If you are using IIS and you are familiar with the failed request tracing feature, or FREB for short, you know how to generate FREB traces for long running requests. In this article we will explore how to generate a dump based on the FREB rule, for example, when a request takes more than 15 seconds complete.
The major drawback is that you need to make a choice between the FREB log and the dump. It’s either one or the other, but not both at the same time.
Here is how to do it:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<tracing>
<traceFailedRequests>
<add path="*">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:15" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
</configuration>
If you have not authorized the delegation, you’ll find the same configuration in the ApplicationHost.config file located in the folder "C:\Windows\System32\Inetsrv\Config".
There are three main ways to perform this action:
1. Using the Configuration Editor in the IIS Manager Console:
The first one and the recommended one, is to use the Configuration Editor on the server level, and navigate to applicationHost/sites then click on the '…' button as shown in the Figure below :
Then, select the site you have already added the Failed Tracing Rule for, and set customActionsEnabled to True:
2. Edit the ApplicationHost.config file
The second way, is to open the ApplicationHost.config
<sites>
<site name=" Delay.com" id="2" serverAutoStart="true">
<application path="/">
<virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:80:" />
</bindings>
<traceFailedRequestsLogging enabled="true" customActionsEnabled="true" />
</site>
</sites>
3. Using the appcmd command line tool
The third way, is to use the appcmd.exe tool used to configure IIS in command line mode:
appcmd.exe set config -section:system.applicationHost/sites "/[name= Delay.com].traceFailedRequestsLogging.customActionsEnabled:"true"" /commit:apphost
You should find the exact same configuration as the one displayed above in the ApplicationHost.config file.
Click on the … button on above figure, then Click Add action link under the Action Pane, and fill properties as shown below:
<add path="*" customActionExe="C:\Procdump\procdump.exe" customActionParams="-accepteula -ma %1% c:\myDumps" customActionTriggerLimit="50">
You should get a Web.Config / ApplicationHost.config similar to the following:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<tracing>
<traceFailedRequests>
<add path="*" customActionExe="C:\Procdump\procdump.exe" customActionParams="-accepteula -ma %1% c:\myDumps" customActionTriggerLimit="50">
<traceAreas>
<add provider="ASP" verbosity="Verbose" />
<add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
<add provider="ISAPI Extension" verbosity="Verbose" />
<add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
</traceAreas>
<failureDefinitions timeTaken="00:00:15" />
</add>
</traceFailedRequests>
</tracing>
</system.webServer>
</configuration>
For your information you can replace the star in <add path="*" by a specific page like "default.htm" or by example by a specific extension like "*.aspx" to limit the activation of the rule to a specific url type.
Once all these configurations are saved, you only need to reproduce the issue and wait for the dump to be generated.
Originally written by: Sylvain Lecerf
rewritten and updated by: Muna AlHasan and Paul Cociuba
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.