WAC: How to debug a problem with isapi_redirect filter?

Document ID : KB000050666
Last Modified Date : 14/02/2018
Show Technical Document Details

Summary:

If IIS has a problem with isapi_redirect.dll filter, we may need to look at the isapi_redirect.log in order to investigate the problem.

In file C:\Program Files\CA\DSM\Web Console\jakarta\isapi_redirect.properties the log file is configured at following path:

log_file=C:\Program Files\CA\DSM\Web Console\logs\isapi_redirect.log

However, the isapi_redirect.log file is not present in this path.

Solution:

A process w3wp.exe (IIS Worker Process) starting under the "Network Service" account loads the file C:\Program Files\CA\DSM\Web Console\jakarta\isapi_redirect.dll.

This process should also write in the file C:\Program Files\CA\DSM\Web Console\logs\isapi_redirect.log

By default the NTFS security rights on C:\Program Files\CA\DSM\Web Console\logs allows only Read access to the group "Users".

Figure 1

The user "Network Service" belongs to group "Authenticated Users" which belongs to the group Users.

As w3wp.exe is started with "Network Service", it has no write rights on the directory C:\Program Files\CA\DSM\Web Console\logs.

Therefore, the file C:\Program Files\CA\DSM\Web Console\logs\isapi_redirect.log is not created.

  • Add NTFS Modify rights on group "Users" for directory "C:\Program Files\CA\DSM\Web Console\logs" Or add the user "NETWORK SERVICE" with NTFS Modify rights on the directory "C:\Program Files\CA\DSM\Web Console\logs".

    Figure 2

  • Restart IIS & tomcat:
    iisreset
    caf stop tomcat
    caf start tomcat

The file C:\Program Files\CA\DSM\Web Console\logs\isapi_redirect.log should now be created.

  • In order to have more detail in this file we could set the log level to trace:

    • Edit file C:\Program Files\CA\DSM\Web Console\jakarta\isapi_redirect.properties with notepad

    • Change value of log_level to trace:
      log_level=trace

      Figure 3

    • Recycle IIS & Tomcat.