The previous article explained the solution to the HTTP 500 internal server error in IIS5 . The reasons for the IIS server error are complicated. Errors such as service startup failure, IIS process interruption, or site failure to start will record an error event in the system log. No matter what kind of error occurs in IIS, before determining the troubleshooting plan, you should first use the event viewer to check the relevant events recorded in the system log.
Some errors are obviously caused by damage to the server hardware, while other errors caused by software problems are often not easy to detect. This section provides a guided introduction to general IIS troubleshooting.
Restart IIS
According to the general troubleshooting methods and troubleshooting methods of Microsoft products, most software problems can be solved by restarting to the method. As one of the new features of IIS5.0, we can restart the IIS service without restarting the computer. Even quite serious problems can be solved by this method. Restarting the IIS service can force the system to reset the memory space of the IIS process, so problems caused by memory errors can be solved. The method of restarting IIS is mainly used in the following situations: the website application is paralyzed and cannot be effectively controlled; the website application is not working properly or is unstable. [/TD] [/TR][/TABLE] During the process of restarting the IIS service, all current connections cannot be retained, and all sites on the server cannot work during the restart. If restarting the IIS service does not solve the problem, restarting the server will not be effective either.
When the site application does not work properly, follow the steps below to restart the server's IIS service:
1. Expand the IIS node in the IIS management control tree and select the computer on which the IIS service needs to be restarted.
2. Click the [Action] menu and select [Restart IIS].
3. In the [Stop/Start/Restart] dialog box, select [Restart IIS on the server] from the [What do you want IIS to do] drop-down list, and click [OK].
4. The Closing dialog box displays the progress of restarting IIS. If the dialog box does not respond for a long time, click [End Now] and perform the above operations again.
Note: The above restart operation cannot be performed using the HTML-based IIS Manager (remote management mode).
For stability issues on a single site, it is not necessary to restart the entire IIS process, just restart the site.
IIS troubleshooting
Backup/Restore IIS
If there's one foolproof server security plan in the world, it's backups. Someone once pointed out: The three most important tasks a good system administrator does are: backup, backup, backup.
The implementation mechanism of IIS includes a metadata database similar to the registry: MetaBase. All configuration properties related to IIS itself and the site are stored in Windows 2000 and the metadata database MetaBase. Therefore, as long as the relevant registry and metadata database are backed up, all site-related configurations can be saved. Even after deleting the site or even reinstalling IIS, you can still use the backup to restore to the original state.
The steps to back up IIS are as follows:
1. Expand the IIS node in IIS Manager and select the computer to be backed up.
2. Click the [Action] menu and select [Backup/Restore Configuration].
3. List all backup files and backup time in the [Backup] list in the [Backup/Restore Configuration] dialog box. Click the [Create Backup] button.
4. In the [Backup Configuration] dialog box, specify the name of the new backup and click [OK].
5. Click [Close] to complete the backup.
By default, backup files will be saved in the Winntsystem32inetsrvMetaBack directory.
The method for restoring backup is similar to this. Select a backup file in the [Backup] list in the [Backup/Restore Configuration] dialog box and click [Restore]. Then click [OK] in the prompt dialog box as shown on the left. After a period of time, the IIS server will be restored to the state it was in when the backup was performed.
If the server needs to restore the backup after reinstalling IIS, additional operations should be performed on the basis of the above recovery operations. The steps are as follows:
1. At the command prompt, type cscript.exe X:InetPubAmdinScriptsAdsutil.vbs enumw3svc, where "X" is the drive letter where IIS is installed. From the settings listed, look for the values for WamUserName and the associated WAMUserPass.
2. Double-click [Administrative Tools] in Control Panel, then double-click [Computer Management].
3. Select [Local User Manager], and then click [Users]. Double-click the [IWAM_computername] user account. Type the WAMUserPass value found from the previous step and click OK.
4. In the [Configure backup name] dialog box, select the created backup file, and then click [Restore]. At this point the configuration will be completely restored.
[Cut-Page]
TCP/IP troubleshooting
TCP/IP protocol issues are often the cause of IIS not working properly. When an error occurs in IIS but it can be determined that there is no problem with the IIS service itself, it is necessary to consider whether there is a problem with the network connection. After simply eliminating the problems caused by network hardware damage, our attention should be focused on the network protocol, mainly TCP/IP on the agreement.
Windows 2000 provides a series of TCP/IP troubleshooting tools. These tools, which are mainly based on the command prompt line, provide a powerful means of diagnosing network problems.
Check TCP/IP configuration using ipconfig tool
ipconfig is a command prompt tool for viewing and managing the client's TCP/IP configuration status. Type: ipconfig in the command prompt and press Enter to get the basic TCP/IP configuration properties of the computer as shown on the right, including IP address, subnet mask and default gateway.
Type: ipconfig /all in the command prompt and press Enter to get the TCP/IP configuration status in detailed mode. In addition to basic information, it also includes host name, DNS settings, WINS settings, DHCP settings, physical address, node type, etc. TCP/IP information.
If the computer has DHCP enabled and uses a DHCP server to obtain configuration, you can use the ipconfig /renew command to begin refreshing the lease. You can also use the ipconfig command with the /release option to immediately release the host's current DHCP configuration.
For Windows 95 and Windows 98 clients, the winipcfg command should be used instead of the ipconfig command.
Test the connection using the ping command
The Ping command helps verify IP-level connectivity. When discovering and solving problems, you can use Ping to send an ICMP echo request to the target host name or IP address. Ping is used when you need to verify that the host can connect to the TCP/IP network and network resources.
The Ping command actually sends several (default is 4) data packets to the target host. If the local computer and the target host can be connected, the target host will reply with a response message, as shown in the upper right figure. The response message includes the response time. and TTL value. A successful ping to the same host indicates that IP data can be transferred between the local host and the target host.
If a timeout message is received, as shown in the figure below, it means that the TCP/IP connection between the local host and the target host cannot be established. Possible reasons include network failure, protocol error, TCP/IP configuration error, etc. Before confirming network connectivity When testing, the Ping test should be performed in the following order:
1. Ping the local loop address 127.0.0.1 to determine whether the local TCP/IP configuration is correct.
Type Ping 127.0.0.1 at the command prompt.
2. Ping the local machine address to check whether the local IP address setting is correct.
3. Ping the default gateway address to check whether it can communicate with hosts outside the local subnet.
4. Ping the host on the remote subnet to verify whether remote communication can be achieved through the router.
If the above Ping commands can be responded to, it means that the TCP/IP configuration can support network communication. Otherwise, a settings check is performed against the corresponding network component.
Use the netstat tool to display connection statistics
You can use the netstat command to display protocol statistics and current TCP/IP connections.
The netstat -a command will display all connections, while netstat -r displays the routing table and active connections. The netstat -e command will display Ethernet statistics, while netstat -s displays per-protocol statistics.
If you use netstat -n, you cannot convert addresses and port numbers into names.
[Cut-Page]
400 Unable to parse this request.
401.1 Unauthorized: Access denied due to invalid credentials.
401.2 Unauthorized: Access is denied because the server is configured to favor an alternative authentication method.
401.3 Unauthorized: Access is denied due to the ACL setting on the requested resource.
401.4 Unauthorized: Authorization of the filter installed on the web server failed.
401.5 Unauthorized: Authorization of the ISAPI/CGI application failed.
401.7 Unauthorized: Access is denied due to the URL authorization policy on the web server.
403 Forbidden: Access is denied.
403.1 Forbidden: Execution access is denied.
403.2 Forbidden: Read access denied.
403.3 Forbidden: Write access denied.
403.4 Forbidden: SSL is required to view this resource.
403.5 Forbidden: SSL 128 is required to view this resource.
403.6 Forbidden: The client's IP address is denied.
403.7 Forbidden: SSL client certificate required.
403.8 Forbidden: The client's DNS name is denied.
403.9 Forbidden: Too many clients attempted to connect to the web server.
403.10 Forbidden: The web server is configured to deny execution access.
403.11 Forbidden: Password changed.
403.12 Forbidden: Client certificate access denied by the server certificate mapper.
403.13 Forbidden: The client certificate has been revoked on the web server.
403.14 Forbidden: The directory listing has been denied on the web server.
403.15 Forbidden: The web server has exceeded the Client Access License limit.
403.16 Forbidden: The client certificate is malformed or not trusted by the web server.
403.17 Access Forbidden: The client certificate has expired or is not yet valid.
403.18 Forbidden: The requested URL cannot be executed in the current application pool.
403.19 Forbidden: Unable to execute CGI for clients in this application pool.
403.20 Forbidden: Passport login failed.
404 File or directory not found.
404.1 File or directory not found: The website cannot be accessed on the requested port.
Note that 404.1 errors will only occur on computers with multiple IP addresses. If a client request is received on a specific IP address/port combination, and the IP address is not configured to listen on that specific port, IIS returns a 404.1 HTTP error. For example, if a computer has two IP addresses and only one of the IP addresses is configured to listen on port 80, any requests received from port 80 by the other IP address will cause IIS to return a 404.1 error. This error should only be set at this service level because it is returned to the client only when multiple IP addresses are used on the server.
[Cut-Page]TCP/IP troubleshooting
TCP/IP protocol issues are often the cause of IIS not working properly. When an error occurs in IIS but it can be determined that there is no problem with the IIS service itself, it is necessary to consider whether there is a problem with the network connection. After simply eliminating the problems caused by network hardware damage, our attention should be focused on the network protocol, mainly TCP/IP on the agreement.
Windows 2000 provides a series of TCP/IP troubleshooting tools. These tools, which are mainly based on the command prompt line, provide a powerful means of diagnosing network problems.
Check TCP/IP configuration using ipconfig tool
ipconfig is a command prompt tool for viewing and managing the client's TCP/IP configuration status. Type: ipconfig in the command prompt and press Enter to get the basic TCP/IP configuration properties of the computer as shown on the right, including IP address, subnet mask and default gateway.
Type: ipconfig /all in the command prompt and press Enter to get the TCP/IP configuration status in detailed mode. In addition to basic information, it also includes host name, DNS settings, WINS settings, DHCP settings, physical address, node type, etc. TCP/IP information.
If the computer has DHCP enabled and uses a DHCP server to obtain configuration, you can use the ipconfig /renew command to begin refreshing the lease. You can also use the ipconfig command with the /release option to immediately release the host's current DHCP configuration.
For Windows 95 and Windows 98 clients, the winipcfg command should be used instead of the ipconfig command.
Test the connection using the ping command
The Ping command helps verify IP-level connectivity. When discovering and solving problems, you can use Ping to send an ICMP echo request to the target host name or IP address. Ping is used when you need to verify that the host can connect to the TCP/IP network and network resources.
The Ping command actually sends several (default is 4) data packets to the target host. If the local computer and the target host can be connected, the target host will reply with a response message, as shown in the upper right figure. The response message includes the response time. and TTL value. A successful ping to the same host indicates that IP data can be transferred between the local host and the target host.
If a timeout message is received, as shown in the figure below, it means that the TCP/IP connection between the local host and the target host cannot be established. Possible reasons include network failure, protocol error, TCP/IP configuration error, etc. Before confirming network connectivity When testing, the Ping test should be performed in the following order:
1. Ping the local loop address 127.0.0.1 to determine whether the local TCP/IP configuration is correct.
Type Ping 127.0.0.1 at the command prompt.
2. Ping the local machine address to check whether the local IP address setting is correct.
3. Ping the default gateway address to check whether it can communicate with hosts outside the local subnet.
4. Ping the host on the remote subnet to verify whether remote communication can be achieved through the router.
If the above Ping commands can be responded to, it means that the TCP/IP configuration can support network communication. Otherwise, a settings check is performed against the corresponding network component.
Use the netstat tool to display connection statistics
You can use the netstat command to display protocol statistics and current TCP/IP connections.
The netstat -a command will display all connections, while netstat -r displays the routing table and active connections. The netstat -e command will display Ethernet statistics, while netstat -s displays per-protocol statistics.
If you use netstat -n, you cannot convert addresses and port numbers into names.