When an unhandled error happens in IIS, IIS performs a Server.Transfer to one of many error pages. You can see the error pages defined in IIS by
- Right clicking on a website and selecting properties
- Clicking the custom errors tab
When looking in this window, you will notice errors are listed by error code. Some of the errors will have a semicolon after them followed by another number. This denotes a "Sub Error Code". Values from 100-199 are for informational messages. Values from 200-299 indicate the request was successful. Values from 300-399 indicate a redirection occurred on the server. Values from 400-499 indicate a client error occurred. Values from 500-599 indicate a server error occurred. Listed below are some error numbers and their descriptions (a generalized list is available at http://msdn.microsoft.com/library/en-us/act/htm/actml_ref_hsco.asp?frame=true)
400 Bad Request
401;1 Unauthorized - Login Failed
401;2 Unauthorized - Login failed due to server configuration
404 Not Found
500 Internal Server Error
500;12 Internal Server Error - Application Restarting
500;13 Internal Server Error - Server Too Busy
500;15 Internal Server Error - Direct Requests For Global.asa
500;100 Internal Server Error - ASP Error
The one we will concern ourselves with here is the 500;100 error. This error deals with the compiling or running of an ASP file and is raised automatically when there is an unhandled ASP error.
(note: if you want to implement your own "404 page not found" page with your own look and feel, here is where you would do it. Create your own Web page and edit the properties of the 404 error to point to your new page)
When an unhandled error occurs, IIS catches the exception and does a Server.Transfer to the error page specified in the Custom Errors configuration screen. A Server.Transfer takes all the information posted to one page and "Transfers" it to another page. This is great news for us because it means not only can we log the URL on which the error happened,
but we can also log all the form data that was posted to the page causing the error. This can go a long way in helping to reconstruct the error, especially when users don't remember what they did.
What we will want to do is to create out own error page and put it somewhere on the Web site. I suggest selecting the 500;100 error in IIS, select "URL" for the message type. The URL should be based off of your Web site's root. My recommended way is to create a folder or virtual directory off of your root Web called Errors. Place the new ASP file that we will create into this directory. In the 500;100 configuration screen, for the URL, enter in /Errors/500_100.asp and click OK.
Once IIS redirects to the error page, we will have several treasure chests of information available to us about the error and its source. In IIS, Server.GetLastError will return an ASPError object. This object contains the following properties:
ASPCode - Returns an error code generated by IIS. This can be empty in several cases; one being where you raise an error inside a component (Err.Raise) and your ASP code does not handle it.
Ex. ASP 0177 - The call to Server.CreateObject failed. The request object instance Cannot be created.
Number - Returns the standard COM error code
Ex. -2147467238
Source - Returns the actual source code, when available, of the line that caused the error
Category - Indicates if the source of the error was internal to ASP, the scripting language, or an object
File - Indicates the name of the .asp file that was being processed when the error occurred
Ex. /global.asa
Line - Indicates the line within the .asp file that generated the error
Ex. 16
Column - Indicates the column position within the .asp file that generated the error
Ex. 5
Description - Returns a short description of the error
Ex. Server.CreateObject Failed
ASPDescription - Returns a more detailed description of the error if it is an ASP-related error
Ex. The server process could not be started because the configured identity is incorrect. Check the username and password.
If I had a file named test.asp that contained:
<%
Dim clsTest
Set clsTest = Server.CreateObject("SomeInvalidName.ClassName")
%>
Then the ASPErr object would contain:
----------------------------------
ASPCode: ASP 0177
Number: -2147221005
Source:
Category: Server object
File: /test.asp
Line: 3
Column: -1
Description: Server.CreateObject Failed
ASPDescription: Invalid ProgID. For additional information specific to this
message please visit the Microsoft Online
Support site located at: http://www.microsoft.com/contentredirect.asp.
----------------------------------
There are also some important pieces of information in the HTTP headers. We will want to log these also. They are very simply found in the Request.ServerVariables collection.
------------------------------------------------
Request.ServerVariables("ALL_HTTP") - All of the HTTP headers (useful for systems like Netegrity and other authentication systems that rely on HTTP headers to pass information around)
Request.ServerVariables("REQUEST_METHOD") - This tells us if its a Get or Post, so we can then log the form parameters if its a post
Request.ServerVariables("SERVER_PORT") - Generally this is 80 (regular http port) or 443 if it is a secure connection
Request.ServerVariables("HTTPS") - This will be "off" or "on"
Request.ServerVariables("LOCAL_ADDR") - The Server's addrss the error happened on. Crucial if you are running in an environment multiple servers that use one log file
Request.ServerVariables("REMOTE_ADDR") - The address of the client
Request.ServerVariables("HTTP_USER_AGENT") - Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Request.ServerVariables("URL") - The url of the page the error occured on
------------------------------------------------
Accessing these parameters from the error page is simple. If my error page only contained the following code:
<%
Set ASPErr = Server.GetLastError()
Response.Write ASPErr.ASPDescription & "<br>"
Response.Write Request.ServerVariables("URL") & "<br>"
%>
Then my output would be:
-------------------------------------
Invalid ProgID. For additional information specific to this message please visit
the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp
/test.asp
-------------------------------------
Here is another example. If I forget a ")" on the end of my line of code then the error information will look like this:
ASPCode
Number -2146827282
Source Response.Write (CurrentInterestRateEffectiveDate &
" - " & DateAdd("m",3,CurrentInterestRateEffectiveDate)
Category Microsoft VBScript compilation
File /navigator55integ_Local/proposalsmain/proposals/proposalscreen.asp
Line 962
Column 106
Description Expected ')'
ASPDescription
Of course we want a little bit more information than this. We also want to log this information from a database. But, what if the error page was invoked because the database server was down? This is quite possible, and luckily it is easy to get around. In my sample code you will notice that before the information is logged to the database, it is written to a test file. Once you get an error page running on your system, test it out to make sure the file you are writing to has appropriate permissions. By default, it will need write access for the IUSR_MACHINENAME account that your Web site is running under.
