Troubleshooting: IIS 6 Status and Substatus codes

I thought it would be a great idea to write this down as an entry.The information that I am going to share now has helped me to troubleshoot a majority of cases I have had on IIS.

Lets start by understanding what are status and sub states codes.

Everytime IIS receives a request, if IIS logging in enabled, IIS logs the request into a Log file. In IIS 6 logging in enabled by default however in IIS 7 it's a choice.

To a beginner, the common questions that arise at this point are,

Q.) How do we drill down to the logs of an appropriate website?

A.) Here is how you do it.

By default,
In IIS 6 logs are stored at C:\windows\system32\LogFiles\

In IIS 7 the location would be C:\inetpub\logs\logfiles\
Once you get to this location you would be seeing entries like this W3SVC1, W3SVC87257621.

Q.) What do these entries mean?

A.) W3SVC stands for website and 1 or 87257621 stands for the unique identifier that is associated with a particular website.

Q.) How do you know which identifier is associated with which website?

A.) Goto, Inetmgr -> click on Web Sites and take a look at the right hand side screen ... And there you have it the Identifier column. This identifier is unique and no 2 websites have the same identifier. Even if you delete and recreate the same website you will notice that the website identifier is different.

Once you go into the log folder you will see logs depending on the format you have chosen. By default in IIS 6, they are daily. And the log filenames are in the format exYYMMDD.log ... (ROVASTAR, thanks for the inputs)

A typical Log information for a request would look something like this ....

2008-04-11 20:39:48 GET /test/1.asp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2; +.NET+CLR+1.1.4322) 200 0 0

2008-04-11 20:40:04 GET /test/1.asp - 80 - Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2; +.NET+CLR+1.1.4322) 404 2 1260

In the above example I have highlighted the Status Code and the Sub-Status code ... In the first case we have the values as 200 0 where in the status code is 200 and the sub status code is 0. 200 status code stands for "Request ok." Therfore, just by a look at the log we can determine that the request was served properly by IIS.... Moving on to the next example the 2 numbers are 404 and 2 , where in 404.2 means that the page could not be displayed because "Web service extension lockdown policy prevents this request."

See how easy it becomes once you understand the meaning of the status codes along with the help of sub-status codes!

Tip:If you don't get any thing much out of this information. Browse the page with the Show Friendly Http Error Messages unchecked.

To do that go to IE -> Tools -> Internet Options -> Advanced -> Browsing
Here's a list of status codes and substatus codes along with their meanings. Let me know if I have forgotten any :)

Broadly they are classified in this format:

Status Code RangeType of Code
400Client Error
500Server Error

Below is the table giving you in detail information:

Status CodeSub-Status CodeExplanation
100 - Continue
101 - Switching pools
200OK.The clinet request has succeeded
201 - Created
202 - Accepted
203 - Non-authoritative information
204 - No content
205 - Reset content
206 - Partial content
301 - Permanent Redirect.
302 - Object Moved
304 - Not Modified.
307 - Temporary redirect.
400 - Cannot resolve the request/Bad request.
4011Access is denied due to invalid credentials.
4012Access is denied due to server configuration favoring an alternate authentication method.
4013Access is denied due to an ACL set on the requested resource.
4014Authorization failed by a filter installed on the Web server.
4015Authorization failed by an ISAPI/CGI application.
4017Access denied by URL authorization policy on the Web server.
403xAccess is denied.
4031Execute access is denied.
4032Read access is denied.
4033Write access is denied.
4034SSL is required to view this resource.
4035SSL 128 is required to view this resource.
4036IP address of the client has been rejected.
4037SSL client certificate is required.
4038DNS name of the client is rejected.
4039Too many clients are trying to connect to the Web server.
40310Web server is configured to deny Execute access.
40311Password has been changed.
40312Client certificate is denied access by the server certificate mapper.
40313Client certificate has been revoked on the Web server.
40314Directory listing is denied on the Web server.
40315Client access licenses have exceeded limits on the Web server.
40316Client certificate is ill-formed or is not trusted by the Web server.
40317Client certificate has expired or is not yet valid.
40318Cannot execute requested URL in the current application pool.
40319Cannot execute CGIs for the client in this application pool.
40320Passport logon failed.
404xFile or directory not found.
4041Web site not accessible on the requested port.
4042Web service extension lockdown policy prevents this request.
4043MIME map policy prevents this request.
4044No handler was found to serve the request.
4045The Request Filtering Module rejected an URL sequence in the request.
4046The Request Filtering Module denied the HTTP verb of the request.
4047The Request Filtering module rejected the file extension of the request.
4048The Request Filtering module rejected a particular URL segment (characters between two slashes).
4049IIS rejected to serve a hidden file.
40410The Request Filtering module rejected a header that was too long.
40411The Request Filtering module rejected a request that was double escaped.
40412The Request Filtering module rejected a request that contained high bit characters.
40413The Request Filtering module rejected a request that was too long (request + entity body).
40414The Request Filtering module rejected a request with a URL that was too long.
40415The Request Filtering module rejected a request with a too long query string.
405 - HTTP verb used to access this page is not allowed.
406 - Client browser does not accept the MIME type of the requested page.
407 - Initial proxy authentication required by the Web server.
412 - Precondition set by the client failed when evaluated on the Web server.
413 - Request entity too large.
414 - Request URL is too large and therefore unacceptable on the Web server.
415 - Unsupported media type.
416 - Requested range not satisfiable.
417 - Expectation failed.
423 - Locked error.
500xInternal server error.
50011Application is shutting down on the Web server.
50012Application is busy restarting on the Web server.
50013Web server is too busy.
50014Invalid application configuration on the server.
50015Direct requests for Global.asa are not allowed.
50016UNC authorization credentials are incorrect.
50017URL authorization store cannot be found.
50018URL authorization store cannot be opened.
500100Internal ASP error.
501 - Header values specify a configuration that is not implemented.
502 - Bad gateway.
503 - Service unavailable.
504 - Gateway timeout.
505 - HTTP version not supported.

Hope this helps! ;)

No Comments