IIS providers
Applies To: Windows Server 2003, Windows Server 2003 with SP1
Components that provide tracing events to ETW, like ASP and ISAPI extensions, are called providers. In Windows Server 2003, Service Pack 1, the following IIS providers report trace data to ETW:
IIS: WWW Server
IIS: SSL Filter
IIS: ISAPI Extension
IIS: Active Server Pages (ASP)
IIS: IISAdmin
IIS: Request Monitor
When you configure the trace session by creating the provider file, you define which providers report data. Components not listed in the provider file do not report trace data. Each of the providers listed here is described in greater detail later in this section.
If you are actively troubleshooting a problem on a busy production server, try to limit the number of providers defined in the provider file or use the IIS: WWW Server UrlFilter flag to restrict tracing to a specific URL. Doing so will result in a more manageable set of trace data in the trace log which should make it easier to locate the source of the problem.
If you are new to request-based tracing, run a few practice trace sessions on a test computer with multiple (or all) providers defined in the provider file so you can see what kind of events are generated with “normal” traffic and how quickly the trace log can fill with data.
IIS: WWW Server
This provider traces the following core WWW service functional areas. If you wish to trace one or more of these functional areas, you must define these areas in the provider file using the designated flag or the friendly flag. If a flag or friendly flag is not designated in the provider file, the functional area will not be traced. The following table lists all of the functional areas, the flags to enable them, and the "friendly" flag name of each functional area. Each of these functional areas is described in detail later in this section.
| Functional Area | Flag | Friendly Flag Name |
|---|---|---|
UrlFilter |
1 |
UseURLFilter |
Authentication |
2 |
IISAuthentication |
Security |
4 |
IISSecurity |
ISAPI Filter |
8 |
IISFilter |
Static File |
10 |
IISStaticFile |
CGI |
20 |
IISCGI |
Compression |
40 |
IISCompression |
Cache |
80 |
IISCache |
WWW Server All |
0xFFFFFFFE |
IISAll |
Note
You can identify more than one functional area in a provider file by adding the numeric flag values. For example, if you want to trace using the Urlfilter flag (1), the Authentication flag (2), and the Security flag (4), you can enter a flag value of 7 in your provider file to trace all of these areas.
UseUrlFilter
The UseUrlFilter flag allows you to specify which URL(s) to trace. If you do not enable this flag, request-based tracing traces all URLs. If you enable this flag and configure the TraceUriPrefix Metabase Property for the URL’s you want to trace, you can preserve system resources like disk space and CPU overhead while narrowing your troubleshooting efforts to a much smaller data set in the trace log.
Important
If you plan to trace a specific URL or group of URLs using the UseUrlFilter flag, you must configure the TraceUriPrefix property in the IIS metabase with the URL’s you want to trace. If you enable the UseUrlFilter flag and do not enable the TraceUriPrefix property, ETW will not trace any URLs. For information on how to enable the TraceUriPrefix metabase property, see How to Trace Requests for a Specific URL or Set of URLs.
Authentication
The IISAuthentication flag traces authentication actions, including the name of the authenticated user, the authentication scheme (anonymous, basic, etc) and the results of the authentication attempt (successful, failed, error, etc). If users are having problems authenticating on your Web application, use the IISAuthentication flag to understand what is happening with authentication on the server.
Security
The IISSecurity flag generates trace events when requests are rejected by the IIS server for security-related reasons, like a client request was denied access to a resource. Use this flag to understand why requests are being rejected for security reasons.
ISAPI Filter
The IISFilter flag traces calls into and out of ISAPI filters. Use this flag to understand how requests have been changed after entering an ISAPI filter, as well as how long requests are spending in the filters.
Static File
The IISStaticFile flag generates trace events when a request is for a static file.
CGI
The IISCGI flag generates trace events when a request is for a CGI file.
Compression
The IISCompression flag generates trace events when a response is compressed.
Cache
The IISCache flag generates trace events for cache operations associated with the request.
WWW Server All
The IISAll flag forces all of the WWW Server functional areas to generate trace events.
IIS: SSL Filter
This provider traces calls into and out of the Secure Sockets Layer (SSL) Filter, which is used for encrypting and decrypting SSL requests.
IIS: WWW ISAPI Extension
This provider traces ISAPI extension requests.
IIS: Active Server Pages (ASP)
This provider traces requests for Active Server Pages (ASP) files, including calls into and out of COM+ objects. The events captured by this provider are useful for diagnosing hangs or crashes caused by COM objects used in ASP pages.
IIS: IISAdmin Service
This provider traces the IIS Admin service during startup and shutdown. The IIS Admin service reads the IIS metabase.xml file which stores all IIS configuration data. Use this provider if you notice that the IISAdmin service has trouble starting up or shutting down.
This provider includes the following flags:
Startup
The Startup flag forces ETW to trace IIS Admin service startup events.
Shutdown
The Shutdown flag forces ETW to trace IIS Admin service shutdown events.
For more information about this provider, see Tracing Startup and Shutdown Problems in the IIS Admin Service.
IIS: Request Monitor
This provider traces all requests currently executing in worker processes at the moment tracing was started. For more information about this provider, see Currently Executing Requests Tracing.