Skip to main content
Matrix42 Self-Service Help Center

IIS Troubleshooting

  1. Last updated
  2. Save as PDF

Summary

If there are problems with communication with a Microsoft Internet Information Server, it is possible to create log files and export the configuration.

Target

In general, IIS Tracing should be activated for unexpected errors:

  •     Install and activate tracing module e.g. for error codes 401 and 403
  •     Determine subcode from trace file
  •     Subcode indicates more specific error (see below)

Error codes and possible causes

Error code Possible Reason
401 When using certificate:
Mapping not available or incorrect, user or password incorrect in mapping
403 When using certificate:
Check if Server Role "IIS Client Certificate Mapping Authentication" is installed.
403.21 "Source" law in WebDAV missing. Possibly several WebDav creation rules exist that apply to the same user but grant different rights. The first matching rule is used, even if a later rule grants more rights.
403.13

When using certificate:
The Revocation Server is not available. This means that it is not possible to check whether the certificate is revoked.
Either make sure that the Revocation Server is reachable or deactivate the check in the IIS:

Disable Client Certificate Revocation (CRL) Check on IIS
401.2 When using certificate:
Unauthorized: Logon Failed Due to Server Configuration with No Authentication
The specifications of the variables WEBSERVER_CLIENTCERTIFICATE_USERNAME / WEBSERVER_CLIENTCERTIFICATE_PASSWORD
They may not be correct. Or the user does not have sufficient rights.
In IIS, this user can be corrected if necessary: CheckUser.pdf

Further error sources

  • "Unexpected" settings in Certificate Mappings or User Rights:
     On Web Site, open the configuration editor and click "Search for configurations..." on the right. Check the found configs for possible "corpses"
     (due to faulty package or manual changes).

 

Required information in case of malfunction 

  •     Log of the Advanced Agent of the time of the error
  •     IIS Trace Logs of the Time at which the Error Occurred
  •     the web.config file of the Empirum directory of IIS
  •     (default: C:\Program Files\Empirum\Subdepot Webservices\www\fcgi-bin)
  •     the web.config file of the Matrix42-Empirum directory from IIS
  •     (default: C:\Program Files\Empirum\Subdepot Webservices\wwwwwroot)
  •     the web.config file of the corresponding website (e.g. Default Web Site) (default: C:\inetpub\wwwroot)

 

This will give you the information you need:

How to get extended logs of the IIS is described in this Microsoft article: https://technet.microsoft.com/de-de/library/hh831775%28v=ws.11%29.aspx

How to export the IIS configuration can be found in this Microsoft article: https://technet.microsoft.com/de-de/library/dd819406.aspx

How to enable tracing in IIS can be found in this Microsoft article: https://docs.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis

Additional Information:

t is often helpful to have an exported configuration of a working server in parallel in order to compare it with the configuration of the server that has the malfunction.
If this is possible, please provide us with both.