An Overview Of IIS 7.5 Feature - Failed Request Event Buffering

This feature helps in troubleshooting performance, authentication, and 500 errors by collecting a trace of a web requests.

Let’s open IIS 7.5 manager and check whether FREB module is present or not under IIS section as shown below:

rules

If it doesn't exist, we can install the same by going to “Turn on or off Windows Feature” in Control Panel and selecting the same under Internet Information Services, WWW Services, Health and Diagnostics, then click Tracing.

feature

Let’s select “Default Web Site” and enable FREB by clicking on “Failed Request Tracing…” link Configure section under Actions pane:

setting

Click on Enable, and select default path to save trace files of each failed web request and set limit for maximum number of trace files as 100.

trace

Let’s create a trace rule to troubleshoot 404 issue on IIS. Double-click under Default Web Site and click on Add link under Actions pane.

content

Here, we can select the option to trace all requests or only ASPX or ASP page or custom page requests [using pattern]. Let’s select ASP.NET and click on Next.

conditions

Based on the above settings, it will collect traces of those requests meeting the condition.

We can specify specific status code or range of it to troubleshoot authentication and 500 issues. We can use time taken for troubleshooting performance issues like slowness and Severity field to trace all errors or warnings or critical errors only. Click Next.

add

Here, we will select trace providers. In our case, we will select ASPNET & WWW Server. Click FINISH:

failed

We have created a rule to trace ASPX requests which have status code: 400-501 or time taken > 20 seconds.

Let’s create test.aspx and add the following code and browse it:

  1. <h2>Failed Request Tracing Lab</h2><br>  
  2. <br>Today's date is <%= DateTime.Now.ToLongDateString() %>  
error

To resolve the issue, open trace log saved (fr00001.xsl) in %SystemDrive%\inetpub\logs\FailedReqLogFiles\W3SVC1.

summary

Trace log shows status code as 404.7 and it’s returned by Request filtering module. Click on compact view to view more details about the issue:

issue

From above log, we came to know that Request filtering module returns 404.7 for .aspx request because it has been added to deny list.

list

Instead of IIS Manager, We can use appcmd.exe to configure it with below commands:


Created a ASP trace rule on default web site.

C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site" -section:system.webServer/tracing/traceFailedRequests /+"[path='*.asp']"

 

Set trace provider as ASP and verbosity as Verbose.

appcmd.exe set config "Default Web Site" -section:system.webServer/tracing/traceFailedRequests /+"[path='*.asp'].traceAreas.[provider='ASP',verbosity='Verbose']"

Set Time taken as 30 seconds using Timespan format [day.hh:mm:ss] for the rule:

appcmd.exe set config "Default Web Site" -section:sy
stem.webServer/tracing/traceFailedRequests /[path='*.asp'].failureDefinitions.ti
meTaken:"0.00:00:30"


path

This feature remained the same in IIS 8, 8.5 and the above settings will still apply. It is helpful in troubleshooting failed requests like 500, slowness and authentication issues. I am ending the things here on FREB, I hope this article will be helpful for all.