Michel Barneveld
To unpathed waters, undreamed shores
X-SharePointHealthScore: a new SharePoint 2010 HTTP header

 

I was testing something with SharePoint 2010 and needed a deeper look on what was actually send over the wire. So I started fiddler and noticed a few HTTP headers in the response that were new to me.

  

The new headers:

MicrosoftSharePointTeamServices
This header is not really new. It's been there in previous versions of SharePoint. But the version is new ;-)

SPRequestGuid
This turns out to be the Log Correlation Id. With this correlation id you can search the ULS logs for the log lines belonging to this request. Very handy!
It's also mentioned in the Developer Dashboard:

X-SharePointHealthScore
This one got me puzzled for some time where it's getting it's value from. At first I thought it was getting it's value from the new Health Analyzer Report in Central Admin. But changing the amount of problems in the Health Analyzer didn't effect the HealthScore. After finding no references on Internet or the SharePoint SDK, it was time to open Reflector and see what is going on.
 

What is the X-SharePointHealthScore HTTP Header?

It's a header that returns the systems health (duh) based on these 3 performance counters:

  • Memory - Available MBytes
  • ASP.NET - Requests Queued
  • ASP.NET - Request Wait Time

There are references in the code to the CPU Usage performance counter, but no performance counters are actually being used for that. Maybe some leftover from an earlier build or maybe something that will be added later. And also in the final version of SharePoint there might be other performance counters as well. And maybe we can even add our own counters and thresholds to it.

So how does it calculate the Health Score value?
Every Performance Counter has an table with 10 score buckets associated with it:

 

For example the Memory Score (the top one of the above 3). If you have more than 1000MB available than the Memory gets a score of 0. If the amount of memory available is between 1000MB and 500MB it will get a score of 1, etc. And if there is less than 20MB of memory available it will get a score of 10. The same applies to the other 2 counters. And the score of these 3 counters are added together and returned as the X-SharePointHealthScore. (So currently it will be a value between 0 and 30)

What does the Health Score mean or do?

One of the new features of SharePoint 2010 is resource throttling when the system is a bit busy handling requests. This can be tuned on at Web Application level in Central Admin. That throttling uses the health score value. If the value becomes 10 or above it will go into throttling mode. At that point it will give GET requests a lower priority than other types like POST. So people can finish the form they are filling in, but new request will be denied. 

 

What can we do with this Health Score?

Besides the obvious for using it to monitor the server. It can also be used in load balancing scenarios (if your loadbalancer can be configured to support this). Based on the healthscores the loadbalancer is able to determine which web front-end has the most ammount of resources left and forward the request to that WFE.

So how do we test the loadbalancer if we set it up in this fashion? Do we need to DDoS a WFE?
There is a better way ;-) There is a registry setting that will override the Health Score and it will return the value from the registry.

Create a DWORD with the name ServerHealthScore in the following location: HKLM\SOFTWARE\Microsoft\Shared Tools\Web Server Extensions\14.0\WSS and give it the value you want.

 

And as a little disclaimer. All above is discovered using reflectoring the beta version of SharePoint. This might be different on the RTM version. ;-)


Posted 11-08-2009 3:29 PM by Michel Barneveld

Comments

John wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 02-03-2010 5:35 AM

I was fiddlering my own sharepoint instances and found this healthScore header - and it had me puzzled. Thanks for doing the leg work - keeps my reflector closed for at least another day or two.

Zubair wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 07-08-2010 12:09 AM

thanks a very useful article

simon wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 01-26-2011 3:13 PM

Very useful tip for SharePoint 2010, thanks for sharing!

Tim wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 02-17-2011 8:23 PM

So, has anyone found a way to turn off this header from being passed back to the browser?  I've been tasked with securing one of our sites and one of the requirements is to not expose the web platform being used to run the site.  This header sort of gives it away...

Joel Mansford wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 06-06-2011 5:46 PM

I just spotted the header in the same way using Fiddler.  Thanks for the thorough write-up which saved me doing the same.

Medical Coding Course wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 07-19-2011 9:56 PM

Any ideas where I could read more about this?

Koen Zomers wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 09-02-2011 10:06 AM

Thanks for sharing your findings on this Michel! Just ran across the HTTP header while sniffing my traffic. Your post explains it very well in a short manner.

Chris Patterson wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 11-20-2012 12:38 PM

Would the SharepointHealthScore field not assist a potential attacker in assessing what methods are effectively overloading a  server that is not load balanced and therefore perform a DOS on the service?. Is this field on by default?

It was just a passing thought, so forgive me if I am completely wrong, or missing another element to this :)

Ashley wrote re: X-SharePointHealthScore: a new SharePoint 2010 HTTP header
on 12-15-2014 12:52 PM

I like to party, not look artelcis up online. You made it happen.

Add a Comment

(required)  
(optional)
(required)  
Remember Me?

  Enter code:
Copyright © 2003 - 2009 Michel Barneveld
Powered by Community Server (Non-Commercial Edition), by Telligent Systems