Export (0) Print
Expand All

IIS providers

Updated: August 22, 2005

Applies To: Windows Server 2003, Windows Server 2003 with SP1

Components that provide tracing events to ETW, like ASP and ISAPI extensions, are called providers. In Windows Server 2003, Service Pack 1, the following IIS providers report trace data to ETW:

  • IIS: WWW Server

  • IIS: SSL Filter

  • IIS: ISAPI Extension

  • IIS: Active Server Pages (ASP)

  • IIS: IISAdmin

  • IIS: Request Monitor

When you configure the trace session by creating the provider file, you define which providers report data. Components not listed in the provider file do not report trace data. Each of the providers listed here is described in greater detail later in this section.

If you are actively troubleshooting a problem on a busy production server, try to limit the number of providers defined in the provider file or use the IIS: WWW Server UrlFilter flag to restrict tracing to a specific URL. Doing so will result in a more manageable set of trace data in the trace log which should make it easier to locate the source of the problem.

If you are new to request-based tracing, run a few practice trace sessions on a test computer with multiple (or all) providers defined in the provider file so you can see what kind of events are generated with “normal” traffic and how quickly the trace log can fill with data.

IIS: WWW Server

This provider traces the following core WWW service functional areas. If you wish to trace one or more of these functional areas, you must define these areas in the provider file using the designated flag or the friendly flag. If a flag or friendly flag is not designated in the provider file, the functional area will not be traced. The following table lists all of the functional areas, the flags to enable them, and the "friendly" flag name of each functional area. Each of these functional areas is described in detail later in this section.

 

Functional Area Flag Friendly Flag Name

UrlFilter

1

UseURLFilter

Authentication

2

IISAuthentication

Security

4

IISSecurity

ISAPI Filter

8

IISFilter

Static File

10

IISStaticFile

CGI

20

IISCGI

Compression

40

IISCompression

Cache

80

IISCache

WWW Server All

0xFFFFFFFE

IISAll

noteNote
You can identify more than one functional area in a provider file by adding the numeric flag values. For example, if you want to trace using the Urlfilter flag (1), the Authentication flag (2), and the Security flag (4), you can enter a flag value of 7 in your provider file to trace all of these areas.

UseUrlFilter

The UseUrlFilter flag allows you to specify which URL(s) to trace. If you do not enable this flag, request-based tracing traces all URLs. If you enable this flag and configure the TraceUriPrefix Metabase Property for the URL’s you want to trace, you can preserve system resources like disk space and CPU overhead while narrowing your troubleshooting efforts to a much smaller data set in the trace log.

ImportantImportant
If you plan to trace a specific URL or group of URLs using the UseUrlFilter flag, you must configure the TraceUriPrefix property in the IIS metabase with the URL’s you want to trace. If you enable the UseUrlFilter flag and do not enable the TraceUriPrefix property, ETW will not trace any URLs. For information on how to enable the TraceUriPrefix metabase property, see How to Trace Requests for a Specific URL or Set of URLs.

Authentication

The IISAuthentication flag traces authentication actions, including the name of the authenticated user, the authentication scheme (anonymous, basic, etc) and the results of the authentication attempt (successful, failed, error, etc). If users are having problems authenticating on your Web application, use the IISAuthentication flag to understand what is happening with authentication on the server.

Security

The IISSecurity flag generates trace events when requests are rejected by the IIS server for security-related reasons, like a client request was denied access to a resource. Use this flag to understand why requests are being rejected for security reasons.

ISAPI Filter

The IISFilter flag traces calls into and out of ISAPI filters. Use this flag to understand how requests have been changed after entering an ISAPI filter, as well as how long requests are spending in the filters.

Static File

The IISStaticFile flag generates trace events when a request is for a static file.

CGI

The IISCGI flag generates trace events when a request is for a CGI file.

Compression

The IISCompression flag generates trace events when a response is compressed.

Cache

The IISCache flag generates trace events for cache operations associated with the request.

WWW Server All

The IISAll flag forces all of the WWW Server functional areas to generate trace events.

IIS: SSL Filter

This provider traces calls into and out of the Secure Sockets Layer (SSL) Filter, which is used for encrypting and decrypting SSL requests.

IIS: WWW ISAPI Extension

This provider traces ISAPI extension requests.

IIS: Active Server Pages (ASP)

This provider traces requests for Active Server Pages (ASP) files, including calls into and out of COM+ objects. The events captured by this provider are useful for diagnosing hangs or crashes caused by COM objects used in ASP pages.

IIS: IISAdmin Service

This provider traces the IIS Admin service during startup and shutdown. The IIS Admin service reads the IIS metabase.xml file which stores all IIS configuration data. Use this provider if you notice that the IISAdmin service has trouble starting up or shutting down.

This provider includes the following flags:

Startup

The Startup flag forces ETW to trace IIS Admin service startup events.

Shutdown

The Shutdown flag forces ETW to trace IIS Admin service shutdown events.

For more information about this provider, see Tracing Startup and Shutdown Problems in the IIS Admin Service.

IIS: Request Monitor

This provider traces all requests currently executing in worker processes at the moment tracing was started. For more information about this provider, see Currently Executing Requests Tracing.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft