ActiveXperts Network Monitor 2019 proactively manages network servers, devices, databases and more.

Microsoft Resource Kits - IIS 6.0 Resource Kit

IISState - IIS 6.0 Resource Kit Utility on

The IIS 6.0 Resource Kit Tools helps you administer, secure, and manage IIS (Internet Information Server). Use the resource kit to query log files, deploy SSL certificates, employ custom site authentication, verify permissions, troubleshoot problems, migrate your server, run stress tests, and more.

IISState - Troubleshoot slow performance and application failures for applications running on Internet Information Services (IIS)

Use IISState version 3.0 to troubleshoot slow performance and application failures for applications running on Internet Information Services (IIS). IISState can also help you identify the causes of ASP0115 errors and errors detected by Dr. Watson.

IISState analyzes an application, such as InetInfo.exe, as it executes, and records all running threads. It identifies each thread, and displays the raw thread stack and the time each thread has spent executing in kernel and user modes. In addition to being displayed, results are saved to a log file.

IISState creates a log file called IISState.log in the LocalDrive:\Program Files\IIS Resources\IISState\Output directory. The file contains a list of threads that exist within the process being checked. Each thread has the following parts:
  • Thread number. The thread number is the same number that Windows PerfMon would show if you were monitoring individual thread data.
  • System thread ID. The system thread ID contains the unique system identifier for the thread. You use the system thread ID to trace Distributed Component Object Model (DCOM) calls or cross-apartment marshalling for COM objects.
  • Kernel- and user-mode times. Kernel-mode and user-mode times appear in the format HH:MIN:SEC.MilliSec. If you are experiencing 100 percent CPU utilization, look for threads that have a high kernel-mode or user-mode time. Kernel-mode time usage is typically the result of input/output operations, such as file reads/writes or network activity. User-mode time usage occurs when IIS actually executes pages. If the kernel-mode time is low, but the user-mode time is very high, then the problem is likely to be found in the page code.
  • Thread type. IISState attempts to identify the type of thread that is executing, such as a listener thread or an ASP thread.
  • Executing page (if the thread type is ASP). If an ASP thread is executing, IISState also attempts to identify the page that is executing and lists it.
  • Raw thread stack. Threads are read from bottom to top, so that the function that appears at the top of the stack is the last function to execute.


IISState uses the following syntax: 
IISState -p pid [-d] [-hc] [-sc]

-p pid 
Specifies the process ID from Task Manager. IIS 6.0 uses the w3wp.exe process for executing Active Server 
Pages (ASP) pages. 
Creates a dump file. The dump file is stored in a directory named LocalDrive:Iisstate\Output. 
The file format is pid-TIMESTAMP.dmp. The timestamp has a resolution of one second, so you can 
rerun IISState multiple times to get a series of dumps. 


Dump files contain all of the information that is currently stored in the process memory. If sensitive data, 
such as credit card numbers, is stored in the process memory, a person with access to the dump file directory 
could extract the information. Secure dump files either by limiting access to the LocalDrive:\Iisstate\Output 
directory or by moving the dump files to a secure area. 
Connects to IIS and waits for a hard crash, which is a Dr. Watson-type failure. 
Connects to IIS and waits for a soft crash, which is typically an ASP0115-type failure. To stop the session 
after the initial trace occurs, press CTRL+C.

System Requirements

IISState version 3.0 is compatible with the Microsoft® Windows NT® 4.0 Server, Windows NT 4.0 Workstation, Windows® 2000 Server, Windows XP Professional, and Windows Server 2003 operating systems. IISState cannot be run on Windows 95, Windows 98, or Windows Millennium Edition.

IISState version 3.0 works with IIS 4.0, IIS 5.0, IIS 5.1, and IIS 6.0.

IISState requires the following DLLs from the Debugging Tools for Windows package: dbgeng.dll, dbghelp.dll, ext.dll, ntsdexts.dll, symsrv.dll, uext.dll, userexts.dll.


In the following example, the command attaches IISState to the process ID 1000. IISState then waits for an ASP0115 error. When the error occurs, IISState creates a dump file called 1000-12362537.dmp.
iisstate -p 1000 -d -sc
To use IISState, you must be logged on to the computer as the local administrator or as an account that has debugging privileges. Example 2: A Thread from an IISState Log File The following is a typical example of a thread from an IISState log file.
Thread ID: 17  <-- Thread number
Kernel Time: 0:0:0:265  <-- Kernel (Privileged) time taken
User Time: 0:0:17:421  <-- User time taken
Thread Type: Possible ASP page.    <-- Thread type
Executing Page: C:\INETPUB\WWWROOT\Test.ASP  <-- ASP page that is running
# ChildEBP RetAddr 
00 020aea78 77e87ab7 ntdll!NtWaitForMultipleObjects+0xb <-- Thread is waiting
01 020aeac8 77e12a00 KERNEL32!WaitForMultipleObjectsEx+0xea 
02 020aeb24 77a52370 USER32!MsgWaitForMultipleObjectsEx+0x153 
03 020aeb4c 77aa8d18 ole32!CCliModalLoop::BlockFn+0x82 
04 020aeb74 77b2ab1b ole32!ModalLoop+0x5b 
05 020aeb94 77b2a9f8 ole32!ThreadSendReceive+0xd5 
06 020aebac 77b2a865 ole32!CRpcChannelBuffer::SwitchAptAndDispatchCall+0x14a 
07 020aebec 77aa8c5b ole32!CRpcChannelBuffer::SendReceive2+0x96 
08 020aec04 77aa8754 ole32!CCliModalLoop::SendReceive+0x1e 
09 020aec64 77aa86b6 ole32!CAptRpcChnl::SendReceive+0x6a 
0a 020aecbc 77d94b8a ole32!CCtxComChnl::SendReceive+0x9a 
0b 020aecd8 77d93eab RPCRT4!NdrProxySendReceive+0x4c 
0c 020aef20 779b2465 RPCRT4!NdrClientCall2+0x52f 
0d 020aef30 779e7405 OLEAUT32!IDispatch_RemoteInvoke_Proxy+0x15 
0e 020af1f8 6b614b1e OLEAUT32!IDispatch_Invoke_Proxy+0x125  <-- CreateObject called
WARNING: Stack unwind information not available. Following frames may be wrong. 
0f 020af274 6b619370 vbscript!DllCanUnloadNow+0xa9de <-- VBScript executing ASP page
10 020af954 00000000 vbscript!DllCanUnloadNow+0xf230