Easy Way To Debug SSL Issues With Web Services (Including SQL Server 2005 SOAP Endpoints)

Here is a nice easy way to debug SSL issue with Windows 2003 that I discovered while working on SOAP projects. I think this works on XP SP2 as well have not tested this.

1. Create batch file c:\ssltrace.cmd with following contents:

logman start http_ssl_trace -pf c:\guids.txt -o out.etl -ets
pause
logman stop http_ssl_trace -ets
tracerpt /y out.etl
notepad dumpfile.csv

2. Create file c:\guids.txt with following contents:

{1fbecc45-c060-4e7c-8a0e-0dbd6116181b} 0x000000FF 5 IIS: SSL Filter
{dd5ef90a-6398-47a4-ad34-4dcecdef795f} 0x000000FF 5 HTTP Service Trace

3. On the web service machine run c:\ssltrace.cmd to start tracing, then hit your web service with your POST. Once you are finished testing press the spacebar to in the ssltrace.cmd command window to stop tracing and display the trace file. You should see everything coming in and going out along with error codes, etc...

If you are even more ambitious and want to see the innards of NTLM and Kerberos and LSA chatter, add this to guids.txt ->

{C92CF544-91B3-4dc0-8E11-C580339A0BF8} 0x000000FF 5 NTLM Security Protocol
{cc85922f-db41-11d2-9244-006008269001} 0x000000FF 5 Local Security Authority (LSA)
{bba3add2-c229-4cdb-ae2b-57eb6966b0c4} 0x000000FF 5 Active Directory: Kerberos

Comments