HOWTO: Basics of IIS6 Troubleshooting

I recently sat down and thought a little about the typical user experience when troubleshooting IIS6, assuming s/he had little/no IIS context that long-time users have… and the picture did not look so good.

Now, I know that IIS7 will make huge improvements in this area (and will unfortunately obsolete some of this information… but not the general concepts! :-) ), but it is not available yet. I am also certain that users will continue to push us to literally start to self-diagnose the issue instead of providing useful information for users to make corrective actions (and certainly not merely dump trace data, like we do in WS03SP1…), so there has to be a good balance.

But in the meantime, I wanted to gather together some of the basic troubleshooting steps that I go through to diagnose issues which appear to involve IIS, as well as explain some of the rationale of the steps, so that the reader can better understand the process.

Preserve System State

First and foremost, when you are trying to troubleshoot why something is not working, you want to preserve the system state for examination. I cannot emphasize this enough… especially when you want someone else to help you. I can tell you that developers will not even look at your issues unless you give them the exact state that triggers the issue, and their rationale is simple – they want to diagnose the actual issue… not some psuedo or related issue. Only the Real Thing.

Thus, you want to treat the system more like a “crime scene” where you take measured steps around the chalk figures, take non-destructive samples, record the location of everything, etc… If you must make changes, make note of the order in which you do them as well as any consequential effects. I prefer to keep a little temporary “journal” in notpad.exe of my actions – so that I remember what I did, why I did them, and in what order… so that subtle patterns may emerge in later analysis without needing to gather data again.

For example, RESIST the urge to try to uninstall/reinstall IIS, change filesystem ACLs to wide-open, make user accounts to be administrator, or lower security settings on the server or in the browser just to see if things work. These sorts of actions merely destroy system state such that you may never know *why* something started working (and since you destroyed system state, no one else can help re-interpret for you)… so you never know *how* to deal with it in the future. In other words, you fail to learn and grow from the experience, and it can only cost you more time/effort in the future. Resist the urge to snap up short-term gains and focus on the long-term benefit. Simply finding solutions is ok; learning how to solve a class of problems is even better. Gee… these same ideas apply to life equally well… 😉

This is why on newsgroups/Q&A, when someone tells me that they reinstalled, wiped ACLs, changed Administrators, etc during their “troubleshooting”, I simply have to turn off and stop helping them… not because I do not care… but because at that point I am no longer dealing with the original issue but some new meta-issue.

Now, I know that some of you enjoy “troubleshooting” by tinkering around with settings in the UI to see if any combination works and if it does, great. But realize that this simply means that you condemn yourself to be limited by whatever is accessible via the UI, and in the case of an open platform like IIS, understanding fundamentals of how things plug together is really important because the UI simply cannot and does not represent all useful interactions. Thus, the astute reader should notice that I never write a blog entry from the perspective of the UI but always from the perspective of the IIS Core Server and what is going on… and the UI is merely a means to configure the necessary settings as appropriate.

In general, I prefer to the classic warfare approach of first gathering and analyzing my “recon data” before formulating any strategy and making any intrusive deployments and movements…

Useful Logs

A common pitfall that I see users fall into is to claim:

I did not see any useful errors in X, so I decided to do something more drastic.

While I understand that users are trained to look for errors in a variety of places (Event Log seems to be a common place where people expect everything to be logged), and IIS does not log everything everywhere (and certainly does not flood the event log), it pays to be patient. Even when I am dealing with some system I do not fully understand (like the Windows Firewall, Exchange, SQL…), I still first search the web for any diagnostic aid, search the filesystem/registry for any log file clues, etc… before trying anything else… simply because I value preserving system state.

The most valuable log files for IIS6 (and their locations) are:

  • HTTP.SYS Error Log – %windir%\System32\LogFiles\HTTPERR (Default location; configurable)
  • IIS Website Log – %windir%\System32\LogFiles\W3SVC# (Default location; configurable) **
  • Event Log (both System and Application)

** I’m not going to complicate things with Centralized Binary Logging and such… because the point of the logfile remains the same; just location differs. Materially it does not change the discussion nor rationale.

