Windows 11

Network and Internet Troubleshooting for windows 10 and windows 11

Network and Internet Troubleshooting

So far in this book, we’ve covered how to troubleshoot problems with the core Windows OS and Windows Updates. We’ve looked at how problems with user accounts and file and document access can be diagnosed and repaired. We’ve also looked at how legacy software can be supported, and troublesome apps and programs can be restored or removed.
None of that though compares to my solemn duty in this chapter, as I have genuinely met and worked with people who forget how to stand upright and feed themselves when they lose access to the Internet, and I’m fairly certain you will know some of these people as well.
Of course, it’s not just Internet access that can cause major problems for businesses, organizations, and individuals, as local network access problems can act as a huge barrier to productivity and even bring entire workflows to a grinding halt. Not being able to access your local Network Attached Storage (NAS) drive or even a network printer can result in traipsing back and forth with a USB Flash Drive (after you’ve spent half an hour trying to find one; Ed) or just reaching into your desk drawer and pulling out that pack of playing cards you keep there for times just like this.

Prevention Is Better Than Cure

You may have heard the phrase “prevention is better than cure,” a British saying attributed to Dutch humanist scholar Desiderius Erasmus around 1500AD. The philosophy behind this is straightforward. If you set up a system so as to prevent a problem from occurring in the first instance, then your life will be much more simple and uncomplicated than trying to fix the problems that could occur from it later on.
So it is with network settings in Windows. It’s very often the case that you plug in a network cable or install a Wi-Fi driver and everything just works as it should and continues to work indefinitely. Sadly, things are often not that simple, as you might need to configure a Virtual Private Network (VPN) and connect someone via a cellular modem or even a dial-up modem in some parts of the world, and then there’s the problem of international travel.
Let’s start with this as it’s often something that catches people by surprise. When people from the United States of America or Canada travel to Europe or the Middle East, they can frequently be caught out by the stable and reliable Wi-Fi they’re used to at home suddenly not working any more.
This has a simple cause. In the United States and Canada, houses and workplace buildings are commonly made from fairly thin wood or breeze block construction. In many other countries building can be hundreds, sometimes even several thousands, of years old. My own house in France is one such example (see Figure 14-1). It’s been twice extended, but the oldest part of the property is around 350 years old, having been built some time during the mid-1600s.

Figure 14-1. My own property has some walls two feet thick

This means that some walls in the house are upward of two feet thick and made from local stone, which is so incredibly hard it’s made it difficult to get some work done in the garden that I wanted.
Naturally, the previous owners put the telephone point in this part of the house, and though I’ve now switched to satellite broadband and consequently moved the main router to a more sensible location, having the router stuck within such huge stone walls made Wi-Fi access elsewhere extremely difficult.
Indeed, I had to invest in a full Mesh Wi-Fi system with various indoor and outdoor repeaters to ensure a good and reliable signal across the property, and large parts of the property and my home office in my gîte, an outhouse common to French countryside properties that itself used to be a barn, are now connected by gigabit Ethernet cable. Some properties are even worse however with homes and workplaces in southern Europe, North Africa, and the Middle East sometimes being a thousand years old or even older.
This is something to bear in mind when a mobile worker complains they can’t get a Wi-Fi signal at the place they’re visiting, and you probably have to tell them in reply to enjoy the sunshine outside or perhaps go and sit near a window.
Setting your networking and other systems up in a robust way then can prevent problems later on, and being prepared for issues that may arise, such as Wi-Fi and cellular connectivity, can help reduce the volume of support calls. Also, as I wrote in Chapter 5, establishing effective IT training can help mitigate some of these problems as well. You might be surprised how many people would have no idea that thick stone walls can block radio signals, and for the rest I can only quote the late, great Douglas Adams, author of The Hitchhiker’s Guide to the Galaxy (Pan Books, 1979), who said, “The problem people face in trying to make something completely foolproof, is that they frequently underestimate the ingenuity of complete fools.”

