Azure Monitor Baseline Alerts
Download AlertsGlossaryGitHubGitHub IssuesToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeToggle Dark/Light/Auto modeBack to homepage

IIS2016

Alerts

Performance Counters

Alerts

DisplayNameTypeDescription
AlertRule-IIS-2012-1LogA server side include file has included itself or the maximum depth of server side includes has been exceeded
AlertRule-IIS-2012-2LogApplication Pool has an IdleTimeout equal to or greater than the PeriodicRestart time
AlertRule-IIS-2012-3LogApplication Pool worker process is unresponsive
AlertRule-IIS-2012-4LogApplication Pool worker process terminated unexpectedly
AlertRule-IIS-2012-5LogASP application error occurred
AlertRule-IIS-2012-6LogHTTP control channel for the WWW Service did not open
AlertRule-IIS-2012-7LogHTTP Server could not create a client connection object for user
AlertRule-IIS-2012-8LogHTTP Server could not create the main connection socket
AlertRule-IIS-2012-9LogHTTP Server could not initialize its security
AlertRule-IIS-2012-10LogHTTP Server could not initialize the socket library
AlertRule-IIS-2012-11LogHTTP Server was unable to initialize due to a shortage of available memory
AlertRule-IIS-2012-12LogISAPI application error detected
AlertRule-IIS-2012-13LogJob object associated with the application pool encountered an error
AlertRule-IIS-2012-14LogModule has an invalid precondition
[AlertRule-IIS-2012-15](#module-registration-error-detected-(failed-to-find-registermodule-entrypoint)LogModule registration error detected (failed to find RegisterModule entrypoint)
[AlertRule-IIS-2012-16](#module-registration-error-detected-(module-returned-an-error-during-registration)LogModule registration error detected (module returned an error during registration)
AlertRule-IIS-2012-17LogOnly one type of logging can be enabled at a time
AlertRule-IIS-2012-18LogSF_NOTIFY_READ_RAW_DATA filter notification is not supported in IIS 8
AlertRule-IIS-2012-19LogThe configuration manager for WAS did not initialize
AlertRule-IIS-2012-20LogThe directory specified for caching compressed content is invalid
AlertRule-IIS-2012-21LogThe Global Modules list is empty
AlertRule-IIS-2012-22LogThe HTTP server encountered an error processing the server side include file
AlertRule-IIS-2012-23LogThe server failed to close client connections to URLs during shutdown
AlertRule-IIS-2012-24LogThe server was unable to acquire a license for a SSL connection
AlertRule-IIS-2012-25LogThe server was unable to allocate a buffer to read a file
AlertRule-IIS-2012-26LogThe server was unable to read a file
AlertRule-IIS-2012-27LogWAS detected invalid configuration data

A server side include file has included itself or the maximum depth of server side includes has been exceeded

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2221) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1071 or EventID=1073)]]

Application Pool has an IdleTimeout equal to or greater than the PeriodicRestart time

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5152) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1135 or EventID=1134)]]

Application Pool worker process is unresponsive

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5010,5011,5012,5013) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2226 or EventID=2230 or EventID=2231 or EventID=2232)]]

Application Pool worker process terminated unexpectedly

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5009) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2274 or EventID=2268 or EventID=2220 or EventID=2219 or EventID=2214)]]

ASP application error occurred

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (500,499,23,22,21,20,19,18,17,16,9,8,7,6,5) and EventLog == ‘Application’ and Source == ‘Active Server Pages’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-WAS’] and (EventID=5172 or EventID=5173)]]

HTTP control channel for the WWW Service did not open

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (1037) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-IIS-W3SVC’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-WAS’] and (EventID=5174 or EventID=5179 or EventID=5180)]]

HTTP Server could not create a client connection object for user

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2208) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-WAS’] and (EventID=5152)]]

HTTP Server could not create the main connection socket

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2206) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1037)]]

HTTP Server could not initialize its security

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2201) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1062)]]