One of the more non-intuitive things when dealing with IIS log files is that there is no single location to correlate all of them. Worse, it often appears that information is haphazardly split amongst them, so it is never clear where to look for what. Barring unintentional bugs, here is how I logically classify the log files:

One common source of “debugging information” that I dissuade you from relying upon for troubleshooting is the HTTP response displayed by your web browser. Quite frankly, do not trust the browser for troubleshooting unless you have nothing better. Use a tool like WFetch from IIS Resource Kit Tools. Browsers simply have too many “usability” features that limit their usefulness, including:

  • Browsers may not display the actual HTTP Response but some rationalized response, so you never detect the flawed output of custom ISAPI code running on the server
  • Browsers may re-interpret HTTP Response and generate some other pre-canned response, so you never get the actual HTTP Response Code
  • Web Server may not send a useful Custom Error page to the Client despite logging all the information to Log files on the server

In short, first look at the aforementioned Log files on the server before doing anything else…

Use Non-Invasive Monitors

When the log files do not tell the whole story, I resort to pragmatic, non-invasive monitors like FileMon, RegMon, and NetMon to observe and record what happens on the situation in question.

  • Suppose the problem has to do with the request accessing some file or registry key and returning access denied or file not found. I suggest using FileMon (aka File Monitor) or RegMon (aka Registry Monitor) from to track which resource is accessed and the associated error.

    Some representative blog entries:

  • Suppose the problem is a repeating user dialog popup, or the browser is “hanging” and eventually times out, or just any other unexpected HTTP sequence. I suggest using NetMon (aka Network Monitor) from Add/Remove Windows Components / Management and Monitoring Tools / Network Monitor Tools to capture the incoming/outgoing request/response.

    In particular, this approach is necessary if ISAPI Filters or ISAPI Extensions are involved in the request because they can cause arbitrary server behavior. So, you need to capture these arbitrary behaviors, determine which is wrong/right, and go from there.
  • Suppose you know the actual request which will generate the misbehaving hang, then you can consider using a tool like WFetch to independently make that request and then observe the raw HTTP Response to figure out what is wrong with it. Using browser plugins like Fiddler in IE is not as independent nor direct as you need.

Use Real Debuggers

Suppose the log files and pragmatic monitors fail to tell the whole story… I then attach debuggers like NTSD or WINDBG from the Microsoft Debugging Toolkit (do NOT use Visual Studio because installing/using that tool changes too much machine state which may be relevant. Visual Studio is more a development platform than a debugging tool), set up symbols as directed, and then investigate the process responsible for handling the request in question.

A couple of useful breakpoints to use include:

  • w3isapi!ServerSupportFunction – any time an ISAPI Extension makes a pECB->ServerSupportFunction call, you can trap it and based on the ID, examine every single parameter value. Now, with IIS6 on WS03SP1, this information can be obtained by turning on ETW Tracing, but I still enjoy the generic method of simply setting a breakpoint on whatever I am interested in trapping and then observing it.
  • w3core!FilterServerSupportFunction – any time an ISAPI Filter makes a pfc->ServerSupportFunction call, you can trap it and based on the ID, examine every single parameter value. With IIS6 on WS03SP1, this information can be obtained by turning on ETW Tracing as well.

In conjunction with Log files indicating the error response/codes, Network Monitor indicating what is wrong with the response, and trapping what ISAPI Filters/Extensions do on the server, you can usually track down whether the problematic response came from IIS or some particular ISAPI… which is a huge step forward in troubleshooting.


Ok, I am going to stop at this point because I do not want this blog entry to be some all-encompassing novel that takes me forever to write, edit, and perfect and hence never publish. 😉 I hope that this information provides a useful scaffold for any user of IIS to effectively gather data to troubleshoot a variety of IIS-related issues by employing various associated diagnosis techniques (which I intentionally did not mention… though they would be nice subjects for future blog entries).

Please note that my troubleshooting steps do not involve changing the system’s or even IIS’s configuration other than replaying the request or action that triggers the issue under investigation… because to me, preserving system state and recording my actions/observations is most important. Why? Well… suppose I cannot actually resolve the issue… then I definitely do not want to prevent anyone else from helping me resolve the issue and want to provide them with the best environment and all the information I had already independently gathered to save them time.

Yes, I realize that this approach does not make you feel empowered because you do not actively change anything… but please realize that troubleshooting is about making correct changes quickly; not quickly making correcting changes… 😉


[2006-07-14] Hmm… minds thinking alike. I recommend this URL:

Comments (44)

  1. Uwe Keim says:

    When refering to "NetMon", do you mean any special application? I searched Google for "NetMon" and "SysInternals NetMon", but found various unspecific items only.

  2. David Wang says:

    Uwe – When I say "NetMon" I meant "Network Monitor", which I described how to obtain/install. I’ll make the association more clear. It’s similar to how "RegMon" is "Registry Monitor".


  3. Hi David,

    A useful post, thanks. One minor typo:

    > I suggest using RegMon (aka Network Monitor)

    I think you mean NetMon there.


  4. David Wang says:

    Paul – Thanks. A typo from copy/paste/edit for the prior comment…


  5. Holger says:

    I’m looking for an answer to the (silly) question, what does a http status code 200 in the iis website log really mean.

    You say: "IIS Website Log contains … It tells me that IIS Core in user-mode got the request and sent some response (no guarantee the client got the response, of course)."

    That I was thinking also, but there are guys arguing "if there is an http status code 200 for a GET is in the IIS logs it means >>guarantee of delivery<< to the client, like a fax-reception-o.k."

    I know this looks silly to you, but help me anyway 😉 thanx a lot!!!

  6. Steven says:

    Hi David:

    we have lots of 400 error codes register in IIS logs and HTTP.sys logs. But http.sys logs are not that usefull, as they don’t enough information about cs-uri, most of the time "-". So wondering is there way to debug the issue behind this error.


  7. David.Wang says:

    Steven – 400 errors are called "Bad Request" because the request may not have been well-formed enough to be parsed/understood by HTTP.SYS. Hence, there is nothing to log about these data streams, certainly no cs-uri (parsing is not guaranteed) nor would these requests ever make it to IIS in user mode.

    And why wouldn’t HTTP.SYS log these 400 unparsed data streams to a log file so that you can debug these errors? Because consider that hackers may use this mechanism to send broken requests and write arbitrary data to your server log files, possibly waiting for some file-format viewer bug to exploit hack your server when you first browse the log file. Just a thought – why would you ever log untrusted and unparsed data verbatim?

    Now, HTTP.SYS will usually log a "reason" for the 400 error that indicate what is wrong with the request. These problems indicate client-side errors beyond the means of the server to fix.

    Maybe your 400s come from some common malformed requests generated by bad clients. The following discussion may help:


  8. David Wang says:

    If you are looking for information on how to troubleshoot a variety of IIS-related issues, the following…

  9. David Wang says:

    Sigh… it seems that the Application Health Monitoring features added in IIS6 are merely used by VARs…

  10. Robert says:

    As i just noticed, IIS6 will also go all "eek!" on multiple dots within abs_path, too.

    "http://server/abc+.+def/ghi.aspx&quot; will work perfectly fine, but

    "http://server/abc+..+def/ghi.aspx" will throw some "Bad Request" at me.

    RFC 2396 saying

    >      unreserved  = alphanum | mark

    >      mark        = "-" | "_" | "." | "!" | "~" | "*" | "’" | "(" | ")"

    would lead me to thinking "abc+..+efg" was a legal segment, though.

  11. Ed says:


    Just give us a normal error log that has the errors in it, like competent developers would do.

    Jesus Christ, Apache had better error reporting a decade ago, when it was developed as a hobby by volunteers.

    FIX. YOUR. PRODUCT. Don’t give us bullshit. Give us an error log.

