The Art of Troubleshooting Directory Problems
Though some IT professionals and technical trainers believe that you cannot teach troubleshooting, learning to follow a step-wise approach does serve as a good prelude before tackling location-wide problems. Many of the directory experts I’ve known have not used tools, though I will mention a few that I have found helpful in large environments. Instead, these experts were very proficient at using the tools provided by the network operating system (NOS) in question, even if the information wasn’t displayed in a neat GUI.
Among the tools I have used is Winternals’ (www.winternals.com) new “Insight for Active Directory,” in beta as of this writing. Adhering to Mark Russinovich’s minimalist philosophy, Insight presents an uncluttered interface that displays LDAP Active Directory (AD) messages that normally would be inaccessible. At a recent TechMentor conference in San Jose, Calif., Russinovich taught a fantastic class on “Windows Hang and Crash Dump Analysis,” making liberal use of free tools available at his alter-ego Web site, www.sysinternals.com. Many of the problems he demonstrated and solved (for other tools, see www.microsoft.com/ddk/debugging) were caused by poor programming practices leading to buffer overruns, memory leaks and so on. Though many of these problems do not affect AD directly, they and their simulated occurrences give the analyst another step toward ferreting out what is going on behind inscrutable Windows blue screens or error messages.
Also at TechMentor, HP’s Gary Olsen explained the basis of troubleshooting AD: having an error-free DNS infrastructure and a good action plan. The plan should consist of defining the problem and who is affected, noting the reproducibility, analyzing the data and testing solutions. One tool to help analyze the problem is MPSReports, which runs a variety of Microsoft tools and is freely available from Microsoft. Other resources Olsen mentioned include Sonar and Ultrasound for FRS, LDP.exe as a basic LDAP tool (I prefer LDAPtool.exe from Novell, but this requires some ancillary files) and the useful Web site www.eventid.com.
Just as Microsoft has not made some of this information on dump analysis easily accessible, Novell has promulgated this data in third-party books. “Novell’s Guide to Resolving Critical Server Issues” by Brad Dayley and Rich Jensen (John Wiley & Sons), now out of print but still available at some computer stores, is a treatise on troubleshooting and crash-dump analysis. Some of that information is updated in “Novell’s Guide to Troubleshooting eDirectory,” by Peter Kuo and Jim Henderson (Que Publishing).
Novell’s management philosophy is evident in the use of iManager, a Web-based tool used for most management tasks. Similarly, iMonitor includes pre-configured reports that may be run or customized and Health Monitor, a tool in the category of “does a basic health check automatically.” The use of these features and other advanced diagnostics, such as dsbrowse, is taught in one of the best hands-on courses on troubleshooting in a directory environment, Novell’s eDirectory Tools and Diagnostics (course #3007). Most administrators will see more problems in directory structure meltdown in this class than they would in several years’ worth of normal experience. Since you connect to Linux and Windows servers, the course is much less eDirectory-centric than you might believe. Much of this also is covered in Kuo and Henderson’s book. For more on Linux connectivity, see Robb Tracy’s “Novell Certified Linux Engineer (CLE) Study Guide.”
On the commercial side of eDirectory management, NetPro (www.netpro.com) has DS Analyzer to assist troubleshooting eDirectory problems by graphically displaying traffic patterns by eDir function. For example, excessive tree walking as a source of network lag becomes easier to diagnose. NetPro also includes a context knowledge base, somewhat similar to Novell’s LogicSource. NetPro’s DSExpert functions much like Health Monitor, but displays the results in an easier-to-read format, like HP’s Insight Manager.
Understanding exactly what the directory’s actions are makes for faster diagnosis and a quick repair. That’s why tracing tools and log files (in verbose mode!) comprise such an important part of any commercial or free diagnostic utilities. Remember: Patience, good notes and, preferably, a test of any planned solution are the keys to a speedy directory recovery.
Douglas Mechaber, MCSE, MCNE, CCNA, BCSD, is always looking for software and tools to make his job easier at a large government health organization. Send him your comments at firstname.lastname@example.org.