What are these entries?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ IIS
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - IIS debugdiag results - now how to fix it? I have run the DebugDiag beta tool and get this result, but was unable to access the support newsgroup to ask what to do about it. Anyone know if there has been any hotfixes/patches/known problems with msvbvm50.dll (on windows 2000)? Detected possible blocking or leaked critical section at msvbvm50!Rby_ThreadPool+b4 owned by thread 20 in 3076-1112750616.dmp Impact of this lock 100.00% of executing ASP Requests blocked 22.86% of threads blocked (Threads 15 16 17 18 19 21 22 23) The following functions are trying to enter this critical section msvbvm50!CMutexSem::Request+10 The following module(s) are involved with this critical section c:\WINNT\system32\msvbvm50.dll from Microsoft Corporation Tag: What are these entries? Tag: 363386
  - 2
    - Need to share data asynchronously between ASP.NET and Legacy Syste Hello: I am using ASP.NET as our front end. I also have to interface to some legacy systems that use a callback mechanism. The legacy systems use callbacks (via CORBA) to communicate back to clients. The ASP.NET web pages will initiate communication with the legacy backend, but results from the backend will often take quite some time and will be asynchronous in nature in their return. We have successfully created a prototype that integrates .NET and ASP.NET with the CORBA backend using the IONA Artix product. Its works very nicely and is fully based on Web Services and is transport agnostic. I want to take this prototype and create an application, or separate thread in IIS that can access the legacy systems, handle the callbacks, and store the results of the callbacks so that subsequent requests can access the data, or client based applets or J# Browser Controls on the client can listen for the data. I am looking for a method to share data between the standard ASP.NET HTTP pipeline and this â??legacy handling threadâ??, or application. Things that come to mind is the ASP.NET cache, application state, or some other state mechanism. The issue is this is really not state, but data that is returned from the asynchronous callbacks. I have looked into to IHTTPAsyncHandler but it looks like that mechanism really exists to offload the CLR threadpool so more requests can be handled (makes perfect sense). What I need is a thread running that is not associated with any specific request. This thread should run in the IIS process space, but needs to share data with requests. This is somewhat like what the Shared Property Manager did in MTS. The ultimate goal would be to implement the Observer pattern. That is, a request can execute a synchronous method and register for some work to be done asynchronously by the back end system. Then the browser clients would be notified when the work has completed. Things that come to mind here are applets and web services. Any suggestions here would be greatly appreciated. Thanks. -- Patrick Tag: What are these entries? Tag: 363385
  - 3
    - DFS Question Dear All -- I have an IIS webserver sitting in a DMZ. It is not a domain member. I have a ton of files sitting locally on that box (like 50 gigs). I want to redirect requests for these files to a member server on my domain in my internal network which has another copy of those files (don't ask why we do it this way now). I can do this by creating a virtual directory on the IIS box and pointing it to "a share located on another computer." I then create a local account on the IIS box and another local account with the same name on the member server internally, and synch the passwords. I point the share to \\server.fqdn.com\sharename, tell IIS to use that account to access the files, and the requests pass through OK. However, for redundancy and load-balancing purposes I would like to tell IIS to actually use a DFS share on the domain. IIS complains about the DFS name (in the format of \\domain.com\dfsroot\sharename) not being a valid UNC name and won't recognize it. Has anybody been able to get DFS to work with an IIS virtual directory like this? I can get it to work with a regular share and was hoping that there is some sort of registry or metabase hack to get it to work with DFS. Thanks, Josh Tag: What are these entries? Tag: 363375
  - 4
    - web and ntfs permission on virtual diectory Hi, I have created a virtual directory on my IIS 6 server and enabled webdav for web folder access. I have assigned proper ntfs permission for users who can read, write, delete and list folders/files on the virtual directory. When I tried accessing the virual directory via web folder, I seem to be able to do all the above except deleting files/folder. I then look at the web permission and found that there is not delete function on individual web/virtual folder. Can someone tell me if this is designed that way or I am missing something. Thanks Keith Tag: What are these entries? Tag: 363371
  - 5
    - IIS PHP using different php.ini files I'm running IIS 6 unders windows 2003. I am trying to run php on 2 websites but they each need different configuration settings hence I need php to use different php.ini files for each website. I have found posts that suggest that if you put a php.ini file in the directory of the website it will use it. So i have done so. each site has its own php.ini in the root directory of the website. There exists no other php.ini files except for the 2 directories. But when I start iis neither site uses the php.ini file in the directory. In fact it doesn't use any php.ini file. Is there a way to do this? Tag: What are these entries? Tag: 363369
  - 6
    - Signing my own certificates in IIS? Hi everyone, A user of mine would like a new SSL certificate to test something with. He doesn't need it to be signed by Verisign or a legitimate CA, at least not now. I've generated many a cert in IIS 5 before, but I've always sent the .cer file to Verisign for approval, and am not certain how to "sign" it myself. Would anyone have suggestions on how I could do this? Thanks for the help. Tag: What are these entries? Tag: 363362
  - 7
    - global.asa and global.asax I have windows 2003 server running with IIS5 and I have enabled to use asp and asp.net. What I am trying to do is this. I have a page from server1, lets say it's http://www.server1.com/searches/results.asp or http://www.server1.com/searches/results.aspx, depending whether I use asp or asp.net. on server1, the member has already logged in and did a search for a image file. this page shows search results and differents images people can download. and for each result you can download an image. You can either download one or how mnay images you want that are on the search results page. I am using http://www.informatik.com/tiffdll.html to merge images if they chose more than one image to download. the images however are one server2 in the http://www.server2.com/images/download directory. and in the download directory there subfolders for the different types of image files. I would like to set something up where the server2 would only let members download from the server 1 link in the downloads directory. I have read some on http_HTTP_REFERER but that's not always 100%, Can someone please lead me the right way, should I be using global.asa or global.asax???? I just need some kind of rule where the downloads directory will only be accessable in server2 from using only the link provided by server1. thanks in advance. Tag: What are these entries? Tag: 363356
  - 8
    - How can I redirect request to my virtual folder? thank you very much! Hi, I am implementing a webdav, so I need map all requests to my httphandler, for example, I created a vritual folder davfiles, every calls llike http://localhost/deavfiles/helpme.doc will go to my httphandler. That works fine. But I have no way to capture request to http://localhost/deavfiles/ or http://localhost/deavfiles, someone suggested me to add default document to handle it. But it didn't work, since the requests are not normal webpage request. I guess what I need to know is how IIS handle request to a virtual folder, how can I redirect the call to my httphandler? I suspect httphandler may not be able to handle it, so do I need use ISAPI? if so, any suggestion? Thanks! -- David WENG Tag: What are these entries? Tag: 363354
  - 9
    - url displays http://sitename//site I have an IIS6 website that is using the weblogic forwarding (iisproxy.dll,iisforward.dll and iisproy.ini) but when the site displays it has an extra /. presents as http://sitename//site should be http://sitename/site (single slash) the site takes longer to load via IIS6 then direct connection to the weblogic server. please advise Tag: What are these entries? Tag: 363353
  - 10
    - Chaining Microsoft Certificate Authority as intermediate to a third party root CA Hi, I am looking for any documentation, explanation or url that shows how I can make a third party company (thawte, verisign, etc..) a root CA for our network. We want to use MS CA as the intermediate CA and I can find no way on the net that explains how one accomplishes this from within MS CA. We want to manage our certificates internally to save money and have a central management interface. Thanks in advance! Ken Vizena Tag: What are these entries? Tag: 363348
  - 11
    - restarting IIS or executing commands from remote Hi all what's the best way to manually restart IIS service or run a specific command from remote? Thanks in advance! Tag: What are these entries? Tag: 363345
  - 12
    - Services.exe using high memory I have a Windows 2000 Server box (IIS 5) with 2GB RAM. It hosts 5 FTP sites (all of them with very light traffic), 1 Asp.net site (with about 10K hits per day), and 3 custom .Net windows services written in C#. Every few days, the FTP sites quit functioning. The box was rebooted yesterday, and it has been up for about 24hrs straight right now, and in task manager it shows that the two biggest memory users are services.exe with 116MB used, and aspnet_wp.exe with 93 MB used. It seems to me that services.exe may be leaking memory. Does that figure sound high to anyone else? Maybe the custom .net windows services have some problems. I also have a Windows Server 2003 box (IIS 6) with 40 sites or so, and services.exe on that box is only using 16 MB! Any ideas? TIA, -- Berry Morgan JSO Tag: What are these entries? Tag: 363335
  - 13
    - User domain is wrong Hi All, I have a problem with windows integrated authentication. This is how I want it to work: The user log in att his computer at the office, then opens Internet Explorer and goes to our SAP Portal and get logged in witht the same domain/username as when he logged in on the domain on his computer. Now, this works fine for everyone except for one user. He logs on his computer as everyone else. But when he opens his browser and gets to the Portal he gets prompted for username and password. When I check the log file on the IIS he gets logged as serverdomain/guest instead of domain_he_logged_in_on/username. Does anyone here know how to solve this? Another user had the same problem before, but he solved it by changing the setting to username/password and then logged in with domain/username and password, the changed back to windows integrated authentication and since then everything has worked for him. Of course I could do that for the current user too, but I'd like to understand what the problem is and how to solve that. Any ideas? --- Regards, Lennart Tag: What are these entries? Tag: 363332
  - 14
    - Dllhost.exe memory leak Good Day; We have a leak in dllhost.exe, I have downloaded and installed IISstate and I was wondering if I can attach it to a PID before an actual hang to see if the logs will point us in the right direction. Or do I have to wait for a hang before I run IISstate? Thanks. Tag: What are these entries? Tag: 363331
  - 15
    - validationsummary iis 6.0 doesn't work Hy to everybody , I have a problem regarding IIS5 to IIS6.0 migration: I am developing a web site on IIS5 on wxp machine and in an insert data pages i have put a ValidationSummary object for the submiting data. Everything has worked fine until i have decided to migrate the application on IIS6.0 on aWindow Server 2003 machine: here the validationsummary doesn't block the data posting (at leat it seems to me) Does someone help me? regards gelt75. Tag: What are these entries? Tag: 363330
  - 16
    - use specific ip address and not 0.0.0.0 Hi! I need to run several services on port80 on my server, and I have lots of ip addresses. The other services only uses one ip address, but IIS tries to get all ip adresses (0.0.0.0) In the following I have hidden ip adresses: When other service started: netstat -an | grep LISTEN 456.456.456.456:80 0.0.0.0:0 LISTENING 456.456.456.457:80 0.0.0.0:0 LISTENING when IIS is started: 0.0.0.0:80 0.0.0.0 LISTENING How do I get IIS only to listen on one ip ? I have tried some articles on microsoft.com: http://support.microsoft.com/default.aspx?scid=kb;EN-US;813368 http://support.microsoft.com/default.aspx?scid=kb;EN-US;238131 but it do not seem to have any effect... Any good advice ? -- Sune Tag: What are these entries? Tag: 363327
  - 17
    - IIS Install Hi, I am in the process of configuring my IIS server and have some questions. OS will be Win2k3 and will be hosting ASP.Net applications from the box. My server currently has two drive configurations Raid-1 and Raid-5. I have placed the OS in the Raid-1 configuration and will place IIS on the Raid-5 configuration. I will install IIS using a Unattended type installation, this way i can place the Inetpub in a location of my choosing. I want to keep the OS isolated from all applications. My question is can this be done with FrontPage Server 2002 Extensions as well? FPSE is installed in the following default location i would like to change this to a partition other than the root OS. C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\ Thanks, Ron Tag: What are these entries? Tag: 363324
  - 18
    - Unreasonably slow performance posting files to IIS I have a Web Service with a method that handles file uploads. The file is sent as a DIME attachment to the SOAP request. The post is successful, the file is received and the correct response is sent back to the client. The problem is that this is UNBELIEVEABLY slow! My last tests were with a 4MB file. The tests took between 30 and 40 seconds total. The web service code finished its work in 750-790 milliseconds. When monitoring the network interface the full 4MB of data were received in 1-2 seconds. The same is true when monitoring bytes received on the web service application. This would led me to the conclusion that a 4 MB post should take no more than 4 seconds to handle. Between the 1-2 seconds for the data to be received and the 790 millisecond code execution there is NO data received by the webservice and there is NO CPU use exept for what is normal when idle. My question is: why? And what can be done to deal with this? I have heard that this is an issue with newer versions of IIS caused by a built in delay when receiving large amounts of data in a single request, and that this is a non-configurable feature to limit the effects of attackers posting large amounts of data to "block" the server. Is there any truth to this? Thanks in advance for any help/hints/tips anyone has. Best regards Sven Thorsen Tag: What are these entries? Tag: 363322
  - 19
    - max size of Form? I have a rather large form, I want to post to an asp page, that works. But when I add a field to that form, no data is submitted. If I use GET, a click to the submit button simply does nothing. When I use POST, the form gets submitted but with no data in it. Where in SBS2003 (IIS 6) can I define the max Size of the data that is allowed in forms? TIA Markus Tag: What are these entries? Tag: 363321
  - 20
    - IIS Problem I elevated a server to be another domain server and caused another instance of Share Point Portal Server. As a result the web site will not run because it is trying to run 2 copies although it is only possible to se one. It won't even uninstall. Any ideas? The error message states: "The process can not access the file because it is being used by another process." Tag: What are these entries? Tag: 363320
  - 21
    - IIS permissions denied - folder read only and won't change Hi, I have an Intranet site that is being displayed okay for users who need to access it for information. However, those who need to update it cannot do so. It gives permision denied, when they either try to create a folder of or page directly into a folder, or when they try to publish in FrontPage 2003, they get: "Server error: The Server Extensions were unable to access the file "...._vti_pvt\service.lck". Please check file permissions" As far as I see the users belong to the group that has been granted modify permssions to the folders. Yet, when I look at permissions in Explorer on the Server itself, on the general tab, the Attributes, Read Only is ticked. It is greyed out, but I can untick it and it seems to apply the changes. Yet, when I look at it again it has been set back to Read Only. So, I'm assuming something is doing this and that is what is denying the users access to the folders? In case it's relevant the whole of this site was copied across from an old NT 4 box that was running IIS 4 (I think) What am I missing here? If it's something stupid please forgive my ignorance. i've been reading on this for several days now, but haven't found a solution. Thanks, Neil. Tag: What are these entries? Tag: 363319
  - 22
    - Error loading default page Hi, I just installed IIS on XP Pro SP2, and I get the following message when I try to view the default webpage of http://192.168.2.101. It comes up with a dialog box asking for a password first, but nothing works, I didn;t set any passwords and the windows ones don't work . You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. -------------------------------------------------------------------------- Please try the following: a.. Click the Refresh button to try again with different credentials. b.. If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the 192.168.2.101 home page. HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet Information Services -------------------------------------------------------------------------- Technical Information (for support personnel) a.. Background: This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource. b.. More information: Microsoft Support When I go to http://localhost or http://127.0.0.1 I get the following errors The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. -------------------------------------------------------------------------- Please try the following: a.. If you typed the page address in the Address bar, make sure that it is spelled correctly. b.. Open the 127.0.0.1 home page, and then look for links to the information you want. c.. Click the Back button to try another link. d.. Click Search to look for information on the Internet. HTTP 404 - File not found Internet Explorer Thanks in advance for your help. Anthony Tag: What are these entries? Tag: 363318
  - 23
    - Error loading default page Hi, I just installed IIS on XP Pro SP2, and I get the following message when I try to view the default webpage of http://192.168.2.101. It comes up with a dialog box asking for a password first, but nothing works, I didn;t set any passwords and the windows ones don't work . You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. -------------------------------------------------------------------------- Please try the following: a.. Click the Refresh button to try again with different credentials. b.. If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the 192.168.2.101 home page. HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet Information Services -------------------------------------------------------------------------- Technical Information (for support personnel) a.. Background: This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource. b.. More information: Microsoft Support Thanks in advance for your help. Anthony Tag: What are these entries? Tag: 363317
  - 24
    - Another log questions Another question from me. I got this log particulars that I couldn't understand. '220.255.109.97 - W3SVC1 PROPFIND /C$ 404 0' I know what 404 means. But what is the meaning of the word 'PROPFIND'? Thanks again. Tag: What are these entries? Tag: 363316
  - 25
    - You are not authorised to view this page Hi, I just installed IIS on XP Pro SP2, and I get the following message when I try to view the default webpage of http://192.168.2.101. It comes up with a dialog box asking for a password first, but nothing works, I didn;t set any passwords and the windows ones don't work . You are not authorized to view this page You do not have permission to view this directory or page using the credentials you supplied. -------------------------------------------------------------------------- Please try the following: a.. Click the Refresh button to try again with different credentials. b.. If you believe you should be able to view this directory or page, please contact the Web site administrator by using the e-mail address or phone number listed on the 192.168.2.101 home page. HTTP 401.2 - Unauthorized: Logon failed due to server configuration Internet Information Services -------------------------------------------------------------------------- Technical Information (for support personnel) a.. Background: This is usually caused by a server-side script not sending the proper WWW-Authenticate header field. Using Active Server Pages scripting this is done by using the AddHeader method of the Response object to request that the client use a certain authentication method to access the resource. b.. More information: Microsoft Support When I go to http://localhost or http://127.0.0.1 I get the following errors The page cannot be found The page you are looking for might have been removed, had its name changed, or is temporarily unavailable. -------------------------------------------------------------------------- Please try the following: a.. If you typed the page address in the Address bar, make sure that it is spelled correctly. b.. Open the 127.0.0.1 home page, and then look for links to the information you want. c.. Click the Back button to try another link. d.. Click Search to look for information on the Internet. HTTP 404 - File not found Internet Explorer Thanks in advance for your help. Anthony Tag: What are these entries? Tag: 363315
- Next
  - 1
    - Deleting your search bar How can you remove the option of viewing what you have previously searched for in a search engine? Tag: What are these entries? Tag: 363314
  - 2
    - asp pages return "page cannot be displayed" Hi, I installed IIS 6 on windows 2003 server sp1. Then installed SUS. when i browse susadmin getting "the page cannot be dislayed". if i replace default.asp with a htm file diplaying correctly. thanks Tag: What are these entries? Tag: 363313
  - 3
    - Problem with path in IIS - XP SP2 I have a html that calls an exe <form method="post" action="WebTest3.exe" name="LogonForm"> This exe is a VB application that uses the app.path - In Win XP without SP2 app.path = "c:\myvirtualfolder\" - In Win XP with SP2 app.path = "\\?\c:\myvirtualfolder\" The application can run, but it gets the "\\?\" Any ideas? Pedro Tag: What are these entries? Tag: 363309
  - 4
    - Controlling Connections -- OK -- I have seen a lot of other sites do it recently, now I want to know. How can I set my IIS 6.0 to only allow users to download no more than two files simultaneously? It would appear they can also not go back to any web pages and refresh until one of the active connections are closed. Tag: What are these entries? Tag: 363304
  - 5
    - iis unattended configuration Hi, In an unattended install of Windows XP SP2 using winnt.sif, is there a way to specify the ftproot directory permissions for an IIS installation. Normally it is set to read-only. I want to add write permissions. The [InternetServer] section allows you to specify the PathFTPRoot but not the permisssions. Alternatively is there a registry setting that can make this work? Also does the PathFTPRoot allow you to specify a path using %SystemDrive%\XXX. I notice that the IIS admin tool doesn't allow you to specify such a path. Tag: What are these entries? Tag: 363301
  - 6
    - iis 5.1 XPPro not serving Documentation content frame Just got laptop with XPPro. IIS server started and working. IIS documentation appears but with content pane not appearing. .asp files serve as normal. I've checked .asp file ( C:\WINDOWS\Help\iisHelp\iis\misc\contents.asp ) is present and works when opened using this path. .cab file ref in <OBJECT> tag ( C:\WINDOWS\Help\iisHelp\common\i386.cab ) present. Can anyone help get documentation working ? Thanks Chris Wrigley mailto:arthurthecat@tesco.net Tag: What are these entries? Tag: 363300
  - 7
    - How to access file on network share folder? Hi, I am setting up a IIS, I set it to use anonymous login, I want my dll to access shared folder in another machine. So I created a domain group, and give it full permission on the shared folder. And then add the IUsr_(myiismathcine) be member of the domain group. But I still get access denied error. Could anyone tell me how to setup IIS like this? Do I have to use domain user instead of IUsr_?? user in this case? Thanks! -- David WENG Tag: What are these entries? Tag: 363299
  - 8
    - Default Page Not Recognized I have a windows 2000 server running IIS 5 that has gone a little batty. It seems to be ignoring the default page that is listed. For instance one site on it has default.htm listed as the only default page. However when browsing to the site, you get a 404 Page not found error... however if you include the filname in the url to go to the page directly, its served up just fine. The site uses anonymous access.... Any ideas on what can cause it to ignore its default page list? Tag: What are these entries? Tag: 363297
  - 9
    - Debug Diagnostics Beta - Release Candidate 1 **Microsoft releases Debug Diagnostics 1.0 - Release Candidate 1** Microsoft is working diligently on a new tool designed to make the life easier for IIS administrators and developers who are tasked with solving complex problems such as crashes, hangs, or memory leaks. The tool, called Debug Diagnostics 1.0, is the next generation debugging utility that extends on the functionality of previous tools such as IIS Debug Toolkit 1.1, Debug Matrix, and IIS State. This tool will be the only fully supported tool for debugging applications that run on IIS upon release and is supported on the IIS 4.0, 5.0, 5.1, and 6.0 platforms. To join the beta and provide invaluable feedback to the designers, please do the following - 1. Go to http://beta.microsoft.com 2. Login in with your passport id. 3. Login using the guest ID "DebugDiag" (it's case sensitive) 4. Click on the "IIS Debug Diagnostic Tool" link. 5. On the left hand side expand survey and select "IIS Debug Diagnostic Tool Nomination Form" Note: if the customer only wants DebugDiag and doesn't want to sign up for the beta they can do this by selecting "Click here to download IIS Debug Diagnostic Tool" from the File Downloads section. *You may be prompted to install an activeX control This tool is also receiving full support via newsgroups which are available by doing the following - 1. Connect to http://webnews.microsoft.com 3. For account name, enter "<Your Beta ID>" 4. Enter your Newsgroup Password (if you do not have a Newsgroup password - you can create it on BetaPlace by selecting Modify Your Info from the top navigation bar). Click OK. 5. Select the Program Name or particular newsgroup on the left pane to access. To provide bug and customer feedback, please open bugs via the beta.microsoft.com using your Microsoft Passport. It would be incredibly powerful for us to get your feedback and make a true difference in your lives and Microsoft's. Thanks in advance, ~Chris Adams Web Platform Supportability Lead Tag: What are these entries? Tag: 363295
  - 10
    - partial get file size limit We are using IIS to server up large images. We have a java applet connected to IIS and it is making partial get requests to pull back pieces of the image. It has been working fine for years, but now we have passed the 2GB limit. Does anyone know if there is a problem with IIS and partial gets on files larger than 2GB? It seems that someone might have used an int instead of a long when coding the partial gets. We see the problem with a file that is 2,294,400,979 bytes, and an int is 2,147,483,647. Any help would be greatly appreciated! Rob Tag: What are these entries? Tag: 363290
  - 11
    - w3wp.exe Hanging - IISState log We are upgrading from W2K/IIS5 to Win2003/IIS6 Our web service methods on our web server use remoting to get data from components on our app server. This setup has been workgin fine in IIS5. In our new servers, we are getting a consistent hang of w3ws.exe. Typically it will have ~60 threads 80M memory at the time. W3WS.exe is raising this error in the system event log Application popup: w3wp.exe - Application Error : The instruction at "0x77bc6f76" referenced memory at "0x00000000". The memory could not be "read". Click on OK to terminate the program Click on CANCEL to debug the program I am appending the IISstate log for the w3wp process. (I have clipped some out to fit in th 30k line limit) Any ideas would be much appreciated Opened log file 'C:\IISState\output\IISState-1940.log' *********************** Starting new log output IISState version 3.3.1 Wed May 25 16:11:15 2005 OS = Windows 2003 Server Executable: w3wp.exe PID = 1940 Note: Thread times are formatted as HH:MM:SS.ms *********************** Thread ID: 0 System Thread ID: 884 Kernel Time: 0:0:0.78 User Time: 0:0:0.31 Thread Status: Thread is in a WAIT state. Thread Type: HTTP Compression Thread # ChildEBP RetAddr 00 0006fc08 7c822124 ntdll!KiFastSystemCallRet 01 0006fc0c 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 0006fc7c 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 0006fc90 5a36467a kernel32!WaitForSingleObject+0x12 04 0006fca0 5a366e63 w3dt!WP_CONTEXT::RunMainThreadLoop+0x10 05 0006fca8 5a3af41d w3dt!UlAtqStartListen+0x2d 06 0006fcb8 5a3bc259 w3core!W3_SERVER::StartListen+0xbd 07 0006ff0c 0100187c w3core!UlW3Start+0x26e 08 0006ff44 01001a23 w3wp!wmain+0x22a 09 0006ffc0 77e523cd w3wp!wmainCRTStartup+0x12b 0a 0006fff0 00000000 kernel32!BaseProcessStart+0x23 Thread ID: 1 System Thread ID: bf8 Kernel Time: 0:0:0.46 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 009eff9c 7c821364 ntdll!KiFastSystemCallRet 01 009effa0 7c81fe26 ntdll!NtDelayExecution+0xc 02 009effb8 77e66063 ntdll!RtlpTimerThread+0x47 03 009effec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 2 System Thread ID: 840 Kernel Time: 0:0:0.31 User Time: 0:0:0.15 Thread Type: Other # ChildEBP RetAddr 00 00a2ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 00a2ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 00a2ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 00a2ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 3 System Thread ID: 930 Kernel Time: 0:0:0.0 User Time: 0:0:0.15 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 00aafe18 7c821c54 ntdll!KiFastSystemCallRet 01 00aafe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc 02 00aaff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198 03 00aaff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd 04 00aaffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d 05 00aaffb8 77e66063 RPCRT4!ThreadStartRoutine+0x1b 06 00aaffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 8 System Thread ID: 88c Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 00e2fcec 7c822114 ntdll!KiFastSystemCallRet 01 00e2fcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc 02 00e2ffb8 77e66063 ntdll!RtlpWaitThread+0x161 03 00e2ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 9 System Thread ID: 98c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: HTTP Compression Thread # ChildEBP RetAddr 00 017ffa84 7c822124 ntdll!KiFastSystemCallRet 01 017ffa88 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 017ffaf8 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 017ffb0c 5a3b8147 kernel32!WaitForSingleObject+0x12 04 017fffb8 77e66063 w3core!HTTP_COMPRESSION::CompressionThread+0x126 05 017fffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 10 System Thread ID: f1c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0183ff70 7c821364 ntdll!KiFastSystemCallRet 01 0183ff74 77c5fa28 ntdll!NtDelayExecution+0xc 02 0183ff8c 77c5f824 RPCRT4!TIMER::Wait+0x2b 03 0183ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0xe8 04 0183ffb8 77e66063 RPCRT4!ThreadStartRoutine+0x1b 05 0183ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 11 System Thread ID: a98 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0187ff8c 7c821364 ntdll!KiFastSystemCallRet 01 0187ff90 7c815267 ntdll!NtDelayExecution+0xc 02 0187ffb8 77e66063 ntdll!RtlpIOWorkerThread+0x3f 03 0187ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 12 System Thread ID: 54c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker succeeded Loaded Son of Strike data table version 5 from "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll" Thread 12 Not a managed thread. Begin System Thread Information # ChildEBP RetAddr 00 01a6fe70 7c822114 ntdll!KiFastSystemCallRet 01 01a6fe74 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 01a6ff1c 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 01a6ff38 791d283b kernel32!WaitForMultipleObjects+0x18 04 01a6ffa0 791d27b2 mscorwks!DebuggerRCThread::MainLoop+0x90 05 01a6ffb0 791d453a mscorwks!DebuggerRCThread::ThreadProc+0x68 06 01a6ffb8 77e66063 mscorwks!DebuggerRCThread::ThreadProcStatic+0xb 07 01a6ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 13 System Thread ID: a18 Kernel Time: 0:0:0.62 User Time: 0:0:0.15 Thread Status: Thread is in a WAIT state. Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 13 ESP EIP Begin System Thread Information # ChildEBP RetAddr 00 01b4fdf8 7c822114 ntdll!KiFastSystemCallRet 01 01b4fdfc 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 01b4fea4 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 01b4fec0 792650ff kernel32!WaitForMultipleObjects+0x18 04 01b4fee0 791b9872 mscorwks!WaitForFinalizerEvent+0x5a 05 01b4ff24 791cede0 mscorwks!GCHeap::FinalizerThreadStart+0x96 06 01b4ffb8 77e66063 mscorwks!Thread::intermediateThreadProc+0x44 07 01b4ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 14 System Thread ID: 9c0 Kernel Time: 0:0:0.78 User Time: 0:0:0.15 Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 14 ESP EIP Begin System Thread Information # ChildEBP RetAddr 00 01ceff74 792ee237 mscorwks!ThreadpoolMgr::DeactivateNthWait+0x1 01 01ceff8c 792ee409 mscorwks!ThreadpoolMgr::ProcessWaitCompletion+0x17 02 01ceffb8 77e66063 mscorwks!ThreadpoolMgr::WaitThreadStart+0x7c 03 01ceffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 15 System Thread ID: d44 Kernel Time: 0:0:0.93 User Time: 0:0:0.93 Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 15 Not a managed thread. Begin System Thread Information # ChildEBP RetAddr 00 0206feb0 7c821364 ntdll!KiFastSystemCallRet 01 0206feb4 77e42439 ntdll!NtDelayExecution+0xc 02 0206ff1c 77e424b7 kernel32!SleepEx+0x68 03 0206ff2c 792edf9e kernel32!Sleep+0xf 04 0206ffb8 77e66063 mscorwks!ThreadpoolMgr::GateThreadStart+0x54 05 0206ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 16 System Thread ID: 6c8 Kernel Time: 0:0:10.187 User Time: 0:0:4.453 IISState has detected that this thread has thrown an unhandled exception and is about to crash. IISState will now attempt to display the original faulting stack. .cxr 20af744 # ChildEBP RetAddr 00 020afa0c 5a39f9a2 msvcrt!_purecall+0xb 01 020afb50 5a32cf84 w3core!ISAPI_REQUEST::SendResponseHeaders+0x5d 02 020afb78 5a3218b5 w3isapi!SSFSendResponseHeader+0xe0 03 020afbe8 79e76100 w3isapi!ServerSupportFunction+0x351 04 020afc0c 79e7637c aspnet_isapi!HttpCompletion::ReportHttpError+0x3a 05 020afe50 79e7619c aspnet_isapi!HttpCompletion::ProcessRequestInManagedCode+0x1d1 06 020afe5c 79e8e244 aspnet_isapi!HttpCompletion::ProcessCompletion+0x24 07 020afe70 792ed3e2 aspnet_isapi!CorThreadPoolWorkitemCallback+0x13 08 020afe84 792ed5db mscorwks!ThreadpoolMgr::ExecuteWorkRequest+0x19 09 020afea4 792eccf3 mscorwks!ThreadpoolMgr::WorkerThreadStart+0x129 0a 020affb8 77e66063 mscorwks!ThreadpoolMgr::intermediateThreadProc+0x44 0b 020affec 00000000 kernel32!BaseThreadStart+0x34 **Current Stack State** Other information: Thread is throwing an exception. Checking for known issues. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll - *** WARNING: Unable to verify checksum for D:\PBWeb\Filters\UrlMapFilter.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for D:\PBWeb\Filters\UrlMapFilter.dll - *** ERROR: Module load completed but symbols could not be loaded for c:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll *** ERROR: Module load completed but symbols could not be loaded for c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\VERSION.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ADVAPI32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msi.dll - *** WARNING: Unable to verify checksum for c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_eb2d8503\mscorlib.dll *** ERROR: Module load completed but symbols could not be loaded for c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_eb2d8503\mscorlib.dll *** WARNING: Unable to verify checksum for c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\58d42327\990f262b\assembly\dl2\870d2a06\00b60a49_b24ac501\webqueries.dll *** ERROR: Module load completed but symbols could not be loaded for c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\58d42327\990f262b\assembly\dl2\870d2a06\00b60a49_b24ac501\webqueries.dll Thread Type: Other # ChildEBP RetAddr 00 020af3a4 7c821b74 ntdll!KiFastSystemCallRet 01 020af3a8 77e999ea ntdll!NtRaiseHardError+0xc 02 020af614 77e840a1 kernel32!UnhandledExceptionFilter+0x4b4 03 020af61c 77e6b7f9 kernel32!BaseThreadStart+0x4a 04 020af644 7c82eeb2 kernel32!_except_handler3+0x61 05 020af668 7c82ee84 ntdll!ExecuteHandler2+0x26 06 020af710 7c82ecc6 ntdll!ExecuteHandler+0x24 07 020af730 77bc6f76 ntdll!KiUserExceptionDispatcher+0xe 08 020af7f8 77bc6f76 msvcrt!_purecall+0xb Thread ID: 17 System Thread ID: 5b0 Kernel Time: 0:0:0.31 User Time: 0:0:0.15 Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 17 Not a managed thread. Begin System Thread Information # ChildEBP RetAddr 00 0428ff38 7c821364 ntdll!KiFastSystemCallRet 01 0428ff3c 77e42439 ntdll!NtDelayExecution+0xc 02 0428ffa4 792ee51d kernel32!SleepEx+0x68 03 0428ffb8 77e66063 mscorwks!ThreadpoolMgr::TimerThreadStart+0x30 04 0428ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 21 System Thread ID: af4 Kernel Time: 0:0:0.15 User Time: 0:0:0.15 Thread Status: Thread is in a WAIT state. Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 21 ESP EIP 00aefaf4 7c82ed54 [FRAME: ECallMethodFrame] [DEFAULT] Boolean System.Threading.WaitHandle.WaitOneNative(I,UI4,Boolean) 00aefb08 799e4bb1 [DEFAULT] [hasThis] Boolean System.Threading.WaitHandle.WaitOne(I4,Boolean) 00aefb3c 01f9ae60 [DEFAULT] Void System.EnterpriseServices.ServicedComponentProxy.QueueCleaner() 00aefd44 7923c069 [FRAME: GCFrame] Begin System Thread Information # ChildEBP RetAddr 00 00aef94c 7c822114 ntdll!KiFastSystemCallRet 01 00aef950 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 00aef9f8 7929a834 kernel32!WaitForMultipleObjectsEx+0x11a 03 00aefa28 7929ad95 mscorwks!Thread::DoAppropriateWaitWorker+0xc1 04 00aefa7c 79339ff6 mscorwks!Thread::DoAppropriateWait+0x46 05 00aefac4 01e74df0 mscorwks!WaitHandleNative::CorWaitOneNative+0x6f WARNING: Frame IP not in any known module. Following frames may be wrong. 06 00aefb30 01f9ae60 0x1e74df0 07 00aefb40 7923e0bc 0x1f9ae60 08 00aefc50 7923e2a7 mscorwks!MethodDesc::CallDescr+0x1b8 09 00aefd0c 7923e315 mscorwks!MethodDesc::CallDescr+0x4f 0a 00aefd34 792e9207 mscorwks!MethodDesc::Call+0x97 0b 00aefd80 792e92d6 mscorwks!ThreadNative::KickOffThread_Worker+0x9d 0c 00aefe24 791cede0 mscorwks!ThreadNative::KickOffThread+0xc2 0d 00aeffb8 77e66063 mscorwks!Thread::intermediateThreadProc+0x44 0e 00aeffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 22 System Thread ID: 8fc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 22 ESP EIP 0598fa24 7c82ed54 [FRAME: ECallMethodFrame] [DEFAULT] Boolean System.Threading.WaitHandle.WaitOneNative(I,UI4,Boolean) 0598fa38 799e4bb1 [DEFAULT] [hasThis] Boolean System.Threading.WaitHandle.WaitOne(I4,Boolean) 0598fa6c 04be654f [DEFAULT] Void System.EnterpriseServices.ServicedComponentProxy.QueueCleaner() 0598fc74 7923c069 [FRAME: GCFrame] 0598fcbc 7923c069 [FRAME: ContextTransitionFrame] Begin System Thread Information # ChildEBP RetAddr 00 0598f87c 7c822114 ntdll!KiFastSystemCallRet 01 0598f880 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 0598f928 7929a834 kernel32!WaitForMultipleObjectsEx+0x11a 03 0598f958 7929ad95 mscorwks!Thread::DoAppropriateWaitWorker+0xc1 04 0598f9ac 79339ff6 mscorwks!Thread::DoAppropriateWait+0x46 05 0598f9f4 01e74df0 mscorwks!WaitHandleNative::CorWaitOneNative+0x6f WARNING: Frame IP not in any known module. Following frames may be wrong. 06 0598fa60 04be654f 0x1e74df0 07 0598fa70 7923e0bc 0x4be654f 08 0598fb80 7923e2a7 mscorwks!MethodDesc::CallDescr+0x1b8 09 0598fc3c 7923e315 mscorwks!MethodDesc::CallDescr+0x4f 0a 0598fc64 792e9207 mscorwks!MethodDesc::Call+0x97 0b 0598fcb0 7929cc30 mscorwks!ThreadNative::KickOffThread_Worker+0x9d 0c 0598fcf8 792e92cf mscorwks!Thread::DoADCallBack+0x5c 0d 0598fda4 791cede0 mscorwks!ThreadNative::KickOffThread+0xbb 0e 0598ffb8 77e66063 mscorwks!Thread::intermediateThreadProc+0x44 0f 0598ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 23 System Thread ID: cc8 Kernel Time: 0:0:0.906 User Time: 0:0:0.765 *** ERROR: Module load completed but symbols could not be loaded for c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\58d42327\990f262b\assembly\dl2\a39eb4bd\802dd7ff_5dc0c401\pdflib_dotnet.dll IISState has detected that this thread has thrown an unhandled exception and is about to crash. IISState will now attempt to display the original faulting stack. .cxr 6d7ed44 # ChildEBP RetAddr 00 06d7f00c 5a39f9a2 msvcrt!