Configuring Network Settings

Networking is one of those areas of Windows that’s been moved wholesale from the Control Panel into Settings. Where it comes to other aspects of the operating system, this is actually a good thing, but networking is different, being complex and sometimes needing advanced configuration. The end result is this is something you want hidden from the end user rather than being available for them to see.
For now, the Network and Sharing Center still exists in the Control Panel, and there are no networking tools in Windows Tools. We can no doubt expect this to change in the coming years, so bear this in mind if I reference something you can’t later find.
Let’s begin with Settings however. Listed in the left panel as Network & internet, the main controls are sensibly separated into WiFi, Cellular (if it’s available in your PC’s hardware), Ethernet, VPN, Mobile Hotspot, Flight Mode, Proxy (server), and Dial-up for those that still need to use it (see Figure 14-2).

Figure 14-2. Most networking options have been moved to Settings

Below these is an Advanced network settings option that we’ll look at shortly. There are some other things you can do in Settings though that you will find useful.

Wi-Fi Settings

The Wi-Fi settings offer some useful options, not the least of which is a full list of all the stored networks for the PC, but we’ll look at that shortly. At its most basic, there is a switch to turn Wi-Fi on or off and an option when you turn Wi-Fi off to turn it back on in one hour, in four hours, the next day, or manually.
The Random hardware addresses option can make using your laptop more secure when connected to public Wi-Fi networks. What this feature does is to generate random physical hardware (MAC) addresses for the PC, making it much more difficult for people to track the laptop when scanning networks for hardware and connections.
When you click Manage known networks, you will see a list of all the Wi-Fi networks the PC has either connected to or that have been synched to the PC through a Microsoft or Azure AD account (see Figure 14-3).

Figure 14-3. You can view all known Wi-Fi networks in Settings

Each of these networks has a Forget button next to it. This can be useful if the settings for the network have become corrupt, and you need to reconnect to the network with a fresh, rebuilt configuration.
When you click a Wi-Fi network, you will see additional options. These include being able to automatically connect to the network when in range, but also to disable this option. You can also set the network as a metered (cellular) connection (see Figure 14-4), which can be useful if the network is provided by a cellular hotspot device such as a smartphone or cellular modem.

Figure 14-4. You can set a Wi-Fi connection as cellular

Again, there’s an option to display random MAC addresses for the PC. Below this however are two options that can be very useful for businesses and corporations, being able to manually configure IP and DNS server addresses.
You can set both or either IPv4 or IPv6 addresses for the connection (see Figure 14-5) and also IPv4 and IPv6 DNS addresses. If you have a domain on a local subnet with its own DNS addressing system, this can make sure people can always make a good connection.

Figure 14-5. You can set IPv4 and IPv6 IP and DNS addresses in Settings

Managing Data Usage for Cellular and Other Networks

If you are using a cellular network, and sometimes this is useful for Wi-Fi and wired networks too, you can set data usage. This is because cellular data can be expensive, especially when roaming and visiting a different country.
Tip:It can be wise to advise people to turn on airplane mode or to turn off data roaming when being near a border. People close to the Ireland/Northern Ireland border frequently have issues with their smartphones roaming and running up huge bills. For myself in France, if I get a ferry across the English Channel back to the UK I also need to deactivate roaming as the bills accrued while travelling can be enormous. On modern devices, airplane mode can be activated, and Wi-Fi then turned on safely to avoid roaming charges.
There are a couple of different ways to get to data usage management in Windows 11. From the properties for a particular Wi-Fi network, you can click Set a data limit to help control data usage on this network (which is also available in the Cellular and Ethernet settings) or click Network & internet, then Advanced network settings followed by Data usage.
Now it’s a misnomer that this is available as an option for individual Wi-Fi and cellular networks as it doesn’t actually set data limits for each one individually. What this feature does is set them globally for the PC, though as I mentioned this isn’t the only way to manage data usage.
You will see a list of all the apps and software installed on the PC sorted by how large their data usage is. At the top right of the window is a drop-down box where you select the network adapter to set limits for, and below this is an Enter limit button that you can click.
Here, you can set the data limit to stop at in either MB or GB and also the date of the month on which this limit will reset, that is, the date each month when a new cellular allowance kicks in if appropriate (see Figure 14-6).

Figure 14-6. You can set data allowances for any network connection

Tip:One of the most useful features here, and something many weary travellers wouldn’t have the faintest idea even exists, is the One time option. Setting this allows you to specify a period for just a short trip of up to a month where the data allowance is limited.

I mentioned that there is more than one way to reduce the amount of data used by a PC when connected to a network. This is to set the connection as Metered which I detailed a little while ago. When a connection is set as metered, some services such as automatically downloading Windows Updates, and allowing background apps to search for and download messages and other updates.
Additionally, if you have cellular installed in your PC, either through a physical SIM card slot or by use of an eSIM (Electronic Subscriber Identification Module), there are options in Settings including Data roaming options and Choose apps that can use your cellular data that can help significantly reduce the cost of data used, especially when roaming.

Managing Advanced Network Settings

When I woke up this morning, sitting in the garden with a friend and a pot of coffee that was, if I’m honest, rather too strong, but at least I know now not to buy it again, I was regaling him with the story of the little unicorn that needed access to his cloud files, but who was being prevented from accessing them by the evil Network Configuration Wizard that had erected the great fire wall.
The little unicorn called on the help of the Network Troubleshooting Wizard who, after a great battle with the Network Configuration Wizard, was able to break through the fire wall, and the unicorn was able to access his cloud files once again… what can I say, it was half seven in the morning and I was still waking up. Fortunately, you don’t need ancient scrolls, the help of sage wizards, and to face long treks across bleak vistas to be able to configure your networks, which is a bit of luck. In Settings, you can click Network & internet and then Advanced network settings to get access to the tools and configuration options you need.
Each network adapter is listed along with a single button to disable that adapter and an expand arrow to get more information and controls (see Figure 14-7).

Figure 14-7. Advanced Network Settings list each adapter

Expanding the details for an adapter will reveal its current status, the total amount of data sent and received by it, and the total speed of the connection, see Figure 14-8. This can be useful if you’re trying to diagnose a gigabit Ethernet line that’s only operating at a slow speed because it’s been plugged into the wrong socket on the switch panel.

Figure 14-8. You can check the working status of a network adapter

Clicking the View additional properties link will enable you to change settings for the adapter that you may need, such as the IP address and DNS server assignment, and also to copy its configuration data so it can be pasted into a document or an email and sent to a support person (see Figure 14-9).

Figure 14-9. You can change some networking settings from Settings

Tip:If you need to copy the properties and configuration data for all network adapters on the PC, scroll down the Advanced Network Settings page and click the Hardware and Connection Properties option.

Resetting the Network Adapters

The only other option available in the Advanced Network Settings… erm… settings, at least at the time of writing, is a Network reset feature. This can be more useful than you might think as, if a user has tried to be helpful by configuring a VPN or a Proxy, or has thought it was a good idea to alter the IP or DNS configuration for the PC themselves, you can undo all of their handiwork with a single click (see Figure 14-10). This will reset all the network adapters in the PC to their default configuration.

Figure 14-10. You can easily reset all the network adapters to their default state

The Network and Sharing Center

I mentioned at the beginning of this chapter that Microsoft is still moving applets out of the Control Panel and into either Settings or Windows Tools. This means that anything from here on is likely to be moved and changed some time in the future. I would imagine though that much of it will be moved to Windows Tools and then left largely as it is so that functionality isn’t broken for Microsoft’s corporate customers.
The Network and Sharing Center hasn’t changed very much over the years. In the main panel are details and a link for the network adapter currently being used for a connection, options to set up a new connection, and a troubleshooting link. On the left of the page are quick links to change adapter settings and to change advanced sharing settings (see Figure 14-11).

Figure 14-11. The Network and Sharing Center hasn’t changed much over the years

To be honest, I’d probably ignore the Set up a new connection or network options at this stage, as the tools in Settings now provide all you need to a much more friendly interface, especially when it comes to configuring Virtual Private Networks (VPNs) and Proxy servers.
If you click the link for the current network adapter however, a dialog will appear with useful tools (see Figure 14-12).

