04-27-2001 08:26 AM - edited 03-12-2019 11:26 AM
Is there a way to find who is using the SA? We have been running into access denied due to too many sessions and would like to find out who is logged in the SA.<br><br>schois
04-27-2001 08:26 AM
Thats actually a good question
I would have thought IIS would have a snappy way to simply kick this information out with a script, but so far as I can tell thats not the case. Lots of ways to get the current connectivity counts, bytes transferred, sent etc
but no easy way to list the IP addresses of the currently connected sessions (at least as far as I could find). If youre interested in the count thing, heres a link to follow with info on how to configure PerfMon to kick out that info:
http://support.microsoft.com/support/kb/articles/Q143/1/94.asp
You can also look in the logs generated under System32\LogFiles\W3SVC1 directory. Its kinda big since youll see entries every time the user hits a page or loads a control etc
this is also handy for seeing who was in what pages when (the Administrative Access report pulls from here among other places but doesnt give the level of detail youll find in the raw log, of course).
The only way I could find digging around and talking to some folks was to use the NetStat application. Playing around with this on my test servers showed that I could get a pretty good list of the folks currently connected and those who had been connected recently, but its not totally clean. At the command line on my Unity server, entering the command:
netstat p TCP n
produces an output that looks like this:
Proto Local Address Foreign Address State
TCP 10.10.1.1:389 10.10.1.1:1058 TIME_WAIT
TCP 10.10.1.1:389 10.10.1.1:1059 TIME_WAIT
TCP 10.10.1.1:389 10.10.1.1:1062 ESTABLISHED
TCP 10.10.1.1:389 10.10.1.1:1074 ESTABLISHED
TCP 10.10.1.1:1024 10.10.1.1:1147 ESTABLISHED
TCP 10.10.1.1:1024 10.10.1.1:1168 ESTABLISHED
TCP 10.10.1.1:1026 10.10.1.1:1112 ESTABLISHED
Its actually much larger since its also a DNS server, email server etc
and several clients were attached, but you get the idea. A member server dump is much cleaner. If you drop the -n it kicks out server names and domains etc
instead of IDs and instead of looking for port 80, look for http in the local address. Anyway, with one client connected to the SA, the dump includes these lines for port 80:
Proto Local Address Foreign Address State
TCP 10.10.1.1:80 10.10.1.2:1172 TIME_WAIT
TCP 10.10.1.1:80 10.10.1.2:1173 ESTABLISHED
TCP 10.10.1.1:80 10.10.1.2:1174 TIME_WAIT
TCP 10.10.1.1:80 10.10.1.2:1175 ESTABLISHED
Yes, theres actually 4 entries for 1 connection. Im not real clear on exactly what all 4 mean but you have an inbound and an outbound port working here. If that user terminates their session (with or without logging out) both the TIME_WAIT sessions will be left and the two ESTABLISHED states will drop off
The two TIME_WAIT lines will drop off after a period of time (not a full session timeout of 15 minutes, Im not sure where this time comes from, its only a few minutes on my boxes). The problem is, itll look exactly the same if you log out properly or if you dont, yet the SA sessions will stay at 1 if you dont log out and itll go to 0 if you do. I couldnt find any way of distinguishing which users were responsible for burning a session and which were not other than looking in the logs mentioned above which is a bit tedious. Perhaps some helpful web jockey out here has some insight into this one
That said, I could get a reasonably good idea of who was currently attached and who was recently attached to the web server on Unity which I think is what youre looking for. Ill keep hunting around for a snappier active session dump type utility since it seems to me this would be pretty handy to have around.
Hope that helps.
Jeff Lindborg
Unity Product Architect/Answer Monkey
Cisco Systems
lindborg@cisco.com
http://www.AnswerMonkey.net (new page for Unity support tools and scripts)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide