System administrators use IIS Manager to manage the applications they host in web servers. If IIS Manager doesn’t open because of an error such as “Creating an instance of the COM component with CLSID failed (800700b7)”, it may cause delays in maintenance and migrations.

The error message:

There was an error when trying to connect. Do you want to retype your credentials and try again?

Details:
Creating an instance of the COM component with CLSID from the IClassFactory failed due to the following error: 800700b7. Cannot create a file when that file already exists. (Exception from HRESULT: 0x800700B7).

Solution for the “Creating an instance of the COM component with CLSID failed (800700b7)” error

This issue occurs when there is a missing, corrupt or duplicate library that prevents IIS Admin Service from running. It may happen after an in-place upgrade, migration, Windows updates or any other operation that works with system libraries.

There are a couple things to check if you run into this issue:

• Have a look at Application and System sections in Event Viewer to find out information about the root cause
• Collect a trace by using Process Monitor and look for any failures. It’s possible that the root cause hides behind a SUCCESS message so don’t be surprised if everything looks good in the trace (Example). Take another trace from a working server and compare them

If you can’t find out the root cause from logs and traces, here are a few things to try for solving this issue (Check if IIS Manager opens successfully after each step):

1. Uninstall and install IIS Management Tools
2. Try to start IIS Admin Service in Services window
3. Run iisreset in admin Command Prompt
4. Run aspnet_regiis -I in admin Command Prompt
5. Reinstall .NET Framework version you have
6. Check the permissions on this folder: c:\programData\Microsoft\crypto\RSA\machineKeys
   Make sure Everyone has Read/Write and Administrators have all permissions (A related forum post)
7. If nothing works, uninstall and install IIS back (Similar issue)

If the error message mentions a problem with local activation, check this post out for the troubleshooting steps: DCOM 10016 Local Activation permission for the COM Server

The post Creating an instance of the COM component with CLSID failed (800700b7) appeared first on port135.com.

From application slowness to 500 errors, we use Failed Request Tracing logs to get clues about the root cause of website related issues. However, the tracing itself may be subject of the troubleshooting efforts because of an error like “Cannot add duplicate collection entry of type (0x800700b7)”.

This the error message I saw for one of the applications after I enabled Failed Request Tracing in the IIS server:

Cannot add duplicate collection entry of type ‘add’ with unique key attribute ‘path’ set to ‘*’

Error code: 0x800700b7

Solution for the “Cannot add duplicate collection entry of type (0x800700b7)” error

The error message mentions a duplicate record so the first thing to try is checking the web.config for identical definitions:

1. Enable Failed Request Tracing
2. Add a rule
3. If the issue occurs, check web.config file. Are there two sets of Failed Request Tracing rules even though you added only one?

If there are no duplicate entries, check the tracing module in all application, site, and server levels in IIS Manager. Make sure there are no conflicting rules. Do the same for applicationHost.config file. Make sure tracing for the same site is not enabled more than once.

After making sure there is only one rule, if the issue persists, add the line below into web.config. It will remove all existing rules to prevent duplication (Related forum post).

<remove path="*" />

The entire configuration of the Failed Request Tracing rule in the web.config:

<configuration>
    <system.webServer>
        <tracing>
            <traceFailedRequests>
                <remove path="*" />
                <add path="*">
                    <traceAreas>
                        <add provider="ASP" verbosity="Verbose" />
                        <add provider="ASPNET" areas="Infrastructure,Module,Page,AppServices" verbosity="Verbose" />
                        <add provider="ISAPI Extension" verbosity="Verbose" />
                        <add provider="WWW Server" areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache,RequestNotifications,Module,FastCGI,WebSocket" verbosity="Verbose" />
                    </traceAreas>
                    <failureDefinitions statusCodes="500" />
                </add>
            </traceFailedRequests>
        </tracing>
   
    </system.webServer>
</configuration>

A side note: In my case, the environment this issue occurred had two IIS servers pointing to the same web.config (located in a network share). This made it the issue more complicated.