HTTP Server could not initialize the socket library

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2203) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1126)]]

HTTP Server was unable to initialize due to a shortage of available memory

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2204) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1133)]]

ISAPI application error detected

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2274,2268,2220,2219,2214) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1173)]]

Job object associated with the application pool encountered an error

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5088,5061,5060) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQuerySystem!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC’] and (EventID=1175)]]

Module has an invalid precondition

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2296) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2201)]]

Module registration error detected (failed to find RegisterModule entrypoint)

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2295) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2203)]]

Module registration error detected (module returned an error during registration)

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2293) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2204)]]

Only one type of logging can be enabled at a time

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (1133) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-IIS-W3SVC’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2206)]]

SF_NOTIFY_READ_RAW_DATA filter notification is not supported in IIS 8

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2261) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2208)]]

The configuration manager for WAS did not initialize

PropertyValue
Severity2
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5036) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2218)]]

The directory specified for caching compressed content is invalid

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2264) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2227)]]

The Global Modules list is empty

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2298) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2233)]]

The HTTP server encountered an error processing the server side include file

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2218) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2258)]]

The server failed to close client connections to URLs during shutdown

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2258) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2261)]]

The server was unable to acquire a license for a SSL connection

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2227) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2264)]]

The server was unable to allocate a buffer to read a file

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2233) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2281)]]

The server was unable to read a file

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (2226,2230,2231,2232) and EventLog == ‘Application’ and Source == ‘Microsoft-Windows-IIS-W3SVC-WP’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2293)]]

WAS detected invalid configuration data

PropertyValue
Severity1
EnabledTrue
AutoMitigateTrue
EvaluationFrequencyPT15M
WindowSizePT15M
Typerows
QueryEvent | where EventID in (5174,5179,5180) and EventLog == ‘System’ and Source == ‘Microsoft-Windows-WAS’
ThresholdN/A
xPathQueryApplication!*[System[Provider[@Name=‘Microsoft-Windows-IIS-W3SVC-WP’] and (EventID=2295)]]

Performance Counters

Performance Counter
\Web Service(_Total)\Bytes Received/sec
\Web Service(_Total)\Bytes Sent/sec
\Web Service(_Total)\Bytes Total/sec
\Web Service(_Total)\Connection Attempts/sec
\Web Service(_Total)\Current Connections
\Web Service(_Total)\Total Method Requests/sec
\Microsoft FTP Service(_Total)\Bytes Total/sec
\Microsoft FTP Service(_Total)\Current Connections
\SMTP Server(_Total)\Bytes Received/sec
\SMTP Server(_Total)\Bytes Sent/sec
\SMTP Server(_Total)\Bytes Total/sec
\SMTP Server(_Total)\Inbound Connections Current
\SMTP Server(_Total)\Message Bytes Received/sec
\SMTP Server(_Total)\Message Bytes Sent/sec
\SMTP Server(_Total)\Messages Delivered/sec
\SMTP Server(_Total)\Messages Received/sec
\SMTP Server(_Total)\Messages Sent/sec
\SMTP Server(_Total)\Outbound Connections Current
\SMTP Server(_Total)\Total Messages Submitted
\SMTP Server(SMTP 1)\Bytes Received/sec
\SMTP Server(SMTP 1)\Bytes Sent/sec
\SMTP Server(SMTP 1)\Bytes Total/sec
\SMTP Server(SMTP 1)\Inbound Connections Current
\SMTP Server(SMTP 1)\Message Bytes Received/sec
\SMTP Server(SMTP 1)\Message Bytes Sent/sec
\SMTP Server(SMTP 1)\Messages Delivered/sec
\SMTP Server(SMTP 1)\Messages Received/sec
\SMTP Server(SMTP 1)\Messages Sent/sec
\SMTP Server(SMTP 1)\Outbound Connections Current
\SMTP Server(SMTP 1)\Total Messages Submitted