect VPN ComputerName dialog box, type the following information and then click Connect. a. User name: ComputerNameAdmin (where ComputerName is the name of your computer) b. Password: P@ssw0rd 3. Verify that a pop-up balloon is displayed in the notification area that states the VPN ComputerName is now connected. 4. On the desktop, right-click VPN ComputerName and then click Status. 5. In the VPN ComputerName Status dialog box, verify that Status is displayed as Connected, and note the Duration time.
Verify the connection duration for the remote access client
Complete this task from the lower number student computer.
1. Open the Routing and Remote Access console. 2. In the Routing and Remote Access console, in the console tree, select Remote Access Clients. 3. In the Remote Access Clients details pane, under User Name, verify that nwtraders\ComputerNameAdmin is displayed, and note the duration time.
Send a message to all remote access clients

Complete this task from the lower number student computer. Audience: Send to All Message text: This remote access server will be shutting down in 10 minutes
Verify that the message is displayed and then disconnect from your
partners computer

Complete this task from the higher number student computer. Read the text of the Messenger Service message box. Disconnect from VPN ComputerName (where ComputerName is your partners computer).
Verify the connection duration of the remote access client
Complete this task from the lower number student computer.
1. Open the Routing and Remote Access console. 2. In the Routing and Remote Access console, in the console tree, select Remote Access Clients. 3. On the Action menu, click Refresh. 4. In the Remote Access Clients details pane, verify that no items are displayed.
Stop the Routing and Remote Access service

Complete this task from the lower number student computer. Administrative tool: Routing and Remote Access
Start the Routing and Remote Access service

Complete this task from the lower number student computer. Administrative tool: Routing and Remote Access
Lesson: Configuring Logging on a Network Access Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Lesson objectives This lesson introduces the knowledge and skills that are necessary to be able to use certain types of logging to help isolate common issues with network access. After completing this lesson, you will be able to:
Describe the types of logging that are supported by the Routing and Remote Access service. Explain what authentication and accounting logging is. Configure authentication and accounting logging. Identify log files that are used for specific connections. Configure logging for specific connection types.
Routing and Remote Access Logging
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A server that runs Routing and Remote Access supports three types of logging:

Event logging Local authentication and account logging RADIUS-based (Remote Authentication Dial-In User Service) authentication and account logging
Event logging
You can use event logging to record remote access server errors, warnings, and other detailed information in the system event log. You can enable event logging and configure the levels of events logged on the Event Logging tab in the Properties dialog box of the remote access server. For example, the event log can record the stopping and starting of the remote access service in addition to recording the users who have been denied access and the reasons why. In the Properties dialog box for the remote access server, you can also enable the logging of additional Routing and Remote Access information. When you enable logging, the computer creates numerous detailed log files in the %Systemroot%\Tracing directory, which contains a more detailed record of Routing and Remote Access functions. Note Tracing consumes system resources and should only be used sparingly to help identify network problems.
10
Local authentication and account logging
The Routing and Remote Access service supports the logging of authentication and accounting information for connection attempts when Microsoft Windows authentication or the accounting provider is configured. This logging is separate from the events that are recorded in the system event log. Authentication and account logging is especially useful in isolating remote access policy issues. For each authentication attempt, the name of the remote access policy that either accepted or rejected the connection is logged.
RADIUS-based authentication and account logging
A server that runs Routing and Remote Access supports the logging of authentication and accounting information for remote access connections at a RADIUS server when RADIUS authentication and accounting are enabled. RADIUS authentication and accounting logging is separate from the events that are recorded in the system event log. You can use the information that is logged on your RADIUS server to track remote access usage and authentication attempts. For example, the RADIUS accounting log records connection information, including how long you were connected to the remote access server.
11
Authentication and Accounting Logging
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Definition Benefits of using authentication and accounting logging Authentication and accounting logging is a process that records detailed information about remote access connection requests. You can use the logged information to track remote access usage and authentication attempts. By setting up and using log files to track authentication information, you can simplify the administration of your remote access service. You can set up and use logs to track accounting information (such as logon and logoff records) to maintain records for billing purposes. Authentication and accounting logging is especially useful for isolating remote access policy issues. For each authentication attempt, the name of the remote access policy that either accepted or rejected the connection attempt is recorded. The authentication and accounting information is stored in a configurable log file or in files stored in the %Systemroot%\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or in a databasecompatible format so that any database program can read the log file directly for analysis. You can configure both the Routing and Remote Access service and IAS to send the authentication and accounting information directly to a database server that allows multiple servers to input data into the same database. Log file properties When you set up logging, you can specify:

