Welcome to Community Server Sign in | Join | Help

April 2005 - Posts

Most free IIS support forums tend to be dominated by questions related to configuration, how to, setup and so forth. However it's the crash/hang questions that generally do not get answered, or the responses generally tend to be "shot in the dark" suggestions on fixing the issue.

If you have an IIS crash (where a process, e.g. w3wp.exe or dllhost.exe terminates unexpectedly), or a hang (where IIS is not serving pages) then the best way to troubleshoot the problem is through the use of debugging tools. Whilst diagnostic tools like AuthDiag and SSLDiag can help with configuration issue, debugging tools can let you "peek inside" IIS to see what's happening when a crash or hang has occured.

The two most popular IIS debugging tools are adplus.vbs and IISState. Adplus.vbs is available with the Windows Debugging Toolkit. IISState was available with the IIS6 Resource Kit Tools, however an updated version is available for download from IISFAQ.com. To help with configuring and diagnosing IISState logs, I've done up a FAQ page to get you started.

Filed under:
IIS hangs - using IISState to debug a hang. What happens when someone uses the MSXML XMLHTTP object instead of the ServerXMLHTTP object? You run the risk of blocked threads as you scale up the load, and IIS appears to hang. We have a look at IISState log excerpt showing what's happening under the covers.
Filed under:

When using HTTP based authentication (e.g. Basic, NTLM, Digest, Kerberos), Internet Explorer (IE) will continue sending the same credentials for each subsequent request to the server until one of two things happens: either (a) the user closes their browser or (b) the server refuses the credentials with a 401 status code. This behaviour is described (about 1/3 of the way down, under Notes) in KB 264921.

A common request I see is how a programmer force a user to reauthenticate after a certain period, particularly after a period of inactivity. This might address a situation where a user has accidently left their machine unlocked and their browser window open, or where an application based session has expired, and the programmer wants to simultaneously force the user to reauthenticate.

In the past I would have recommended one of three strategies:

  • Programmatically send a 401 HTTP status to the client (e.g. Response.Status = 401)
  • Redirect a user to http://fakeuser:wrongpassword@www.yoursite.com (this doesn't work with patched IE6 anymore). Since fakeuser/wrongpassword isn't a valid Windows account, the user will be prompted to enter valid credentials
  • Use the client-side ActiveX control described in KB 195192

With the exception of the first option (setting the Response.Status), the methods are mostly ugly hacks IMHO.

Now, we have a new way of clearing the IE authentication cache. Beginning with IE6 SP1 the following piece of javascript code will clear IE's credentials cache. Note, that this will clear the credentials cache for the entire iexplore.exe process, so users will be forced to re-authenticate to any site being accessed by that process (in case they have multiple windows open pointing to multiple websites):

// Clear current credentials
// Requires IE6 SP1 or later
document.execCommand(ClearAuthenticationCache, false)

More information can be found in MSDN: ClearAuthenticationCache and execCommand

Filed under: ,

ASP.NET v2 Beta Quickstarts are now available.

Microsoft SQL Server Report Pack for Internet Information Services (IIS) is also now available for download from the Microsoft website. This provides a set of 12 sample reports that can be run against IIS Logfiles imported into SQL Server. Requires SQL Server Reporting Services.

Filed under: ,