Just Another IIS Blog : IIS7

Now available for download: Release Candidate of IIS PowerShell Snap-in

thomad — Fri, 16 Jan 2009 18:28:41 GMT

We just made the Release Candidate of the IIS PowerShell Snap-in available. A lot of work was done between Tech Preview 2 and now. We focused mainly on augmenting the PowerShell Provider with almost 70 task-oriented cmdlets useful for day-to-day administrative tasks. Here is a quick categorization of the task-oriented cmdlets:

Mangement of Sites/Apps/Vdirs/AppPools (create/start/stop/remove/convert/recycle)
Management of site bindings (add/change/remove)
Management of Handlers and Modules/Managed Modules (add/change/remove)
Enablement of Request Tracing
Backup and Restore of IIS configuration
Locking/unlocking of sections/elements/attributes
Getting file system path for config files and web application content
Access to run-time data, e.g.
---Exploring currently executing requests
---AppDomain Management

I added a new walkthrough that uses some of the new task-oriented cmdlets. But there is an easier way to get started if you don’t want to read through the walkthrough. Just list the available cmdlets with

get-command -pssnapin WebAdministration

This will display all the cmdlets available in the IIS7 PowerShell Snap-in. To find help on how to use a particular cmdlet you just have to type

get-help <cmdletname>

For example:

get-help New-WebSite

get-help <cmdletname> –example

if you are only interested in an example how to use the cmdlet.

Have fun!

The IIS Process Model Features

thomad — Thu, 08 May 2008 06:08:48 GMT

A process model is needed to run more than one web-site, web application or web-service securely and reliably on a single machine. In Shared Hosting scenarios hundreds or even thousands of web-sites run on an individual machine. The code running on these web-sites is usually not well tested, if at all. Without a powerful process model the result would be extremely poor reliability. But a process model not only guarantees availability; it also needs to isolate them so that individual web applications don't interfere with each other.

The Windows Process Activation Service (WAS) is the system component providing the Process Model in IIS 7.0. This article discusses the WAS features and functions.

1. Application Pools

Processes are the containers that provide isolation and security boundaries in the Windows Operating System. Consequently web applications or web-sites have to run in separate processes in order to achieve isolation between them. In the IIS terminology the management unit for these separate IIS processes is called 'Application Pool'.

An Application Pool can be configured to run a group of URLs, i.e. web-sites, web applications or web-services. When a client requests one of these Application Pool URLs an IIS worker process (w3wp.exe) is spawned by WAS to execute the code necessary to send a response. WAS's main task is to manage Application Pools - WAS spawns worker processes, monitors their health, recycles them if necessary and makes sure none of them consume more resources than specified in the corresponding AppPool configuration. WAS is also the arbiter and collector for run-time and state data, e.g. performance counters, site and Application Pool state.

2. Architectural Diagram

The diagram below shows the core pieces of the IIS7 architecture.

Configuration is stored in the applicationhost.config file (left).
HTTP.SYS is a kernel-mode component that listens to the network, accepts connections, assigns requests into Application Pool queues and queues these requests if no IIS worker process is running. HTTP.SYS also caches responses and does SSL in IIS 7.0
The worker process on the right hosts all custom code (e.g. ASP and ASP.Net pages, modules, ISAPI filter and extensions etc.). There can be hundreds of these worker processes depending on how the IIS Administrator decides to isolate his web-sites and applications. IIS worker processes pick up waiting requests from the corresponding HTTP.SYS request queue.
The Windows Activation Service is a system service that runs in SVCHOST.EXE. WAS reads configuration from applicationhost.config, reacts to configuration changes, manages worker processes, controls their live time and health, recycles them if necessary and prevents resource exhaustion. W3SVC is another service living in the same SVCHOST.EXE as WAS. W3SVC hosts the HTTP specific part of the IIS process model; W3SVC configures HTTP.SYS with the URLs to listen on and is called by HTTP.SYS if requests arrive and worker processes are needed.

3. Process Model Features

Web-Sites and applications get the following benefits by running in the WAS provided infrastructure:

Efficient Resource Management

On-Demand Activation

Resources like RAM and CPU are scarce in multi-tenant scenarios. WAS will start an IIS worker process only once requests for a particular web site or web application arrive.

Idle-timeout

Because resources are usually scarce WAS can shutdown web applications based on a configurable idle-timeout.

