1
00:00:00,180 --> 00:00:01,020
In this lesson,

2
00:00:01,020 --> 00:00:02,460
we're going to talk about step two

3
00:00:02,460 --> 00:00:05,160
of the CompTIA troubleshooting methodology.

4
00:00:05,160 --> 00:00:07,530
Now in step two, we want to establish

5
00:00:07,530 --> 00:00:10,980
a theory of probable cause and question the obvious.

6
00:00:10,980 --> 00:00:13,590
Also, if necessary, you're going to be conducting

7
00:00:13,590 --> 00:00:15,180
external or internal research

8
00:00:15,180 --> 00:00:17,280
based on the symptoms you're observing.

9
00:00:17,280 --> 00:00:19,110
So when we talk about establishing

10
00:00:19,110 --> 00:00:20,970
a theory of probable cause,

11
00:00:20,970 --> 00:00:23,220
we are trying to guess what we think the problem is

12
00:00:23,220 --> 00:00:26,250
based on all the symptoms we've observed up to this point.

13
00:00:26,250 --> 00:00:27,570
If we've gotten good answers

14
00:00:27,570 --> 00:00:29,880
from our initial questions from our end users,

15
00:00:29,880 --> 00:00:32,369
this is going to help us determine the severity of the problem,

16
00:00:32,369 --> 00:00:34,230
such as how many people are being affected,

17
00:00:34,230 --> 00:00:36,900
and how bad is it, as well as a rough idea

18
00:00:36,900 --> 00:00:38,370
of what we need to investigate

19
00:00:38,370 --> 00:00:40,110
such as is this a hardware issue,

20
00:00:40,110 --> 00:00:41,370
is it a software issue,

21
00:00:41,370 --> 00:00:43,500
is it an operating system or an application issue,

22
00:00:43,500 --> 00:00:45,450
or maybe it's a driver issue.

23
00:00:45,450 --> 00:00:47,370
All these are things that we have to figure out,

24
00:00:47,370 --> 00:00:49,320
and by doing all that initial questioning

25
00:00:49,320 --> 00:00:50,880
back in identify the problem,

26
00:00:50,880 --> 00:00:53,970
we should now have a lot of data to start building our case

27
00:00:53,970 --> 00:00:57,330
and figure out what is our theory that we want to go with

28
00:00:57,330 --> 00:01:00,060
as far as what we're going to try next to solve things.

29
00:01:00,060 --> 00:01:01,710
Now, when we talk about establishing

30
00:01:01,710 --> 00:01:03,420
a theory of probable cause,

31
00:01:03,420 --> 00:01:06,450
we have to talk about what is probable cause.

32
00:01:06,450 --> 00:01:08,190
Well, when we talk about probable cause,

33
00:01:08,190 --> 00:01:10,680
we are talking about all of the different possible causes

34
00:01:10,680 --> 00:01:14,400
that may have happened, but which one is most likely?

35
00:01:14,400 --> 00:01:17,730
For example, it is possible that aliens came down

36
00:01:17,730 --> 00:01:20,310
and scrambled up the bits and bytes on your computer,

37
00:01:20,310 --> 00:01:22,350
but it's probably not very likely,

38
00:01:22,350 --> 00:01:24,540
so I don't think that's my probable cause,

39
00:01:24,540 --> 00:01:28,320
even though it might be a very unlikely possible cause.

40
00:01:28,320 --> 00:01:29,700
So keep that in mind.

41
00:01:29,700 --> 00:01:31,410
When you think about probable cause,

42
00:01:31,410 --> 00:01:32,940
you really need to think to yourself

43
00:01:32,940 --> 00:01:34,770
what is the most likely thing,

44
00:01:34,770 --> 00:01:36,030
because there's probably three

45
00:01:36,030 --> 00:01:37,830
or four things that it could be,

46
00:01:37,830 --> 00:01:40,620
and you're going to want to select the most possible one first,

47
00:01:40,620 --> 00:01:42,450
we're going to try that, figure it out,

48
00:01:42,450 --> 00:01:44,010
and if it doesn't solve the problem,

49
00:01:44,010 --> 00:01:45,870
then we can come back again later

50
00:01:45,870 --> 00:01:48,360
and try number two, number three, number four,

51
00:01:48,360 --> 00:01:50,670
until we identify exactly what was wrong.