_purecall+0xb 01 06d7f150 5a32cf84 w3core!ISAPI_REQUEST::SendResponseHeaders+0x5d 02 06d7f178 5a3218b5 w3isapi!SSFSendResponseHeader+0xe0 03 06d7f1e8 79e76100 w3isapi!ServerSupportFunction+0x351 04 06d7f20c 79e7637c aspnet_isapi!HttpCompletion::ReportHttpError+0x3a 05 06d7f450 79e7619c aspnet_isapi!HttpCompletion::ProcessRequestInManagedCode+0x1d1 06 06d7f45c 79e8e244 aspnet_isapi!HttpCompletion::ProcessCompletion+0x24 07 06d7f470 792ed3e2 aspnet_isapi!CorThreadPoolWorkitemCallback+0x13 08 06d7f484 792ed5db mscorwks!ThreadpoolMgr::ExecuteWorkRequest+0x19 09 06d7f4a4 792eccf3 mscorwks!ThreadpoolMgr::WorkerThreadStart+0x129 0a 06d7ffb8 77e66063 mscorwks!ThreadpoolMgr::intermediateThreadProc+0x44 0b 06d7ffec 00000000 kernel32!BaseThreadStart+0x34 **Current Stack State** Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 23 ESP EIP Begin System Thread Information # ChildEBP RetAddr 00 06d7e664 7c821b74 ntdll!KiFastSystemCallRet 01 06d7e668 77e999ea ntdll!NtRaiseHardError+0xc 02 06d7e8d4 01001623 kernel32!UnhandledExceptionFilter+0x4b4 03 06d7e8f0 7c35f0c3 w3wp!WpUnhandledExceptionFilter+0x3d WARNING: Stack unwind information not available. Following frames may be wrong. 04 06d7e9a0 792b0e99 MSVCR71!_unDNameEx+0x764 05 06d7e9b0 0466ae68 mscorwks!COMUnhandledExceptionFilter+0xd 06 06d7ec14 77e840a1 pdflib_dotnet+0xaae68 07 06d7ec1c 77e6b7f9 kernel32!BaseThreadStart+0x4a 08 06d7ec44 7c82eeb2 kernel32!_except_handler3+0x61 09 06d7ec68 7c82ee84 ntdll!ExecuteHandler2+0x26 0a 06d7ed10 7c82ecc6 ntdll!ExecuteHandler+0x24 0b 06d7ed30 77bc6f76 ntdll!KiUserExceptionDispatcher+0xe 0c 06d7edf8 77bc6f76 msvcrt!_purecall+0xb Thread ID: 24 System Thread ID: d30 Kernel Time: 0:0:0.93 User Time: 0:0:0.15 Thread Type: HTTP Listener # ChildEBP RetAddr 00 01aaff24 7c821bf4 ntdll!KiFastSystemCallRet 01 01aaff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 01aaff54 5a30249e kernel32!GetQueuedCompletionStatus+0x29 03 01aaff8c 5a3026bc W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 01aaffa0 5a301db9 W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 01aaffb8 77e66063 W3TP!THREAD_MANAGER::ThreadManagerThread+0x39 06 01aaffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 25 System Thread ID: 644 Kernel Time: 0:0:0.46 User Time: 0:0:0.62 IISState has detected that this thread has thrown an unhandled exception and is about to crash. IISState will now attempt to display the original faulting stack. .cxr 440f2c4 # ChildEBP RetAddr 00 0440f58c 5a39f9a2 msvcrt!_purecall+0xb 01 0440f6d0 5a32cf84 w3core!ISAPI_REQUEST::SendResponseHeaders+0x5d 02 0440f6f8 5a3218b5 w3isapi!SSFSendResponseHeader+0xe0 03 0440f768 79e76100 w3isapi!ServerSupportFunction+0x351 04 0440f78c 79e7637c aspnet_isapi!HttpCompletion::ReportHttpError+0x3a 05 0440f9d0 79e7619c aspnet_isapi!HttpCompletion::ProcessRequestInManagedCode+0x1d1 06 0440f9dc 79e8e244 aspnet_isapi!HttpCompletion::ProcessCompletion+0x24 07 0440f9f0 792ed3e2 aspnet_isapi!CorThreadPoolWorkitemCallback+0x13 08 0440fa04 792ed5db mscorwks!ThreadpoolMgr::ExecuteWorkRequest+0x19 09 0440fa24 792eccf3 mscorwks!ThreadpoolMgr::WorkerThreadStart+0x129 0a 0440ffb8 77e66063 mscorwks!ThreadpoolMgr::intermediateThreadProc+0x44 0b 0440ffec 00000000 kernel32!BaseThreadStart+0x34 **Current Stack State** Other information: Thread is throwing an exception. Checking for known issues. *** WARNING: Unable to verify checksum for c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\58d42327\990f262b\assembly\dl2\cf7ecd76\00d7125b_f850c501\portalui.dll *** ERROR: Module load completed but symbols could not be loaded for c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\58d42327\990f262b\assembly\dl2\cf7ecd76\00d7125b_f850c501\portalui.dll *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\OLEAUT32.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\mscoree.dll - *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\cryptnet.dll - Thread Type: Other # ChildEBP RetAddr 00 0440ef24 7c821b74 ntdll!KiFastSystemCallRet 01 0440ef28 77e999ea ntdll!NtRaiseHardError+0xc 02 0440f194 77e840a1 kernel32!UnhandledExceptionFilter+0x4b4 03 0440f19c 77e6b7f9 kernel32!BaseThreadStart+0x4a 04 0440f1c4 7c82eeb2 kernel32!_except_handler3+0x61 05 0440f1e8 7c82ee84 ntdll!ExecuteHandler2+0x26 06 0440f290 7c82ecc6 ntdll!ExecuteHandler+0x24 07 0440f2b0 77bc6f76 ntdll!KiUserExceptionDispatcher+0xe 08 0440f378 77bc6f76 msvcrt!_purecall+0xb Thread ID: 54 System Thread ID: f54 Kernel Time: 0:0:0.62 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Managed Thread. Possible ASP.Net page or other .Net worker Thread 54 ESP EIP Begin System Thread Information # ChildEBP RetAddr 00 09b8f778 7c822124 ntdll!KiFastSystemCallRet 01 09b8f77c 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 09b8f7ec 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 09b8f800 792ed4ec kernel32!WaitForSingleObject+0x12 04 09b8f824 792eccf3 mscorwks!ThreadpoolMgr::WorkerThreadStart+0x3a 05 09b8ffb8 77e66063 mscorwks!ThreadpoolMgr::intermediateThreadProc+0x44 06 09b8ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 55 System Thread ID: 484 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0990ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 0990ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 0990ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 0990ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 56 System Thread ID: 940 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 09a4ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 09a4ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 09a4ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 09a4ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 57 System Thread ID: a2c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0960ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 0960ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 0960ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 0960ffec 00000000 kernel32!BaseThreadStart+0x34 *****SUMMARY***** -- Jonathan Steinberg Banc of America Securities Prime Brokerage Services Tag: What are these entries? Tag: 363285
  - 12
    - Administer IIS Hi everyone, is it true that to administer IIS you have to be a local administrator of the machine? Thanks a lot to everyone, Ivan Mckenzie Tag: What are these entries? Tag: 363282
  - 13
    - HostHeader Q I have a single IP and want to host 3 multiple sites on it www.a.com www.b.com www.c.com I can use host header value to distinguish them right? do I have to register all these domain names too??? Can someone throw an insight how to host 3 websites on a single IP and what needs to be done besides changing host records? TIA Tag: What are these entries? Tag: 363271
  - 14
    - LsaRegisterLogonProcess : Access Denied Hi all, I'm using the LSALogonUser (s4uLogon). I'm trying to connect with the LsaRegisterLogonProcess but this one fails (STATUS_PORT_CONNECTION_REFUSED) even if my calling process (account define in the Application Pool) have the SeTcbPrivilege (Act as part of operating system). I'm definetly need a token with SecurityImpersonation as Impersonation level (using LsaConnectUntrusted give me a SecurityIdentification, not enough for impersonation). The account is define in my AD (Service account), localy the SeTcbPrivilege is OK, this account is also domain controller. is running the w3s service. I'm using the Windows Authentication mode (IIS 6) and i'm running on a win2003 box. please tell me how to connect with LsaRegisterLogonProcess. Thanks a lot, FT Tag: What are these entries? Tag: 363270
  - 15
    - IISSTATE Log Any help will be greatly appreciated Opened log file 'D:\iisstate\output\IISState-1392.log' *********************** Starting new log output IISState version 3.3.1 Wed May 25 11:57:39 2005 OS = Windows 2003 Server Executable: inetinfo.exe PID = 1392 Note: Thread times are formatted as HH:MM:SS.ms *********************** Thread ID: 0 System Thread ID: 718 Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0006f99c 7c821b84 ntdll!KiFastSystemCallRet 01 0006f9a0 77e41942 ntdll!NtReadFile+0xc 02 0006fa08 77f795ab kernel32!ReadFile+0x16c 03 0006fa34 77f7943c ADVAPI32!ScGetPipeInput+0x2a 04 0006faa8 77fb2ec9 ADVAPI32!ScDispatcherLoop+0x51 05 0006fcec 010027be ADVAPI32!StartServiceCtrlDispatcherA+0x93 06 0006fe1c 01002969 inetinfo!StartDispatchTable+0x277 07 0006ff44 0100339d inetinfo!main+0x117 08 0006ffc0 77e523cd inetinfo!mainCRTStartup+0x12f 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23 Thread ID: 1 System Thread ID: 6ec Kernel Time: 0:0:0.31 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: HTTP Compression Thread # ChildEBP RetAddr 00 0082fb3c 7c822124 ntdll!KiFastSystemCallRet 01 0082fb40 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 0082fbb0 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 0082fbc4 5a36467a kernel32!WaitForSingleObject+0x12 04 0082fbd4 5a366e63 w3dt!WP_CONTEXT::RunMainThreadLoop+0x10 05 0082fbdc 5a3af41d w3dt!UlAtqStartListen+0x2d 06 0082fbec 5a3bc259 w3core!W3_SERVER::StartListen+0xbd 07 0082fe40 01002c3c w3core!UlW3Start+0x26e 08 0082fea4 01002ed7 inetinfo!LaunchWorkerProcess+0x159 09 0082ffb8 77e66063 inetinfo!W3SVCThreadEntry+0x55 0a 0082ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 2 System Thread ID: 8dc Kernel Time: 0:0:0.15 User Time: 0:0:0.46 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 0086fcb8 7c822124 ntdll!KiFastSystemCallRet 01 0086fcbc 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 0086fd2c 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 0086fd40 649f26a4 kernel32!WaitForSingleObject+0x12 04 0086fd68 010024b3 iisadmin!ServiceEntry+0x28a 05 0086ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc 06 0086ffb8 77e66063 ADVAPI32!ScSvcctrlThreadA+0x21 07 0086ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 3 System Thread ID: bfc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 00c3ff9c 7c821364 ntdll!KiFastSystemCallRet 01 00c3ffa0 7c81fe26 ntdll!NtDelayExecution+0xc 02 00c3ffb8 77e66063 ntdll!RtlpTimerThread+0x47 03 00c3ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 4 System Thread ID: 1d4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 00d4feac 7c822114 ntdll!KiFastSystemCallRet 01 00d4feb0 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 00d4ff58 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 00d4ff74 56f951ef kernel32!WaitForMultipleObjects+0x18 04 00d4ffa0 56f96a06 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x67 05 00d4ffb8 77e66063 COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x5f 06 00d4ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 5 System Thread ID: 584 Kernel Time: 0:0:0.0 User Time: 0:0:0.15 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 0165fea4 7c822114 ntdll!KiFastSystemCallRet 01 0165fea8 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 0165ff50 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 