Health Monitoring

To ensure their health WAS monitors the worker processes it spawned. Health messages are periodically sent to each running worker process. If the worker process doesn't respond in a configurable time interval the worker process will be recycled or killed. This way undetected deadlocks in worker processes get automatically fixed by restarting the worker process.

Startup Limit

Part of the Rapid-Fail Protection feature is the Startup limit. If a worker process doesn't report back to WAS within the configurable startup-limit it will be killed and the Rapid-Fail-Protection counter is incremented. Application Pools are stopped, i.e. restarting the worker process will not be tried anymore, if the Rapid-Fail-Protection counter reaches a configurable limit within a configurable time limit. This prevents scenarios where worker processes hang or crash during startup.

Shutdown Limit

A worker process also has to shutdown in a configurable limit. If the shutdown doesn't happen in this time the worker process gets killed by WAS. This prevents resource overuse due to processes hanging in their shut-down phase. Additional shutdown settings allow an executable to be started (e.g. a debugger) when the shutdown doesn't complete within the allotted time.

CPU affinity

Configuration settings allow WAS to start worker processes that are affinitized to one or more CPUs. This prevents tenants from interfering with each other if they share the same physical machine.

User Profile

WAS can start worker processes with or without loading the user profile.

Security

Customizable User Account

IIS worker processes can run as a preconfigured process identity or built-in accounts (LocalService, LocalSystem, NetworkService). Built-in accounts are advantages because they don't require password management. If a custom user identity is used the password is automatically encrypted. Configuration settings can be replicated to multiple machines by sharing the configuration encryption keys across machines.

Job Object Features

Job objects allow administrators to restrict worker processes to a particular CPU limit. A configurable action is taken if this CPU limit is exceeded. Job objects will also make sure that processes spawned by the worker process get terminated.

Configuration Isolation and Security

Before WAS starts an Application Pool and its worker process it generates a unique configuration file for this Application Pool. WAS also creates a unique SID for each Application Pool (similar to Service SIDs introduced in Windows Server 2008). The Application Pool configuration file is then secured with this unique SID. This ensures that Application Pool configuration files can only be read by Administrators and the Application Pool itself.

Diagnostics and Monitoring

Event Logging

Events regarding invalid configuration, recycling, startup or shutdown of worker processes are reported to the System Eventlog.

Currently Executing Requests

WAS exposes a run-time and state control interface that allows scripts and tools to query for the currently executing requests of a particular worker process. This is useful to find requests that hang or requests that take a very long time to complete.

Performance Counters

All IIS performance counters get funneled through WAS. WAS gathers these performance counters because IIS counters are site-based and web applications can live in different Application Pools.

Recycling

Recycling allows the refresh of worker processes without losing a single request due to down-time. This is done via a feature called "overlapping recycling".

Overlapping Recycling

WAS does this by spawning up a new worker process parallel to the old one that is still handling requests. Once the new worker process is up it starts picking up requests from the request queue while the old worker process is instructed by WAS to stop picking up requests. Once the old worker process finishes all executing requests it shuts down. This feature is called "overlapping recycling". It ensures that no requests are lost during a recycle.

Recycling Configuration

Recycling parameters are configurable in the IIS configuration system.

Scheduled Recycling

Customers might want to recycle their applications based on a regular schedule. Via configuration settings recycling can be scheduled periodically, e.g. every 4 hours, every day at 1am etc.

Recycling Based on Memory Consumption

Applications might leak memory over time. WAS can monitor the memory consumption of each worker processes to ensure that no worker process uses more than its preconfigured limit. Reaching a configured virtual or private memory threshold will trigger the recycling of a worker process.

Recycling Based on Number of Requests

Recycling can also be configured based on the number of requests a particular worker process handled.

Custom Recycling

Custom code can custom health statistics and trigger a recycling via an API call to the WAS run-time and state API's.

Process Orphaning

Some errors only happen in a production environment. Killing worker processes ensures up-time but troubleshooting of these errors becomes difficult, e.g. if the failing worker process needs to be debugged. The process orphaning feature in WAS allows worker processes to be recycled without killing the failed worker process. Now a debugger can be attached to it. Additional process orphaning settings allow the execution of a process (e.g. a debugger) if orphaning happens.

Application Pool State Management

Application Pools can be stopped, recycled or started via publicly available API's, e.g. if an application has to be taken offline or if recycling has to be done based on parameters different from what's configurable in the applicationhost.config file.

