IIS Diagnostics Toolkit tutorial

1. Download the appropriate platform-specific version for your system environment:
   • IIS Diagnostics Toolkit (x86)
   • IIS Diagnostics Toolkit (amd64)
   • IIS Diagnostics Toolkit (ia64)

    

2. Now download and save the iisdiag.msifile to your workstation or server. (You typically put these directly on the system you’re going to be troubleshooting.) 
3. Double click on iisdiag.msi and then click Next at the IIS Diagnostics Toolkit Wizard. 
4. Accept the terms of the License Agreement (required). 
5. Accept the default username and organization or change and click Next. 
6. Choose the installation type and click Next again. 
7. Click Install.

• Certificate Creator: This feature lets admins replace existing server certificates with self-signed server certificates generated by SSL Diagnostics. The functionality is available with IIS 5.0, IIS 5.1 and IIS 6.0. Certificate Creator does not delete your existing certificates, but temporarily replaces the current certificate with a self-signed certificate. When testing is complete, an administrator can restore the original certificate back into IIS.Certificate Creator can help you determine if your SSL problems are related to your Windows server certificate, as well as detect problems with certificates purchased from third-party certification authorities. If SSL works with the self-signed certificate but did not work with the other certificate, it’s surely a certificate problem. If SSL does not work with the self-signed certificate or the other certificate, it’s not a certificate problem. You can then restore the original certificate, which automatically removes the self-signed one.

   

• SSL handshake: SSL Diagnostics lets admins quickly simulate an SSL connection between a Windows server and Web browser. This is known as an SSL handshake. When implemented, SSL Diagnostics opens a new window that shows the connection information from the client’s point of view, meaning the information the Web browser receives. If there is a problem with the SSL handshake, a warning will appear that describes the problem. This feature helps determine where the connection is breaking down during the SSL handshake process. You can simulate an SSL handshake at the Web-site or Web-page level. 
• Client Certificate Monitor: You can use SSL Diagnostics to monitor the usage of client certificates in real time by attaching to the associated process where the encryption and decryption takes place. As the certificate information is being parsed by the server, Client Certificate Monitor displays both the client certificates that are trying to connect to your Web site and the associated information contained in those certificates. Client Certificate Monitor also shows the error codes associated with the result of the SSL server settings and client certificates. So Client Certificate Monitor displays both valid certificates and the reasons for invalid certificates, including expired, not yet valid, or revoked client certificates.Although useful, Client Certificate Monitor requires some real-time interaction with the server processes. Because of the impact it can have on performance, using it is not recommended on a production server. After using Client Certificate Monitor, you should restart the server.

How to use SMTP Diagnostics 1.0 to troubleshoot IIS issues

Written by the Microsoft Exchange Server team, the SMTPDiag utility will benefit anyone with an SMTP-based environment. It’s simple to use and run and has an excellent analysis engine. SMTPDiag is a command-line troubleshooting tool that works directly on a Windows server with IIS/SMTP service enabled or with Exchange Server installed. It utilizes the same APIs as Windows Server and Microsoft Exchange in order to diagnose configuration and connection issues involving SMTP and DNS.

Per Microsoft:

“SMTPDiag issues DNS queries using both User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) to validate that the queries will succeed. If TCP queries fail, mail will not be delivered successfully.

The first thing that SMTPDiag does after verifying syntax is to check the Start of Authority (SOA) record for the remote address domain. The next step is to validate that the local domain MX/A records are resolvable. This test verifies that the sender domain is valid and any bounces can return to the originating server. This test could fail if the domain is not resolvable from inside the firewall. The remote domain MX/A records are then checked also. If this step fails, mail will not route because of issues with DNS.

At this point, the network DNS infrastructure must be investigated. When all the DNS records have been successfully queried, the tool will try to connect to all the MX (mail exchange) records that were published for the remote domain on port 25 and try to do an EHLO, mail from, rcpt to, and quit command.”

