This post applies to IIS6 as well, however I did most of my testing on Windows Server 2008 beta 3. This blog covers my adventure getting my logs configured so they would be stored on a remote computer.. There was a simple fix once I understood “WHY”, isn’t everything. ? Click this link for docs on Technet how to setup remote logging. The documentation states use an UNC path \ServernameSharename and use the Servername.
Here is where the adventure begins. In the past I have used Servername and IP Address together. This time the http.sys process didn’t like the ip address. I enabled http.sys logging, which is really helpful. It was throwing the bolded error listed below when I was flushing the log file to disk. This was the entire set of entries logged browsing localhost. Here is the link to how to enable HTTP.sys logging. I even went as far as using SetSPN, (Service Principal Name) in Active Directory. I learned how to use the SetSPN tool or manually create the entries using ADSIEdit.msc. I caution anyone making these changes in a production environment. I was getting an 15000 Event log message. There are other event log messages covered in section on Technet. This indicated my permissions were not correct.
In the end, after making sure the permissions were correct over and over, I plugged the \ComputerNameLogfiles in the path, ran my batch file and it worked. I hope this helps someone else, the http.sys logs were not very descriptive, but they were at least available to help point me in the right direction. So, I’d rather have a somewhat descriptive log entry vs. nothing. ?
Batch File I used to reproduce the issue.
REM The reason I was running an IISReset is to catch the attempt to create the log directory and file every attempt.
iisreset
REM Start http.sys tracing
logman start httptrace -p Microsoft-Windows-HttpService 0xFFFF -o httptrace.etl -ets
REM Start an instance of IE to make a request to the local machine
“C:Program FilesInternet Exploreriexplore.exe” http://localhost
REM flush the log data from the http.sys process to disk
netsh http flush logbuffer
REM Stop http.sys tracing
logman stop httptrace -ets
REM Convert the http.sys output file to CSV format
tracerpt httptrace.etl -of csv -o httptrace.csv /y
REM Open the output file in Notepad
notepad httptrace.csv
Http.sys raw log output in CSV format
Event Name, Type, Event ID, Version, Channel, Level, Opcode, Task, Keyword, PID, TID, Processor Number, Instance ID, Parent Instance ID, Activity ID, Related Activity ID, Clock-Time, Kernel(ms), User(ms), User Data
EventTrace, Header, 0, 2, 0, 0, 0, 0, 0x0000000000000000, 0x00000000, 0x000005F8, 0, , , {00000000-0000-0000-0000-000000000000}, , 128277049250717083, 1120, 300, 8192, 67174406, 6001, 1, 128277049550199938, 100144, 0, 0x0, 2, 1, 4, 0, 2243, 0x90B9F178, 0x90B9F18C, 128277045204899856, 3579545, 128277049250717083, 0x1, 0, “httptrace”, “C:UsersAdministratorDesktophttptrace.etl”
Microsoft-Windows-HttpService , ConnConnect , 21, 0, 16, 4, 28, 4, 0x0000000000000010, 0x00000004, 0x0000005C, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, , 128277049348638271, 12400, 0, 0x842E3798, 28, “[::1]:80”, 28, “[::1]:49190”
Microsoft-Windows-HttpService , ConnIdAssgn , 22, 0, 16, 4, 55, 4, 0x0000000000000012, 0x00000004, 0x000005AC, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, , 128277049349263755, 70, 0, 0xFB00000080000002, 0xFB00000060000001, 0x842E3798
Microsoft-Windows-HttpService , RecvReq , 1, 0, 16, 4, 11, 1, 0x0000000000000102, 0x00000004, 0x000005AC, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, {80000002-0000-fb00-0000-000000000000}, 128277049349265138, 70, 0, 0xFB00000080000002, 0xFB00000060000001, 28, “[::1]:49190”