Additional WAS Features

Load-Balancer Features

HTTP.SYS still listens on the network and will return a 500 HTTP error message if requests are not picked up by an Application Pool. This is a problem because for a Level 5 Load Balancers (TCP/IP) a 500 HTTP error looks like a valid TCP/IP connection. A WAS configuration setting can enable HTTP.SYS to reject connections instead of sending HTTP responses.

WAS can be configured to start worker processes with the following settings:

WoW64 Support

WAS can start 32-Bit or 64-Bit worker processes.

.NET Framework Preload

WAS can be configured to preload a particular version of the .NET Framework. This can make the troubleshooting of version conflicts much easier.

Web Gardens

A Web Garden is the term for an Application Pool that runs with multiple worker processes. Requests get distributed among these worker process instances using a round-robin mechanism.

WAS Multi Protocol Support

WAS not only host the HTTP stack. It can also host other protocols via its Listen Adapter and Worker Process Framework. WCF services take advantage of the WAS Multi-Protocol support. WCF protocols come with their own Listeners (e.g. the NET.TCP, NET.MSMQ or NET.PIPE Listener). These Listeners connect to WAS using the Listener Adapter Interfaces WAS provides.

Application protocols that take advantage of this infrastructure can host custom application code in the same .NET Application Domain as regular ASP.NET applications. They can also take advantage of the protocol-independent services the ASP.NET Hosting Environment provides, for example on-demand compilation, configuration support etc.

4. Summary

IIS7 and WAS offer a powerful process model for web-sites, web applications and web-services. It not only ensures availability but also ensures isolation and offers great troubleshooting and monitoring support.

IISRESET light

thomad — Tue, 06 May 2008 22:41:46 GMT

Note: This blog entry used to be on my old blog. I'm about to shut it down so I thought I replicate some of the content here.
Many IIS customers use IISRESET to get IIS back into a vanilla state. IISRESET is a pretty heavy hammer however and not needed most of the time - why would you restart FTP, WAS and W3SVC and all worker processes just because one of your web applications is locking a DLL or some content. Recycling the Application Pool causing the problem is usually enough. If you don't know which Application Pool is making the trouble you can recycle all of them. Here is how you do it with APPCMD:

Recycling the Default Application Pool:

%windir%\system32\inetsrv\appcmd recycle AppPool DefaultAppPool

You can use the APPCMD piping feature to recycle all Application Pools:

%windir%\system32\inetsrv\appcmd list apppools /xml | appcmd recycle apppools /in

Save this command as "%windir%\system32\IISPOOLRESET.BAT" and use it instead of using IISRESET.EXE. It probably takes some time to overcome the muscle memory of typing IISRESET<enter>.

IIS7 PowerShell Provider Podcast

thomad — Tue, 29 Apr 2008 22:43:53 GMT

Saw a post on forums.iis.net last week about a Podcast on our new IIS7 PowerShell Provider. Being the Program Manager for this thing I thought maybe these guys want me to participate in the Podcast. And sure enough - Jonathan and Hal were interested. And here it is the podcast link and the interview topics:

http://powerscripting.wordpress.com/2008/04/26/powerscripting-podcast-episode-23-iis7-special/

Interview Topics

Who are you
What’s your background at MS and elsewhere
Talk about the IIS7 management cmdlets
- Get/Set-WebConfiguration
- Start-WebItem
- Remove-WebConfigurationProperty
- Ability to use XPath filters
Talk about the IIS7 PSprovider
- Provider timeline - 2nd beta in June, final in October
- Features
  - ability to configure IIS and ASP.net, sites, vdirs, apps, all that
  - ability to delegate
  - root of namespace: sites, app pools
What does the future hold (that you can discuss)
- We talk about Server Core

Cheesy Web Server Performance Test With PowerShell

thomad — Tue, 22 Apr 2008 07:35:00 GMT

Instead of writing WCAT scripts I wrote my own little perf test client. The following .PS1 script works pretty well to do some very basic performance testing. Just enter the URL and the duration in seconds, e.g. ".\webperf.ps1 http://localhost/ 15".

