In this lab, you will learn how to:
- Configure your containers for troubleshooting
- Ensure you have completed the previous labs
- Configure IIS Management inside container
- Configure Kerberos Logging inside container
- Export event logs from container
- Remote Debugging in the container
These are only needed for accessing the IIS admin UI
-
RDP into the Windows Container Host and install IIS with the management tools if it is not already installed.
Install-WindowsFeature -name Web-Server -IncludeManagementTools
-
Connect interactively to the container
docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5d1e3bf011e1 iis-site "C:\\ServiceMonitor..." About an hour ago Up About an hour 80/tcp adoring_rosalind docker exec -it adoring_rosalind powershell
You should now be on a powershell prompt inside the container. Validate by running
whoami
from the command linewhoami #You should see the following user manager\containeradministrator
-
Install and Configure IIS and enable it for Remote Management. Replace the values for UserName and Password
#These are only needed for accessing the IIS admin UI net user <USERNAME> <PASSWORD> /add net localgroup Administrators <USERNAME> /add Install-WindowsFeature Web-Mgmt-Service New-ItemProperty -Path HKLM:\software\microsoft\WebManagement\Server -Name EnableRemoteManagement -Value 1 -Force Start-Service WMSVC
-
On the container host, open the IIS Manager by clicking
Start
and searching forinetmgr
-
Click on File > Connect to a Server.
-
Enter the IP Address of your Container
-
Enter the local credentials of the container
-
You'll get a certificate alert, ignore and click on Connect
-
You should now have access to IIS running inside of your container.
-
Connect interactively to the container
docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5d1e3bf011e1 iis-site "C:\\ServiceMonitor..." About an hour ago Up About an hour 80/tcp adoring_rosalind docker exec -it adoring_rosalind powershell #You should now be at a powershell prompt inside the container
-
Validate connectivity to the AD Domain
nltest /parentdomain nltest /query #You should see something like this PS C:\> nltest /parentdomain appmig.local. (1) The command completed successfully PS C:\> nltest /query Flags: 0 Connection Status = 0 0x0 NERR_Success The command completed successfully PS C:\>
-
Enable Kerberos debugging in the container
New-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters -Name LogLevel -PropertyType DWord -Value 1 -Force
You should see the following
LogLevel : 1 PSPath : Microsoft.PowerShell.Core\Registry: PSParentPath : Microsoft.PowerShell.Core\Registry: PSChildName : Parameters PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry
-
If not already open, launch a PowerShell prompt in the container
-
Connect interactively to the container
docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 5d1e3bf011e1 iis-site "C:\\ServiceMonitor..." About an hour ago Up About an hour 80/tcp adoring_rosalind docker exec -it adoring_rosalind powershell #You should now be at a powershell prompt inside the container
-
You can export log files from the container using
(wevtutil epl <LogName> <FileName.evtx>)
and opening the logs on the host machine. This is helpful when viewing the errors that occurred in the running container. In this example, we will be exporting theSecurity
Event log. -
Run the following commands:
wevtutil epl Security c:\SecurityBackup.evtx
-
Run the following to ensure that the log file was exported:
cd\ dir
You should see something like this with your
SecurityBackup.evtx
file -
From the Windows Container Host we can copy the exported application log from inside the container to the host so that we can view it. Replace the container name (in this example adoring_rosalind) with the proper value for your environment
md c:\mylogs docker cp adoring_rosalind:/SecurityBackup.evtx c:\mylogs\SecurityBackup.evtx
-
Open
Event Viewer
on the host machine -
Right click on
Even Viewer(local) > Open Saved Log
-
Navigate to the location you saved the exported log (in this example,
c:\mylogs\SecurityBackup.evtx
), andOpen
. -
On the Open Saved Log dialog, click OK to accept the defaults
- Remote Debugging Tools : https://docs.microsoft.com/en-us/visualstudio/debugger/remote-debugging
- Remote Debugger Port Assignments : https://docs.microsoft.com/en-us/visualstudio/debugger/remote-debugger-port-assignments
-
For Visual Studio 2017 we want ports 4022 (32-bit debugger) and 4023 (64-bit debugger).
-
For this scenario we will create a simple ASP.NET Web Application
-
From the Development VM Open Visual Studio 2017 and Create a new ASP.NET Web Application (.NET Framework) called WebApplication1
-
Choose MVC and Enable Docker Support
-
Add the remote debugger to your docker file and open the appropriate ports
#### Remote Debugger Configuration for VS 2017 #### Add this to the bottom of your Docker file in the solution EXPOSE 4022 4023 RUN mkdir c:\tools RUN INVOKE-WebRequest -OutFile c:\tools\RemoteTools.amd64ret.enu.exe -Uri https://aka.ms/vs/15/release/RemoteTools.amd64ret.enu.exe; RUN powershell.exe -Command Start-Process c:\tools\RemoteTools.amd64ret.enu.exe -ArgumentList '/quiet' -Wait;
-
Build the solution
-
Open powershell and cd to your solution directory and build the image on the Windows Container host, in this example the IP address of the Windows Container Host is 10.0.1.5
cd c:\Users\azadmin.Contoso\Documents\Visual Studio 2017\Projects\WebApplication1\WebApplication1 docker --host tcp://10.0.1.5 build -t webapplication1 .
-
From the Windows Container Host start the container with the appropriate ports mapped
# docker run -d -p 80:80 -p 4022:4022 -p 4023:4023 <imagename> # e.g. docker run -d -p 80:80 -p 4022:4022 -p 4023:4023 webapplication1
-
From the Windows Container host start the remote debugger
#docker exec -it <container name> "C:\Program Files\Microsoft Visual Studio 15.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /nostatus /silent /noauth /anyuser /nosecuritywarn #e.g. docker exec -it thirsty_clarke "C:\Program Files\Microsoft Visual Studio 15.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /nostatus /silent /noauth /anyuser /nosecuritywarn
-
Since the container is running remotely on the Windows Container Host, you will need to load the symbols in Visual Studio 2017. Click on
Tools > Options > Debugging > Symbols
and navigate to your project folder to theobj/Debug
folder. -
From the Development VM in
Visual Studio 2017
will now connect to the remote debugger, load the symbols and enjoy debugging at its finest by Click onDebug > Attach to Process
: -
In the 'Attach to Process' dialog choose
Connection type: 'Remote (no authentication)'
and Connection target:10.0.1.5:4022
and hitEnter
-
Set the Attach to:
Managed (v4.6, v4.5, v4.0) code
-
Click the checkbox for
Show processes from all users
-
Click
Refresh
and click on thew3wp.exe
process -
Click
Attach
. -
Now validate that you are able to set break points in your application for debugging.
In this hands-on lab, you learned how to:
- Configure Windows containers for advanced debugging and troubleshooting
Copyright 2016 Microsoft Corporation. All rights reserved. Except where otherwise noted, these materials are licensed under the terms of the MIT License. You may use them according to the license as is most appropriate for your project. The terms of this license can be found at https://opensource.org/licenses/MIT.