There could be more than one root causes of the 0x800700b7 error. If the issue is still occurring after the config change above, check this post out: Creating an instance of the COM component with CLSID failed (800700b7)

The post Cannot add duplicate collection entry of type (0x800700b7) appeared first on port135.com.

Numerous Microsoft products rely on IIS to perform fundamental functions. One of these products is SCCM (System Center Configuration Manager). Its management points run on IIS. If wmsvc service doesn’t start because of an error like “The Web Management Service could not be started (2147483656)”, management points may run into issues.

Web Management Service enables remote administration of IIS. Therefore, It is crucial in many scenarios.

Here is the error PowerShell displayed when I tried to run Web Management Service:

Solution for the error “The Web Management Service could not be started (2147483656)”

Follow the steps below to solve this issue:

• In IIS Manager, go to Management Service Delegation and make sure “Allow administrators to bypass rules” is checked (in Edit Feature Settings window)

• Go to “Management Service” and select the self-signed certificate. If there is no self signed certificate, create one in “Server Certificates” window
• Try to enable Management Service again

If you come across to this issue while trying to deploy an application from Visual Studio, check this post out for the solution: Web Deploy experienced a connection problem (ERROR_CONNECTION_TERMINATED)

The post The Web Management Service could not be started (2147483656) appeared first on port135.com.

IIS depends on World Wide Web Publishing service to host websites. And this service has a dependency to Windows Process Activation Service (WAS). In some cases, WAS may not start because of the “Error 13: The data is invalid” error.

The error messages:

“Windows could not start the Windows Process Activation Service service on Local Computer. Error 13: The data is invalid:

Event 7023 for Service Control Manager: “The Windows Process Activation Service service terminated with the following error: The data is invalid.”

Solution for Error 13: The data is invalid

If you see “The data is invalid” error with WAS server, the first thing to check is the IIS configuration file (applicationHost.config) file. This file is probably corrupted. Any issues with the file will prevent IIS functioning.

Go to C:\Windows\System32\inetsrv\config\ folder and open applicationHost.config file. Make sure you see <configuration> in the beginning and </configuration> at the end. Most of the time, you won’t see the closing tag. Instead, there will be unknown characters that mean the file is corrupted. Sometimes, you may not see any content at all which is also an issue.

Screenshot of a corrupted applicationHost.config file:

If there is something wrong with this file, your options are

• If there is a backup of this file, replace it
• Even if you don’t have a backup of the file, you may have a backup of the entire server. Try to get the file from that backup
• If there is another server hosting the same websites with the same configuration, try to get the parts of the file from that server to fix the corruption in the non-working server
• In case you don’t have backup or another server, you can try to fix the corrupted part manually. Sometimes, only a few closing tags are missing. You can easily fix the issue if that’s the case. However, if a big portion of the file is corrupted, this method may not work
• If the file is completely empty and you don’t have a backup or another server, you will need to uninstall and install IIS back. This will create a brand-new configuration file. However, you will need to create the sites and application pools from scratch

If you are seeing “The Windows Process Activation Service encountered an error trying to read configuration data” error, check this post out for the solution: Windows Process Activation error (NetFx40_IIS_schema_update.xml)

Error 13 may refer to a coding issue as well. More information: Type mismatch

The post Error 13: The data is invalid (WAS service) appeared first on port135.com.

Many companies create custom error pages to provide a more meaningful message to users if there is an issue with the website. IIS provides an easy way to add custom error pages in IIS Manager. However, using IIS Manager to for adding a custom page for 401 errors may break Windows Authentication.

If your website keeps prompting credentials even though you enter the correct username and password, your custom error page might be the one causing the issue.

What to Do If The Custom Error Page for 401 Status Breaks Windows Authentication

This behavior is by design. It is expected for Windows Authentication to break if there is a new custom error page for 401 errors. 401 challenge is not designed to work with customized error pages.