The script instantiates the Net.WebClient class and calls the DownloadString member to make a HTTP request. The response is redirected to $null. The script checks on every request if the duration is expired. It reports every 100 successful responses.

param

    [string]$url,

    [int]$duration

"URL: $url";

"Duration: $duration seconds`n";

$starttime = get-date;

$i=0;

$webClient = new-object Net.WebClient;

while (1)

    $webClient.DownloadString($url)>$null;

      $i++;

      $timespan = new-timespan $starttime;

      if ($timespan.TotalSeconds -ge $duration)

           "`n`n$i requests for url $url served in $duration seconds."

           break;

      else

           if ($i%100 -eq 0)

                $dursec = [int]$timespan.TotalSeconds;

                write-host -noNewLine "`r$i requests served ($dursec seconds)";

Requesting the IIS default page I am able to get around 48000 requests per minute (800 per second) on my Lenovo T61p on Vista Ultimate SP1. How many can you do?

IIS 7.0 PowerShell Provider Tech Preview 1

thomad — Mon, 14 Apr 2008 20:10:00 GMT

Finally, IIS 7.0 has a PowerShell Provider!

The IIS7 PowerShell Provider allows you to

Create Web-Sites, Web Applications, Virtual Directories and Application Pools
Change Simple Configuration Properties on Web-Sites, Application Pools, Web Applications and Virtual Directories
Add and Change Complex Configuration Settings
Query Run-time Data (Web-Site State, Application Pool State, Currently Executing Requests)
Execute Advanced Configuration Tasks, Scripting, Integration with other PowerShell Snap-Ins and features
Search and Discover Configuration Settings

Here is a screen shot of how to create a new IIS app:

DOWNLOAD:
Tech Preview 1 of the IIS 7.0 PowerShell Provider can be found here:
x86: http://www.iis.net/downloads/1664/ItemPermaLink.ashx
x64: http://www.iis.net/downloads/1665/ItemPermaLink.ashx

FORUMS:
Go to our PowerShell forum if you need support or if you are looking for 'Tips and Tricks'
http://forums.iis.net/1151.aspx

WALKTHROUGHS:
We have 9 walkthroughs for you to get familiar with the IIS 7.0 PowerShell Provider:
http://learn.iis.net/page.aspx/447/managing-iis-with-the-iis-70-powershell-provider/

Have fun!

IIS 7.0 Trace Viewer

thomad — Thu, 27 Mar 2008 07:06:00 GMT

There is a 90% chance I have to use the "Failed Request Tracing" feature (FRT) when I'm troubleshooting IIS7 issues. To be honest, I stopped turning it off. Tracing is so useful and fast that I don't see why I should disable it on my development box. I have a rule that catches all requests (status code 200-500) and there is no negative impact.

The problem was so far that I always had to shell out to the command-line to open my trace files.

Not anymore. The IIS7 Trace Viewer is an IIS7 User Interface Module that shows me my site's trace files.

IIS7 Trace Viewer Features

Trace View icon per site. Automatically enumerates all your trace files.
Shows trace filename, file size, file date, requested Url, HTTP status code, Application Pool and Time Taken in list format. Supports sorting of these columns.
Double-click on a row and the trace file will open in Internet Explorer.
Completely remoteable and delegateable for hosted enviroments.
Update via F5.
Install program included.

Installation

Download the ZIP file, expand the two files traceviewer.dll and traceviewInstall.exe to a directory and execute traceviewInstall.exe.

Hosting Übersites: IIS7 Support for International Domain Names (IDN)

thomad — Thu, 06 Mar 2008 06:19:00 GMT

Let's suppose you are German, you developed an extremely cool web-site and now you want to make it available to your German Bier buddies. The only really fetzig site name you could come up with contains one of these nasty German umlauts: übersite.de (not registered at the time I'm writing this blog).

There are several registrars out there who allow you to register domain names that contain Unicode characters. It's called International Domain Names (IDN) and IIS 7.0 and HTTP.SYS support it nicely.

Here is what you do if you want to try it yourself:

1) Configure IE to use IDN server names for Intranet addresses

You need a browser who converts IDNs into punycode. Name resolution systems like DNS don't work with Unicode and hostnames have to be converted to punycode first. Internet Explorer 7 does this automatically for Internet addresses. For our example you need to instruct IE to do the same for Intranet addresses. Go to "Tools" - "Internet Options" - select the "Advanced" tab and scroll down to the "International" section. Check "Send IDN server names for Intranet addresses".

2) Generate the Punycode representation of your site name

We need to convert the IDN site name to Punycode because existing name resolution systems still live in the good old ASCII world. There are a couple of web sites out there which do Unicode-to-Punycode conversions. Here is one of them: http://www.nameisp.com/puny.asp

The resulting punycode string for übersite.de looks like this: xn--bersite-m2a.de

3) Registration of punycode name in name system

To keep name registration simple we register übersite.de in our hosts file only. This will resolve the site name for local requests.