  12. David.Wang says:

    Ed – Troubleshooting is a process, not a magical bullet.

    IIS6 already provides error logs (depending on the type), just like Apache. I see nothing to "fix", really, other than introuducing people to what’s already there… if you’d only look.


  13. David.Wang says:

    Robert – You probably have either:
    1. something configured on your IIS6 server
    2. between your server and client

    that is rejecting those requests because I do not see what you claim.

    I am able to make your exact failing requests against my default IIS6 installation and get the correct responses (not 400).

    Obviously, just because HTTP.SYS/IIS6 allows a request does not mean other applications running on the server or between the server and client likes the request. The observed behavior there is obviously arbitrary, so you must always be clear on WHAT is handling and rejecting the request because it may not be IIS6 at all.


  14. Robert says:

    Hi David.

    Following your hints I tried using a new virtual folder on the server in question.

    As you suggested, it worked well for defaul..t.htm and defaul&t.htm.

    As the original scenario involves an 1.1 application with rewriting happening within the "begin_request" event (which is supposed to map ‘virtual’ urls to database-driven content).

    Trying to reproduce the behavior using a simpler setup I set up a wildcard-handler "C:WINNTMicrosoft.NETFrameworkv1.1.4322aspnet_isapi.dll", and unchecked the "verify if file exists" checkbox.

    Then I tried opening "default.htm", "defaul&t.htm" and "defaul..t.htm"

    "default.htm" still worked.

    "defaul&t.htm" and "defaul..t.htm" caused "Bad request"

    So, I conclude, it is not the fault of http.sys or IIS6 at all, but all aspnet_isapi.dll’s.

    Thank you for pointing me to this direction.


  15. Robert says:

    Hi David,

    it’s me again. There’s one last thin i forgot to mention:

    One thing, that might point at IIS6 is that the same application works fine under IIS5 (and the same version of the .net framework). But then it might as well have something to do with some difference between Windows 2000 Server and Windows 2003 I do not know about.

    Hopefully I’ll finde some clue.

    Thank you again.


  16. David.Wang says:

    Robert – You’ve already proven that your issue is not with IIS6 but something ASP.Net specific.

    I would start looking at whether they are the same version and running the exact same httpModules.

    WS03 (and WS03SP1) contains updated binaries of .Net Framework 1.1. Verify that you have the same updated binaries on Windows Server 2000.

    I suspect that one of the versions of ASP.Net is doing path validation/canonicalization and now deciding to fail your requests.


  17. Robert says:

    Hi David,

    I guess I finally found out, why it would work on IIS5/Windows 2000, and not on IIS6/Windows 2003.

    It had nothing to do with the version of IIS nor the version of Windows, nor the versions of the .Net-Framework (1.4322.2032 / 1.4322.2300).

    The different behavior was caused by the registry setting "VerificationCompatibility" under "HKEY_LOCAL_MACHINESOFTWAREMicrosoftASP.NET" being set to "1" on the 2000-Server and not on 2003.

    (This setting seems to be introduced by kb826437).

    I think I’d never found out without you pointing me away from my first suspicions, so thank you again for your patience with me.


  18. David.Wang says:

    Robert – thanks for finding the KB. Actually, it does have to do with the “version” of the .Net Framework since it includes ASP.Net.

    I didn’t have the exact KB#, but I knew the guys that made the change in ASP.NET, so I was trying to say that during one of the ASP.Net 1.1 SPs a “canonicalization check” was introduced (that resulted in the behavior you observed), and the Registry Key from the KB basically turns that check off (it is on by default for security reasons).

    1. if you ran the original ASP.Net 1.1, this check would not be present at all and things would work
    2. if you ran ASP.Net 1.1 with the latest service packs, the check would be present and enabled by default so things would fail
    3. and if you then add the Registry Key to turn the check off, things would “work” again


  19. Robert says:

    Hi David.

    I see. Thank you for the explanation.

    Regarding the KB-Entry, there’s one thing that I’d just like to share though:

    I think It’d be nice if the KB-entry explained, what consequences, security-wise, setting the option would have.

