troubleshooting and supporting windows® 7 in the enterprise_06
DESCRIPTION
Troubleshooting and Supporting Windows® 7 in the Enterprise_06TRANSCRIPT
![Page 1: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/1.jpg)
Module 6
Troubleshooting Remote Connectivity
Issues
![Page 2: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/2.jpg)
Module Overview
• Troubleshooting VPN Connectivity Issues
• Using Remote Desktop
• Troubleshooting User Issues by Using Remote Assistance
• Troubleshooting NAP Issues
• Troubleshooting DirectAccess Issues
![Page 3: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/3.jpg)
Lesson 1: Troubleshooting VPN Connectivity Issues
• What Is a Virtual Private Network?
• VPN Tunneling Protocols
• VPN Authentication Methods
• Demonstration: How to Create a VPN Connection
• What Are Network Policies?
• Troubleshooting VPNs
• What Is VPN Reconnect?
![Page 4: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/4.jpg)
What Is a Virtual Private Network?
Large Branch Office
Medium Branch Office
Small Branch Office
Home Office with VPN Client
Remote User with VPN Client
Corporate Headquarters
VPN
VPN Server
VPN Server
VPN Server
VPN Server
![Page 5: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/5.jpg)
VPN Tunneling Protocols
Windows 7 supports four VPN tunneling protocols:
PPTP
L2TP/IPsec
SSTP
IKEv2
![Page 6: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/6.jpg)
VPN Authentication Methods
Protocol Description Security Level
PAP
Uses plaintext passwords.
Used if remote access client and remote access server cannot negotiate a more secure form of validation.
Least secure authentication protocol.
Does not protect against: replay attacks, remote client impersonation, remote server impersonation.
CHAP
A challenge-response authentication protocol.
Uses the industry-standard MD5 hashing scheme to encrypt the response.
An improvement over PAP because password is not sent over the PPP link.
Requires plaintext version of the password to validate the challenge response.
Does not protect against remote server impersonation.
MS-CHAPv2
An upgrade of MS-CHAP.
Two-way/mutual authentication provided.
Remote access client receives verification that the remote access server has access to the user’s password.
Provides stronger security than CHAP.
EAP
Allows for arbitrary authentication of a remote access connection through the use of authentication schemes, known as EAP types.
Offers the strongest security by providing the most flexibility in authentication variations.
![Page 7: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/7.jpg)
Demonstration: How to Create a VPN Connection
In this demonstration, you will see how to:
• Configure user dial-in settings
• Configure Routing and Remote Access as a VPN server
• Configure a VPN client
![Page 8: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/8.jpg)
The VPN Reconnect feature maintains connectivity across network outages. It requires Windows Server 2008 R2 or Windows 7.
What Are Network Policies?
Are there policies to process?
START
Does connection attempt match policy conditions?
Yes
Reject connection attempt
Is the remote access permission for the user account set to Deny Access?
Is the remote access permission for the user account set to Allow Access?
Yes
Yes
NoGo to next policy
No
Yes
Is the remote access permission on the policy set to Deny remote access permission?
Does the connection attempt match the user object and profile settings?
No
Yes
Accept connection attempt
Reject connection attempt
No
Yes
No
No
A network policy consists of the following elements:
Conditions
Constraints
Settings
Network policies enable you to designate who is authorized to connect to the network, and the circumstances under which they can or cannot connect.
![Page 9: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/9.jpg)
Troubleshooting VPNs
Remote User with VPN Client
Corporate Headquarters
VPN
VPN Server
![Page 10: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/10.jpg)
What Is VPN Reconnect?
The VPN Reconnect feature maintains connectivity across network outages. It requires Windows Server 2008 R2 or Windows 7.
VPN Reconnect:
Provides seamless and consistent VPN connectivity
Uses the Internet Key Encryption version 2 (IKEv2) technology
Automatically reestablishes VPN connections when connectivity is available
Maintains the connection if users move between different networks
Makes the connection status transparent to users
![Page 11: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/11.jpg)
Lesson 2: Using Remote Desktop
• Overview of Windows Remote Desktop
• Practice: Enabling Remote Desktop
• Configuring Remote Desktop by Using GPOs
• Troubleshooting Remote Desktop
![Page 12: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/12.jpg)
Overview of Windows Remote Desktop
Remote Desktop
• A Windows 7 feature that enables users to connect to their desktop computer from another device
• Enables administrators to connect to multiple remote servers for administrative purposes
![Page 13: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/13.jpg)
Practice: Enabling Remote Desktop
In this practice, you will:
• Configure the Windows Firewall
• Enable Remote Desktop
• Use Remote Desktop
15 min
![Page 14: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/14.jpg)
Configuring Remote Desktop by Using GPOs
![Page 15: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/15.jpg)
Troubleshooting Remote Desktop
Cannot Connect to Remote Computer
Check the Windows 7 editionCheck Windows Firewall statusCheck that remote desktop is enabled on the targetEnsure the remote computer is not in sleep mode or hibernationCheck remote desktop permissions
Remote Computer Cannot be Found
Try using the IP addressCheck DNS records
Cannot Copy Text from Remote Computer
Ensure the clipboard is selected as a local resource
![Page 16: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/16.jpg)
Lesson 3: Troubleshooting User Issues by Using Remote Assistance
• Using Remote Assistance to Assist Your Users
• Remote Assistance in Windows 7
• Demonstration: How to Use Remote Assistance (Optional)
• Configuring Remote Assistance by Using GPOs
![Page 17: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/17.jpg)
Using Remote Assistance to Assist Your Users
• See remote desktop
• Chat session
• Take remote control
![Page 18: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/18.jpg)
Remote Assistance in Windows 7
Remote Assistance
• A Windows 7 feature that enables support staff to connect to a remote desktop computer
• Optionally allows for remote control of that computer
• Assistance can be sought or offered
![Page 19: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/19.jpg)
Demonstration: How to Use Remote Assistance (Optional)
In this demonstration, you will see how to:
• Create a Word document
• Request Remote Assistance
• Provide Remote Assistance
![Page 20: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/20.jpg)
Configuring Remote Assistance by Using GPOs
![Page 21: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/21.jpg)
Lesson 4: Troubleshooting NAP Issues
• What Is NAP?