Open %windir%\system32\drivers\etc\hosts

Add a new line at the end and add the following:
127.0.0.1 xn--bersite-m2a.de

Save and close notepad. The punycode representation of übersite.de is now mapped to your local loopback adapter 127.0.0.1

4) Add a new site in IIS

Almost there. The only thing left to do is to add übersite.de to IIS. Here are the commands I run in cmd.exe (make sure you run in an elevated command shell):

md %systemdrive%\übersite
echo This is the Default Document of &#252bersite.de >> %systemdrive%\übersite\default.htm
%windir%\system32\inetsrv\appcmd add site -site.name:übersite -bindings:http://übersite.de:80 -physicalPath:%systemdrive%\übersite

5) Request übersite.de

Now you just have to enter übersite.de into the address bar of Internet Explorer.

And in case you have no idea how to enter "ü" on your keyboard: turn on NumLock and enter <Alt>+0252. International Domain names of course do not just work for German Bier buddies but for all characters that can be represented via Unicode characters.

Credits: thanks to Jeong Hwang Kim who gave me the idea to this blog entry.

Integrated Pipeline and the kernel-mode cache

thomad — Thu, 21 Feb 2008 01:54:00 GMT

I ran across an interesting issue while writing a sample .NET module for IIS7 the other day. The sample module was supposed to restrict requests to localhost only (you could of course do this by setting the site bindings to 127.0.0.1:80:localhost). Here is the code:

using System;
using System.Web;

namespace IIS7Demos
{
    public class LocalhostOnly:IHttpModule
    {
        #region IHttpModule Members
        void IHttpModule.Dispose()
        {
            return;
        }
         void IHttpModule.Init(HttpApplication context)
        {
            context.AuthorizeRequest +=
                (new EventHandler(this.AuthorizeRequest));
        }
         void AuthorizeRequest(Object source, EventArgs e)
        {
           HttpRequest Request = ((HttpApplication)source).Context.Request;
           HttpResponse Response = ((HttpApplication)source).Context.Response;
           // allow access if address is localhost (127.0.0.1 if IPv4 and ::1 if IPv6).
           // Also allow access if client address matches server address
           if (Request.UserHostAddress == "127.0.0.1" ||
               Request.UserHostAddress == "::1" ||
               Request.ServerVariables["LOCAL_ADDR"] == Request.ServerVariables["REMOTE_ADDR"])
           {
               return;
           }
           else
           {
               Response.Status = "404 Access Denied. Localhost Requests only. ";
               Response.StatusCode = 404;
               Response.End();
               ((HttpApplication)source).CompleteRequest();
            }
        }
         #endregion
    }
}

The weird thing was that I was able to access some of the content from a remote machine under certain conditions. It took me a while to figure out why.

IIS7 puts the response for a particular request into the kernel mode cache if the kernel mode caching is not explicitely disabled during the lifetime of a request. A lot of components in the IIS pipeline disable kernel mode caching for particular requests, all authentication modules for example. Here is a list of all the reasons why content might not be cached: http://support.microsoft.com/kb/817445/en-us

The response gets put into the kernel-mode cache however if none of the configured IIS modules disabled the kernel mode cache for a particular request. That means that HTTP.SYS will send the response for a particular URL directly from kernel-mode when the next request comes in. IIS and the IIS modules won't even see the request. And exactly that happend to me.

You didn't see an issue like this in IIS6 because .NET modules were running inside the ASP.NET ISAPI extension which turned off kernel-mode caching. In the Integrated Pipeline that's not the case anymore.

THE FIX:
If you write a managed module that has to see every request (all modules that do authentication or authorization are good examples) you need to disable the kernel-mode cache. The DisableKernelCache function is a method on the Response object. One of the first lines of my module has to look like this:

Response.DisableKernelCache();

Oh, and by the way:
If you want to see what responses are in the kernel-mode cache try the command:

netsh http show cache

If that doesn't show any responses in the cache you can simply request http://localhost/welcome.png a couple of times via Ctrl+F5 in IE and run the command again.