Figure 14-12. The network adapter properties dialog can be highly useful

At the top center of the status dialog is connection information, such as the current uptime and speed of the connection. Additionally, this informs you if the connection is using IPv4 or IPv6. Below this are buttons to access the Properties for the adapter, which we’ll look at soon, Disable it, or Diagnose a problem by running the network troubleshooter.
Clicking the Details button will display technical data about the adapter and its status. This is very similar to the information provided by the Settings panel except that additional information is available (see Figure 14-13).

Figure 14-13. You can get technical details about network connections in the Network and Sharing Center

It’s when we dig into the network adapter Properties however that we get full controls. The main dialog presents two tabs, Networking and Sharing. Under the Networking tab are details of all the network services available for that adapter, and the ones that are active are checked (see Figure 14-14).

Figure 14-14. You can see what network services are available to and enabled for the adapter

You may have a specific Microsoft or third-party service or network protocol you need to install; click the Install button, and you will be prompted for a configuration file or driver (see Figure 14-15).

Figure 14-15. You can install third-party network services and protocols

Some of the services that are installed and available for an adapter will have configurable properties. Among these will be the IP address options (see Figure 14-16). Though not all network services will be configurable, if you do need to change properties for a service this is where the option resides.

Figure 14-16. Some network services have options you can configure per adapter

There are a great deal more options and information available however about the status of network adapters that can be found by clicking the Configure button in the adapter properties dialog. The first tab in the new dialog that appears, General, can inform you if there is a problem with the adapter or if that adapter is working properly (see Figure 14-17).

Figure 14-17. The adapter properties can inform you if a problem exists

If there is an error, you can get further details about it from the Events tab, which will pull in data from the full Windows Event Viewer.
We will look at this dialog in much more detail in Chapter 15, but the Advanced tab is also where you can find additional configuration options for network adapters. These options will vary greatly from one hardware or software device to another; however, you may find special security, encryption, VPN, or other options here that need to be configured for specific circumstances (see Figure 14-18).

Figure 14-18. Advanced configuration properties are available for network adapters

Back in the Network and Sharing Center, you can click the Change adapter settings link to see all the installed network adapters on the PC. For many PCs and laptops, this will be just one or two, such as a Wi-Fi adapter, an Ethernet adapter, and your Bluetooth adapter.
Where things can get more complex however is when you have additional networking services installed. On my own office PC, seen in Figure 14-19, I have Microsoft’s Hyper-V virtual machine services running, along with having a VPN configured.

Figure 14-19. The Network and Sharing Center will show you all physical and virtual network adapters

Tip:Double-clicking or right-clicking an adapter will display options including disabling the adapter, opening its properties, or Bridging Connections. This can be used to combine two adapters into a single network channel to achieve double the bandwidth and is useful if you have two Ethernet sockets on the PC, both of which are connected to the network.

Managing and Troubleshooting Wi-Fi Networks

In this day and age, it’s common to find most people connecting to networks via Wi-Fi. This can on occasion cause problems from corrupt networks to forgotten passwords. All of these problems can be solved however. In the first example, a corrupt network, I detailed earlier in this chapter how you can tell Windows 10 to “forget” a network. Should you have a PC that cannot connect to the network it previously connected to perfectly well, this will be your best, quickest, and by far the most effective solution.

Recovering Forgotten Wi-Fi Access Passwords

It’s also straightforward to recover forgotten Wi-Fi passwords in Windows, and there are a couple of ways to achieve this. The easiest is from within the Wi-Fi network properties dialog. You will see a Wireless Properties button. Click this and another dialog will appear containing connection and security settings for the network.
Under the security tab, in addition to being able to set the security type for the network, there is a Network security key box (see Figure 14-20). If you check the Show characters box, the password will be displayed.

Figure 14-20. You can recover a Wi-Fi password from within the properties dialog

This method is only really useful though for getting the password to the currently connected network, so for other networks we need to use scripting within the Command Line or PowerShell (both environments use the same commands). Use the command netsh wlan show profiles to list all the stored Wi-Fi networks on the PC. Once you have the name of the network you need to recover the password for, type netsh wlan show profiles name="network name" key=clear. Technical details for the network will appear, and you will see the password for the network listed in the Key content field (see Figure 14-21).

