Using FREB to generate a dump on a long running request

If you are using IIS and you are familiar with the failed request tracing feature, or FREB for short, you know how to generate FREB traces for long running requests. In this article we will explore how to generate a dump based on the FREB rule, for example, when a request takes more than 15 seconds complete.

The major drawback is that you need to make a choice between the FREB log and the dump. It’s either one or the other, but not both at the same time.

Here is how to do it:

• Configure a FREB rule as usual (you can go through the following troubleshooting tutorial mentioned above if you need a refresher:
  You should get the following configuration in the Web.Config of your application:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <tracing>
            <traceFailedRequests>
                <add path="*">
                    <traceAreas>
                        <add provider="ASP" verbosity="Verbose" />
                        <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                        <add provider="ISAPI Extension" verbosity="Verbose" />
                        <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions timeTaken="00:00:15" />
                </add>
            </traceFailedRequests>
        </tracing>
    </system.webServer>
</configuration>

          If you have not authorized the delegation, you’ll find the same configuration in the ApplicationHost.config file located in the folder "C:\Windows\System32\Inetsrv\Config".

• Once tracing module is installed and the FREB rule is set, you need to allow Failed Tracing Module to accept custom actions, by setting CustomActionsEnabled attribute to True.

There are three main ways to perform this action:

1. Using the Configuration Editor in the IIS Manager Console:
The first one and the recommended one, is to use the Configuration Editor on the server level, and navigate to applicationHost/sites then click on the '…' button as shown in the Figure below :

Then, select the site you have already added the Failed Tracing Rule for, and set customActionsEnabled to True:

2. Edit the ApplicationHost.config file

The second way, is to open the ApplicationHost.config

• Look for the tag <sites>
• And add to the web site you want to monitor customActionsEnabled="true" to <traceFailedRequestsLogging enabled="true" />
• The configuration for the Default Web Site will thus become:

<sites>
    <site name=" Delay.com" id="2" serverAutoStart="true">
        <application path="/">
            <virtualDirectory path="/" physicalPath="%SystemDrive%\inetpub\wwwroot" />
        </application>
        <bindings>
            <binding protocol="http" bindingInformation="*:80:" />
        </bindings>
        <traceFailedRequestsLogging enabled="true" customActionsEnabled="true" />
    </site>
</sites>

3. Using the appcmd command line tool
The third way, is to use the appcmd.exe tool used to configure IIS in command line mode:

• Open a CMD console
• Navigate to the folder "C:\Windows\System32\Inetsrv"
• Then execute the following command-line: (/[name='x'] where x is the name of your web site)

appcmd.exe set config -section:system.applicationHost/sites "/[name= Delay.com].traceFailedRequestsLogging.customActionsEnabled:"true"" /commit:apphost

You should find the exact same configuration as the one displayed above in the ApplicationHost.config file.

• Now, to be able to generate a dump via a FREB rule, you need to install ProcDump, and copy the executable under the C:\procDump path (Preferably) and create a directory called myDumps under C:\ drive as well.
• !!! Warning !!! You have to install the ProcDump tool in a folder path that does not contain whitespaces, otherwise it will be impossible to execute ProcDump via FREB.
  For example, "C:\procdump" is a good path folder while "C:\Process Dump" isn’t.
• The last step consists to indicate the specific action we need: generate a dump, this action can be done either from Configuration Editor (which is again the recommended way), or directly from Web or ApplicationHost configuration files.
• Using Configuration Editor.
  • You can do this action either on the server level or Site level, as shown in below figure:

• • Click on the … button on above figure, then Click Add action link under the Action Pane, and fill properties as shown below:

    CustomActionExe corresponds to the executable we want to launch
    customActionParams corresponds to the parameters passed to the executable (note that the %1% parameter will be used by IIS to pass in the PID of the worker process to the procdump executable)
    By default dumps will be generated in the folder C:\myDumps.Using Configuration Editor

• Using Configuration (web or applicationHost) files.
  • in the web or applicationHost config file, in the section <webServer> <tracing> <traceFailedRequests>.
    You just need to add the following elements to <add path="*">:

    <add path="*" customActionExe="C:\Procdump\procdump.exe" customActionParams="-accepteula -ma %1% c:\myDumps" customActionTriggerLimit="50">​

    You should get a Web.Config / ApplicationHost.config similar to the following:

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <tracing>
                <traceFailedRequests>
                    <add path="*" customActionExe="C:\Procdump\procdump.exe" customActionParams="-accepteula -ma %1% c:\myDumps" customActionTriggerLimit="50">
                        <traceAreas>
                            <add provider="ASP" verbosity="Verbose" />
                            <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                            <add provider="ISAPI Extension" verbosity="Verbose" />
                            <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module" verbosity="Verbose" />
                        </traceAreas>
                        <failureDefinitions timeTaken="00:00:15" />
                    </add>
                </traceFailedRequests>
            </tracing>
        </system.webServer>
    </configuration>
    ​

  • For your information you can replace the star in <add path="*" by a specific page like "default.htm" or by example by a specific extension like "*.aspx" to limit the activation of the rule to a specific url type.

Once all these configurations are saved, you only need to reproduce the issue and wait for the dump to be generated.

Originally written by: Sylvain Lecerf
rewritten and updated by: Muna AlHasan and Paul Cociuba