The requests to be logged. The log-file format. How often new logs are started. Automatic deletion of the oldest log file when the disk is full. Where log files are recorded. What information the log file records contain.
12
Types of request logging
All types of request logging are disabled by default. Initially, it is recommended that you enable the logging of authentication and accounting requests. You can refine your logging methods after you determine the data that best matches your needs. As shown in the following table, you can select the types of requests to log. The origin and destination of the log file items depend on whether they are being submitted by a RADIUS client to a RADIUS server or whether they are being logged locally in a Routing and Remote Access log file using Windows Authentication and Accounting.
Types of requests Accounting requests Description of log entries Accounting-on indicates that the server is online and is ready to accept connections. Accounting-off indicates that the server is going offline. Accounting-start indicates the start of a user session. Accounting-stop indicates the end of a user session. Authentication requests Authentication requests logs incoming attributes that a connecting user sends. These entries in the log file contain only incoming attributes. Authentication accepts and rejects logs entries that indicate whether the user is accepted or rejected. Periodic status Periodic status logs entries for interim accounting requests that are provided by some remote access servers during sessions. Accounting-interim requests logs entries that are provided periodically by the remote access server during a user session.
Note You can log accounting, authentication, and periodic status on a Microsoft SQL Server database. For more information, see SQL Server database logging in the Windows Server 2003 Help documentation.
13
How to Configure Authentication and Accounting Logging
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To configure authentication and accounting logging, you must first enable either Windows authentication or Windows accounting. Then, you can configure the type of activity that you want to log (an authentication or accounting activity) and the log file settings. If the computer running the Routing and Remote Access service is configured for RADIUS authentication or the accounting provider, and the RADIUS server is a computer running Windows Server 2003 and IAS, the logging information is recorded on the IAS server computer. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to perform this task. Procedure for enabling Windows accounting To enable Windows accounting: 1. Open the Routing and Remote Access console, right-click the server name for which you want to configure Windows accounting, and then click Properties. 2. On the Security tab, in Accounting provider, click Windows Accounting, and then click OK.
14
Procedure for configuring local authentication and accounting logging
To configure local authentication and account logging: 1. Open the Routing and Remote Access console. 2. In the console tree, click Remote Access Logging. 3. In the details pane, right-click Local File, and then click Properties. 4. In the Local File Properties dialog box, on the Settings tab, select one or more of the three options: Accounting requests. This option logs information such as the start of a user session and the end of a user session. Authentication requests. This option logs information such as whether a user access request is accepted or rejected. Periodic status. This option logs information such as accounting interim requests. To log these requests the Acct-Interim-Interval RADIUS attribute must be configured in the remote access profile on the IAS server. 5. In the Local File Properties dialog box, on the Log File tab, select the following appropriate logging options: a. Directory: Path to the folder where the log files are stored b. Format: IAS or Database-compatible c. Create a new log file: Daily, weekly, monthly, Never (unlimited size), When the log file reaches this size 6. In the Local File Properties dialog box, on the Log File tab, if applicable, select When disk is full delete older log files, and then click OK. Note Whenever you change the Authentication provider or Accounting provider on the Security tab, you must stop and start the Routing and Remote Access service for these changes to be applied.
Procedure for configuring RADIUSbased accounting `
To configure RADIUS-based accounting: 1. Open the Routing and Remote Access console. 2. Right-click the server name for which you want to configure RADIUSbased accounting, and then click Properties. 3. On the Security tab, in the Accounting provider field, select RADIUS accounting, and then click Configure. 4. In the RADIUS Accounting dialog box, click Add. 5. In the Add RADIUS Server dialog box, in the Server name field, type the host name of the RADIUS server. 6. In the Add RADIUS Server dialog box, click Change. 7. In the Change Secret dialog box, in the New secret field and the Confirm new secret field, type the secret, and then click OK. 8. In the RADIUS Accounting dialog box, click OK. 9. In the ServerName Properties dialog box, click OK.
15
Log Files for Specific Connections
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To help gather detailed information and to isolate problems with the remote access server, you can configure additional logging functions. You should be cautious when enabling this type of logging because it can add substantial overhead to the remote access server. You can use Point-to-Point Protocol (PPP) logging to record the series of programming functions and PPP control messages during a PPP connection. PPP logging is a valuable source of information when you are trying to resolve the failure of a PPP connection. You can use the Event Viewer snap-in to view the following IPSec-related events:

