Troubleshooting IIS 7.5 HTTP Logging Failure on Windows Server 2008 R2: Comprehensive Fix Guide


2 views

After discovering HTTP logging ceased functioning months ago on a Windows Server 2008 R2 with IIS 7.5, I verified:

  • HTTP Logging and Logging Tools features installed (Web Server > Health and Diagnostics)
  • IIS Manager > Logging shows enabled configuration:
    One log per: Site
    Format: W3C
    Directory: "%SystemDrive%\inetpub\logs\LogFiles"
  • Log directory (C:\inetpub\logs\LogFiles\W3SVC*) contains only outdated files

Already performed without success:

# Server restart
Restart-Computer -Force

# Toggling logging via IIS Manager
# Configuration remains active but no new logs generated

Using AppCmd to enforce logging settings:

appcmd set config /section:httpLogging /dontLog:False /selectiveLogging:LogAll

Output confirms successful application but logging remains inactive.

Missing logs often stem from permission issues. Verify using PowerShell:

$logPath = "C:\inetpub\logs\LogFiles"
$acl = Get-Acl $logPath
$acl.Access | Where-Object {$_.IdentityReference -like "*IIS_IUSRS*"} | 
    Format-Table IdentityReference, FileSystemRights -AutoSize

# Required minimal permissions:
# IIS_IUSRS: Modify
# NETWORK SERVICE: Modify

Check System and Application logs for IIS-related errors:

Get-EventLog -LogName System -Source "W3SVC" -After (Get-Date).AddMonths(-3) | 
    Where-Object {$_.EntryType -match "Error|Warning"}

Verify application pool identity has write permissions:

Import-Module WebAdministration
Get-ChildItem IIS:\AppPools | 
    Select-Object Name, ProcessModel | 
    Format-Table -AutoSize

For stubborn cases, check HTTP logging registry settings:

# Backup first!
reg export "HKLM\SYSTEM\CurrentControlSet\Services\HTTP" http_backup.reg

# Verify key values
reg query "HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters" /v EnableLogging

As temporary workaround, enable failed request tracing:

appcmd set config /section:sites /siteDefaults.traceFailedRequestsLogging.enabled:true

After exhausting standard fixes:

  1. Completely uninstall/reinstall HTTP Logging feature: 
    dism /online /disable-feature /featurename:IIS-HttpLogging
dism /online /enable-feature /featurename:IIS-HttpLogging
  2. Recreate log directory structure
  3. Apply explicit permissions: 
    icacls "C:\inetpub\logs\LogFiles" /grant "IIS_IUSRS:(OI)(CI)(M)"

Recently encountered a perplexing scenario where HTTP logging mysteriously ceased on a Windows Server 2008 R2 running IIS 7.5. Despite all configurations appearing correct in IIS Manager (One log per Site, W3C format, default %SystemDrive%\inetpub\logs\LogFiles directory), the W3SVC* folders contained only stale log files dated months back.

First verification steps included:

  • Confirming HTTP Logging and Logging Tools features were installed (Server Manager > Web Server > Health and Diagnostics)
  • Restarting both IIS (iisreset /noforce) and the physical server
  • Toggling logging off/on in IIS Manager
  • Running the nuclear option via appcmd:
appcmd set config /section:httpLogging /dontLog:False /selectiveLogging:LogAll

When basic checks fail, time to break out Process Monitor. Filter for W3SVC1 and watch for ACCESS DENIED errors. Common culprits:

# Check folder permissions (IIS_IUSRS needs Modify rights)
icacls "C:\inetpub\logs\LogFiles" /grant IIS_IUSRS:(OI)(CI)M

# Verify identity pool (if using custom app pool)
Get-ChildItem IIS:\AppPools | Select-Object Name, ProcessModel

Discovered a critical registry setting that can silently disable logging:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\HTTP\Parameters]
"DisableLogging"=dword:00000000

Set to 1? That's your smoking gun. Also check for conflicting group policies pushing this setting.

As a last resort, recreate the logging infrastructure:

# 1. Stop IIS
net stop w3svc /y

# 2. Backup and remove existing logs
robocopy C:\inetpub\logs\LogFiles C:\LogBackup_%date% /mir
rmdir C:\inetpub\logs\LogFiles /s /q

# 3. Recreate directory structure
mkdir C:\inetpub\logs\LogFiles
icacls "C:\inetpub\logs\LogFiles" /inheritance:r /grant:r "IIS_IUSRS:(OI)(CI)F"

# 4. Restart services
net start w3svc

Prevent future surprises with this PowerShell monitor:

# Daily log file freshness check
$AlertThreshold = (Get-Date).AddDays(-1)
Get-ChildItem "C:\inetpub\logs\LogFiles\W3SVC*" -File | 
    Where-Object { $_.LastWriteTime -lt $AlertThreshold } |
    Send-MailMessage -From "monitor@domain.com" -To "admin@domain.com" -Subject "IIS Log Stale Alert"