You may try some workaround suggested on internet like the ones here but it’s unlikely that a new page will work with 401 challenge.

Instead of trying to add a new custom error page, I would recommend editing the IIS default error page located at %SystemDrive%\inetpub\custerr\en-US\401.htm

Simply open this file in notepad and make changes. You may want to enter a user-friendly message with contact information of the IT Support. Then save it as htm file. Replace the existing one.

If the sub-status code for 401 error is 2, the issue might be different. Check this post out for the solution: IIS binding limit (401.2 Windows Authentication error)

The post Adding a Custom Error Page for 401 Error Breaks Windows Authentication appeared first on port135.com.

Application Request Routing (ARR) is a feature that allows IIS to work as load balancer. By using this feature, IIS can route traffic to multiple web servers based on the specific rules. This is a module that doesn’t come with IIS by default so you will need to install it separately. However, even if you install it, it may not show up in IIS Manager.

Here is how a server farm looks like when ARR settings don’t show up:

Solution for Making Application Request Routing Available in IIS Manager

Something probably went wrong during the ARR installation. The steps below should fix the issue and make ARR settings available in IIS Manager.

1. Remove ARR from Add/Remove Programs
2. Remove the server farm
3. Install ARR back
4. Restart IIS
5. Close and open IIS Manager

If you remove ARR and install it back without removing the server farm, IIS Manager will still be broke. So it’s important to follow the steps above in order.

In case you are not sure if ARR is installed or not, How to check if ARR (Application Request Routing) extension is installed in IIS?

The post Application Request Routing is Not Available in IIS Manager appeared first on port135.com.

IIS attaches a set of headers like Content-Type and X-Powered-By to the response by default. In addition to these headers, developers can also add custom headers. If you want to change or remove one of these response headers, you can use URL Rewrite rules in IIS Manager.

Change Response Headers using URL Rewrite

Follow the steps below to change the value of a response header. Please note that these steps won’t remove a response header. They will only change the value.

For this post, I changed the value of ETag header. It’s one of the default headers.

There are two high-level steps:

• Add a server variable
• Add a URL Rewrite rule to edit this server variable

Steps to add a server variable

1. If you haven’t already, install URL Rewrite and reopen IIS Manager
2. Click on the website
3. Double click on URL Rewrite
4. On the right side, click View Server Variables
5. Click Add
6. Enter RESPONSE_ETag and click OK

Steps to add a URL Rewrite rule

1. In IIS Manager, click on the website
2. Double click on URL Rewrite
3. On the right side, click Add Rule(s)
4. Select Blank rule in Outbound Rules section and click OK
5. Fill out the fields with the following values
   • Precondition: None
   • Matching scope: Server Variable
   • Variable name: RESPONSE_ETag
   • Variable value: Matches the Pattern
   • Using: Regular Expressions
   • Pattern: .*
   • Ignore case: checked
   • Conditions: none
   • Action type: Rewrite
   • Value: newvalue
   • Replace existing server variable value: checked
6. On the right side, click Apply
7. Clear the cache and refresh the page (or hit Ctrl + F5). ETag header should have “newvalue” now

Here is how the Match section of the rule looks like:

Action section:

New value:

If you want to change a header to prevent Host Header Attack, check this post out: Solution for Host Header Attack and Vulnerability. Other useful links: Post 1, Post 2

The post How to Change or Remove Response Headers using URL Rewrite in IIS appeared first on port135.com.

While trying to set application pool identity in IIS Manager, I came across “Keyset does not exist” error. When I looked at the Event Viewer, I saw this message:

ERROR ( hresult:80090016, message:Failed to commit configuration changes. Keyset does not exist)

Solution for “Keyset does not exist” error (hresult:80090016)

This issue occurs when there is a problem with the machine keys. These keys are located at C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys

There are three machine keys IIS uses for encryption. The first thing to check is if these files exist. If they don’t, you will need to reinstall IIS for the files to be recreated.