PPP Log
Audit log
Internet Protocol security (IPSec) Policy Agent events in the audit log. Internet Key Exchange (IKE) events (security association details) in the security log. To view these events, enable success or failure auditing for the Audit logon events audit policy for your domain or local computer. IPSec policy change events in the security log. To view these events, enable success or failure auditing for the Audit policy change audit policy for your domain or local computer. IPSec driver per-packet drop events in the system log. In the Windows Server 2003 family, you can enable packet event logging for the IPSec driver by using the Netsh ipsec command-line tool. To enable logging of dropped inbound and outbound packets, specify a value of 7. At the command prompt, type netsh ipsec dynamic set config ipsecdiagnostics 7, and then restart the computer.
16
Enabling audit logging for Internet Security Association and Key Management Protocol (ISAKMP) events and viewing the events in Event Viewer is the fastest and simplest way to isolate failed main-mode or quick-mode negotiations. When you enable success or failure auditing for the Audit logon events audit policy, IPSec records the success or failure of each main-mode and quick-mode negotiation and the establishment and termination of each negotiation as separate events. However, enabling this type of auditing can cause the security log to fill up with IKE events. For example, for servers that are connected to the Internet, attacks on the IKE protocol can cause the security log to fill up with IKE events. IKE events can also fill up the security log for servers that use IPSec to secure traffic to many clients. To avoid filling up the log with IKE events, you can disable auditing for IKE events in the security log by modifying the registry. Oakley log You can use the Oakley log to view details about the security association establishment process. The Oakley log is enabled in the registry; however, it is not enabled by default. After you enable the Oakley log, which is stored in the %Systemroot%\Debug folder, it records all ISAKMP main-mode or quick-mode negotiations. A new Oakley.log file is created each time the IPSec Policy Agent is started, and the previous version of the Oakley.log file is saved as Oakley.log.sav.
17
How to Configure Logging for Specific Connection Types
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can use the remote access diagnostic functions that are available in the Windows Server 2003 family to collect detailed logs and information about a remote access connection. After you are finished troubleshooting, you should disable logging. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to perform this task. Procedure for configuring PPP logging To configure PPP logging: 1. In the Routing and Remote Access console, right-click the server name, and then click Properties. 2. In ServerName Properties dialog box, on the Logging tab, select one of the following: Log errors only Log errors and warnings Log all events Do not log any events 3. On the Logging tab, if applicable, select Log additional Routing and Remote Access information, and then click OK. This option logs events in the PPP connection establishment process.
18
Procedure for configuring Oakley logging for an L2TP/IPSec connection
To configure Oakley logging for a L2TP/IPSec connection: 1. To enable the Oakley log, set the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Polic yAgent\Oakley\EnableLogging DWORD registry setting to a value of 1. (The Oakley key does not exist by default and, therefore, it must be created.) Note For more information about adding values to registry keys, see the Windows Server 2003 Help documentation. 2. To activate the new EnableLogging registry setting after modifying its value: a. Stop the Routing and Remote Access service by typing net stop remoteaccess at the command prompt. b. Stop the IPSec services by typing net stop policyagent at the command prompt. c. Start the IPSec services by typing net start policyagent at the command prompt. d. Start the Routing and Remote Access service by typing net start remoteaccess at the command prompt.
Procedure for configuring audit logging for an L2TP/IPSec connection
To configure audit logging for an L2TP/IPSec connection: 1. Set the KEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ IPSec\DiagnosticMode registry setting to 1. 2. To activate the new DiagnosticMode registry setting after modifying its value: a. Stop the Routing and Remote Access service by typing net stop remoteaccess at the command prompt b. Stop the IPSec services by typing net stop policyagent at the command prompt. c. Start the IPSec services by typing net start policyagent at the command prompt. d. Start the Routing and Remote Access service by typing net start remoteaccess at the command prompt. Note The IPSec driver only writes events to the system log once an hour. For additional information about IPSec driver event logging, see the Windows Resource Kits.
19
Practice: Configuring Logging on a Remote Access Server
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Instructions In this practice, you will configure logging on a remote access server. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to complete the task. The systems engineer has created a logging plan for the remote access server in the lab. You will configure the remote access server to log authentication and accounting data.
Scenario
Practice
Configure local authentication logging on your remote access server