Figure 14-21. You can recover the password for any stored Wi-Fi network

Prioritizing Wi-Fi Network Connections

You will be aware that for many Wi-Fi networks your PC or laptop will auto-connect when it detects one you have connected to previously. If you are in a workplace or even a public place where there is more than a single network available, you will want to connect to one specifically and make certain this is always the first network the PC attempts to connect to.
This can be achieved with the command netsh wlan set profileorder name="network name" priority=1 to set a specific network as the first to connect to, and then you can use the numbers 2, 3, and so on to set other networks’ priority if you need to.

Troubleshooting Wi-Fi Networks Using Scripting

I mentioned earlier in this chapter that you can delete the profile for a corrupt Wi-Fi network, so you can reconnect as though it was the first time and rebuild the connection profile (you might want to remember to recover the password before doing this). You can also delete Wi-Fi network profiles using scripting with the command netsh wlan delete profile name="network name".
You can also get a detailed report on Wi-Fi connectivity including any errors and events using the command netsh wlan show wlanreport. This will save HTML, XML, and Windows Event files in a folder called C:\ProgramData\Microsoft\Windows\ WlanReport\ with the main wlan-report-latest.html file containing detailed technical information (see Figure 14-22).

Figure 14-22. The Wlan report contains detailed technical data

There is also detailed technical information you can get from using scripting. The command netsh wlan show wirelesscapabilities will display a great deal of technical information about what wireless, security, and other features are supported by your Wi-Fi adapter (see Figure 14-23).

Figure 14-23. You can see technical information about security features supported by your Wi-Fi adapter

Tip:You can display global settings for Wi-Fi network connections using the command netsh wlan show settings.

The command netsh wlan show interfaces will display information about the currently in use Wi-Fi adapters. Similarly, the command netsh wlan show drivers will display technical information about the Wi-Fi driver on the PC (see Figure 14-24).
This information goes well beyond the driver date and version number, providing information on how security and encryption are supported and implemented, what legacy Wi-Fi network types it is compatible with, and if the driver also supports wireless display (Wi-Di) technologies.

Figure 14-24. You can get technical information on the Wi-Fi driver

Backing Up and Importing Wi-Fi Connection Profiles

I spoke earlier about recovering lost passwords for Wi-Fi connections, but one very useful feature of the netsh command is the ability to back up and restore individual Wi-Fi profiles. To do this, you can use the command netsh wlan export profile name="profilename" key=clear folder=E:\Wi-Fi_Backup where E:\Wi-Fi_Backup is the destination folder on your hard disk you want the files backed up to; note that this folder must already exist as it won’t be created in the export process.
If you want to export all the stored Wi-Fi network profiles on the PC, use the command netsh wlan export profile key=clear folder=E:\Wi-Fi_Backup. These are XML files that open in your browser (see Figure 14-25) and that can then be reimported using the command netsh wlan add profile filesname="path-and-file-name.xml" interface="interfacename" where interface specifies the network adapter that will be used to connect to this network.

Note: When exporting Wi-Fi connection profiles, be sure to use the key=clear switch to also export the password, though bear in mind this will be stored in plain text within the XML file.

Figure 14-25. You can export and reimport Wi-Fi connection profiles

Tip:You can reset the networking stack in Windows if you have a corruption with the command netsh int int reset.

