CA IT Client Manager Network Diagnostic Tool
5120
24 May 2019
24 May 2019
This document includes these topics:
Description:
The distributed nature of the ITCM product is such that it can be very sensitive to anomalies in the configuration of the underlying network, particularly because UDP (in CAM), in addition to TCP, is used. The Network Diagnostic tool can help to diagnose problems and offer potential modifications that will help to alleviate these anomalies. The tool is able to check connectivity, name resolution and port usage but it also provides a number of other specific tasks, for example black hole router checking.
When it is run the tool will perform a number of checks against a defined list of target machines and produce a report at the end of its run. The report can be output to the screen, the tools own log file and also to a set of HTML report files that can be viewed in a web browser. If any issues are spotted then, as part of the report, the tool will also suggest action that can be taken to remediate any potential problems.
Installation:
The diagnostic tool consists of a set of files that can be found in the DSMNetworkDiag folder. The contents of this folder should be copied onto any machine where you wish to obtain network diagnostic information from, especially if connectivity to or from the machine is a concern. The tool runs through a set list of tasks and can be controlled by specifying options on a command line. The list of options and tasks available are shown below:
As well as options on the command line the tool is controlled by parameters specified in the DSMNetworkDiag.xml configuration file. It is this file that sets the default parameters used by the supported tasks, the list of ports that will be scanned and is also where a list of target machines can be specified. This file can be tailored but in practice it is only the final section, concerned with adding computers (<target> </target>), that will need modification.
Diagnostics:
Below is a description of the tasks currently supported by the tool:
BasicConnectivityPingTask
This task will determine if basic network communication exists to the specified target computers. The default is to run the 'ping' command to send an ICMP echo request to the remote computer, followed by a CAM ping, if CAM is installed, and finally a UDP ping. The UDP ping will only succeed if there is a UDP echo server running on the target machine.
BlackHoleRouterPingTask
The black hole router task will attempt to determine if there is data loss to any target computer. The task will discover the Maximum Transmission Unit (MTU) for both IP and CAM, if it is installed, between the machine executing DSMNetworkDiag and all specified targets.
CurrentMachineDetails
This task will gather details about the current machine by running OS specific commands and examining network communication files. The list of commands and files can be found in the DSMNetworkDiag.xml file under the CurrentMachineDetails section.
DSMConnectivityTest
To run the connectivity test start up a receiver on one machine e.g. the DSM
Manager using the following command:
DSMNetworkDiag -run DSMConnectivityTest -mode recv
Start up a sender on another machine with the command:
DSMNetworkDiag -run DSMConnectivityTest -mode send with the name of the listening machine either on the command line or specified as a target in the xml configuration file.
NameResolutionTask
Name resolution will be performed using OS commands and CAM, if it is installed. This will show name to address mappings for the specific target machines.
PortScan
There are two types of TCP port scan used by the DSMNetworkDiag tool:
TCP connect - will attempt to open a full connection on the port.
TCP 'half open' method - were the TCP control messages are examined to try and determine if the port is open or not WITHOUT performing a full connection.
The 'half open' method is more subtle in its approach and may be the more preferred option in a more secure environment.
The UDP scan, because of its connectionless nature, may not be able to report accurately on the state of a port. For example, timeout errors may occur if a firewall is filtering traffic on that port or an application received the datagram but didn't understand its contents.
NOTE: The half open port scan is only available if winpcap is installed.If it is not installed the scan will default to the TCP connect method.
RoutePerformanceTask
The route between two machines will be traced by running OS
specific trace commands.
The '-ml' option is also worth pointing out. Specifying this on the command line will inform the tool to check comstore configuration details for the following (if configured):
- Admin Console Manager
- Scalability Server Address
- ENC gateway server
- ENC server manager address
- DTS NOS machine
- DTS TOS machine
- DMDeploy FTP server
- Manager Database
- Asset Collector Server
- Scalability Server Manager
- URC viewer manager
- USD server
- Software Content Download Server
- SMTP server
- URC host manager address
- URC server address
The test tool will write details to a DSMNetworkDiag log file which will either be located in the DSM logs directory or in the 'logs' directory where the tool has been run from. It will also produce a set of HTML files containing a report on each machine checked.
Samples:
The report produced by the tool will be tailored depending on whether it is being run on a system with ITCM installed or not. The output will also be specific based on whether the ITCM install is a manager, scalability server or agent.
Below is sample output from running the tool on an ITCM manager machine. The machine testMachine1.ca.com has been specified as a target to check in the DSMNetworkDiag.xml file:
C:NetworkDiag>DSMNetworkDiag
Running...
The DSMNetworkDiag log can be found in the
C:Program FilesCADSMlogs directory.
DSM is installed on this machine.