Complete this task from both student computers. Administrative tool: Routing and Remote Access Log the following information: Accounting requests Authentication requests Periodic status
Log file directory: C:\moc\2277\labfiles\lab10 Create a new log file: Daily
Verify that the log file does not exist

Complete this task from both student computers. Using Windows Explorer, open: C:\moc\2277\labfiles\lab10 Verify that no log file exists and leave the folder open
20
Stop and start the Routing and Remote Access service

Complete this task from both student computers. Administrative tool: Routing and Remote Access
Verify that the log file does exist

Complete this task from both student computers. Verify that the log file exists and close the folder.
21
Lesson: Collecting and Monitoring Network Access Data
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction The information in this lesson presents the skills and knowledge that are necessary to enable you to collect and monitor network access data for the Routing and Remote Access service or IAS. After completing this lesson, you will be able to:

Lesson objectives
Explain the reasons for collecting performance data for network access. Identify and describe the different tools that are used for collecting network access data. Monitor wireless network activity.
22
Why Collect Performance Data?
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Reasons to collect performance data Monitoring system performance is an important part of maintaining and administering your network access services. You can use performance data to:
Evaluate the workload of your server and the corresponding effect on your system's resources. Observe changes and trends in workloads. Track resource usage so that you can plan for future upgrades. Test configuration changes or other tuning efforts by monitoring the results. Isolate problems such as a connection failure, the dropping of active connections, and the overall performance. Target components or processes for optimization.
23
Tools for Collecting Network Access Data
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Tools for gathering data Windows Server 2003 includes the following tools that you can use to gather data to help identify and predict network access issues: System Monitor. This tool provides a way to view real-time performance data that is targeted toward specific components and services. You can also use the System Monitor tool to view previously captured or archived performance data. Performance Logs and Alerts. This tool enables you to capture specific performance data for components and services over a configurable period of time in a log file. You can also set alerts that take action when certain events occur, such as:

Sending a message. Running a program. Making an entry to the application event log. Starting a log when a selected counters value exceeds or falls below a specified stetting.
Wireless Monitor. The Wireless Configuration service logs information in Wireless Monitor that allows you to:

Identify service configuration changes. Check the events logged in the Wireless Configuration service log that are generated from outside of your wireless network, such as media event notifications, 802.1x events, and timer expiration events. View details about wireless network access points and clients.
You can use log information to isolate issues with your wireless service.
24
Examples of common objects
Commonly used objects for monitoring network access servers include:
Memory, Processor, Network, and Disk. These objects contain standard network service counters that you can use for all types of servers. With the Routing and Remote Access service, the most common place that a bottleneck can occur is the network. The Routing and Remote Access service and IAS do not normally place a significant demand on the processor, memory, and disk if the server is dedicated to dial-in functions. However, if a remote access server or IAS server also hosts other applications or services, they could compete for resources. You should then monitor the four primary counters globally for the server to make sure one application or service is not over using resources that could compromise the other functions on the server. Note For more information about standard performance objects, see Course 2275: Maintaining a Microsoft Windows Server 2003 Environment.
IAS Authentication Server. This object contains counters that you can use to monitor incoming and outgoing requests and errors that the authentication server encounters. IAS Authentication Clients. This object contains counters that you can use to monitor incoming and outgoing requests and errors that the authentication client encounters. IPv4. This object contains counters that you can use to isolate Transmission Control Protocol/Internet Protocol (TCP/IP) performance data, errors, failures, and potential network attacks. IPv6. This object contains the same counters and capabilities as IPv4, but the IPv6 object counters are focused on IPv6. RAS Port. This object contains counters that provide information about the performance and throughput of individual remote access ports. RA Total. This object contains counters that provide information about the performance and throughput of all of the remote access ports together.
Examples of counters
You can create a Performance Log to keep track of the errors in IAS. Examples of counters that you can use to isolate and resolve common network access issues include:
Datagrams Received Discarded. Amount of input IP datagrams that were discarded when a problem prevented their continued processing, such as the lack of buffer space. Datagram Received Address Errors. Amount of IP datagrams that were discarded because of address errors, such as invalid (0.0.0.0) and unsupported classes (Class E). Access-Request. Amount of access requests received. Access-Rejects. Amount of access requests rejected. Bad Authenticators. Amount of packets that contain an invalid message authenticator attribute (RADIUS). Unknown Type. Amount of unknown type (non-RADIUS packets received).
25
How to Monitor Wireless Network Activity
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You use the Wireless Monitor snap-in to monitor wireless network activity. Note It is recommended that you log on with an account that has nonadministrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to perform this task. Procedure for enabling or disabling wireless client information logging To enable or disable wireless client information logging: 1. Create a console containing Wireless Monitor. Or, open a saved console file containing Wireless Monitor. 2. Expand the name of the server that you want to configure. 3. Right-click Wireless Client Information, and then configure one of the following: To enable logging for wireless network clients, click Enable Logging. To disable logging for wireless network clients, click Disable Logging. Procedure for viewing details about wireless network access points You can view the name of the network on which the access point exists, the network type, the network address, and the current activity in addition to the signal strength. To view the details about wireless network access points: 1. Create a console containing Wireless Monitor. Or, open a saved console file containing Wireless Monitor. 2. Double-click Access Point Information.
26
Procedure for viewing details about wireless network clients
You can view the network source from where the wireless client is communicating, the type of communication, when the communication occurred, and the name of the network. To view the details about wireless network clients: 1. Create a console containing Wireless Monitor. Or, open a saved console file containing Wireless Monitor. 2. Double-click Wireless Client Information.
27
Practice: Collecting and Monitoring Network Access Data
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objective In this practice, you will
Determine the best tools to use for monitoring and identifying certain network access issues. Configure Performance Logs.
Instructions
To complete this practice, refer to the Implementation Plan Values document, located in the Appendix at the end of your student workbook. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to complete the task.
Scenario
Network access clients in the Lab department have been experiencing difficulties connecting to and staying connected to the network access server. There are multiple remote access policies that are configured. Other network access users have complained that their connections were dropped after being validated. These users have not documented the error messages that they received when they were disconnected. You suspect that the remote access servers are being overworked.
28
Practice
Determine the tools to use
Both students in a pair are to answer the following questions:
1. What tool would you configure to verify that the appropriate policy is being applied? Configure PPP logging to verify the policy that is being applied and the policy that is denying access to the remote access users. ____________________________________________________________ ____________________________________________________________ 2. What tool would you use to identify why users are being disconnected? Configuring Performance Logs allow you to collect statistics about the total number of connections and total number of errors. You can also monitor the performance of the processor, the memory usage, and the network usage. ____________________________________________________________ ____________________________________________________________
Configure Performance Logs
Complete this task from both student computers
1. From Administrative Tools, open the Performance console. 2. Create a new Counter Log. 3. In the New Log Settings box, in the Name field, type RAS Counter Log 4. Add the objects and counters that are displayed in the following table.
Objects Memory Network Interface Processor Counters Available KBytes Bytes Total/Sec % Processor Time
5. On the Schedule tab, verify that Start log is configured for Manually (using the shortcut menu). 6. On the Log Files tab, configure the log file location as C:\Moc\2277\LabFiles\Lab10 with the file name of ComputerNameStress.log 7. Save the Performance console as Remote Access Logging to the desktop.
29
Lab A: Managing and Monitoring Remote Access
*****************************ILLEGAL FOR NON-TRAINER USE****************************** Objectives Estimated time to complete this lab: 30 minutes In this lab, you will monitor remote access server performance by using the Performance console.
30
Exercise 1 Monitoring a Remote Access Server