If the files exist in MachineKeys folder, check their security permissions. In my case, these files didn’t have owners.

After taking the ownership, I saw that only IIS_IUSRS account was in the permission list. I added DatabaseAdministrators group to the Security list. This brought back other required permissions as well. We were able to change application pool identity password afterwards.

Note: If you see 0x8009000D error along with “Keyset does not exist” message, please check this post.

If there is a huge amount of files (thousands of them) in the MachineKeys folder, there might be another issue. More details: Remove older files in MachineKeys folder

The post Failed to commit configuration changes. Keyset does not exist (80090016) appeared first on port135.com.

Whiling logging to an application or navigating after login, the page was spinning for about a minute and giving a timeout error. The error message:

The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. The socket transfer timed out after 00:01:00. You have exceeded the timeout set on your binding.

The application utilizes a WCF service. We collected a dump file from both the ASPX page and WCF service while the page was spinning. Here are the exceptions we saw in the dump files:

Exception Type : System.Net.Sockets.SocketException
Message: An existing connection was forcibly closed by the remote host
InnerException: <none>
StackTrace:
System.ServiceModel.Channels.SocketConnection.Write(Byte[], Int32, Int32, Boolean, System.TimeSpan)

Exception Type : System.ServiceModel.CommunicationException
Message: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.
InnerException: <none>
StackTrace:
System.Runtime.AsyncResult.End[[System.__Canon, mscorlib]](System.IAsyncResult)
System.ServiceModel.Activation.WorkerProcess.EndDispatchSession(System.IAsyncResult)

Exception Type : System.IO.PipeException
Message: There was an error reading from the pipe: The pipe has been ended. (109, 0x6d).
InnerException: <none>
StackTrace:
System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)

The Event Viewer showed these errors as well:

Solution for The Timeout Error Caused by Idle Time-Out Action Suspend

For this website, Idle Time-out Action in the application pool settings was set to “Suspend”. This option isn’t helpful in many scenarios. I don’t recommend using it.

Setting Idle Time-out Action to Terminate solved the issue. Website started displaying pages without any issues.

Note: For this IIS server, there was a separate issue. The appdomain was being recycled intermittently. We figured this was because of the antivirus software. It is recommended to exclude certain folders from antivirus scan in IIS servers.

If you like to find out who change the application pool settings, please check this post out.

For a timeout issue related to the communication with database, please have a look at the steps in this post: The timeout period elapsed prior to obtaining a connection from the pool

The post Timeout Error Caused by Idle Time-Out Action Suspend appeared first on port135.com.

While analyzing IIS logs, system admins may come across a specific IP address that is generating an unusual amount of traffic. If you think this is s malicious activity, you can easily block the IP address using a built-in IIS feature.

Block an IP address in IIS Manager

Here are the high-level steps for using IP and Domain Restrictions module to block an IP address.

1. Install “IP and Domain Restrictions” using Server Manager
2. Close and reopen IIS Manager
3. Click on the website. Go to “IP Address and Domain Restrictions”
4. Add a Deny rule with the IP address
5. Once you add the rule, the client with that IP address will see 403 Forbidden error

The user whose IP address is blocked will see “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied” message. If you want to change this message, check out this tutorial.

For other IP address related management activities in IIS, please check the related posts below.

The post How to Block an IP address in IIS using IP and Domain Restrictions? appeared first on port135.com.

Numerous Microsoft products rely on IIS to perform fundamental functions. One of these products is SCCM (System Center Configuration Manager). Its management points run on IIS. If wmsvc service doesn’t start because of an error like “The Web Management Service could not be started (2147483656)”, management points may run into issues.

Web Management Service enables remote administration of IIS. Therefore, It is crucial in many scenarios.