Other Netsh Commands for Managing Networking

There are other commands you can use in the Command Line and PowerShell with netsh. The most useful when it comes to diagnosing and troubleshooting problems are as follows:
Netsh wlan show blocked networks – To display a list of any networks that are blocked on the PC Netsh wlan set blockednetworks display={show|hide} – To show or hide blocked networks in the network connections panel Netsh wlan add filter permission={allow|block|denyall} ssid="networkname" networktype={infrastructure|adhoc} – To block or allow access to specific wireless networks Netsh wlan delete filter permission={allow|block|denyall} ssid="network name" networktype={infrastructure|adhoc} – To delete a filter previously applied to a network
There are also additional switches that can be used with the netsh command:
-a <AliasFile> – Specifies that you should be returned to the netsh prompt after running your alias file, this being a text file containing one or more netsh commands.
-c <Context> – Specifies that netsh enters the specified context.
These are a group of commands specific to a networking server role or feature, and they extend netsh’s functionality. You can obtain a list of contexts with the command /? within the netsh scripting environment.
-r <RemoteComputer> – Specifies a remote computer to connect to on the network.
-u <[DomainName\] <UserName> – Specifies the remote computer you wish to connect to with an optional Domain and User account name.
-p <Password | *> – Specifies the password required for a remote computer that you used with the -u switch.
{NetshCommand | -f <ScriptFile>} – Specifies the netsh command you want to run, with the -f switch being optionally used to exit netsh after the script you specify has completed.

Ping, TraceRT, and IPConfig

Three more useful Command Line tools are available to help diagnose, troubleshoot, and configure network connections, both wired and wireless. These tools have been available in Windows now for a great many years but have not lost their usefulness.


The Ping command is used to test the connection between your computer and another computer. Use it in the format Ping or Ping to test a connection to a local network or Internet address. It is used with the following switches:
-t – To continue pinging until manually stopped by pressing Ctrl + Enter or Ctrl + C.
-a – To reverse the name resolution for the destination IP address and to display the corresponding hostname.
/n <count> – To set the number of echo requests to send; the default is four.
/l <size> – Specifies the length in bytes of the data sent in echo requests; the default is 32; the maximum is 65527.
/f – Specifies that the echo requests should not be fragmented by servers on path to the destination, useful for troubleshooting Maximum Transmission Unit (MTU) problems.
/I <TTL> – Specifies the Time to Live (TTL) field in the IP header for echo requests.
/v <TOS> – Specifies the Type of Service (TOS) field in the IP header for echo requests (IPv4 only).
/r <count> – Used to record the route taken by the echo request (IPv4 only); you can specify the number of hops between the source and the destination from one to nine.
/s <count> – Specifies that the Internet Timestamp should be used to record time of arrival for each request and its reply, from a maximum of one to four.
/j <hostlist> – Specifies that requests should use the Loose Source Route option in the IP header with the intermediate destinations specified (IPv4 only) with a maximum of nine addresses specified and separated by spaces.
/k <hostlist> – Specifies that requests should use the Strict Source Route option in the IP header with the intermediate destinations specified (IPv4 only) with a maximum of nine addresses specified and separated by spaces.
/w <timeout> – Determines the amount of time in milliseconds to
wait for a reply; the default is 4000 (4 seconds).
/r <srcaddr> – Specifies that a round-trip path is traced (IPv6 only).
/s <compartment> – Specifies the source address to use (IPv6 only).
/c – Specifies a routing compartment identifier.
/p – Ping a Hyper-V network virtualization address.
/4 – Specifies that IPv4 be used to ping.
/6 – Specifies that IPv6 be used to ping.


The Trace Route (TraceRT) command is similar to ping but comes with some additional functionality. Whereas Ping will just test the connection, TraceRT will display all the IP addresses, servers, and routes the traffic takes on its journey. This can be especially useful if you are trying to diagnose a bottleneck somewhere on a network path (see Figure 14-26).

Figure 14-26. You can use TraceRT to search for bottlenecks on a network path

Again, you use it in the format TraceRT or TraceRT to test a connection to a local network or Internet address.
/d – Stops the command from resolving the IP addresses of intermediate routers to their names; this can speed up results.
/h <maxhops> – Specifies the maximum number of hops to the destination; the default is 30.
/j <hostlist> – Specifies that requests should use the Loose Source Route option in the IP header with the intermediate destinations specified (IPv4 only) with a maximum of nine addresses specified and separated by spaces.
/w <timeout> – Determines the amount of time in milliseconds to wait for a reply;
the default is 4000 (4 seconds).
/r – Specifies that a round-trip path is traced (IPv6 only).
/s <srcaddr> – Specifies the source address to use (IPv6 only).
/4 – Specifies that IPv4 be used to ping.
/6 – Specifies that IPv6 be used to ping.


