I have 4 applications that are setup under 1 site.  The applications are separate portals to the same software so setting them up as different sites is not an option at this point.

I can set the bindings to app1.domain.com, app2.domain.com, etc but I can't get them to point as follows:

app1.domain.com point to Default Web Site/app1   

app2.domian.com point to Default Website/app2

etc.

When I set the bindings at the site level I don't see how to access the individual applications within the site.  The bindings only point to the top level.  So if I go to app1.domain.com it shows the top level but if I go to app1.domain.com/app1  it will go to the app1 application.  I need app1.domain.com to resolve to app1.domain.com/app1.  I have the DNS set to the single ip for all of the names.

Server: Win 2012  IIS7

Thanks for the help.

I have an isapi extension that is returning an image file through WriteClient().

I need to return "Content-Type: image/jpeg" in the header (or else the calling app will not process the image)

So, I create a HSE_SEND_HEADER_EX_INFO structure and have member pszHeader = "Content-Type: image/jpeg\r\n\r\n"

before I issue WriteClient(), I call

ecb->ServerSupportFunction( ecb->ConnID, HSE_REQ_SEND_RESPONSE_HEADER_EX, &newHeader, NULL, NULL );

The return from call to ServerSupportFunction() is TRUE (no need to call GetLastError())

However, my header information is put into the body and default headers are sent to client. This is the header sent to the client:

    X-Cache: MISS from ip-172-18-8-226

    Server: Microsoft-IIS/8.5
    X-Cache-Lookup: HIT from ip-172-18-8-226:3128
    Content-Length: NNN
    Date: Thu, 21 Sep 2017 14:32:38 GMT
    X-Powered-By: ASP.NET
    Content-Type text/html

Note that it does not change "Content-Type:" to "image/jpeg" but, instead, retains "Content-Type: text/html". Oddly, it puts my header information into the <body> (that is, the 1st line of the body is "Content-Type: image/jpeg"...followed by the actual image data).

Note 1: I have tried HSE_SEND_HEADER_INFO and HSE_REQ_VECTOR_SEND. Both give same behavior.

Note 2: If I remove the WriteClient() call and just call ecb->ServerSupportFunction(), my return data is the default header that I can't seem to change followed by a single line (which is now the content body) of "Content-Type: image/jpeg"). So, this behavior IS NOT caused by sending header data through the call to WriteClient()

How am I to modify response header so that I can send "Content-Type:" ?

Hi all,

I'm wondering what I should be expecting from pass through authentication.  Right now my expectation is if a user goes to a local website where only Windows Authentication is Enabled, and they are part of the active directory group 'domain users', they should be able to browse the site without getting prompted for a username and password.  Is that a reasonable expectation?  Right now they get prompted for their username and password. Once they give it, they log on and can browse as expected.  I thought  would try to bypass the login process since they were already authenticated when they logged into windows.   

Larry

Sorry if this question has been asked before (couldn't find a satisfactory answer via search). With PHP 7+ and built-in Zend Opcache enabled, is it still necessary to enable Wincache? Are there any potential conflicts between these two caching mechanisms? Are there any specific recommended settings/tunings when they're used together? Finally, is Wincache fully compatible with IIS 10?

Thanks!

I encountered this strange behavior running Windows Server 2016 + IIS10 + PHP 7.0.23 + Wincache 2.0.0.8 + Wordpress 4.8.1:

If a php file, say a WP plugin file, is edited via the Wordpress plugin management interface inside the admin area, that change is *not* detected by either wincache.fcndetect or chkinterval. The old version of the file stays in cache till IIS is restarted/recycled or ttlmax expiration is reached. Editing the file directly within the operation system (not through WP) does trigger detection properly.

*Edit* (No longer seems valid, see next edit)

Upon some further investigation, here's what I found:

The IIS was configured to use applicationpoolidentity for both the application pool and anonymous authentication of the WP site. The folders and files were granted permission for the applicationpoolidentity (iis apppool\xxxx pseudo user) accordingly, so WP is capable of editing the files. However, the owner of some of the files in the site were not this apppool user, instead they are owned by the Windows local account that was originally used to install the site. If WP, running as the apppool user,  edits a file that's *not* owned by the apppool user, then the change is not detected by Wincache, even though the underlying file is indeed modified and shows the updated modification timestamp in the operation system. If WP edits a file that it does own, then the changes are detected.

I suspect this behavior applies not only to WP, but any PHP application configured to run as a user that's different from the owner of the files. 

Edit 2:

It seems the previous test was inconsistent. I still see cached files not being updated even when the file is owned by the same applicationpoolidentity user PHP runs under. I do have Zend Opcache running at the same time which may has something to do this. For now I just make sure to restart IIS any time physical PHP files are changed.