Here is the error PowerShell displayed when I tried to run Web Management Service:

Solution for the error “The Web Management Service could not be started (2147483656)”

Follow the steps below to solve this issue:

• In IIS Manager, go to Management Service Delegation and make sure “Allow administrators to bypass rules” is checked (in Edit Feature Settings window)

• Go to “Management Service” and select the self-signed certificate. If there is no self signed certificate, create one in “Server Certificates” window
• Try to enable Management Service again

If you come across to this issue while trying to deploy an application from Visual Studio, check this post out for the solution: Web Deploy experienced a connection problem (ERROR_CONNECTION_TERMINATED)

The post The Web Management Service could not be started (2147483656) appeared first on port135.com.

IIS depends on World Wide Web Publishing service to host websites. And this service has a dependency to Windows Process Activation Service (WAS). In some cases, WAS may not start because of the “Error 13: The data is invalid” error.

The error messages:

“Windows could not start the Windows Process Activation Service service on Local Computer. Error 13: The data is invalid:

Event 7023 for Service Control Manager: “The Windows Process Activation Service service terminated with the following error: The data is invalid.”

Solution for Error 13: The data is invalid

If you see “The data is invalid” error with WAS server, the first thing to check is the IIS configuration file (applicationHost.config). This file is probably corrupted. Any issues with the file will prevent IIS functioning properly.

Go to C:\Windows\System32\inetsrv\config\ folder and open applicationHost.config file. Make sure you see <configuration> in the beginning and </configuration> at the end. Most of the time, you won’t see the closing tag. Instead, there will be unknown characters that mean the file is corrupted. Sometimes, you may not see any content at all which is also an issue.

Screenshot of a corrupted applicationHost.config file:

If there is something wrong with this file, your options are

• If there is a backup of this file, replace it
• Even if you don’t have a backup of the file, you may have a backup of the entire server. Try to get the file from that backup
• If there is another server hosting the same websites with the same configuration, try to get the parts of the file from that server to fix the corruption in the non-working server
• In case you don’t have backup or another server, you can try to fix the corrupted part manually. Sometimes, only a few closing tags are missing. You can easily fix the issue if that’s the case. However, if a big portion of the file is corrupted, this method may not work
• If the file is completely empty and you don’t have a backup or another server, you will need to uninstall and install IIS back. This will create a brand-new configuration file. However, you will need to create the sites and application pools from scratch

If you are seeing “The Windows Process Activation Service encountered an error trying to read configuration data” error, check this post out for the solution: Windows Process Activation error (NetFx40_IIS_schema_update.xml)

Error 13 may refer to a coding issue as well. More information: Type mismatch

The post Error 13: The data is invalid (WAS service) appeared first on port135.com.

While signing in to an application or navigating after login, the page was spinning for about a minute and giving a timeout error. The error message:

The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout. The socket transfer timed out after 00:01:00. You have exceeded the timeout set on your binding.

The application utilizes a WCF service. We collected a dump file from both the ASPX page and WCF service while the page was spinning. Here are the exceptions we saw in the dump files:

Exception Type : System.Net.Sockets.SocketException
Message: An existing connection was forcibly closed by the remote host
InnerException: <none>
StackTrace:
System.ServiceModel.Channels.SocketConnection.Write(Byte[], Int32, Int32, Boolean, System.TimeSpan)

Exception Type : System.ServiceModel.CommunicationException
Message: The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.
InnerException: <none>
StackTrace:
System.Runtime.AsyncResult.End[[System.__Canon, mscorlib]](System.IAsyncResult)
System.ServiceModel.Activation.WorkerProcess.EndDispatchSession(System.IAsyncResult)

Exception Type : System.IO.PipeException
Message: There was an error reading from the pipe: The pipe has been ended. (109, 0x6d).
InnerException: <none>
StackTrace:
System.ServiceModel.Channels.PipeConnection.OnAsyncReadComplete(Boolean, Int32, Int32)

The Event Viewer showed these errors as well:

Solution for The Timeout Error Caused by Idle Time-Out Action Suspend

For this website, Idle Time-out Action in the application pool settings was set to “Suspend”. This option isn’t helpful in many scenarios. I don’t recommend using it.

