Windows 7 / Networking

---

Wireless Diagnostics Tracing

Occasionally, you might need to escalate a wireless networking problem to Microsoft or another support specialist in your organization. To perform a detailed analysis, Microsoft or your support specialists need in-depth information about the computer's state and wireless components in Windows and their interaction when the problem occurred. You can obtain this information from wireless diagnostics tracing in Windows Vista and Windows Server 2008. To use wireless diagnostics tracing, you must start tracing, reproduce the problem, stop tracing, and then collect the tracing report.

To start wireless diagnostics tracing, do one of the following:

• Type the netsh wlan set tracing mode=yes command at a command prompt.
• In the console tree of the Reliability and Performance Monitor snap-in, open Data Collector Sets/System. Right-click Wireless Diagnostics, and then click Start.

After you have reproduced the problem and want to stop wireless diagnostics tracing, do one of the following:

• Type the netsh wlan set tracing mode=no command.
• In the console tree of the Reliability and Performance Monitor snap-in, open Data Collector Sets/System. Right-click Wireless Diagnostics, and then click Stop.

Note: It is important to stop the wireless diagnostics tracing prior to viewing or gathering the trace logs to initiate a process that converts the trace files into a readable format.

To view the report generated by wireless diagnostics tracing, in the console tree of the Reliability and Performance Monitor snap-in, open Reports/System/Wireless Diagnostics.

The report includes the following information:

• Wireless configuration, including allowed and blocked wireless networks
• Current TCP/IP configuration (including data provided by the ipconfig /all command)
• A list of all connection attempts and detailed information about each step of the connection process
• A detailed list of all Windows Network Diagnostics events
• Wireless client certificate configuration
• Wireless profiles and their locations
• Wireless network adapter driver information
• Wireless networking system files and versions
• Raw network tracing information
• Computer make and model
• Operating system version
• A list of all services, their current states, and their process identifiers

This report and its associated files are stored by default in the %SystemRoot%\Tracing\Wireless folder.

In addition to wireless diagnostic tracing, Windows Vista and Windows Server 2008 support tracing for components of the Remote Access Connection Manager and Routing and Remote Access services, which are also used for wireless connections. Like the wireless diagnostic tracing, tracing for these components creates information that you can use to troubleshoot complex problems for specific components. The information in these additional tracing files is typically useful only to Microsoft support engineers, who might request that you create trace files for a connection attempt during their investigation of a support issue. You can enable this additional tracing by using the Netsh tool.

To enable and disable tracing for a specific component of the Remote Access Connection Manager and Routing and Remote Access services, the command is:

netsh ras set tracing component enabled|disabled

in which component is a component in the list of components found in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing.

To enable tracing for all components, the command is:

netsh ras set tracing * enabled

To disable tracing for all components, the command is:

netsh ras set tracing * disabled

The tracing log files are stored in the %SystemRoot%\Tracing folder. The most interesting log files for wireless authentication are the following:

• Eapol.log: EAP over LAN (EAPOL) activity.
• Rastls.log: TLS authentication activity.
• Raschap.log: MS-CHAP v2 authentication activity.

NPS Authentication and Accounting Logging

By default, NPS supports the logging of authentication and accounting information for wireless connections in local log files. This logging is separate from the events recorded in the System event log. You can use the information in the logs to track wireless usage and authentication attempts. Authentication and accounting logging is especially useful for troubleshooting network policy issues. For each authentication attempt, the name of the network policy that either accepted or rejected the connection attempt is recorded. You can configure authentication and accounting logging options from the Settings tab in the properties dialog box of the Local File Logging object in the Accounting folder in the Network Policy Server snap-in.

The authentication and accounting information is stored in a configurable log file or files stored in the %SystemRoot%\System32\LogFiles folder. The log files are saved in Internet Authentication Service (IAS) or database-compatible format, meaning that any database program can read the log file directly for analysis. NPS can also send authentication and accounting information to a SQL Server database.