An Overview Of IIS 7.5 Feature - Failed Request Event Buffering

This feature helps in troubleshooting performance, authentication, and 500 errors by collecting a trace of a web requests.

Let’s open IIS 7.5 manager and check whether FREB module is present or not under IIS section as shown below:


If it doesn't exist, we can install the same by going to “Turn on or off Windows Feature” in Control Panel and selecting the same under Internet Information Services, WWW Services, Health and Diagnostics, then click Tracing.


Let’s select “Default Web Site” and enable FREB by clicking on “Failed Request Tracing…” link Configure section under Actions pane:


Click on Enable, and select default path to save trace files of each failed web request and set limit for maximum number of trace files as 100.


Let’s create a trace rule to troubleshoot 404 issue on IIS. Double-click under Default Web Site and click on Add link under Actions pane.


Here, we can select the option to trace all requests or only ASPX or ASP page or custom page requests [using pattern]. Let’s select ASP.NET and click on Next.


Based on the above settings, it will collect traces of those requests meeting the condition.

We can specify specific status code or range of it to troubleshoot authentication and 500 issues. We can use time taken for troubleshooting performance issues like slowness and Severity field to trace all errors or warnings or critical errors only. Click Next.


Here, we will select trace providers. In our case, we will select ASPNET & WWW Server. Click FINISH:


We have created a rule to trace ASPX requests which have status code: 400-501 or time taken > 20 seconds.

Let’s create test.aspx and add the following code and browse it:

  1. <h2>Failed Request Tracing Lab</h2><br>  
  2. <br>Today's date is <%= DateTime.Now.ToLongDateString() %>  

To resolve the issue, open trace log saved (fr00001.xsl) in %SystemDrive%\inetpub\logs\FailedReqLogFiles\W3SVC1.


Trace log shows status code as 404.7 and it’s returned by Request filtering module. Click on compact view to view more details about the issue:


From above log, we came to know that Request filtering module returns 404.7 for .aspx request because it has been added to deny list.


Instead of IIS Manager, We can use appcmd.exe to configure it with below commands:

Created a ASP trace rule on default web site.

C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site" -section:system.webServer/tracing/traceFailedRequests /+"[path='*.asp']"


Set trace provider as ASP and verbosity as Verbose.

appcmd.exe set config "Default Web Site" -section:system.webServer/tracing/traceFailedRequests /+"[path='*.asp'].traceAreas.[provider='ASP',verbosity='Verbose']"

Set Time taken as 30 seconds using Timespan format [day.hh:mm:ss] for the rule:

appcmd.exe set config "Default Web Site" -section:sy
stem.webServer/tracing/traceFailedRequests /[path='*.asp'].failureDefinitions.ti


This feature remained the same in IIS 8, 8.5 and the above settings will still apply. It is helpful in troubleshooting failed requests like 500, slowness and authentication issues. I am ending the things here on FREB, I hope this article will be helpful for all.