Setting Idle Time-out Action to Terminate solved the issue. Website started displaying pages without any issues.

Note: For this IIS server, there was a separate issue. The appdomain was being recycled intermittently. We figured this was because of the antivirus software. It is recommended to exclude certain folders from antivirus scan in IIS servers.

If you like to find out who change the application pool settings, please check this post out.

For a timeout issue related to the communication with database, please have a look at the steps in this post: The timeout period elapsed prior to obtaining a connection from the pool

The post Timeout Error Caused by Idle Time-Out Action Suspend appeared first on port135.com.

While analyzing IIS logs, system admins may come across a specific IP address that is generating an unusual amount of traffic. If you think this is s malicious activity, you can easily block the IP address using a built-in IIS feature.

Block an IP address in IIS Manager

Here are the high-level steps for using IP and Domain Restrictions module to block an IP address.

1. Install “IP and Domain Restrictions” using Server Manager
2. Close and reopen IIS Manager
3. Click on the website. Go to “IP Address and Domain Restrictions”
4. Add a Deny rule with the IP address
5. Once you add the rule, the client with that IP address will see 403 Forbidden error

The user whose IP address is blocked will see “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied” message. If you want to change this message, check out this tutorial.

For other IP address related management activities in IIS, please check the related posts below.

The post How to Block an IP address in IIS using IP and Domain Restrictions? appeared first on port135.com.

Let’s say your website’s address is this:

http://testsite.com/testapp/default.htm

but you want your users to see the URL below in their address bar (The name “testapp” is removed)

http://testsite.com/default.htm

Here is the URL Rewrite Inbound rule to use for striping out the folder name from the path:

<rewrite>
      <rules>
           <rule name="Remove testapp" stopProcessing="true">
                <match url=".*(testapp)(.+)" />
                <action type="Redirect" url=http://testsite.com{R:2} appendQueryString="false" />
           </rule>
      </rules>
</rewrite>

If you also want to redirect HTTP to HTTPS, check this post out: How to redirect HTTP requests to HTTPS by using IIS URL Rewrite

If you receive an error related to this configuration, this post may help: The configuration section rewrite/globalRules cannot be read because it is missing a section declaration

The post URL Rewrite Inbound rule to strip out folder names from URLs appeared first on port135.com.

Setting up Failed Request Tracing to troubleshoot web application issues is pretty straightforward: Install Tracing module in Server Manager, enable Failed Request Tracing in IIS Manager, and add a rule for the type of issue you are working on (500 status code, delay over 10 seconds etc.).

However, you may notice that logs are not created even though the condition in your rule is met.

Note: Uninstalling the Tracing module in Server Manager and installing it back normally solves issues related to FREB but this is sometimes not a convenient approach if Shared Configuration is used or you are not able to restart the server (uninstalling the Tracing module requires server restart)

What to do if Failed Request Tracing (FREB) is not creating logs

Here are a few quick checks to do:

• Double-check if FREB is enabled
• Check if the path for creating logs is correct
• Make sure the application pool identity has permissions to write in this folder
• If everything looks good but the issue still exists, add a new website and add a rule for status codes between 200 and 600. This should trigger logging for all kinds of requests

If there are still no log files, It’s time to dive deep into the applicationHost.config file. This is the IIS configuration file that stores most of the IIS configuration including FREB related references. It is located under C:\Windows\System32\inetsrv\config

In the case I worked on, module references were missing. Here is how we solved the issue:

• Back up applicationHost.config
• Open the original file. Add these lines in <globalModules> section

<globalModules>
   …
   <add name="TracingModule" image="%windir%\System32\inetsrv\iisetw.dll" />
   <add name="FailedRequestsTracingModule" image="%windir%\System32\inetsrv\iisfreb.dll" />
   …
</globalModules>

• Add the line below into <modules> section

<modules>
   …
   <add name="FailedRequestsTracingModule" lockItem="true" />
   …
</modules>

• Restart IIS and test if logs are created now

“FailedRequestTracing module detected invalid configuration”

After the changes above, you may come across the error messages below.

