How to troubleshoot IIS using Log Parser Studio from Microsoft

Version 5

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.x



    IIS is either not functioning or running slow.




    Several situations can be the cause.  Typically traffic to the WSVulnerability web service is the culprit.

    Try browsing from a client to http://yourcoreservername/wsvulnerabilitycore/vulcore.asmx


    • Database is not keeping up with requests.
    • Core server is overwhelmed due to excessive traffic often caused by too many various tasks being run at once.
      • Check the schedule for Inventory, Security and Patch Scan, Frequent Security and Patch Scan, Etc.
    • An errant client or clients are spamming the core with information.  The VDIR hits by IP query in Log Parser can be quite helpful to identify any outliers that are causing high IIS traffic.


    Key queries to use in Log Parser Studio:


    For use with W3SVC1 logs:

    By default these logs are stored in C:\inetpub\logs\LogFiles\W3SVC1 by default.


    • IIS: HTTP Status Codes by Count - Returns all Status Codes and how many time each one occurred
      • The HTTP Status codes can be helpful in determining the overall issue.  200.x is normal.   300.x - 500.x typically is abnormal.
    • IIS: Vdir Hits by IP
      • Check to see if there are certain computers that are hitting the core excessively.   Examine what traffic is coming from those clients.  This can often by Security Activity information from Endpoint Security or LANDESK Antivirus.
    • IIS: Request Per Hour
      • This can determine if there are certain times of day that traffic is especially high.




    Look in Task Manager on the Core Server, see which W3WP process(es) are causing high cpu and or memory usage.   Turn on "Command Line" in Task Manager by right clicking a column and selecting "Select columns".


    Install Microsoft Log Parser and Log Parser Studio


    1. Download and install Log Parser 2.2

    2. Download Log Parser Studio.   This will be in a .ZIP file.

    3. Unzip Log Parser studio to a directory.  The executable file will be LPS.EXE.


    I suggest you pin LPS.EXE to your taskbar and use it for IIS troubleshooting.


    There are a series of IIS queries that can be quite helpful.


    How to Analyze IIS logs using Log Parser and Log Parser Studio


    Turn off friendly error messages in Internet Options if using Internet Explorer and browsing to the core.   This will give the HTTP error code you may be experiencing.