Objective
In this exercise, you will monitor remote access errors and correct them.
Instructions
To complete the lab, refer to the Implementation Plan Values document, located in the Appendix at the end of your student workbook. You must be logged on with an account that has non-administrative credentials and use the Run as command with a user account that has the appropriate administrative credentials to complete the tasks. When completing the lab, you should assume that you will log on with a non-administrative account, for example: ComputerNameUser, unless the Specific Instructions in the lab state otherwise.
Scenario
Your remote access clients are experiencing issues with connecting to a test remote access server in the lab. Your clients are using VPN connections. You will make changes to the lab VPN server and then monitor the effects of those changes on the VPN clients.
Tasks
Specific instructions
Perform the following task only on the computer with the higher student number.
1. Connect to the remote access
server by using the VPN connection, verify your connection, and then disconnect.
User name: ComputerNameAdmin (where ComputerName is the name of your computer) Password: P@ssw0rd Verify that Status is displayed as Connected, and note the Duration time. Disconnect.
Perform the following task only on the computer with the lower student number.
2. Configure the Point-to-Point
PPTP Ports: Disable the remote access connections. L2TP Ports: Disable the remote access connections.
Tunneling Protocol (PPTP) and L2TP ports for the remote access server to allow only demand-dial routing connections.
31
Tasks
3. Attempt to connect to the
remote access server by using the VPN connection and record the error information that is displayed in the message box.
User name: ComputerNameAdmin (where ComputerName is the name of your computer) Password: P@ssw0rd In the Error connecting to VPN Server message box, verify the error ID is 913. Record the text information that is displayed in the message box. Document the text in the error box:______________________________ Leave the Error connecting to VPN Server message open.
4. Configure the VPN Policy
VPN policy: Deny remote access permission.
remote access policy to deny access. Perform the following task only on the computer with the higher student number.
In the Error connecting to VPN Server message box, click Redial. In the Error connecting to VPN Server message box, verify that the error ID is 649. Record the text information that is displayed in the message box, and then click Cancel to close the message box. Document the text in the message box:______________________________ Leave the Error connecting to VPN Server message open.
6. Configure the remote access
VPN policy: Allow access only during these days and at these times Dial-in hours: Sunday 8am to 8pm VPN policy: Grant remote access permission
policy profile for VPN Policy to allow access only on Sunday from 8 A.M. to 8 P.M., and then configure the policy to grant access.
32
Tasks
In the Error connecting to VPN Server message box, click Redial. In the Error connecting to VPN Server message box, verify that the error ID is 649. Record the text information that is displayed in the message box, and then click Cancel to close the message box. Document the text in the message box:______________________________ Leave the Error connecting to VPN Server message open. Is this error the same error that you received when you configured the VPN policy to deny access permissions? Using the More Info button on the 649 message box, list the possible causes of this message message. In the 649 more information message box, read the third bullet.
Perform the following tasks only on the computer with the lower student number.
8. For the VPN Policy profile,
clear Allow access only on these days and at these times.

9. Configure the PPTP and L2TP
VPN policy: Clear Allow access only during these days and at these times.
ports on the remote access server to allow both remote access and demand-dial routing connections.
PPTP Ports: Enable the remote access connections. L2TP Ports: Enable the remote access connections.
10. Connect to the remote access a.
In the Error connecting to VPN Server message box, click Redial. and note the duration time.
server by using the VPN connection.
b. In the Status dialog box, verify that the Status displays as Connected, c.
Disconnect.
33
Course Evaluation
*****************************ILLEGAL FOR NON-TRAINER USE****************************** To complete a course evaluation, go to http://www.CourseSurvey.com. Microsoft will keep your evaluation strictly confidential and will use your responses to improve your future learning experience.
THIS PAGE INTENTIONALLY LEFT BLANK

Module 10: Managing and Monitoring Network Access

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Module 10: Managing and Monitoring Network Access

Uploaded by

Copyright:

Available Formats

Module 10: Managing and Monitoring Network Access