    It reads a bit like "It won’t work, but set this setting, and it will." and one gets to thinking "Where’s the catch? If there wasn’t any, why would they use a registry-setting instead of changing it alltogether?" But there’s no hint as to why leaving this setting alone could possibly wiser.

    I think that if the consequence of this setting might be decreased security, one should be informed. And if there is no risk at all, it’d be nice to know, too, so you don’t get sleepless nights wondering what evil you might have done by changing this setting.

    And a possibility to not disable this check for all the server but to override a "failed" result within one’s application would be quite nice to have.

    But this shall not bother you, I’m very grateful for the time you voluntarily invested helping me with my problem.

    Best wishes


  20. David.Wang says:

    Robert – thanks for the feedback.

    Unfortunately, KBs are only scoped to tell you you WHAT and HOW to do something that you’ve searched for. It does not tell you WHY you want to do something, and that is by-design.

    Frankly, the reason KBs do not contain WHY is because its authors are often merely technical writers without in-depth knowledgeable of the issue and cannot articulate WHY – they are just technical writers given a whole bunch of raw technical details and instructed to come up with a KB. Since they rarely have real insight about the issue, they certainly cannot synthesize and provide useful "WHY" knowledge. They end up only able to tell you how to detect something and what to do about it.

    This is part of the reason I blog – I essentially get to write my own KB articles on my blog. I locate/organize all the information so that you know WHAT/HOW to do something, and I also try to articulate WHY you want to do something because I deem the deep understanding to be important.

    The reason why security switches are "global" is because it does not make sense to partially secure a server on a per-application basis — the attacker simply tries the same attack on a different application and eventually still hack you — you gain no security benefit by using partial security

    And if I had to choose between full security and false-sense of security, I rather have things break due to security than to work and give you a false-sense of security.


  21. Robert says:


    I agree on your point about full security being preferable over a false sense of security – It’s just that sometimes things look completely harmless, like "defaul..t.aspx". I see the need for preventing canonicalization issues, but I don’t see how "defaul..t.aspx" might cause such.

    This is probably the reason why I should leave such things to the .Net people, who know what they are doing, as I generally dislike the idea of being the one responsible when something bad happens to the server; and it’s just one, wheras they are responsible for thousands of servers.

    Hope they can sleep well.


  22. HI DAVID

    I agree on your point about full security. But I seem to have a little problem when. I log on the internet explorer. It give me a error message that says your Internet explorer has encounted a problem and needs to close. We are sorry for the inconvenience.

  23. David.Wang says:

    Robert – Canonicalization issues are by-definition arbitrary and usually hard since paths crossing multiple domains can suffer from such naming issues. I am glad someone else is thinking about it. 😉

    However, I agree that I do not see anything wrong with defaul..t.aspx. It seems that the ASP.Net validation is just checking for presence of ".." and not necessarily "/../"


  24. David.Wang says:

    HOVIK – sounds like something is crashing Internet Explorer. Just attach a debugger to iexplore.exe, and on the crash, look at the stack trace, determine what is crashing Internet Explorer, and follow up with the appropriate support party for that software.


  25. Dan P says:

    Hello David,

    My apologies if this has already been asked and lost in the archives, but this post looks like the best place to ask. :)

    I am stuck with IIS 5 and have developed an ISAPI extension for it. It works fine on IIS 6 when I add it to the list of allowed extensions, but of course that’s not available on 5. I placed it in an appropriate dir and set the execution permissions to "Scripts and Executables". Everything works fine, for a while. Then I start getting 405 errors on the client side, and when I go back to check I find that IIS has magically changed the permissions to "None" for me. I set it back to "Scripts and Executables" and it works fine again for a while. Wash, rinse, repeat. I can find no discernable pattern to it so far.

    I’ve done some pretty extensive web searching and all I’ve found is one other instance of a guy getting the same issue with some third-party package, and he got totally off the wall, unrelated answers about how to "fix" it.