Log Name:      Application
Source:        Microsoft-Windows-IIS-W3SVC-WP

Event ID:      2288
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Description:
FailedRequestTracing module encountered problem while reading configuration. No logs will be generated until this condition is corrected. The problem happened at least 1 times in the last 5 minutes. The data is the error.

Log Name:      Application
Source:        Microsoft-Windows-IIS-W3SVC-WP
Event ID:      2285
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Description:
FailedRequestTracing module detected invalid configuration on path 'MACHINE/WEBROOT/APPHOST/DEFAULT WEB SITE'. Trace provider or tracing area name 'WWW Server' is not recognized. Check the <traceProviderDefinitions> section for currently supported list or providers and areas. No logs will be generated until this condition is corrected. The problem happened at least 1 times in the last 5 minutes. The data is the error.

Seeing these error messages is actually a good thing. It means Failed Request Tracing started working but it couldn’t find the provider “WWW Server” which was selected in the FREB rule.

Apparently, IIS is not able to read that section with “WWW Server” in the config file. There might be a typo, extra space, etc. Even if you don’t change the config file, If you simply uncheck “WWW Server” from the FREB rule, this error should go away but it may cause having less information in the logs.

In order to solve this issue, check the the definition of the WWW Server provider. Here is a definition that works without issues:

<traceProviderDefinitions>
       … 
       <add name="WWW Server" guid="{-4j25-9512-qp1}">
            <areas>
               <add name="Authentication" value="2" />
               <add name="Security" value="4" />
               <add name="Filter" value="8" />
               <add name="StaticFile" value="16" />
               <add name="CGI" value="32" />
               <add name="Compression" value="64" />
               <add name="Cache" value="128" />
               <add name="RequestNotifications" value="256" />
               <add name="Module" value="512" />
               <add name="FastCGI" value="4096" />
               …
            </areas>
       </add>
       …
</traceProviderDefinitions>

The post Failed Request Tracing (FREB) is not working (not creating logs) appeared first on port135.com.

An application that keeps becoming unavailable is a sign of a problem with its application pool. For an issue I troubleshot, the application pool kept stopping with Event ID 2269, 5139, and 5002.

The errors and warnings I saw in Event Viewer are below.

Event 2269
The worker process for app pool 'DefaultAppPool' failed to initialize the http.sys communication when asked to start processing http requests and therefore will be considered ill by W3SVC and terminated.

Event 5139
A listener channel for protocol 'http' in worker process serving application pool 'DefaultAppPool' reported a listener channel failure.

Event 5002
Application pool 'DefaultAppPool' is being automatically disabled due to a series of failures in the process(es) serving that application pool

Solution for “Event 2269 http.sys communication” error

This issue occurs when the application pool identity doesn’t have “Bypass traverse checking” permission. This is group-policy level permission that determines which users can traverse folders even if they don’t have permission at the folder level.

Follow the steps below to give “Bypass traverse checking” permission:

1. In “Start > Run”, type “gpedit.msc” and click OK
2. Go to “Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment”
3. In the list, right click “Bypass traverse checking” and click “Properties”
4. Click “Add User or Group”
5. Add these users and groups (You will need to select “Groups” from Object Types for some of them): Everyone, Users, IIS_IUSRS, IIS AppPool\DefaultAppPool
6. Click OK
7. Restart the server
8. Open the same window and make sure the users/groups you added in Step 5 are still there
9. Test the application. If this doesn’t work, check “netstat” list for possible port conflicts and other network and file structure related issues

Note: We added more users than we normally do. This is for testing to see if it works. You can later harden this configuration.

The post Event 2269 Worker process for app pool failed to initialize http.sys communication appeared first on port135.com.

In another post, I mentioned the common way of solving (413) Request Entity Too Large error. However, If you are using WCF and seeing this error, you may need to go extra mile to solve this issue.