To sum everything up, here is the data we will log to a database:
- Session ID
- Request Method
- Server Port
- Was it HTTP or HTTPs
- The server's address
- The user's address
- The user's browser type
- The URL that caused the error
- A reference id the customer can use when talking to support
- All of the posted form data
- All of the HTTP headers
- ASPCode
- Number
- Source
- Category
- File
- Line
- Column
- Description
- ASPDescription
- The date and time the error occurred.
Phew! This is a lot of great information. Most of this information should allow you to reconstruct an error on your system so you can zap those bugs. One idea that just came to mind, if you are having one of those killer bugs you just cannot get and you wish you had all of the prior form posted information, you could use Server.Transfer on a Web page to go to a logging page like I've described. The logging page would then log all of the form and URL information, then append a "Logged=Y" to the URL and then do a Server.Transfer to the original page. You would then have an entire log of every single bit of form data and URL information to track down an error. Cool, isn't it? (Hey.. I think so.)
To log the information, let's first create a database into which to log it all. Open up SQL Server's query analyzer and run this script.
This will create the database and a table named errors. This could easily be converted to Microsoft access.
CREATE DATABASE [ErrorLog]
GO
Use ErrorLog
CREATE TABLE [dbo].[Errors] (
[ID] [int] IDENTITY (1, 1) NOT NULL ,
[SessionID] [char] (12) NULL ,
[RequestMethod] [char] (5) NULL ,
[ServerPort] [char] (5) NULL ,
[HTTPS] [char] (3) NULL ,
[LocalAddr] [char] (15) NULL ,
[HostAddress] [char] (15) NULL ,
[UserAgent] [varchar] (255) NULL ,
[URL] [varchar] (400) NULL ,
[CustomerRefID] [varchar] (20) NULL ,
[FormData] [varchar] (2000),
[AllHTTP] [varchar] (2000),
[ErrASPCode] [char] (10) NULL ,
[ErrNumber] [char] (11) NULL ,
[ErrSource] [varchar] (255) NULL ,
[ErrCategory] [varchar] (50) NULL ,
[ErrFile] [varchar] (255) NULL ,
[ErrLine] [int] NULL ,
[ErrColumn] [int] NULL,
[ErrDescription] [varchar] (1000) NULL ,
[ErrAspDescription] [varchar] (1000) NULL ,
[InsertDate] [datetime] NOT NULL
) ON [PRIMARY]
In the code that you will download, you will notice a section commented out like this:
<%If False Then%>
<tr>
<td>ASPCode</td><td><%=AspErr.ASPCode%>
</td>
</tr>
....
....
....
<tr>
<td>URL</td><td><%=Request.ServerVariables("U
RL")%></td>
</tr>
<%End If%>
The reason I did this was to leave the code in it; you will want to use on your development system. It would be quite annoying if every time an error happened on your development system, you had to look at the database. So, uncomment this block by removing the "if" statement to use it on your development system. For your production systems, remove the entire block if you wish.
The meat of the database logging code looks like this:
(btw I do not recommend storing login names and passwords directly in the asp files /ever/, but it is included here just for simplicity)
Sub LogErrorToDatabase()
Dim con
Dim rstError
Set con = Server.CreateObject("ADODB.Connection")
Set rstError = Server.CreateObject("ADODB.Recordset")
con.open "dsn=ErrorLog;uid=ErrorLog;pwd=secret;"
Set rstError.ActiveConnection = con
rstError.Open "Select * From Errors",,3,3 'adOpenStatic, adLockOptimistic
rstError.AddNew
With rstError
.Fields("SessionID") = Session.SessionID
.Fields("RequestMethod").Value = Request.ServerVariables("REQUEST_METHOD")
.Fields("ServerPort").Value = Request.ServerVariables("SERVER_PORT")
.Fields("HTTPS").Value = Request.ServerVariables("HTTPS")
.Fields("LocalAddr").Value = Request.ServerVariables("LOCAL_ADDR")
.Fields("HostAddress").Value = Request.ServerVariables("REMOTE_ADDR")
.Fields("UserAgent").Value = Request.ServerVariables("HTTP_USER_AGENT")
.Fields("URL").Value = Request.ServerVariables("URL")
.Fields("CustomerRefID").Value = mstrCustRefID
.Fields("FormData").Value = Request.Form
.Fields("AllHTTP").Value = Replace(Request.ServerVariables("ALL_HTTP"),vbLf,vbCrLf)
.Fields("ErrASPCode").Value = AspErr.ASPCode
.Fields("ErrNumber").Value = AspErr.Number
.Fields("ErrSource").Value = AspErr.Source
.Fields("ErrCategory").Value = AspErr.Category
.Fields("ErrFile").Value = AspErr.File
.Fields("ErrLine").Value = AspErr.Line
.Fields("ErrColumn").Value = AspErr.Line
.Fields("ErrDescription").Value = AspErr.Description
.Fields("ErrAspDescription").Value = AspErr.AspDescription
.Fields("InsertDate").Value = Now()
End With
rstError.Update
rstError.Close
con.Close
Set rstError = Nothing
Set con = Nothing
End Sub