    Do you know of anything that would cause this behavior? Is there anything my ISAPI extension should never do (like returning particular error codes or something) to avoid this?


  26. Dan P says:

    Sorry for the second post right after the first, but I did eventually figure out the root cause. It looks like ASP.NET automatically sets the ‘bin’ dir of any application to ‘None’ the first time it executes something there. I had some ASP.NET DLLs mixed in with ISAPI ones. Moving them out to their own, separate, dir made it work right. Probably more secure anyway.

  27. David.Wang says:

    Dan P – glad you found the answer – that was what I was going to suggest, but you found it first. :-)

    ASP.Net will reset the permissions of /bin directory to “None” on its own for security reasons – .Net assemblies are essentially source code, and having that directory readable is like revealing your source code.

    To protect on IIS5/5.1, ASP.Net changes the AccessFlags property because it is LocalSystem. To protect on IIS6, it runs a filtering algorithm because it runs as Network Service which cannot change IIS configuration.


  28. David.Wang says:

    It’s a 10K entry!


  29. This article is great. I always have to lecture my hosting company when I need error logs. They normally dont give me any information or tell me. "We have found nothing".

    Now I know what to tell them next time.

    Good Job Dave

  30. MaryJames says:

    Hola  all

    How I can change avatar in this forum?

  31. nufsaidnow says:

    I’m getting sc-win32-status 121 "The semaphore timeout period has expired." about once a minute in the IIS logs. sc-bytes are 0 and time-taken is about 20-200 seconds.

    I can’t find any related errors in my application logs and application traces shows me that the code gets executed, but the browser doesn’t get any response (I would expect a .

    This happens for all types of requests. Images and aspx pages.

    I’v looked in http.sys error log but unable to relate any of the errors there.

    To a simple developer this would seem like some sort of resource lock. I’ve searched a bit and it seems this error can be just about anything. Network interfaces having out of date drivers, backup software etc.

    Is it possible to use adplus in hang mode to catch the 121, to find out which component/system/application generates it ?

  32. Kumar says:

    Hi, I am involved in migrating all the web sites from a web server running with IIS 5.0 to another web server with IIS 6.0. For a web site, in the source server it doesnt have a default document but, it displays some links which takes to another web site. I have made copies of those folders and also created a web site which is very much similar to that. But, when I tested the new web site in the target server, it gives the following error: "Directory Listing Denied – This Virtual Directory does not allow contents to be listed". I have checked with the permission for all the sub folders including the Virtual Directory. But, the error is displayed. Please give me a valuable guidance to solve this issue.

  33. George Novac says:

    Hi David

    I have IIS 6 on a Win (SBS) 2K3 domain controller (together with ISA 2000, Exchange 2003 and SQL 2000). On IIS there’s only the stuff from Exchange installation (web-mail etc). IIS gives me "Service Unavailable" no matter what I browse from it, "DefaultAppPool" crashes after every "browse" command from IIS Administration Console. Any idea ?

    I am desperately trying to put a website on that server (web service goes under port 1234 to avoid interraction with ISA on 80/8080)

    Pls help me…

  34. David.Wang says:

    Kumar – Read this blog entry on how requests are handled:

    It sounds like your problematic website has additional IIS configuration that you did not migrate over to IIS6. I do not believe your problem has anything to do with permissions of the virtual directory, and the "Directory Listing Denied" error is simply a red-herring that is confusing you.

    You say that the source does not have a DefaultDocument yet displays links which goes to another website. There is no IIS functionality that works like that on IIS5 or IIS6. Thus, you are likely describing some custom behavior provided by an ISAPI, and you’ll need to determine, install, and configure that ISAPI.

    There is no tool to do this automatically because it’s arbitrary code.


  35. David.Wang says:

    George – Is your SBS installation the "Premium" edition of SBS2003, or your proprietary combination of software? If it is your proprietary combination, then do you have support statements from Microsoft saying your combination is possible?

    If your combination is allowed, then please contact Microsoft PSS for support.

    If your combination is not possible, then please read this blog entry to find the blog URL on how to diagnose your "503 Service Unavailable" issue.