Microsoft-Windows-HttpService , Parse , 2, 0, 16, 4, 12, 1, 0x0000000000000002, 0x00000004, 0x000005AC, 0, , , {80000002-0000-fb00-0000-000000000000}, , 128277049349322067, 80, 0, 0x842E4750, 4, “http://localhost:80/“
Microsoft-Windows-HttpService , Deliver , 3, 0, 16, 4, 13, 1, 0x0000000000000102, 0x00000990, 0x000009B0, 0, , , {80000002-0000-fb00-0000-000000000000}, , 128277049405515637, 490, 50, 0x842E4750, 0xFB00000080000002, 1, “DefaultAppPool”, “http://localhost:80/“, 0
Microsoft-Windows-HttpService , FastRespLast , 9, 0, 16, 4, 18, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000002-0000-fb00-0000-000000000000}, , 128277049406633664, 50, 0, 0xFB00000080000002
Microsoft-Windows-HttpService , FastResp , 8, 0, 16, 4, 19, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000002-0000-fb00-0000-000000000000}, , 128277049406663752, 50, 0, 0xFB00000080000002, 0xFB00000060000001, 200, “GET”, 0, 1, 0
Microsoft-Windows-HttpService , FastSend , 12, 0, 16, 4, 21, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000002-0000-fb00-0000-000000000000}, , 128277049406939181, 60, 0, 0xFB00000080000002, 200
Microsoft-Windows-HttpService , LogFileCreateFailed , 49, 0, 16, 2, 59, 9, 0x0000000000000800, 0x00000004, 0x000005AC, 0, , , {00000000-0000-0000-0000-000000000000}, , 128277049412643098, 220, 0, 0xC0000022, “ResponseLogging “, “Site “, “W3C “, “dosdevicesUNC192.168.0.125UncLogFilesW3SVC1u_ex070630.log”, 0
Microsoft-Windows-HttpService , LogFileWrite , 51, 0, 16, 4, 61, 9, 0x0000000000000800, 0x00000004, 0x000005AC, 0, , , {00000000-0000-0000-0000-000000000000}, , 128277049412646736, 220, 0, 0xC0000022, 0x0, “ResponseLogging “, “Site “, “W3C “, “CacheMiss”, 0
Microsoft-Windows-HttpService , RecvReq , 1, 0, 16, 4, 11, 1, 0x0000000000000102, 0x00000004, 0x000005AC, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, {80000003-0000-fb00-0000-000000000000}, 128277049416593131, 220, 0, 0xFB00000080000003, 0xFB00000060000001, 28, “[::1]:49190”
Microsoft-Windows-HttpService , Parse , 2, 0, 16, 4, 12, 1, 0x0000000000000002, 0x00000004, 0x000005AC, 0, , , {80000003-0000-fb00-0000-000000000000}, , 128277049416635156, 230, 0, 0x842E4750, 4, “http://localhost:80/welcome.png“
Microsoft-Windows-HttpService , Deliver , 3, 0, 16, 4, 13, 1, 0x0000000000000102, 0x00000004, 0x000005AC, 0, , , {80000003-0000-fb00-0000-000000000000}, , 128277049416664003, 230, 0, 0x842E4750, 0xFB00000080000003, 1, “DefaultAppPool”, “http://localhost:80/welcome.png“, 0
Microsoft-Windows-HttpService , FastRespLast , 9, 0, 16, 4, 18, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000003-0000-fb00-0000-000000000000}, , 128277049416850837, 80, 0, 0xFB00000080000003
Microsoft-Windows-HttpService , FastResp , 8, 0, 16, 4, 19, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000003-0000-fb00-0000-000000000000}, , 128277049416875583, 80, 0, 0xFB00000080000003, 0xFB00000060000001, 304, “GET”, 0, 0, 0
Microsoft-Windows-HttpService , FastSend , 12, 0, 16, 4, 21, 1, 0x0000000000000006, 0x00000990, 0x000009C4, 0, , , {80000003-0000-fb00-0000-000000000000}, , 128277049416956811, 80, 0, 0xFB00000080000003, 304
Microsoft-Windows-HttpService , LogFileWrite , 51, 0, 16, 4, 61, 9, 0x0000000000000800, 0x00000004, 0x000005AC, 0, , , {00000000-0000-0000-0000-000000000000}, , 128277049417997790, 280, 0, 0xC0000022, 0x0, “ResponseLogging “, “Site “, “W3C “, “CacheMiss”, 0
Microsoft-Windows-HttpService , ConnClose , 23, 0, 16, 4, 29, 4, 0x0000000000000010, 0x00000004, 0x0000005C, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, , 128277049461028971, 12680, 0, 0x842E3798, 1
Microsoft-Windows-HttpService , ConnCleanup , 24, 0, 16, 4, 30, 4, 0x0000000000000010, 0x00000004, 0x0000005C, 0, , , {00000000-1288-0000-8199-7f014bbbc701}, , 128277049461031181, 12680, 0, 0x842E3798
Happy Logging,
Steve Schofield
Microsoft MVP – IIS