Hi all,

I'm a bit of a n00b on IIS, so apologies if my questions sound stupid.  My customer is currently running an internal web application over IIS 8.5 on Windows 2012 R2 server. The web application requires SSL. Let's just say the URL to the app was initially server1.acme.com/MyApp. They have registered a URL on their internal DNS called myapp.acme.com. "Someone" has configured server1 to redirect any request to myapp.acme.com to https://server1.acme.com/MyApp using the HTTP Redirect module on IIS, with "status code" of Found (302). The SSL certificate that has been loaded up on server1 was generated from internal CA, registered for myapp.acme.com (CN), with SAN (Subject Alternative Name) of server1.acme.com.

I should also mention here that at the moment, myapp.acme.com is CNAME for server1.acme.com on the customer's internal DNS.

Q1: despite the certificate having been issued by internal CA rather than self-signed, when the user typed in myapp.acme.com on their browser (predominantly IE 11), they still received certificate error. What should I check and/or do to remove this certificate error that the user is still getting? FYI, I tried adding server1.acme.com as hostname under Default Web Site binding for 443, which removed the certificate error, but caused a different issue in that when the user enteredhttps://myapp.acme.com, they received Error 404, which I thought was weird.

Q2: myapp.acme.com will eventually be hosted on several IIS servers, load balanced by external load balancer. So, myapp.acme.com DNS record will be "converted" from CNAME into A record pointing to a load balanced VIP. A new SSL certificate will be issued which will be loaded on the load balancer, and individual certs issued for each IIS server. Can anyone point me to any online document that discusses/describes how to configure IIS in this sort of scenario please?

TIA for any assistance!

Cheers,

Michael

Hi IIS Gurus!

I have IIS 8.5 and application hosted on it. Application server is Tomcat 8.0.37. So the whole chain is IIS+ISAPI+Tomcat.
My application is configured for smart-card authentication.
Users with smart-cards have personal certificates, issued by domain Certificate Authority.
IIS server and application are hosted inside the domain.
I've configured IIS+isapi+Tomcat for smart-card authentication, but it works only for users, who are accessing Site from domain-machine.
And I'm using Windows Authentication for this kind of configuration.

But how to configure smart-card authentication on IIS for users, trying to login to Site from outside the domain?
These users have a valid smart-card with personal certificate, issued by CA, and are able to login from inside the domain successfully.

P.S. I've tried to configure Client-certificate-mapping-authentication using this guide:
https://blogs.msdn.microsoft.com/asiatech/2014/02/12/how-to-configure-iis-client-certificate-mapping-authentication-for-iis7/

But when trying to login to Site, I am getting a 401.2 error: You are not authorized to view this page due to invalid authentication headers.

Thanks!

I have been able to connect to the virtual directory from the DMZ server however when I try to access it form the external address I am getting  500 - Internal server error.

I know there are a lot of tutorials around this but almost all of them are from different years so each one is a bit different from the rest. 

What I did:

• Installed NPM , Node JS and Express
• Created a web app which is working as expected from cmd line.
• Installed iisnode, URLRewrite Module as stated in the iisnode GitHub repo.
• Included a web.config file into the root directory of the application and updated the hello.js to app.js which is my startup file.
• Created a new website in IIS and pointed it to the root directory which has the web.config file.
• Tried to browse it on port 80 and I got the directory view which listed the contents in the root directory. When I clicked on app.js it opened in another tab with the URL 

  http://localhost/app.js

  And the error message was
  

  iisnode encountered an error when processing the request.
  
  HRESULT: 0x2
  HTTP status: 500
  HTTP subStatus: 1002
  HTTP reason: Internal Server Error
  You are receiving this HTTP 200 response because system.webServer/iisnode/@devErrorsEnabled configuration setting is 'true'.
  
  In addition to the log of stdout and stderr of the node.exe process, consider using debugging and ETW traces to further diagnose the problem.
  
  The node.exe process has not written any information to stderr or iisnode was unable to capture this information. Frequent reason is that the iisnode module is unable to create a log file to capture stdout and stderr output from node.exe. Please check that the identity of the IIS application pool running the node.js application has read and write access permissions to the directory on the server where the node.js application is located. Alternatively you can disable logging by setting system.webServer/iisnode/@loggingEnabled element of web.config to 'false'.

  
  
  

Any idea what I should do to fix this ? How do I get started accessing this site from IIS? Are there any other steps that I am missing out? I am currently running IIS 10 on a Windows 10 machine.