0165ff6c 620b4524 kernel32!WaitForMultipleObjects+0x18 04 0165ffac 620b48d0 metadata!CListenerController::Listen+0x29 05 0165ffb8 77e66063 metadata!StartListenerThread+0x1a 06 0165ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 6 System Thread ID: abc Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 017dfea8 7c822114 ntdll!KiFastSystemCallRet 01 017dfeac 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 017dff54 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 017dff70 6ee3a890 kernel32!WaitForMultipleObjects+0x18 04 017dffac 6ee3ab2f IISCFG!CListener::Listen+0x23 05 017dffb8 77e66063 IISCFG!CListener::ListenerThreadStart+0x36 06 017dffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 7 System Thread ID: 928 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 0171fcb4 7c822124 ntdll!KiFastSystemCallRet 01 0171fcb8 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 0171fd28 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 0171fd3c 5a31201a kernel32!WaitForSingleObject+0x12 04 0171fd5c 5a3120eb w3ssl!HTTPFilterServiceMain+0x8a 05 0171fd68 010024b3 w3ssl!ServiceEntry+0x9 06 0171ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc 07 0171ffb8 77e66063 ADVAPI32!ScSvcctrlThreadA+0x21 08 0171ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 8 System Thread ID: 8ac Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 0175febc 7c822114 ntdll!KiFastSystemCallRet 01 0175fec0 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 0175ff68 77e61075 kernel32!WaitForMultipleObjectsEx+0x11a 03 0175ff84 5a312964 kernel32!WaitForMultipleObjects+0x18 04 0175ffb0 5a311f82 w3ssl!SCM_MANAGER::RunService+0xc4 05 0175ffb8 77e66063 w3ssl!HTTPFilterServiceThreadProc+0x39 06 0175ffc4 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 9 System Thread ID: cbc Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 01a5ff20 7c822124 ntdll!KiFastSystemCallRet 01 01a5ff24 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 01a5ff94 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 01a5ffa8 5b64add1 kernel32!WaitForSingleObject+0x12 04 01a5ffb8 77e66063 strmfilt!CERT_STORE::DeletionWorkerThread+0x1a 05 01a5ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 10 System Thread ID: bc0 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 01a9fcec 7c822114 ntdll!KiFastSystemCallRet 01 01a9fcf0 7c83acfd ntdll!NtWaitForMultipleObjects+0xc 02 01a9ffb8 77e66063 ntdll!RtlpWaitThread+0x161 03 01a9ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 11 System Thread ID: f08 Kernel Time: 0:0:8.593 User Time: 0:0:27.890 Thread Type: Other # ChildEBP RetAddr 00 01b5ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 01b5ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 01b5ff54 5b65160e kernel32!GetQueuedCompletionStatus+0x29 03 01b5ff8c 5b65182c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 01b5ffa0 5b650f6c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 01b5ffb8 77e66063 strmfilt!THREAD_MANAGER::ThreadManagerThread+0x39 06 01b5ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 12 System Thread ID: 280 Kernel Time: 0:0:0.15 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 01b9fbb8 7c822114 ntdll!KiFastSystemCallRet 01 01b9fbbc 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 01b9fc64 7739cd08 kernel32!WaitForMultipleObjectsEx+0x11a 03 01b9fcc0 7738e381 USER32!RealMsgWaitForMultipleObjectsEx+0x141 04 01b9fcdc 6c7d63d5 USER32!MsgWaitForMultipleObjects+0x1f 05 01b9fd28 6930e66a INFOCOMM!IIS_SERVICE::StartServiceOperation+0x231 06 01b9fd68 010024b3 ftpsvc2!ServiceEntry+0xae 07 01b9ffa4 77f79348 inetinfo!InetinfoStartService+0x2cc 08 01b9ffb8 77e66063 ADVAPI32!ScSvcctrlThreadA+0x21 09 01b9ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 13 System Thread ID: eec Kernel Time: 0:0:0.687 User Time: 0:0:0.218 Thread Type: HTTP Listener # ChildEBP RetAddr 00 01ecff50 7c821bf4 ntdll!KiFastSystemCallRet 01 01ecff54 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 01ecff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29 03 01ecffb8 77e66063 ISATQ!AtqPoolThread+0x40 04 01ecffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 14 System Thread ID: d74 Kernel Time: 0:0:0.31 User Time: 0:0:0.93 Thread Type: HTTP Listener # ChildEBP RetAddr 00 01f0ff50 7c821bf4 ntdll!KiFastSystemCallRet 01 01f0ff54 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 01f0ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x29 03 01f0ffb8 77e66063 ISATQ!AtqPoolThread+0x40 04 01f0ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 15 System Thread ID: 16c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0220fe18 7c821c54 ntdll!KiFastSystemCallRet 01 0220fe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc 02 0220ff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198 03 0220ff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd 04 0220ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d 05 0220ffb8 77e66063 RPCRT4!ThreadStartRoutine+0x1b 06 0220ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 16 System Thread ID: cb8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: Other # ChildEBP RetAddr 00 0224fec4 7c822114 ntdll!KiFastSystemCallRet 01 0224fec8 77e6711b ntdll!NtWaitForMultipleObjects+0xc 02 0224ff70 69308dc4 kernel32!WaitForMultipleObjectsEx+0x11a 03 0224ffb8 77e66063 ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x33 04 0224ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 17 System Thread ID: 254 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: HTTP Listener # ChildEBP RetAddr 00 022cfe0c 7c822124 ntdll!KiFastSystemCallRet 01 022cfe10 71b23a09 ntdll!NtWaitForSingleObject+0xc 02 022cfe4c 71b23a52 mswsock!SockWaitForSingleObject+0x19d 03 022cff3c 71c0470c mswsock!WSPSelect+0x380 04 022cff8c 63ec4696 WS2_32!select+0xb9 05 022cffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22 06 022cffb8 77e66063 ISATQ!BmonThreadFunc+0x9 07 63ec4700 8b575600 kernel32!BaseThreadStart+0x34 WARNING: Frame IP not in any known module. Following frames may be wrong. 08 04c2c033 00000000 0x8b575600 Thread ID: 18 System Thread ID: ff8 Kernel Time: 0:0:11.828 User Time: 0:0:3.531 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0240ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 0240ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0240ff54 5a30249e kernel32!GetQueuedCompletionStatus+0x29 03 0240ff8c 5a3026bc W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 0240ffa0 5a301db9 W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 0240ffb8 77e66063 W3TP!THREAD_MANAGER::ThreadManagerThread+0x39 06 0240ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 19 System Thread ID: 410 Kernel Time: 0:0:0.453 User Time: 0:0:0.125 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0244ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 0244ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0244ff54 5a30249e kernel32!GetQueuedCompletionStatus+0x29 03 0244ff8c 5a3026bc W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 0244ffa0 5a301db9 W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 0244ffb8 77e66063 W3TP!THREAD_MANAGER::ThreadManagerThread+0x39 06 0244ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 20 System Thread ID: 398 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: HTTP Listener # ChildEBP RetAddr 00 0248ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 0248ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0248ff54 5a30249e kernel32!GetQueuedCompletionStatus+0x29 03 0248ff8c 5a3026bc W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 0248ffa0 5a301db9 W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 0248ffb8 77e66063 W3TP!THREAD_MANAGER::ThreadManagerThread+0x39 06 0248ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 21 System Thread ID: fa4 Kernel Time: 0:0:12.0 User Time: 0:0:3.796 Thread Type: HTTP Listener # ChildEBP RetAddr 00 024cff24 7c821bf4 ntdll!KiFastSystemCallRet 01 024cff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 024cff54 5a30249e kernel32!GetQueuedCompletionStatus+0x29 03 024cff8c 5a3026bc W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 024cffa0 5a301db9 W3TP!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 024cffb8 77e66063 W3TP!THREAD_MANAGER::ThreadManagerThread+0x39 06 024cffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 22 System Thread ID: 5d4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Status: Thread is in a WAIT state. Thread Type: HTTP Compression Thread # ChildEBP RetAddr 00 02f5fa84 7c822124 ntdll!KiFastSystemCallRet 01 02f5fa88 77e6baa8 ntdll!NtWaitForSingleObject+0xc 02 02f5faf8 77e6ba12 kernel32!WaitForSingleObjectEx+0xac 03 02f5fb0c 5a3b8147 kernel32!WaitForSingleObject+0x12 04 02f5ffb8 77e66063 w3core!HTTP_COMPRESSION::CompressionThread+0x126 05 02f5ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 23 System Thread ID: e1c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 021cfe18 7c821c54 ntdll!KiFastSystemCallRet 01 021cfe1c 77c7538c ntdll!ZwReplyWaitReceivePortEx+0xc 02 021cff84 77c5778f RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x198 03 021cff8c 77c5f7dd RPCRT4!RecvLotsaCallsWrapper+0xd 04 021cffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d 05 021cffb8 77e66063 RPCRT4!ThreadStartRoutine+0x1b 06 021cffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 24 System Thread ID: eb4 Kernel Time: 0:0:0.140 User Time: 0:0:0.375 Thread Type: Other # ChildEBP RetAddr 00 0234ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 0234ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0234ff54 5b65160e kernel32!GetQueuedCompletionStatus+0x29 03 0234ff8c 5b65182c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 0234ffa0 5b650f6c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 0234ffb8 77e66063 strmfilt!THREAD_MANAGER::ThreadManagerThread+0x39 06 0234ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 25 System Thread ID: c78 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0179ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 0179ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 0179ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 0179ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 26 System Thread ID: bd0 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Possible ASP page. Possible DCOM activity Executing Page: ASP.dll symbols not found. Unable to locate ASP page. Continuing with other analysis. No remote call being made # ChildEBP RetAddr 00 0385feac 7c821bf4 ntdll!KiFastSystemCallRet 01 0385feb0 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0385fedc 77c604c3 kernel32!GetQueuedCompletionStatus+0x29 03 0385ff18 77c60655 RPCRT4!COMMON_ProcessCalls+0xa1 04 0385ff84 77c5f9f1 