52
00:01:50,670 --> 00:01:53,790
Remember, the idea here is to do it in a systematic method

53
00:01:53,790 --> 00:01:56,010
so that we're not overlooking any possible issues

54
00:01:56,010 --> 00:01:57,930
while still doing things in the most efficient

55
00:01:57,930 --> 00:01:59,670
and effective way possible.

56
00:01:59,670 --> 00:02:01,500
For example, if I had a user

57
00:02:01,500 --> 00:02:03,660
who was watching video on Netflix

58
00:02:03,660 --> 00:02:05,730
and all of a sudden it stopped working,

59
00:02:05,730 --> 00:02:08,250
well that can have a lot of different reasons.

60
00:02:08,250 --> 00:02:10,380
It could be their TV is turned off,

61
00:02:10,380 --> 00:02:12,030
maybe they didn't pay their electric bill,

62
00:02:12,030 --> 00:02:13,680
it could be their internet service went out,

63
00:02:13,680 --> 00:02:15,360
it could be that Netflix is down,

64
00:02:15,360 --> 00:02:17,670
or it could be the fact that their wireless network

65
00:02:17,670 --> 00:02:20,490
that's connecting between their TV that's watching Netflix

66
00:02:20,490 --> 00:02:22,110
and their network to get to the internet

67
00:02:22,110 --> 00:02:25,320
is no longer transmitting and that's causing a broken link.

68
00:02:25,320 --> 00:02:26,160
This is the idea.

69
00:02:26,160 --> 00:02:27,450
There are lots of problems,

70
00:02:27,450 --> 00:02:29,130
and right now we need to pick one of them

71
00:02:29,130 --> 00:02:30,930
that we think is the most likely

72
00:02:30,930 --> 00:02:33,750
and that's the probable cause that we're going to go after.

73
00:02:33,750 --> 00:02:37,290
Again here, I always want to remember to question the obvious.

74
00:02:37,290 --> 00:02:39,210
If you're thinking about something like Netflix,

75
00:02:39,210 --> 00:02:41,040
they are a really big company

76
00:02:41,040 --> 00:02:43,170
that does a really good job of keeping their servers

77
00:02:43,170 --> 00:02:45,600
up and running almost all of the time,

78
00:02:45,600 --> 00:02:48,480
so it is probably less likely that Netflix is down

79
00:02:48,480 --> 00:02:50,370
than there being an issue with your system

80
00:02:50,370 --> 00:02:52,050
or your internet connection,

81
00:02:52,050 --> 00:02:54,000
and so you might want to check those things first

82
00:02:54,000 --> 00:02:56,850
before you start blaming Netflix and their servers.

83
00:02:56,850 --> 00:02:59,280
Now, in addition to establishing your theory

84
00:02:59,280 --> 00:03:01,230
and picking your probable cause,

85
00:03:01,230 --> 00:03:04,050
we'll also be doing internal or external research

86
00:03:04,050 --> 00:03:05,940
based on the symptoms we see.

87
00:03:05,940 --> 00:03:08,850
For example, when I'm dealing with this Netflix example,

88
00:03:08,850 --> 00:03:10,350
one of the easiest things I can do

89
00:03:10,350 --> 00:03:13,050
to see if it's my problem or Netflix's problem,

90
00:03:13,050 --> 00:03:15,390
is to go online to a site like Downdetector

91
00:03:15,390 --> 00:03:17,520
and type in netflix.com.

92
00:03:17,520 --> 00:03:20,250
That website tracks and reports on other users

93
00:03:20,250 --> 00:03:22,590
who say that different websites are up or down.

94
00:03:22,590 --> 00:03:24,570
And so if you think Netflix is down,

95
00:03:24,570 --> 00:03:26,070
you can go check Downdetector

96
00:03:26,070 --> 00:03:28,620
and see if other people are having the same issue.

97
00:03:28,620 --> 00:03:31,830
This, again, is going to help us verify if our probable cause

98
00:03:31,830 --> 00:03:34,080
is the real cause or if we need to figure out

99
00:03:34,080 --> 00:03:36,060
a different probable cause.

100
00:03:36,060 --> 00:03:37,170
In addition to that,

101
00:03:37,170 --> 00:03:39,900
you're not going to know everything as a technician,

102
00:03:39,900 --> 00:03:41,580
but you should at least be able to figure out

103
00:03:41,580 --> 00:03:43,770
how to research and find answers.