While trying to upload files that are bigger than 64 KB, we came across this error. Unfortunately, the usual fix (increasing uploadReadAheadSize and maxRequestEntityAllowed values) didn’t help.

In the dump file, we saw this error:

Exception Type : System.ServiceModel.ProtocolException
Message: The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.

As the error above mentions, this issue occurs because the request size is bigger than the MaxReceivedMessageSize for WCF.

Solution for WCF 413 Request Entity Too Large error

In order to solve this problem, you will need to increase MaxReceivedMessageSize value for your web service. However, this may get tricky and cause you to spend a lot of time because there are two different MaxReceivedMessageSize parameters:

• MaxReceivedMessageSize in System.ServiceModel.Configuration.BasicHttpBindingElement
• MaxReceivedMessageSize in System.ServiceModel.Channels.HttpTransportBindingElement

Resources you will find will recommend editing your web.config like the following example:

<basicHttpBinding>
   <binding name="basicHttpBinding_Portal" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647">
       <readerQuotas maxBytesPerRead="2147483647" maxArrayLength="2147483647" maxStringContentLength="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647"/>
    </binding>
</basicHttpBinding>

This configuration will increase the MaxReceivedMessageSize in System.ServiceModel.Configuration.BasicHttpBindingElement

You should increase the MaxReceivedMessageSize in System.ServiceModel.Channels.HttpTransportBindingElement as well. Here is the way to do it in web.config:

<customBinding>
   <binding closeTimeout="00:10:00" openTimeout="00:10:00" sendTimeout="00:10:00">
      <httpTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" useDefaultWebProxy="true" transferMode="Buffered" />
   </binding>
</customBinding>

You can also do it through the code as explained in this document.

Note 1: For some cases, removing the name from basicHttpBinding also fixes the issue (name=”basicHttpBinding_Portal”)

Note 2: While trying to figure out this issue, your application may further break (not showing a table etc.) after adding maxBufferSize to your web.config. This happens because maxBufferSize is not supported for wsHttpBinding. Event ID 3 “ServiceActivationException: Unrecognized attribute ‘maxBufferSize'” error mentions this issue.

The post WCF service shows 413 Request Entity Too Large error when uploading files over 64 KB appeared first on port135.com.

After enabling output caching (kernel-mode and user-mode) in IIS, you may want to make sure it works as expected. Here are what you can do to confirm the caching status in the server:

Kernel-mode cache

• If the command netsh http show cachestate returns “There were no cache entries corresponding to the provided URL”, it means there is no data in the kernel-mode cache
• This can be confirmed by checking “Kernel: Current URIs Cached” performance counter as well. If it shows 0, it means the kernel-mode cache is empty
• Failed Request Tracing (FREB) logs show if kernel-mode caching was used for a request (HTTPSYS_CACHEABLE event)

Note: Even if you enable kernel-mode cache, you may see that there is no cache stored. There are certain situations in which the kernel-mode caching cannot be used (Reference)

User-mode cache

• There is no equivalent of netsh http show cachestate command to check user-mode cache
• However, the performance counter “Current URIs Cached” shows how many URIs are cached in the user-mode
• Resetting IIS or recycling application pool clears the user-mode cache

A few useful pages to learn more about caching:

• Configure IIS 7 Output Caching
• ASP.Net Session Swapping
• Cookie being cached

The post Find out if the kernel-mode and user-mode caching are working appeared first on port135.com.

While troubleshooting a “500 Internal Server Error”, I saw this error in the Failed Request Tracing log:

500.19 Internal server error 
%1 is not a valid Win32 application
0x800700c1

Solution for “500.19 %1 is not a valid Win32 application” error

After comparing the working and non-working servers, I saw that enable32BitAppOnWin64 was set to True in the non-working server. The working server had this value to False.

We set it to False in the non-working server. The 500 error disappeared.

For more information, please check the official Microsoft documentation.

The post 500.19 %1 is not a valid Win32 application appeared first on port135.com.