Network and Software Troubleshooting for CompTIA A+ 220-1102

DNS failures prevent name resolution — applications fail to connect even when network connectivity is fine. Symptoms: 'Cannot reach this page' or 'server not found' in browser, but ping by IP works. nslookup: test DNS resolution. `nslookup google.com` — if it fails, DNS is the issue. `nslookup google.com 8.8.8.8` — tests with a specific DNS server. If this works, the configured DNS server is the problem. ipconfig /all: verify DNS server addresses. ipconfig /flushdns: clears DNS resolver cache — fixes stale cached entries pointing to old IP addresses. Restart DNS Client service: `net stop dnscache && net start dnscache`. Change DNS server: if the configured DNS is unreachable, manually configure 8.8.8.8 (Google) or 1.1.1.1 (Cloudflare). Check /etc/hosts file (Windows: C:\Windows\System32\drivers\etc\hosts): local overrides — a misconfigured hosts file can prevent specific sites from resolving.

DHCP failures result in APIPA addresses (169.254.x.x) or 'Limited connectivity' status. Symptoms: APIPA address in ipconfig output, 'No internet access' in taskbar, can only reach local link-local devices. Diagnosis: ipconfig — look for 169.254.x.x. Verify DHCP server is reachable. Check if DHCP is enabled on the adapter: `netsh interface ip set address 'Local Area Connection' dhcp`. Release and renew: `ipconfig /release && ipconfig /renew`. Check DHCP server: is the DHCP service running? Is the address pool exhausted? Check DHCP lease scope has available addresses. Check for rogue DHCP servers: if users are getting wrong IP addresses, a rogue DHCP server is handing out configurations. DHCP snooping on the switch (enterprise) or physically locating the rogue server. Conflict: two devices assigned the same IP — identify with arp -a, check DHCP reservations.

Proxy misconfigurations block specific applications or all internet access. Symptoms: browser can reach some sites but not others, applications report 'cannot connect' but browser works. Check proxy settings: Settings → Network & Internet → Proxy (Windows 10/11). Internet Options → Connections → LAN settings. Test without proxy: disable proxy temporarily to confirm it's the cause. PAC file issues: if the PAC file is inaccessible or contains errors, browsers may fail to connect. Check: open the PAC file URL in a browser directly. Application-specific proxy settings: some applications (Java, Firefox) have their own proxy configuration separate from Windows system proxy. Host-based firewall blocking applications: Windows Defender Firewall → Allow an app through Windows Defender Firewall. Add the application exception. Check outbound firewall rules in wf.msc. Network firewall blocking ports: test with telnet or Test-NetConnection to the specific port. `Test-NetConnection -ComputerName host -Port 443`.

VPN connectivity issues prevent remote workers from accessing corporate resources. Split tunneling vs full tunnel: if VPN is configured as full tunnel, all internet traffic routes through the corporate network — slow browsing when VPN is connected is normal if corporate internet is slow. Common VPN issues: VPN connects but cannot reach internal resources → DNS not updating to corporate DNS when on VPN. VPN drops intermittently → MTU mismatch (reduce MTU on VPN adapter). VPN client cannot connect → firewall blocking VPN port (L2TP/IPSec: 500, 4500 UDP; SSTP: 443 TCP; OpenVPN: typically 1194 UDP). VPN credentials failing → password expired or account locked. Check VPN client logs for specific error. Windows built-in VPN: Settings → Network & Internet → VPN → select VPN → Connect. Check event logs (EventViewer → Applications and Services Logs → Microsoft → Windows → RasClient) for errors. Verify VPN server is reachable (ping the VPN server address or gateway).

When an application cannot connect to a server: Step 1 — Can you ping the server by name? If no: DNS issue. If yes by IP but not name: DNS issue. Step 2 — Can you telnet/Test-NetConnection to the specific port? `Test-NetConnection servername -Port 443`. If no: firewall or service not running. Step 3 — Is the service running on the server? Check the server's services, event log, or web server (curl/browser). Step 4 — Is a proxy required? Check application proxy settings. Step 5 — Is TLS certificate valid? Certificate error in browser or application log. Common error messages: Connection timed out: network path blocked (firewall, routing issue). Connection refused: server reached but service not listening on that port. SSL certificate error: expired or mismatched certificate. 403 Forbidden: server reached, port open, but access denied (permissions). 404 Not Found: server reached but the resource doesn't exist at that URL.