104
00:03:43,770 --> 00:03:46,740
For example, I've been doing this for over 20 years

105
00:03:46,740 --> 00:03:48,300
and I can tell you I still don't know

106
00:03:48,300 --> 00:03:50,340
everything there is to know about them.

107
00:03:50,340 --> 00:03:51,990
That being said, I can solve

108
00:03:51,990 --> 00:03:53,820
almost any problem you throw at me

109
00:03:53,820 --> 00:03:56,340
because I know how to conduct research.

110
00:03:56,340 --> 00:03:58,920
If somebody says there's this issue, or this symptom,

111
00:03:58,920 --> 00:04:01,530
or this error code, I can look those things up

112
00:04:01,530 --> 00:04:03,330
because Google and other search engines

113
00:04:03,330 --> 00:04:05,130
are really your best friend here.

114
00:04:05,130 --> 00:04:06,750
You're going to find a lot of the things

115
00:04:06,750 --> 00:04:08,340
that you're going to do on a daily basis

116
00:04:08,340 --> 00:04:09,870
can be answered by Google,

117
00:04:09,870 --> 00:04:11,940
and usually it's going to be the first, second,

118
00:04:11,940 --> 00:04:14,880
or third result in Google if you search properly.

119
00:04:14,880 --> 00:04:16,860
So don't be afraid to do research

120
00:04:16,860 --> 00:04:18,870
based on the symptoms you're observing.

121
00:04:18,870 --> 00:04:21,000
Also, you want to look at that machine

122
00:04:21,000 --> 00:04:22,620
and make a physical inspection of it

123
00:04:22,620 --> 00:04:25,410
as you're trying to establish and test your theory.

124
00:04:25,410 --> 00:04:27,690
For example, as you go over to the machine,

125
00:04:27,690 --> 00:04:29,820
you're going to look at it and you're going to listen.

126
00:04:29,820 --> 00:04:31,290
Do you hear the fan spinning?

127
00:04:31,290 --> 00:04:32,730
Do you hear a clicking sound

128
00:04:32,730 --> 00:04:35,160
or a grinding sound of the hard disc?

129
00:04:35,160 --> 00:04:37,320
Do you smell something that's burning?

130
00:04:37,320 --> 00:04:39,360
Any of these things are symptoms and clues

131
00:04:39,360 --> 00:04:41,850
to tell you what is wrong with that system.

132
00:04:41,850 --> 00:04:44,130
For example, if you smell a burning smell,

133
00:04:44,130 --> 00:04:45,990
it could be that you've damaged your processor

134
00:04:45,990 --> 00:04:48,000
or one of the components in your motherboard.

135
00:04:48,000 --> 00:04:50,100
If you're hearing a clicking or a grinding sound

136
00:04:50,100 --> 00:04:52,500
that tells you there's something wrong with your hard drive

137
00:04:52,500 --> 00:04:53,700
if you're using a traditional

138
00:04:53,700 --> 00:04:56,070
mechanical hard drive in that system.

139
00:04:56,070 --> 00:04:57,555
If you hear that there's no fan spinning,

140
00:04:57,555 --> 00:04:59,340
that could be a power issue

141
00:04:59,340 --> 00:05:01,680
or it could be a broken fan issue.

142
00:05:01,680 --> 00:05:03,120
All these are things you can figure out

143
00:05:03,120 --> 00:05:05,430
by making that physical inspection.

144
00:05:05,430 --> 00:05:06,840
Another thing to keep in mind is

145
00:05:06,840 --> 00:05:09,300
sometimes when you go to fix the system,

146
00:05:09,300 --> 00:05:12,150
the symptom that you originally had is no longer there,

147
00:05:12,150 --> 00:05:15,000
and so you may want to try to reproduce the problem.

148
00:05:15,000 --> 00:05:17,250
This happens a lot in large organizations

149
00:05:17,250 --> 00:05:20,310
when you're working for their help desk or support system.

150
00:05:20,310 --> 00:05:23,040
For example, in one organization I worked at,

151
00:05:23,040 --> 00:05:24,870
it usually took them one to two days

152
00:05:24,870 --> 00:05:26,490
to send a technician out to your desk

153
00:05:26,490 --> 00:05:27,960
to repair your computer.

154
00:05:27,960 --> 00:05:31,260
So if you had an issue today, such as a program crashing,

155
00:05:31,260 --> 00:05:34,110
you're not just going to sit there for two days and not work.