You can use the IPConfig command to display and configure parameters for the network connections on a PC. You use it with the following switches:
/all – Displays full TCP/IP information for all network adapters in the PC, including virtual adapters created in software or by hypervisors and dial-up connections.
/displaydns – Displays the contents of the local DNS cache, including entries preloaded from the HOSTS file.
/flushdns – Flushes and resets the DNS cache, used to discard erroneous entries from the cache, as well as those which have been added dynamically and that may now be unresolvable.
/registerdns – Starts a dynamic re-registration for all the DNS names and IP addresses configured on the PC and can be used to troubleshoot a failed DNS registration or to repair a problem between the PC and the DNS server without having to restart the PC.
/release <adapter> – Sends a DHCPRELEASE message to the DHCP server to release the current configuration and discard the IP address configuration for all adapters (if no adapter is specified) or a specific adapter.
/release6 <adapter> – Sends a DHCPRELEASE message to the DHCPv6 server to release the current configuration and discard the IP address configuration for all adapters (if no adapter is specified) or a specific adapter.
/renew <adapter> – Renews the DHCP configuration for the specified adapter or for all adapters if none is specified. This can be very useful for resetting network connections without having to restart the PC, though it only works for adapters that are configured to obtain an IP address automatically.
/renew6 <adapter> – Renews the DHCPv6 configuration for the specified adapter or for all adapters if none is specified. This can be very useful for resetting network connections without having to restart the PC, though it only works for adapters that are configured to obtain an IP address automatically.
/setclassid <adapter> [classID] – Configures the DHCP class ID for the specified adapter or all adapters if a wildcard (*) is used. If the classID is not specified, the current one is removed. This switch only works for adapters that are configured to obtain an IP address automatically.
/showclassid <adapter> – Displays the current ClassID for a specified adapter; use an asterisk (*) to display information for all installed adapters. This switch only works for adapters that are configured to obtain an IP address automatically.

Using Microsoft Sysinternals to Troubleshoot Networking

As you might expect, Microsoft’s Sysinternals suite comes with a broad range of tools and utilities for configuring and troubleshooting networking and network problems.


Active Directory Explorer (ADExplorer) allows you to easily view and edit an Active Directory database, including additional functionality not normally available, including making a copy of the database and comparing two AD databases side by side.


ADInsight is a Lightweight Directory Access Protocol (LDAP) real-time monitoring tool that you can use to troubleshoot Active Directory client applications. You can use it to view processes and events that applications make to the Wldap32.dll library.


ADRestore exists to help you undelete “tombstoned” Active Directory objects in a domain. The utility enumerates the deleted objects in a domain and allows to restore the ones you choose.


Rather than being a utility, PsTools is actually an extra suite of utilities for administering PC systems remotely. It includes utilities that can remotely execute apps, display information about files and users, kill processes, get detailed information about processes, and shut down and restart the PC. Full details of the tools available and their switches can be found on the Sysinternals website.


This command is used to execute processes on a remote PC. Use this in the format PsExec \\RemotePC “C:\\long app name.exe”.


PsFile, also detailed earlier in this chapter, will display a list of files that are currently open on a remote PC. Use this in the format PsFile [\\RemotePC [-u OptionalUsername [-p UserPassword]]] [[id | PathAndNameOfFile] [-c ToCloseFile].


This tool is used to display the Security Identifier (SID) of a remote computer or user. Use it in the format psgetsid [\\RemotePC[,RemotePC[,...] | @file\] [-u OptionalUsername [-p UserPassword]]] [account|SID].


PsInfo can display information about a remote computer. You can use this with the switch \\RemotePC for a specific PC or \\* to run it on all networked PCs. You can also use it with these switches to get detailed information on [-h] installed hotfixes, [-s] installed applications, and [-d] disk information and use [-c] to export the data as a CSV file.


PsPing does exactly what you might expect it to: it displays detailed ping information to test network connections. It is a Command Line utility that is much more configurable than Windows 10’s standard Ping command. PsPing is used with one of four main switches and then a series of subswitches to test for ICMP (the main protocol used by routers for reporting errors), TCP, latency, and bandwidth. Full details of the switches are available on the Sysinternals website.


