Collecting ETW traces for FTP Sessions

Having problems with FTP Server not returning the expected return code? You have checked the detailed error message, nt event log and ftp log files, still can not get to the bottom of the problem?

Here are few simple steps you can follow to trace your ftp session and uncover the real cause. This feature is supported on Microsoft FTP Sever 7.0, which can be downloaded from http://www.microsoft.com/downloads/details.aspx?familyid=2ECCF14A-5C4F-4CFB-9153-CFE1204B346A&displaylang=en, and above.

1. Start FTP ETW Session using logman.exe

   Note: You need to be a system administrator on the FTP Server to be able to execute this command.

logman start "ftp" -p "IIS: Ftp Server" 255 5 –ets

2. Reproduce the error you are hitting

3. Stop FTP ETW Session using logman.exe

    Note: You need to be a system administrator on the FTP Server to be able to execute this command.

logman stop "ftp" –ets

4. Parse the etw log file using logparser.exe

    Note: LogParser can be downloaded from http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

<Path To LogParser>\logparser "select EventTypeName, UserData from ftp.etl" -e 20 -o:DATAGRID -rtp 20 -compactModeSep " | "

 

The final step will open the etw log in the following grid format

image

 

In the above case the error is (Event #18) 0x8007002 (Specified File Not Found).

 

-Suditi

1 Comment

  • Can someone please tell me what the latest version of logman.exe is? I am running ver 6.0.6001.18000 which i think came with W2K8x64 but the article here infers that a newer version which supports switches such as logman start "ftp" -p "IIS: Ftp Server" 255 5 –ets exists...?

    If so, where do I get it? The FTP7 x64 did not install a newer one from what I can tell nor did the kb fix for roles.

Comments have been disabled for this content.