I read the blog run by Jason R. Shaver a few months ago on how to set up IIS Express to accept Client Certificates. http://www.jasonrshaver.com/post/2011/09/28/WP7-Client-Certificates-Part-2-(Client-Certs-on-the-Browser).aspx

I did the following:

1. Changed Project properties to use IIS Express instead of VS Development Server.
2. Enabled SSL on Project
3. Established Virtual Directory in Project Properties.
4. Opened the IIS Express Applicationhost.config file.
5. Verified the Site configuration included a binding with a protocol of https.
6. Changed iisClientCertificateMappingAuthentication to enabled = true
7. Uncommented access sslFlags="SslNegotiateCert"

Since I only wanted the web app to view the certs on my CAC card I did not proceed any further.  For months this worked exactly as I wanted it populating the server Variables with the Cert_Subject, when my app was then programmed to retrieve and read.

Then I moved to a different machine.  I had to move my projects and databases to the new machine.  I worked with things as they were for a while.  I ran the the particular app I had set up to use ssl and was only mindly surprised when the app did not request my client certificate.  Then today I tried to repeat the set up on this new machine that I had on the old machine.  The project settings were still the same although I had to click the  "create virtual directory" again.

I opened the aplicationhost.config file.

1. I was not surprised to find the web site had a binding with a protocol of "https".
2. I was very surprised to find that the "iisClientCertificateMappingAuthentication" was already set to true.
3. I was even more surprised to find that access sslFlags="SslNegotiateCert" was already uncommented. (I never did this.)
4. Finally I was shocked to find with all of these settings correct, the browser still never requested my client certs when hitting this site.

I do not understand why this is happening on this machine and not on the other machine.  Does anyone have any ideas?

 p.s.  I inadvertantly created this in the wrong sub-forum.  I would appreciate a moderator moving it to the correct forum.

I am migrating some simple asp and asp.net apps from Server 2008R2 to a fresh install of Server 2016.

I did the following:

• Installed IIS and added .NET 3.5 as a feature.
• Copied an app folder from old server to c:\inetpub\wwwroot\myappfolder
• Granted full rights to the above folder for everyone (just for initial setup/testing purposes)
• In IIS, I set the Default Application Pool .NET CLR Version to.NET CLR Version v.2.0.50727
• I converted the app folder into an application using the default application pool

When I'm on the server, I'm able to right-click on the application and select Manage Application->Browse and it works great. http://webserver/myappfolder/Default.asp works great.

However when I'm on a client computer and try to visit http://webserver/myappfolder or even http://webserver/myappfolder/Default.asp I receive a 404 error. I have tested a variant ofhttp://webserver/myappfolder/test.pngand it works great. It doesn't appear to be a permissions/bindings/dns issue, but for some reason it won't execute an asp file when a client is accessing.

Any ideas on how to resolve?

Hi,

I am trying to use "URL Rewrite" to redirect a URL https://my-test to one of its subsites: https://my-test/sites/subsite.

Here https://my-test is a SharePoint web application URL.

I tried many options in IIS URL Rewrite, but did not find the right option.

Please let me know, how I can do it.

Thanks

Discus004

i am running Windows Server 2008 R1 and IIS7, and i keep getting this crash:- 

Description
Faulting Application Path: c:\Windows\System32\inetsrv\w3wp.exe

Problem signature
Problem Event Name: APPCRASH
Application Name: w3wp.exe
Application Version: 7.5.7601.17514
Application Timestamp: 4ce7afa2
Fault Module Name: python27.dll
Fault Module Version: 2.7.3150.1013
Fault Module Timestamp: 4f84a51f
Exception Code: c0000005
Exception Offset: 00000000000f7917
OS Version: 6.1.7601.2.1.0.274.10
Locale ID: 1033
Additional Information 1: 6714
Additional Information 2: 67149c50ad319a0534948fea0981cf42
Additional Information 3: 3901
Additional Information 4: 39010e1ea895985d267f1e7e73081b16

Extra information about the problem
Bucket ID: 113107464

Does anyone know the root and solution of this problem? Because of this, site is been loading very slow at client location.

Thank you  very much in advance

Can someone please explain why I'm seeing serialised calls to a COM+ application under the following conditions:

• <div mce_keep="true">COM+ object written in C# compiled under .NET v2.0</div>
  • <div mce_keep="true">Exposes a method DoWork() via standard COM wrapper</div>
    • <div mce_keep="true">This method simply calls Thread.Sleep(x) where x is a value passed to the method. This is intended to mimic work being done.</div>
  • <div mce_keep="true">Has object pooling enabled for the object (with 5 instances)</div>
  • <div mce_keep="true">The application has a pool size of 1.</div>
• <div mce_keep="true">IIS 6</div>
  • <div mce_keep="true">Running on Windows Server 2003 SP1</div>
  • <div mce_keep="true">An application pool running as LOCAL SERVICE</div>
  • <div mce_keep="true">1 worker process</div>
  • <div mce_keep="true">A single virtual directory belongs to the above application pool.</div>
    • <div mce_keep="true">This directory contains my .asp which will be called later</div>
  • <div mce_keep="true">AspExecuteInMTA is set to 0 for every node in the metabase (this is how IIS installs)</div>
• <div mce_keep="true">ASP page that...</div>
  • <div mce_keep="true">accepts an integer querystring param that is passed to theDoWork() method indicating how many seconds to "sleep" for</div>

Now, using two browser windows, I load the above page using a sleep time of 10 seconds for window A and a time of 1 second for the window B. Window A is loaded first. The result is that window A takes 10 seconds to load. Window B takes 11 seconds. During this time, stats in COM+ show only a single instance of the COM+ object running.