Key features

• Makes test requests based on user-inputted information, such as sender and receiver
•  
• Validates that DNS MX records are configured correctly
•  
• Ensures that the correct firewall or proxy ports are open for SMTP to properly work
•  
• Ensures the correct permissions on the relevant SMTP directories such as BadMail, Pickup, etc.

To use the SMTP Diagnostics utility:

1. Go to Start -> Run.>p>
2. Type command and hit Enter.
3.  
4. Once the command window is open, type: cd
5. Now type: cd “Program FilesIIS ResourcesSMTPDiag”

    

6. Finally, enter the following syntax to use the tool:
7. SMTPDIAG “sender address” “recipient address” [-d target DNS] [/v]

Below is a look at the results. (Email servers, email addresses, DNS servers, etc. are blocked out though, of course.)

How to use Trace Diagnostics 1.0 to troubleshoot IIS issues

HTTP requests often go into Isapi filters, and either never come back out, or become extremely slow or unresponsive. Using the underlying Enterprise Tracing for Windows (ETW), the Trace Diagnostics utility simplifies HTTP request-tracing. It includes several components, including IISREQMON, IISTRACE for the command-line and IIS Request Viewer (User Interface). The toolset will only install on Service Pack 1 or higher versions of Windows.

When an Internet Information Services (IIS) worker process has become unresponsive or slow, Trace Diagnostics is used to understand what requests are executing in that worker process. When an HTTP request is picked up by IIS, it may be handled by multiple components before a response is generated back to the client computer. If a request fails or becomes unresponsive as it makes its way through these components, error-reporting channels like the Windows Event Log and the HTTP Error Log might not provide enough detail to help you locate the source of the problem. That’s when tracing comes in handy.

Key features

• Request Monitoris a command-line helper tool for working with currently executing requests in IIS 6.0 running on Microsoft Windows Server 2003 SP1 or later. It will help you determine what requests are executing in a worker process when it has become slow or unresponsive. When enabled, Request Monitor prompts worker processes to report statistics and details about every request in each worker process. 
• IISTraceis a command-line helper tool for requesting tracing in IIS 6.0 running on Microsoft Windows Server 2003 SP1 or later. IIStrace goes beyond iisreqmon. It allows you to view requests in an apppool and trace the events that occur in order to process those requests. This means you can identify flaws in customer code and provide them with guidance on making corrections. 
• IIS Request Viewer is a GUI that displays all currently running application pools, threads and currently executing requests per application pool. It uses the underlying tracing commands to create, start, refresh and stop traces. It will display the Request ID, Client IP, State of the request and Time that the request has been taking.

These components of the Trace Diagnostics utility can help you determine root causes of HTTP request issues, specify which providers report events to ETW during a specific trace session, customize how much trace data providers report to ETW, determine which URLs to trace, thereby focusing your troubleshooting efforts on a specific application.

From a high level, request-based tracing works like this:

1. The administrator enables a tracing session on the IIS server from a command prompt. 
2. Enterprise Ttracing for Windows (ETW) notifies IIS providers to begin reporting trace events. 
3. A request enters the IIS worker process. 
4. The administrator stops the trace session and reviews the trace log to locate the source of the problem. 
5. Problems are typically identified by error events or a START event that does not contain a corresponding END event.

Since there are multiple tools within the Trace Diagnostics utility, each with their own specific attributes, I will only focus on using the GUI tool, IIS Request Viewer. To trace requests in using the IIS Trace tool:

1. Go to Start-> Programs -> IIS Diagnostics (32bit) -> Trace Diagnostics -> IIS Request Viewer -> reqviewer.exe. 
2. Click File -> Retrieve Requests. 
3. Expand the left-hand navigation tree to view the different application pools running on your system. 
4. View the requests in the right-hand window.

If you get the common error below, set your TEMP system variable to something shorter, like C:Temp.

ERROR: Open TraceLogFile() failed (Win32 error -largeinteger – The path specified is invalid)

For more information, read Trace Diagnostics Known Bugs and How to Fix ‘Em.