156
00:05:34,110 --> 00:05:36,330
Instead, you're probably going to reboot your machine,

157
00:05:36,330 --> 00:05:37,650
you're going to try a workaround

158
00:05:37,650 --> 00:05:39,630
and you'll start getting back to work where you can

159
00:05:39,630 --> 00:05:40,590
while you're waiting for somebody

160
00:05:40,590 --> 00:05:43,950
to come fix the issue you're having as the root cause.

161
00:05:43,950 --> 00:05:46,050
During that time, you're doing other things

162
00:05:46,050 --> 00:05:47,670
and there may be other symptoms that come up

163
00:05:47,670 --> 00:05:50,370
that you could then tell the support technician about.

164
00:05:50,370 --> 00:05:52,020
Now, on the other side of that equation,

165
00:05:52,020 --> 00:05:54,030
if you're working as a support technician,

166
00:05:54,030 --> 00:05:55,800
and you're coming in to fix somebody's problem

167
00:05:55,800 --> 00:05:58,350
when they put in a ticket a day or two days ago,

168
00:05:58,350 --> 00:06:00,330
they've already done other things to that system,

169
00:06:00,330 --> 00:06:02,400
so you're going to want to try to recreate the problem

170
00:06:02,400 --> 00:06:03,570
that they initially had

171
00:06:03,570 --> 00:06:05,340
to see if you could see that error message again

172
00:06:05,340 --> 00:06:07,230
or those other symptoms happen.

173
00:06:07,230 --> 00:06:09,390
Some problems are going to be intermittent,

174
00:06:09,390 --> 00:06:11,370
but most problems can be reproduced.

175
00:06:11,370 --> 00:06:12,960
So if you can reproduce it,

176
00:06:12,960 --> 00:06:14,730
that's going to be able to give you more information

177
00:06:14,730 --> 00:06:15,960
and help you figure out

178
00:06:15,960 --> 00:06:17,610
if you've got the right probable cause

179
00:06:17,610 --> 00:06:19,230
that you're trying to solve.

180
00:06:19,230 --> 00:06:21,450
Another thing to think about when doing your research

181
00:06:21,450 --> 00:06:23,760
is that you can use research not just online,

182
00:06:23,760 --> 00:06:25,710
but also in the system itself.

183
00:06:25,710 --> 00:06:28,170
Each system has its own system documentation,

184
00:06:28,170 --> 00:06:29,880
it has installation and event logs,

185
00:06:29,880 --> 00:06:32,130
it has diagnostic tools for you to figure out

186
00:06:32,130 --> 00:06:34,080
what is working and what is not working,

187
00:06:34,080 --> 00:06:36,960
and all of those things are part of that internal research

188
00:06:36,960 --> 00:06:38,220
to learn more about the system

189
00:06:38,220 --> 00:06:39,960
and learn what the probable cause is

190
00:06:39,960 --> 00:06:42,360
for that particular outage or problem.

191
00:06:42,360 --> 00:06:43,950
Next, let's talk about a couple

192
00:06:43,950 --> 00:06:45,360
of different approaches you can use

193
00:06:45,360 --> 00:06:47,520
when you're trying to establish a theory.

194
00:06:47,520 --> 00:06:49,020
Now, the first one we have is what's known as

195
00:06:49,020 --> 00:06:50,550
a top to bottom approach.

196
00:06:50,550 --> 00:06:52,380
Now, when you're using a top to bottom approach,

197
00:06:52,380 --> 00:06:54,600
you're going to use the OSI model as your guide.

198
00:06:54,600 --> 00:06:56,070
So we're going to start with layer seven

199
00:06:56,070 --> 00:06:57,900
and work our way down to layer one.

200
00:06:57,900 --> 00:07:00,000
So if I'm having problems accessing a website,

201
00:07:00,000 --> 00:07:02,190
I'm going to check layer seven in the OSI model first,

202
00:07:02,190 --> 00:07:03,510
which is the application layer,

203
00:07:03,510 --> 00:07:07,290
to see if I can access that website using port 80 and HTTP

204
00:07:07,290 --> 00:07:09,900
or port 443 using HTTPS.

205
00:07:09,900 --> 00:07:12,810
Then if that works, I know everything's working fine,

206
00:07:12,810 --> 00:07:15,060
and if it's not, I would move down to layer six

207
00:07:15,060 --> 00:07:16,230
and then check out something else.

