IIS7 post #43 – Remote Logging and the computer name

This post applies to IIS6 as well, however I did most of my testing on Windows Server 2008 beta 3.  This blog covers my adventure getting my logs configured so they would be stored on a remote computer..  There was a simple fix once I understood “WHY”, isn’t everything. 🙂  Click this link for docs on Technet how to setup remote logging.   The documentation states use an UNC path \ServernameSharename and use the Servername.  


Here is where the adventure begins.  In the past I have used Servername and IP Address together.  This time the http.sys process didn’t like the ip address.  I enabled http.sys logging, which is really helpful.  It was throwing the bolded error listed below when I was flushing the log file to disk.   This was the entire set of entries logged browsing localhost.  Here is the link to how to enable HTTP.sys logging.  I even went as far as using SetSPN, (Service Principal Name) in Active Directory.  I learned how to use the SetSPN tool or manually create the entries using ADSIEdit.msc. I caution anyone making these changes in a production environment.  I was getting an 15000 Event log message. There are other event log messages covered in section on Technet.  This indicated my permissions were not correct.  


In the end, after making sure the permissions were correct over and over, I plugged the \ComputerNameLogfiles in the path, ran my batch file and it worked.  I hope this helps someone else, the http.sys logs were not very descriptive, but they were at least available to help point me in the right direction.  So, I’d rather have a somewhat descriptive log entry vs. nothing.  🙂 


Batch File I used to reproduce the issue. 

REM The reason I was running an IISReset is to catch the attempt to create the log directory and file every attempt. 
iisreset

REM Start http.sys tracing

logman start httptrace -p Microsoft-Windows-HttpService 0xFFFF -o httptrace.etl -ets

REM Start an instance of IE to make a request to the local machine
“C:Program FilesInternet Exploreriexplore.exe” http://localhost

REM flush the log data from the http.sys process to disk
netsh http flush logbuffer

REM Stop http.sys tracing
logman stop httptrace -ets

REM Convert the http.sys output file to CSV format
tracerpt httptrace.etl -of csv -o httptrace.csv /y

