netsh winhttp tracing - Server 2012

    General discussion

  • I'm trying to use netsh trace the WinHttp API to troubleshoot some issues with ARR.

    When I execute the following command:

    netsh trace start scenario=internetclient capture=yes persistent=no level=verbose tracefile=c:\temp\net.etl

    I wait for a while then execute:

    netsh trace stop

    I then analyse the output using NetMon 3.4

    The only WinHttp API calls I see in the trace are of the following type:

    WINHTTP_MicrosoftWindowsWinHttp:Stopping WorkItem Thread Action...
    WINHTTP_MicrosoftWindowsWinHttp:Starting WorkItem Thread Action... 
    WINHTTP_MicrosoftWindowsWinHttp:Queue Overlapped IO Thread Action...

    I don't see anything that I'm expecting from the various sources I've read, such as:

    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver starts in _INIT state
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::current thread is not impersonating
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver processing WebReceiveHttpResponse completion (error-cdoe = ? (0x5b4), ov
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver failed to receive headers; error = ? (1460)
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::ERROR_WINHTTP_FROM_WIN32 mapped (?) 1460 to (ERROR_WINHTTP_TIMEOUT) 12002
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-recver returning ERROR_WINHTTP_TIMEOUT (12002) from RecvResponse()
    WINHTTP_MicrosoftWindowsWinHttp:12:32:23.123 ::sys-req completes recv-headers inline (sync); error = ERROR_WINHTTP_TIMEOUT (12002)

    I've also tried enabling the diagnostic logs in the event viewer, with the same result.

    It has also been suggested that I should run the trace from a 64bit command prompt, when I do that I get:

    The following command was not found: trace start scenario=internetclient capture=yes persistent=no level=verbose tracefile=c:\temp\net.etl.

    I've tried doing this in our live setup and in a test setup, all using the same OS with the same result. When I do this in a Windows 7 development environment, I get all the trace information I'm expecting.

    Is there something I need to do specific to Server 2012 to enable the level of detail I require? I'm running out of ideas now, so any help would be marvellous!



    Monday, October 28, 2013 10:02 AM

All replies