208
00:07:16,230 --> 00:07:18,660
For instance, the encryption is a layer six function,

209
00:07:18,660 --> 00:07:20,220
and so if you're using HTTPS,

210
00:07:20,220 --> 00:07:21,600
maybe there's an issue with the encryption,

211
00:07:21,600 --> 00:07:23,520
which is why the website isn't showing.

212
00:07:23,520 --> 00:07:26,220
As you continue down from layer seven to six to five

213
00:07:26,220 --> 00:07:27,870
to four to three to two to one,

214
00:07:27,870 --> 00:07:29,220
you're trying from the highest levels

215
00:07:29,220 --> 00:07:30,810
down to the lowest levels.

216
00:07:30,810 --> 00:07:32,100
This brings us to our next approach,

217
00:07:32,100 --> 00:07:34,200
which is what we call the bottom up approach.

218
00:07:34,200 --> 00:07:36,040
In a bottom up approach, we do the exact opposite

219
00:07:36,040 --> 00:07:38,610
and we start at layer one of the OSI model

220
00:07:38,610 --> 00:07:41,220
and work our way upward until we get to layer seven.

221
00:07:41,220 --> 00:07:42,440
So what this might look like is

222
00:07:42,440 --> 00:07:44,610
I would first look at the cable connection

223
00:07:44,610 --> 00:07:46,500
and verify that I have a valid layer one

224
00:07:46,500 --> 00:07:48,120
network connection to the network.

225
00:07:48,120 --> 00:07:50,220
This may involve something like a copper or fiber cable

226
00:07:50,220 --> 00:07:52,500
going from my desktop computer to a wall jack.

227
00:07:52,500 --> 00:07:54,090
If I can verify that is working,

228
00:07:54,090 --> 00:07:55,410
I would then move to layer two

229
00:07:55,410 --> 00:07:58,260
and I would then check if I can access other systems

230
00:07:58,260 --> 00:08:01,200
locally on the local area network using their MAC address.

231
00:08:01,200 --> 00:08:03,000
If that works, I'll go to layer three.

232
00:08:03,000 --> 00:08:05,550
And layer three, I might ping the default gateway

233
00:08:05,550 --> 00:08:07,170
or the router of my network

234
00:08:07,170 --> 00:08:09,330
to see if I can get out of my subnet,

235
00:08:09,330 --> 00:08:10,920
and then I can see if that works.

236
00:08:10,920 --> 00:08:12,000
Then I can go to layer four,

237
00:08:12,000 --> 00:08:14,370
which includes ICMP which is ping traffic.

238
00:08:14,370 --> 00:08:16,650
And I might ping something like the Google DNS server

239
00:08:16,650 --> 00:08:20,310
at 8.8.8.8 to see if that is responding to my queries.

240
00:08:20,310 --> 00:08:22,710
And if it is, that tells me my internal network is working

241
00:08:22,710 --> 00:08:23,730
and I have a valid connection

242
00:08:23,730 --> 00:08:25,230
to the outside world over the internet

243
00:08:25,230 --> 00:08:27,390
because I can reach Google's DNS server.

244
00:08:27,390 --> 00:08:29,730
And we would keep doing this all the way up to layer seven

245
00:08:29,730 --> 00:08:31,740
until we identify the problem.

246
00:08:31,740 --> 00:08:33,360
Now, the last type of approach we have

247
00:08:33,360 --> 00:08:35,280
is what we call divide and conquer.

248
00:08:35,280 --> 00:08:37,230
Instead of going from layer seven to layer one

249
00:08:37,230 --> 00:08:38,429
with a top down approach,

250
00:08:38,429 --> 00:08:41,130
or layer one to layer seven using the bottom up approach,

251
00:08:41,130 --> 00:08:43,380
I can actually pick somewhere right in the middle

252
00:08:43,380 --> 00:08:44,880
and start there first.

253
00:08:44,880 --> 00:08:47,460
For example, if somebody says the internet isn't working,

254
00:08:47,460 --> 00:08:49,890
one of the first things I do is I'll open up a terminal

255
00:08:49,890 --> 00:08:53,100
and I'll type in ping space 8.8.8.8,

256
00:08:53,100 --> 00:08:54,960
and this will send four ping packets

257
00:08:54,960 --> 00:08:56,460
by default on a window system

258
00:08:56,460 --> 00:08:59,610
or unlimited ping packets on a macro Linux system

259
00:08:59,610 --> 00:09:02,460
out to that IP address of 8.8.8.8,

260
00:09:02,460 --> 00:09:04,050
and listen to the replies.