    Otherwise, you should expect to pay someone to consult on your issues.

    I am happy to tell and teach people on how to do things, but if you want me to diagnose and do the work, then I must be compensated.


  36. mehdi haeri says:

    The Problem IS In  Host Header Value In IIS .

    Delete It If You Fill A Value

    it’s Work fine


  37. Rob Blass says:

    This is a bit dated. Just ran into this. George, your first and foremost problem is running IIS on a domain controller. DC’s have alot of integration complexity with DNS and of course security. If you have no other option but to run in a domain than so be it. We now host over 30 websites on our workgroup. Initially we tried to do DC’s to provide tighter security. But the trade off was too grand with complexity. Do yourself a favor, leave domain stuff on DC’s and IIS servers on as either member servers or workgroup servers.

  38. handan says:

    iis can’t start,

    service no response or control request!

    hwo to doing?

  39. Ronniebatch says:

    When going into a folder on my usb hard drive it a message comes up saying ‘Windows Explorer has encountered a problem and needs to close. We are sorry for this inconvenience’. It is ok in other folders

  40. David.Wang says:

    Ronniebatch – it sounds like you have installed some application which added folder handlers to Explorer (for example, WinZip), and that handler is crashing Explorer on that folder on your USB hard drive.

    You’ll have to figure out which buggy application extension you installed and get rid of it (or fix it). It may even be a bogus extension left over from a previously installed folder extension.

    In any case, this sounds like a misconfiguration of your computer and not a problem with Windows Explorer. For example, many people, including myself, have no problems going into a folder on our USB Hard Drives. So the problem has to be specific to some software you’ve installed/uninstalled on your computer, which can only be fixed if you determine the broken folder extension and getting rid of it.


  41. Thierry Beirens says:


    here my problem.

    We are running a webfarm in an NLB configuration , unicast mode.

    The farm has 3 servers windows 2003 standard edition SP1.

    Webfarm works flawlessly asp and 1.1 and 2.0 sites.

    Now, we want to add a 4-th server in the farm.

    We configured it exactly identical to the 3 other machines in the farm. We tested all webapplications, and all seems normal.

    Now, and here is the problem, we upgraded this 4-th machine to SP2, with the idea of testing out the SP2 upgrade on this machine BEFORE we upgraded are 3 other servers in the farm.

    AT first, during the test, all seems normal. But then , after a few minutes , the asp pages in the sites are getting TCP errors. pages keep on running. What is even more strange is taht we do not see any error message whatsoever in the logfiles, eventviewer, , http.sys errorlog, none nothing!

    I can get the applications stable by reducing the nr of worker procesees in the application pool of the site to 1 worker process. Since this server has 4 CPU’s, i configured it to having 4 worker processes (as i did on the other 3 server, because they to are or biprocessor machines or 4 way cpu machines).

    Any ideas on how i should troubelshoot this? Or any ideas on possible issues with SP2 regarding this matter?



  42. Susan Chen says:

    Hi David,

    I need your II6 Guru advice – the W3SVC service won’t start – I have tried uninstall / re-install the Web components but still no joy – IISADMIN, SMTP ..etc all start – I get error 87 parameter incorrect -is there a way to completely clean up the W3SVC so I can install clean again e.g. del some registry and system32inetserv ..etc

    Thanks in advance


  43. EL KLOON says:

    well thats page dont want to go ahead

    it has some problem with Bad Request (Invalid Hostname)

    so i need how to fix it


  44. ekreger says:

    Hello. I have run debug diagnostics and am a little confused by its output.

    [2/25/2009 2:02:23 PM] Thread created. New thread system id – 4728

    [2/25/2009 2:02:23 PM] Thread created. New thread system id – 4016

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    [2/25/2009 2:02:23 PM] First chance exception – 0xc0000005 caused by thread with system id 2448

    This is just a sample but from what I understand, First Chance Excpetions are not necessarily a problem.  However…. Should I be seeing this many so often on a site that is not being used hardly at all?