SSL certificates on Sites with Host Headers

thomad — Sat, 26 Jan 2008 07:06:00 GMT

Today I got the following question:

"I have two sites (siteV1.mysite.com and sitev2.mysite.com). They listen on the same IP address and port. We generated a certificate for siteV1.mysite.com and SSL is working properly. The problem is that some of our customers use siteV2.mysite.com and they are getting certificate errors. What's the problem?"

Here is the issue:

There are three pieces of data to uniquely identify an IIS site:

The IP address
The Port
The Host name which HTTP 1.1 clients send as an HTTP request header.

This IP:Port:Hostname triplet is called a binding. The binding "192.168.1.192:80:myserver" for example represents a site that listens on IP address 192.168.1.192, port 80, host-header myserver.

The very first things IIS (HTTP.SYS to be more precise) does when a request comes in is to read the site's configuration. Connection limits and timeouts are examples of site configuration. The site binding is used to find the right site configuration. The SSL certificate seems to be another great example of site configuration - the SSL certificate is needed to decrypt the encrypted SSL data coming from the client.

And the IIS User Interface certainly makes it appear as if the SSL certificate would be site configuration, too - doesn't it? In reality however you can't bind a SSL certificate to a site. The IIS UI is fooling you. But why?

It's a chicken and egg problem: The host name is encrypted in the SSL blob that the client sends. Because the host name is part of the binding IIS needs the host name to lookup the right certificate. Without the host name IIS can't lookup the right site because the binding is incomplete. Without the certificate IIS can't decrypt the SSL blob that contains the host name. Game over - we are turning in circles.

What IIS does under the covers is to ignore the host name. IIS binds the certificate to IP:Port and warns you when you try to bind a certificate to the same IP:Port combo with different host names.

But there is a way if you need two different sites on the same IP:Port. You can accomplish this by getting a certificate that contains both common names, i.e. sitev1.mysite.com and sitev2.mysitem.com. Cert Authorities usually allow more than one so called "common names" in a certificate. By binding the certificate to one of the two sites you won't not get certificate errors anymore. The client is happy if one of the names in the certificate matches.

But there is another caveat: you can't use the IIS7 User Interface to add a host header to an SSL site binding. You have to use command-line tools, do it programmatically or edit applicationhost.config directly. Here is an example and a link how you can it via command-line:

appcmd set site /site.name:"MySite V2" /+bindings.[protocol='https',bindingInformation='*:443:sitev2.mysite.com']

And last but not least: with IIS7 you can use the following command to figure out what certificate is bound to a particular IP:Port combination:
netsh http show sslcert

This command will show the IP:Port binding but also some other SSL settings.

IIS7 rejecting URLs containing +

thomad — Mon, 17 Dec 2007 23:52:00 GMT

If your application has a custom handler you might run into the following error message:

HTTP Error 404.11
The request filtering module is configured to deny a request that contains a double escape sequence.

Here is the deal. The IIS7 request filter rejects URLs containing + characters. We do this because the + character is a dangerous choice. Some standards, e.g. the CGI standard require +'s to be converted into spaces. This can become a problem if you have code that implements name-based rules, for example urlauthorization rules that base their decisions on some part of the url.
Here is a cooked up example:
Let's suppose you have code that evaluates the following rule:
<authorization vdir="my vdir">
<allowed users="Administrators"/>
</authorization>
With the ambiguity of leaving +'s in place or converting +'s to spaces there is a possiblity that your rule engine allows access to a non-Admin, for example if the attacker enters http://myserver/my+vdir. The "my vdir" authorization rule won't match because your authorization code searches for the string "my+vdir" but your rule says "my vdir". Your rule won't apply and the attacker gets access.

If you absolutely want to have spaces you can simply turn off the doubleEscaping feature for your application, for your site or for the whole server. Here is an example:

%windir%\system32\inetsrv\appcmd set config "Default Web Site" -section:system.webServer/security/requestfiltering -allowDoubleEscaping:true

Filtering IIS7 Events in the new Eventlog

thomad — Mon, 30 Oct 2006 23:03:00 GMT

The new Event Viewer in Vista allows you to specify a view file that filters the events that are shown in the Event Viewer. Here is a link to the view that will show only IIS7 eventlog entries in the System and Application log. Hope this is useful.

How to invoke Event Viewer with the view:

EVENTVWR /v:iisevents.xml

or click "Import Custom View" and open iisevents.xml if the Event Log Viewer is already open.

If you turn on "Remote Event Log Management" in the Firewall of the remote machine you can even do it remotely, for example:

EVENTVWR myOtherMachine /v:iisevents.xml