However, if I change the Application Pool in IIS to run as a NETWORK SERVICE, both pages load at the same time, and one sees 2 instances of the COM+ object running at once.

Why the difference?

Thanks, Andrew

Hi,

I can't find the syntax how to generate a Pie Chart or any chart with command line in Log Parser Studio.
need help

Hi,

I have a c++ com+ object that i'm using as my DB layer to communicate with Oracle.

I can't make more than 1 concurrent request to an asp file that is using that com+

All other requests just go to the ASP queue until the first thread finishes and the com+ returns.

It is marked as an MTAthread in the c++ code.

On iis => asp => Com Plus Properties => Execute in MTA = true

Debugging (client & server) are set to false

I'm on IIS 10

This is from debugDiag => https://drive.google.com/open?id=0BwoJABE2FogsMG5jWDd5UGFXUmM

I'm at a loss... 

https://thesite.com/m/?pageName=profileSettings#notifications

I need to rewrite it to

https://thesite.com/m/?pageName=notificationSettings

I'm trying something like

<rule name="m_notifications" stopProcessing="true"><match url="^m/(.*)" /><conditions><add input="{QUERY_STRING}" pattern="pageName=profileSettings#notifications" /></conditions><action type="Rewrite" url="pageName=notificationSettings" appendQueryString="False"/></rule>

This isn't working, no errors, just not making any changes. What am I missing?

Thanks

Problem;
We are currently syncing our CA (content author server) to our CD's (content delivery server) using web deploy.
We have a large number of sites (400+) and some sites have to be excluded from the sync.

I am looking for a way to speed up the process as it currently takes about 20min to sync all the sites.

I am doing this with a PowerShell script that just loops through the sites skipping anything in the exclude list.

$sites = Get-ChildItem IIS:\Sites -Exclude $excludsite$msdeploy ="C:\Program Files\IIS\Microsoft Web Deploy V3\msdeploy.exe"
foreach ($site in $sites) {

I would really love to be able to just sync all of IIS except a few sites as I have seen how much faster it is to use the 

Sync-WDServer

vs the

msdeploy.exe -verb:sync

I tried moving the sync task to a PowerShell job and syncing lots of sites at the same time but if anything that seemed to be a little slower.
Looking at testing out 

Sync-WDSite

but this is still going to require looping through each site one by one and original tests had settings issues.

Any tips/idea’s would be appreciated.

My team recently upgraded from VS2008 to VS2015. Our project is a combination of C# SDK layers and C++ core libraries that work in mixed mode CLR and direct unmanaged references/pinvoke.

VS2015 compilations for desktop executables work just fine with managed and unmanaged versions across multiple environments. However, when we use the same .NET drivers and C++ libraries in IIS/bin the web server is unable to load any C++ dll that is compiled with CLR. This is within VS2015 and outside of it on both our development and production box. We can set any C++ driver into managed CLR and we see the failed result:

Error Could not load file or assembly 'ConfigAuth.DLL' or one of its dependencies. The specified module could not be found.

The file is clearly found, the PATH variable triple checked. We've run process monitors to find the dll file loading issue and can't seem to find anything that gives a clue as to what is missing. We've had issues in the past with missing redistributable packages and have read that some combinations fail. We've uninstalled and reinstalled these packages, but maybe we are doing it in the wrong sequence/combination?

Development Box / Configuration:

Windows 7, 64bit environment

The following VS C++ Redistributable Packages are installed on the box: 2012,2013,2015 (both x86/64 for each)

SxS merge modules for 2012-2015 are installed

All files compile to Win32/x86 platform

.NET 4.5 is used to compile the ASP.NET WCF Service build as well as all C# managed dlls

.NET 4.0 is the mscorlib used to compile the C++ CLR

IIS 7.5+ 64bit having trouble loading C++ libraries compiled using 2015 toolkit on VS2015.

IIS app pool supports 32 bit assemblies

IIS app pool has all directory and windows access rights set to access the file

PATH variable has been set and tested against other files that load just fine as non CLR

Hi,

I have one user that has two logins, webapp is login by IIS SSO connecterd to the domain

I'd like to make that when I logged out from webapp and login to the webpage by second login (second domain login) all application on this app start as this second user login (not login that is current loged to the Windows)
How to do that? 

In Windows 2003 and IIS it works fine but on W2K8R2 it's not.

Please help.