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x117 05 0385ff8c 77c5f7dd RPCRT4!ProcessIOEventsWrapper+0xd 06 0385ffac 77c5de88 RPCRT4!BaseCachedThreadRoutine+0x9d 07 0385ffb8 77e66063 RPCRT4!ThreadStartRoutine+0x1b 08 0385ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 27 System Thread ID: 8e0 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 00c7ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 00c7ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 00c7ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 00c7ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 28 System Thread ID: c1c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0230ff24 7c821bf4 ntdll!KiFastSystemCallRet 01 0230ff28 77e6611a ntdll!NtRemoveIoCompletion+0xc 02 0230ff54 5b65160e kernel32!GetQueuedCompletionStatus+0x29 03 0230ff8c 5b65182c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x33 04 0230ffa0 5b650f6c strmfilt!THREAD_POOL_DATA::ThreadPoolThread+0x24 05 0230ffb8 77e66063 strmfilt!THREAD_MANAGER::ThreadManagerThread+0x39 06 0230ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 29 System Thread ID: f8c Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0169ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 0169ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 0169ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 0169ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 30 System Thread ID: cd8 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 0238ff70 7c821bf4 ntdll!KiFastSystemCallRet 01 0238ff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 0238ffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 0238ffec 00000000 kernel32!BaseThreadStart+0x34 Thread ID: 31 System Thread ID: 9f4 Kernel Time: 0:0:0.0 User Time: 0:0:0.0 Thread Type: Other # ChildEBP RetAddr 00 023cff70 7c821bf4 ntdll!KiFastSystemCallRet 01 023cff74 7c83ad75 ntdll!NtRemoveIoCompletion+0xc 02 023cffb8 77e66063 ntdll!RtlpWorkerThread+0x3d 03 023cffec 00000000 kernel32!BaseThreadStart+0x34 ***** Dump name is formatted as: PID-Timestamp.dmp Creating D:\iisstate\output\1392-1117036670.dmp - mini user dump ***** Closing open log file D:\iisstate\output\IISState-1392.log Tag: What are these entries? Tag: 363269
  - 16
    - Display PHP page In the past our web site was php based. At that time a manual was produced that contained a link to one of the php pages. Our new web site is completely html/xml. Obviously the link to the php page no longer works. Is there a way I could place a file on this server with a php extension that match the link but would redirect to the current html file without installing php on the server? Thanks Tag: What are these entries? Tag: 363268
  - 17
    - How to redirect request to loadbalancer??? We will be distributing a webapp with a Tomcat appserver cluster. We wish to redirect requests sent to http://<client URL>/Acuity/* to http://<client URL>:<the load balancer port number> How do we redirect requests for a specific URL pattern to a port??? Tag: What are these entries? Tag: 363267
  - 18
    - Can't add ISAPI Extension to IIS 5, Windows XP I'm running IIS 5.1 on a Windows XP box. When I try to add an ISAPI extension (.*, aspnet_isapi.dll) the OK button is not enabled, and I can't determine how to enable it. My account is an administrator account on the machine. I replicated this on someone else's Windows XP box, and another developer on our team was able to add the extension running IIS on Win2K. Any help on how to add the ISAPI extension would be appreciated. Tag: What are these entries? Tag: 363263
  - 19
    - Where is the IIS migration utility? I need to migrate an IIS 4 to IIS 6 website. It is all FP 2002 extensions. I can't find the migration utility on the web. Can someone post the url where it is? Thanks. Tag: What are these entries? Tag: 363262
  - 20
    - Querying against catalogs created on a remote server Hi, I am using Microsoft's indexing service to search for content in my website. How can I query against remote server catalog? What is the path I need to use? I need to call a catalog which is created on a d/f sever and on my page which does the search. Here is the query I am using in my asp.net page Dim strCatalog As String strCatalog = "TextSearch" Dim strQuery As String strQuery = "Select doctitle, vpath, path, rank, characterization from SCOPE() where FREETEXT(Contents, '" + TextBox1.Text + "') order by rank desc " Dim connString As String = "Provider=MSIDXS.1;Integrated Security .='';Data Source='" & strCatalog & "'" Please help! Tag: What are these entries? Tag: 363261
  - 21
    - url scan in iis 6.0? I have an imaging web app that sends image files to an IE plug-in viewer as a url. When running the app in iis 5.0, the image would not show up in the viewer. I discovered that url scan was not allowing this action. I uninstalled url scan and the image file appeared in the viewer. Now we have upgraded to iis 6.0 and I'm having the same problem. Only, there is no url scan (that I'm aware of) running. Can someone tell me if some form of url scan is running behind the scenes and if so, how do I stop it? I have also looked into URL Authorization, but my application requires anonymous access, so this nullifies the use of URL auth..... any help would be appreciated thanks jay Tag: What are these entries? Tag: 363257
  - 22
    - Server stops responding on network I have a Win2K3 Enterprise server hosting a few ASP.NET apps. The server has 3 ethernet adapters. One adapter has a public address(static) that is tied to a domain name. I can access the server, but at random intervals, it will stop responding. I can not ping the server or access it THROUGH THAT ETHERNET ADAPTER. However, i can get to the computer via a router with port forwarding to another ethernet adapter. The ONLY way i can get the "websites/ASP.NET apps" back up is to disable/enable the adapter or do a repair on it. I have another server with similar configuration that this happens to on similar intervals. I have checked my code in the apps running and everything *seems* OK, but i would think that the system should be able to recover from faulty code. This has been going on for over a year now, i am getting desperate!!!! Any help is GREATLY appreciated! Tag: What are these entries? Tag: 363256
  - 23
    - is frontpage server extension a requirement for webdav? Hi, I posted a question earlier in this group regarding the authenication configuration of webdav. I am actually still working on the problem and would like to know if Frontpage server extension 2002 a requirement for webdav (using webfolder to access the virtual directory)? Thanks om Tag: What are these entries? Tag: 363255
  - 24
    - IIS / SQL Server impersonation Hi I am attempting to implement impersonation from a windows application to a SQL Server database via a remoting middleware application(hosted in IIS 6 on W2003 Server). I have configured the host virtual directory in IIS to require windows authentication, and anyonymous access is off. Web.config specifies the following: <system.web> <authentication mode="Windows" /> <identity impersonate="true"/> </system.web> (In addition to the remoting configuration.) On the clients app.config I have: <channel ref="http" useDefaultCredentials="true"> <clientProviders> <formatter ref="binary"/> </clientProviders> </channel> Finally, the database permits Windows Authentication. When I try and open a connection to SQL Server (2000): conn.ConnectionString = @"Trusted_Connection=Yes;Persist Security Info=False;Initial Catalog=xxxxxxx;Data Source=xxxxxxx"; conn.Open(); I have tried variations on this which include the "Integrated Security = SSPI" property. In all cases, I get the following: Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection. (The SQL server machine is on a separate box, which may be relevant. I have seen a number of posts around this) I have tried a couple of other things including elevating the Trust level of the assembly to Full. Adding the 'Act as Part of the Operating System' privilege to the ASPNET account. These were pretty much grabbing at straws. I have seen some posts around creating mirrored user accounts with appropriate privileges on both the web and db server, then getting IIS to run under this account. But this kind of defeats the purpose, I think. Essentially I want to impersonate the authenticating Windows user seamlessly to the database. I am aware of the connection pooling inefficiency. This is not my desired solution. The client requires it.... I have tried programmatically forcing the impersonation: public string ImpersonateProcess() { string stemp = "Initial Identity: " + WindowsIdentity.GetCurrent().Name; System.Security.Principal.WindowsImpersonationContext impersonationContext; impersonationContext = ((System.Security.Principal.WindowsIdentity)HttpContext.Current.User.Identity).Impersonate(); stemp += " Now Impersonating " + WindowsIdentity.GetCurrent().Name; impersonationContext.Undo() ; return stemp ; } this test method returns the following: Initial Identity: xxx\xxxxxxxxx Now Impersonating xxx\xxxxxxxxx ( where xxx\xxxxxxxxx is my domain\logon. If i run the following method: public string GetServerString() { // Use the HttpContext to acquire what IIS thinks the client's identity is. string temp = HttpContext.Current.User.Identity.Name; temp +=WindowsIdentity.GetCurrent().Name; temp +=" "+WindowsIdentity.GetCurrent().AuthenticationType; temp +=" "+WindowsIdentity.GetCurrent().IsAuthenticated; temp +=" "+WindowsIdentity.GetCurrent().IsAnonymous; temp +=" "+WindowsIdentity.GetCurrent().Token; temp +=" "+WindowsIdentity.GetCurrent().IsSystem; if (temp == null || temp.Equals(string.Empty)) { temp = "**unavailable**"; } return "Hi there. You are being served by instance number: " + InstanceHash.ToString() + ". Your alias is: " + temp ; } I get this: Hi there. You are being served by instance number: 55. Your alias is: xxx\xxxxxxxxx xxx\xxxxxxxxx NTLM True False 1076 False It seems clear to me that my security token is flowing to the remoting application. It even looks like impersonation is occurring correctly (since the Initial WindowsIdentity is mine. However... no database access. If I run the remoting application locally in IIS (5, admittedly) I can access the database. <sigh> Any help gratefully received, Thanks Matthew Tag: What are these entries? Tag: 363254
  - 25
    - IIS Hangs... Hi, IIS hangs when my COM Object attempts to Connect to the SQL Database. This particular COM Object is being called from another COM Object and that is when IIS Hangs. This happens only on a Windows 2003 Server. IDE is unfortunately J++. Thanks in advance. Tag: What are these entries? Tag: 363253