• Components of NAP
• Discussion: How Would You Use NAP?
• Configuring Client-Side NAP Settings
• Best Practices for Troubleshooting NAP
![Page 22: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/22.jpg)
What Is NAP?
Network Access Protection can:
• Enforce health-requirement policies on client computers
• Ensure client computers are compliant with policies
• Offer remediation support for computers that do not meet health requirements
Network Access Protection cannot:
• Enforce health requirement policies on client computers
• Ensure client computers are compliant with policies
![Page 23: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/23.jpg)
Components of NAP
Intranet
Remediation Servers
Internet
NAP Health Policy Server
DHCP Server
Health Registration Authority
IEEE 802.1X
Devices
Active Directory
VPN Server
Restricted Network
NAP Client with limited access
Perimeter Network
![Page 24: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/24.jpg)
Can you envision using NAP?
What NAP enforcement method would be suitable?
Discussion: How Would You Use NAP?
5 min
![Page 25: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/25.jpg)
Configuring Client-Side NAP Settings
• Some NAP deployments that use Windows Security Health Validator require that you enable Security Center
• The Network Access Protection service is required when you
deploy NAP to NAP-capable client computers
• You also must configure the NAP enforcement clients on the NAP-capable computers
![Page 26: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/26.jpg)
Best Practices for Troubleshooting NAP
• You can use tracing logs to:• Evaluate the health and security of
your network• Troubleshoot and perform maintenance
on your network
• You can use the netsh NAP command to helptroubleshoot NAP
• Use the Event Viewer to identify NAP-related problems
![Page 27: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/27.jpg)
Lesson 5: Troubleshooting DirectAccess Issues
• What Is DirectAccess?
• How Does DirectAccess Work?
• Configuring DirectAccess
• Troubleshooting DirectAccess Client Issues
![Page 28: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/28.jpg)
What Is DirectAccess?
• Always-on connectivity • Seamless connectivity• Bidirectional access • Improved security • Integrated solution
DirectAccess server
• Connects automatically to corporate network over public network• Uses various protocols, including HTTPS, to establish IPv6 connectivity• Supports selected server access and IPsec authentication• Supports end-to-end authentication and encryption• Supports management of remote client computers• Allows remote users to connect directly to intranet servers
Features of DirectAccess:
Benefits of DirectAccess:
![Page 29: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/29.jpg)
How Does DirectAccess Work?
The DirectAccess client running Windows 7 detects whether it is connected to a network
The client attempts to connect to an intranet website that is specified during the DirectAccess configuration
The client connects to the DirectAccess server using IPv6 and IPsec
The DirectAccess client and server authenticate each other by using computer certificates to establish the IPsec session
The DirectAccess server verifies that the computer and user are authorized to connect by using DirectAccess
The client obtains a health certificate from an HRA located on the Internet prior to connecting to the DirectAccess server
The DirectAccess server begins forwarding traffic from the DirectAccess client to the intranet resources to which the user has been granted access
![Page 30: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/30.jpg)
Steps to Configure DirectAccess:
Configuring DirectAccess
• Join the DirectAccess server to an Active Directory domain
• Configure the DirectAccess server on the perimeter network
• Enable ports and protocols needed for DirectAccess in the firewall exceptions
• Create a security group in Active Directory
• Install a web server on the DirectAccess server
• Designate one of the server network adapters as the Internet-facing interface
• Add and configure the Certificate Authority server role
![Page 31: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/31.jpg)
Steps to Troubleshoot DirectAccess Client Issues:
Troubleshooting DirectAccess Client Issues
• Verify the version of Windows 7 on the client
• Verify that the client is joined to the domain and is a member of the security group
• Verify GPO application
• Verify IPv6 connectivity
• Verify correct identification of the internal and external network
• Verify the domain profile is not used on Internet
• Verify the DNS resolution for the internal network
• Verify IPsec connectivity
![Page 32: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/32.jpg)
Lab: Resolving Remote Connectivity Issues
• Exercise: Resolving a Remote Connectivity Problem
Estimated time: 30 minutes
Logon information
Virtual machines6293A-NYC-DC16293A-NYC-SVR26293A-NYC-CL1
User name Contoso\AdministratorNYC-CL1\WSAdmin
Password Pa$$w0rd
![Page 33: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/33.jpg)
Lab Scenario
A user reported a recent problem connecting to the corporate intranet from his home. He cannot connect to the intranet, and receives the error documented in the help desk ticket. The help desk checked the basic network settings, but is unsure how to proceed.
![Page 34: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/34.jpg)
Lab Review
• In the lab, your user complained of being unable to logon. What solutions did you attempt?
• What solution was successful?
![Page 35: Troubleshooting and Supporting Windows® 7 in the Enterprise_06](https://reader034.vdocument.in/reader034/viewer/2022051619/55cf940b550346f57b9f3da7/html5/thumbnails/35.jpg)
Module Review and Takeaways
• Review Questions
• Tools