REM Open the output file in Notepad
notepad httptrace.csv 


Http.sys raw log output in CSV format


  Event Name,       Type,     Event ID,    Version,    Channel,      Level,     Opcode,       Task,            Keyword,        PID,        TID,     Processor Number,  Instance ID,   Parent Instance ID,                              Activity ID,                      Related Activity ID,           Clock-Time, Kernel(ms),   User(ms), User Data
  EventTrace,     Header,            0,          2,          0,          0,          0,          0, 0x0000000000000000, 0x00000000, 0x000005F8,                    0,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   128277049250717083,       1120,        300,     8192, 67174406,     6001,        1, 128277049550199938,   100144,        0, 0x0,        2,        1,        4,        0,     2243, 0x90B9F178, 0x90B9F18C, 128277045204899856,          3579545, 128277049250717083, 0x1,        0, “httptrace”, “C:UsersAdministratorDesktophttptrace.etl”
Microsoft-Windows-HttpService , ConnConnect ,           21,          0,         16,          4,         28,          4, 0x0000000000000010, 0x00000004, 0x0000005C,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},                                         ,   128277049348638271,      12400,          0, 0x842E3798,       28, “[::1]:80”,       28, “[::1]:49190”
Microsoft-Windows-HttpService , ConnIdAssgn ,           22,          0,         16,          4,         55,          4, 0x0000000000000012, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},                                         ,   128277049349263755,         70,          0, 0xFB00000080000002, 0xFB00000060000001, 0x842E3798
Microsoft-Windows-HttpService ,   RecvReq ,            1,          0,         16,          4,         11,          1, 0x0000000000000102, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},   {80000002-0000-fb00-0000-000000000000},   128277049349265138,         70,          0, 0xFB00000080000002, 0xFB00000060000001,       28, “[::1]:49190”
Microsoft-Windows-HttpService ,     Parse ,            2,          0,         16,          4,         12,          1, 0x0000000000000002, 0x00000004, 0x000005AC,                    0,             ,                     ,   {80000002-0000-fb00-0000-000000000000},                                         ,   128277049349322067,         80,          0, 0x842E4750,        4, “http://localhost:80/
Microsoft-Windows-HttpService ,   Deliver ,            3,          0,         16,          4,         13,          1, 0x0000000000000102, 0x00000990, 0x000009B0,                    0,             ,                     ,   {80000002-0000-fb00-0000-000000000000},                                         ,   128277049405515637,        490,         50, 0x842E4750, 0xFB00000080000002,        1, “DefaultAppPool”, “http://localhost:80/“,        0
Microsoft-Windows-HttpService , FastRespLast ,            9,          0,         16,          4,         18,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000002-0000-fb00-0000-000000000000},                                         ,   128277049406633664,         50,          0, 0xFB00000080000002
Microsoft-Windows-HttpService ,  FastResp ,            8,          0,         16,          4,         19,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000002-0000-fb00-0000-000000000000},                                         ,   128277049406663752,         50,          0, 0xFB00000080000002, 0xFB00000060000001,    200, “GET”,        0,      1,        0
Microsoft-Windows-HttpService ,  FastSend ,           12,          0,         16,          4,         21,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000002-0000-fb00-0000-000000000000},                                         ,   128277049406939181,         60,          0, 0xFB00000080000002,    200
Microsoft-Windows-HttpService , LogFileCreateFailed ,           49,          0,         16,          2,         59,          9, 0x0000000000000800, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   128277049412643098,        220,          0, 0xC0000022, “ResponseLogging “, “Site “, “W3C “, “dosdevicesUNC192.168.0.125UncLogFilesW3SVC1u_ex070630.log”,        0
Microsoft-Windows-HttpService , LogFileWrite ,           51,          0,         16,          4,         61,          9, 0x0000000000000800, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   128277049412646736,        220,          0, 0xC0000022, 0x0, “ResponseLogging “, “Site “, “W3C “, “CacheMiss”,        0
Microsoft-Windows-HttpService ,   RecvReq ,            1,          0,         16,          4,         11,          1, 0x0000000000000102, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},   {80000003-0000-fb00-0000-000000000000},   128277049416593131,        220,          0, 0xFB00000080000003, 0xFB00000060000001,       28, “[::1]:49190”
Microsoft-Windows-HttpService ,     Parse ,            2,          0,         16,          4,         12,          1, 0x0000000000000002, 0x00000004, 0x000005AC,                    0,             ,                     ,   {80000003-0000-fb00-0000-000000000000},                                         ,   128277049416635156,        230,          0, 0x842E4750,        4, “http://localhost:80/welcome.png
Microsoft-Windows-HttpService ,   Deliver ,            3,          0,         16,          4,         13,          1, 0x0000000000000102, 0x00000004, 0x000005AC,                    0,             ,                     ,   {80000003-0000-fb00-0000-000000000000},                                         ,   128277049416664003,        230,          0, 0x842E4750, 0xFB00000080000003,        1, “DefaultAppPool”, “http://localhost:80/welcome.png“,        0
Microsoft-Windows-HttpService , FastRespLast ,            9,          0,         16,          4,         18,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000003-0000-fb00-0000-000000000000},                                         ,   128277049416850837,         80,          0, 0xFB00000080000003
Microsoft-Windows-HttpService ,  FastResp ,            8,          0,         16,          4,         19,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000003-0000-fb00-0000-000000000000},                                         ,   128277049416875583,         80,          0, 0xFB00000080000003, 0xFB00000060000001,    304, “GET”,        0,      0,        0
Microsoft-Windows-HttpService ,  FastSend ,           12,          0,         16,          4,         21,          1, 0x0000000000000006, 0x00000990, 0x000009C4,                    0,             ,                     ,   {80000003-0000-fb00-0000-000000000000},                                         ,   128277049416956811,         80,          0, 0xFB00000080000003,    304
Microsoft-Windows-HttpService , LogFileWrite ,           51,          0,         16,          4,         61,          9, 0x0000000000000800, 0x00000004, 0x000005AC,                    0,             ,                     ,   {00000000-0000-0000-0000-000000000000},                                         ,   128277049417997790,        280,          0, 0xC0000022, 0x0, “ResponseLogging “, “Site “, “W3C “, “CacheMiss”,        0
Microsoft-Windows-HttpService , ConnClose ,           23,          0,         16,          4,         29,          4, 0x0000000000000010, 0x00000004, 0x0000005C,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},                                         ,   128277049461028971,      12680,          0, 0x842E3798,        1
Microsoft-Windows-HttpService , ConnCleanup ,           24,          0,         16,          4,         30,          4, 0x0000000000000010, 0x00000004, 0x0000005C,                    0,             ,                     ,   {00000000-1288-0000-8199-7f014bbbc701},                                         ,   128277049461031181,      12680,          0, 0x842E3798


Happy Logging,


Steve Schofield
Microsoft MVP – IIS

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s