261
00:09:04,050 --> 00:09:06,210
If that works, I know that layers one through four

262
00:09:06,210 --> 00:09:07,950
are all valid and they are working,

263
00:09:07,950 --> 00:09:11,010
and now I know I have a layer five, six, or seven problem.

264
00:09:11,010 --> 00:09:12,150
If it doesn't work,

265
00:09:12,150 --> 00:09:14,460
that tells me that I know right off the bat

266
00:09:14,460 --> 00:09:17,400
that something is wrong between layers one and layers four,

267
00:09:17,400 --> 00:09:19,050
and I can then troubleshoot there.

268
00:09:19,050 --> 00:09:21,360
By doing this type of a divide and conquer method,

269
00:09:21,360 --> 00:09:22,710
I'm kind of picking the center point

270
00:09:22,710 --> 00:09:25,920
or the midpoint of the OSI model and testing it there first,

271
00:09:25,920 --> 00:09:28,020
and that way I could say the problem exists above me

272
00:09:28,020 --> 00:09:30,270
or below me based on the layer that I'm testing

273
00:09:30,270 --> 00:09:31,890
for my divide and conquer technique.

274
00:09:31,890 --> 00:09:33,510
And finally, if somebody else

275
00:09:33,510 --> 00:09:35,130
has already worked on that system,

276
00:09:35,130 --> 00:09:37,890
you want to talk to them and figure out what did they do.

277
00:09:37,890 --> 00:09:39,390
If you're working in a small business

278
00:09:39,390 --> 00:09:40,890
and you're the only technician,

279
00:09:40,890 --> 00:09:43,410
then you're probably the only person fixing the machines.

280
00:09:43,410 --> 00:09:45,630
But if you're working for a large organization,

281
00:09:45,630 --> 00:09:48,930
there may be 20, 30, a couple of hundred other people

282
00:09:48,930 --> 00:09:50,400
who are doing these tickets,

283
00:09:50,400 --> 00:09:52,620
and if somebody else has been working on that system already

284
00:09:52,620 --> 00:09:53,850
and they weren't able to fix it,

285
00:09:53,850 --> 00:09:55,380
and they pass that off to you,

286
00:09:55,380 --> 00:09:57,630
you now need to figure out what did they already do?

287
00:09:57,630 --> 00:09:58,770
What have they already touched?

288
00:09:58,770 --> 00:10:00,660
Or if this person says, you know,

289
00:10:00,660 --> 00:10:02,640
I've had a lot of problems with this computer,

290
00:10:02,640 --> 00:10:04,440
you're the third technician in four months

291
00:10:04,440 --> 00:10:05,850
who's had to come out and fix it,

292
00:10:05,850 --> 00:10:08,220
well, let's go talk to the other technicians as well

293
00:10:08,220 --> 00:10:09,480
and figure out what did they do,

294
00:10:09,480 --> 00:10:10,830
what did they think the problem was,

295
00:10:10,830 --> 00:10:12,360
and what did they try to do to solve it

296
00:10:12,360 --> 00:10:14,550
because you don't want to do the exact same thing

297
00:10:14,550 --> 00:10:16,110
because it's probably not going to fix it

298
00:10:16,110 --> 00:10:18,240
because it didn't fix it the last two or three times.

299
00:10:18,240 --> 00:10:20,250
And you're just going to upset your customer

300
00:10:20,250 --> 00:10:21,990
because they feel like you're wasting time

301
00:10:21,990 --> 00:10:24,060
by doing the same thing the other person did

302
00:10:24,060 --> 00:10:25,653
last week or last month.

303
00:10:26,580 --> 00:10:29,970
So keep in mind when it comes to step number two,

304
00:10:29,970 --> 00:10:31,470
your whole goal in step number two

305
00:10:31,470 --> 00:10:33,990
is to establish a theory of probable cause,

306
00:10:33,990 --> 00:10:37,170
and you always want to question the most obvious things first.

307
00:10:37,170 --> 00:10:38,550
If you don't know the answer,

308
00:10:38,550 --> 00:10:41,760
always feel free to look it up using external documentation

309
00:10:41,760 --> 00:10:42,660
such as the internet,

310
00:10:42,660 --> 00:10:45,390
or internal research such as the system itself,

311
00:10:45,390 --> 00:10:47,673
diagnostic tools, and the systems logs.