I've found the following entries in my IIS log. The log format is the first
line
Are both attacks?

c-ip s-port cs-method cs-uri-stem sc-status cs(User-Agent)
------------------------------------------------------------------
70.49.90.233 80 OPTIONS / 200 Microsoft-WebDAV-MiniRedir/5.1.2600
196.25.174.252 80 GET /scripts/..%5c%5c../winnt/system32/cmd.exe 500

Top

RE: What are these entries? by v-wzhang

v-wzhang
Fri May 27 02:39:20 CDT 2005

Hi Joe,

At least the 2nd request is. The first one is a webdav command to
query which verbs are accepted on the web site. So if your site
doesn't have webdav(web folder) enabled, it's most likely another
attack attempt.

Use UrlScan can help on blocking this kind of requests.

Using URLScan on IIS
http://support.microsoft.com/default.aspx?scid=kb;en-us;307608

Best regards,

WenJun Zhang
Microsoft Online Partner Support

This posting is provided "AS IS" with no warranties, and confers no
rights.

Top

Re: What are these entries? by Sparky

Sparky
Fri May 27 08:20:38 CDT 2005

""WenJun Zhang[msft]"" <v-wzhang@online.microsoft.com> wrote in message
news:tUNH%238oYFHA.3928@TK2MSFTNGXA01.phx.gbl...
> Hi Joe,
>
> At least the 2nd request is. The first one is a webdav command to
> query which verbs are accepted on the web site. So if your site
> doesn't have webdav(web folder) enabled, it's most likely another
> attack attempt.
>
> Use UrlScan can help on blocking this kind of requests.
>
> Using URLScan on IIS
> http://support.microsoft.com/default.aspx?scid=kb;en-us;307608
>
> Best regards,
>
> WenJun Zhang
> Microsoft Online Partner Support
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>

The first one is part of normal FrontPage activity. It could be someone
editing with FrontPage, or it could be someone opening the site to look at
it with FrontPage. Not worth thinking about in either case.

Top