CurrentMachineDetails
Checking for file: <awmsq.dll>
Checking for file: <cfNetwork.dll>
Checking for file: <cfSock.dll>
command <netsh diag show computer>
command <netsh diag show os>
command <nbtstat -c>
command <nbtstat -n>
command <nbtstat -r>
command <netstat -r -s -e -v>
command <netstat -a>
command <netstat -b -n>
command <ipconfig /all>
command <netsh firewall show config>
command <arp -a>
Windows Registry on <testMachine1.ca.com> is NOT ACCESSIBLE
NameResolution
command <nslookup testMachine1.ca.com>
command <nbtstat -a testMachine1>
BasicConnectivityPing
command <ping -a testMachine1.ca.com> - IP ping OK
command <camping -a testMachine1.ca.com>
command <camping testMachine1.ca.com> - CAM ping OK
PortScan
Scanning TCP port 7 not responding
Scanning TCP port 21 OPEN
Scanning TCP port 22 not responding
Scanning TCP port 23 not responding
Scanning TCP port 25 not responding
Scanning UDP port 25
Scanning UDP port 67
Scanning UDP port 69
Scanning HTTP port 80
Scanning TCP port 135 not responding
Scanning TCP port 139 OPEN
Scanning TCP port 389 not responding
Scanning TCP port 443 not responding
Scanning TCP port 445 OPEN
Scanning TCP port 636 not responding
Scanning TCP port 1900 not responding
Scanning TCP port 2049 not responding
Scanning UDP port 3001
Scanning UDP port 3002
Scanning UDP port 4104
Scanning TCP port 4105 not responding
Scanning UDP port 4011
Scanning TCP port 4728 OPEN
Scanning TCP port 5250 not responding
Scanning TCP port 19016 not responding
Scanning TCP port 19017 not responding
Scanning TCP port 19023 not responding
BlackHoleRouterPing
IP Ping: Determining Max MTU to testMachine1.ca.com
CAM Ping: Determining Max MTU to testMachine1.ca.com
THE BANDWIDTH TASK IS NOT CURRENTLY SUPPORTED
RoutePerformance
command <tracert testMachine1.ca.com>
Report
DNS lookup succeeded for testMachine1.ca.com
Name: testMachine1.ca.com
Address: 130.119.29.104
NBT lookup succeeded for testMachine1.ca.com
testMachine1.ca.com is responding to IP ping
testMachine1.ca.com is responding to CAM ping
Port Scan for testMachine1.ca.com
Echo Port
Port 7 is not responding. If Infrastructure Deployment scans are returning 'No Response' this may well be the reason why. Check the Infrastructure Deployment policy option 'Do not ping target during scan' is set to 'True' or modify the firewall on testMachine1.ca.com.
SSH/Telnet/FTP
One or more of the ports for SSH, Telnet or FTP is not responding. If Infrastructure Deployment jobs are failing with 'No Primer Transport' then check the services are running and not being filtered by a firewall.
RPC/File sharing
One or more of the ports for Windows RPC/File sharing is not responding. Infrastructure Deployment requires these ports during the initial push of DSM software. Check the ports are not being filtered by a firewall.
If testMachine1.ca.com is a Scalability Server any DSM applications that may require access to a network file share, such as the SD agent, may not be able to connect. Check that file sharing is enabled and the firewall is not filtering these ports.
CAM
CAM is not responding on its TCP port. Check CAM is installed and running on testMachine1.ca.com
Finished.
C:NetworkDiag>
Another example is shown where just the BlackHoleRouterPing test has been run. Notice the tool has flagged a possible problem with the CAM fragment size and suggested a possible fix.
C:NetworkDiag>DSMNetworkDiag.exe -run BlackHoleRouterPing testMachine1.ca.com
Running...
The DSMNetworkDiag log can be found in the
C:Program FilesCADSMlogs directory.
DSM is installed on this machine.
BlackHoleRouterPing
IP Ping: Determining Max MTU to testMachine1.ca.com
CAM Ping: Determining Max MTU to testMachine1.ca.com
Report
DNS lookup succeeded for testMachine1.ca.com
NBT lookup succeeded for testMachine1.ca.com
CAM black hole router ping
-----------------------------The upper threshold for the CAM MTU is defined as 2500 in the network diag tool configuration file. The 'safer' value determined by the tool is 2250.
If you are experiencing problems with CAM communication to the target you can do one of two things:
- Convert communication between two agents to TCP by editing their
CAM.CFG files and adding the following line:
testMachine1.ca.com protocol=tcp port=4105
- Change the Fragment Size for UDP, which will change this value for ALL communication via CAM, by adding the following line to the cam.cfg file in the *Config section:
fragment_size = 2250
After editing cam.cfg run the camclose command.Finished.
C:NetworkDiag>
Download
| DSMNetworkDiag.zip |