If you need to kill a running process on a remote PC, then PsKill is the tool to use. Use it in the format pskill [- ] [-t] [\\RemotePC [-OptionalUsername [-p UserPassword]]] <processname | process id> where [- ] displays a list of supported options, and [-t] kills not just the process but all its dependent processes as well.


PsList will display detailed information about the processes running on a remote PC. Use it with the switches [-d] to display additional details, [-m] to show memory usage information, and [-t] to show process trees.


This tool will display details of each user currently logged on (signed in) to a remote PC. This can be used with the switch [-l] to only show accounts logged in to the PC locally, and not across the network.


This is used to create a dump of event log records from a remote PC. There are quite a few switches and commands for this utility.

You use it in the format psloglist [- ] [\\RemotePC[,RemotePC[,...] | @file [-u OptionalUsername [-p UserPassword]]] [-s [-t delimiter]] [-m #|-n #|-h #|-d #|-w][-c][-x][-r][-a mm/dd/ yy][-b mm/dd/yy][-f filter] [-i ID[,ID[,...] | -e ID[,ID[,...]]] [-o event source[,event source][,..]]] [-q event source[,event source][,..]]] [-l event log file] <eventlog>.


This security tool can be used to change account passwords on a remote PC. Use in the format pspasswd [[\\RemotePC[,RemotePC[,..] | @file [-u Username [-p Password]]] Username [NewPassword].


This lets you view and control services on a remote PC. Use it in the format psservice [\\RemotePC [-u OptionalUsername] [-p UserPassword]] <command> <options>.


PsShutdown can be used to either shut down or restart a remote PC. This can be used with the following useful switches: [-f] to force all applications to close immediately rather than giving them time to close on their own; [-l] to lock the remote PC; [-m] to display a message to appear on the screen for anybody using the PC when the shutdown countdown commences, which can be set with the [-t xx] switch, the default being 20 seconds; [-r] to restart the PC; and [-c] to allow the shutdown to be aborted by somebody still using the remote PC.


If you need to suspend a process on a remote PC, then this tool will do the job. Use it in the format pssuspend [- ] [-r] [\\RemotePC [-u OptionalUsername] [-p UserPassword]] <process name | process id> where [-r] resumes the suspended processes after they have been previously suspended.


The TCPView utility provides information about the endpoint network connections from your PC, including the remote or IP address of the destination and the port used by the PC to make the connection (see Figure 14-27). Using this utility, you can see every running process and service that has an active network connection and the destination they are connected to.

Figure 14-27. TCPView provides useful endpoint information

You can marry this information with the data you have on IP address ranges within your company, or company VPN, to check for misconfigured network connections or to see where malware or rogue apps might be making connections. You can also save the data as a file to read later or to send to a support technician. There is also a Command Line version of this tool available in Sysinternals, called TCPVcon, which is used in the format TcpVcon [-a] [-c] [-n] [process name or PID] where [-a] displays all endpoints, [-n] doesn’t resolve addresses, and [-c] outputs the results as a CSV file.


WhoIs is useful for providing information on who owns and maintains domain names or IP addresses to which your PC is connecting. For example, in running TCPView, I spotted that Edge on my PC was connecting to the IP address and wanted to see what company was at the end of this address. A quick search using WhoIs reveals that the IP address is owned by Facebook, and I had the social network open in a browser tab at the time (see Figure 14-28).

Figure 14-28. WhoIs can provide information on IP addresses you connect to


Configuring, diagnosing, troubleshooting, and repairing wired and wireless network connections on a PC is something for which there are a huge number of tools and utilities, and there’s something to suit the way anybody wants to work, from GUI interfaces to scripting commands.
In the next chapter, hopefully with our networks working properly, we’ll look at hardware devices, including Bluetooth, peripherals, USB systems, and also PC firmware such as UEFI systems, to see how we can troubleshoot problems with everything from printers and wireless headphones to completely unknown devices.