Quantcast
Channel: All Forums
Viewing all 27852 articles
Browse latest View live

IIS try to create directories with invalid name

0
0

I have a code on PHP that was working in a server but we migrate that code to another server and now that code is not working, specifically we want to run an .exe file using PHP with the instruction exec

I debug the script and it looks be working properly and the IUSR user and IIS_IUSR have the correct permissions and actually the exe file is running, but, when it run it need generate some files that is the part that cause the issues, the program are trying to create files on the AppPool directory for example like this: C:\MyPath\somewebsite.com\8áª\MyProgram\

Where C:\MyPath\somewebsite.com\ is the AppPool root directory and MyProgram\ is the directory that the app is creating

Where \8᪠is generated randomly and changes all the time that we try to run the program

Debugging with Process Monitor I can get an error: PATH NOT FOUND and/or NAME INVALID, on the previous server we modify the user on the IIS to run the script (that was on IIS 6 over Windows Server 2003 now we are on IIS 8.5 over Windows Server 2012R2) and that files was created on the home directory of the user AND without the random directory, for example: C:\Users\MyUser\MyProgram\

where MyUser is the user that we assigned, but on that new server we get the files on the AppPool directory (C:\MyPath\somewebsite.com) no matter if we change the user

I think that we can solve that if we was able to define a path for the IUSR user and set it as "home" path but I cannot found where to modify the IUSR user, I know that is a build-in user that IIS create but I'm not sure if I can edit that settings for that user.

I already mention that we used IIS but just as an extra data, we are running that over Windows Server 2012 R2

Any suggestion?


HTTP Error 403.14 - Forbidden on IIS8 production server. But working fine in VS2013 ultimate

0
0

I have mvc4 web application with Windows authentication enabled on IIS8, Which is working fine.

After few days I have got a change order to update the application . I have done required changes and tested in VS2013+(IIS Express).

But tricky part is after  deploying as a new application instead of updating working copy on IIS 8 is giving me 403.14 forbidden exception.

All settings are similar as working web application on same IIS :(

Error:

HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.

One thing that I have noticed, If I create a new plain mvc application and deploy on IIS8- it is working. However, I am not sure what changes are stopping my application to execute.

HTTP Error 403.14 - Forbidden on IIS 8 server and Working on local VS 2013 ultimate

0
0

I have mvc4 web application with Windows authentication enabled on IIS8, Which is working fine.

After few days I have got a change order to update the application . I have done required changes and tested in VS2013+(IIS Express).

But tricky part is after  deploying as a new application instead of updating working copy on IIS 8 is giving me 403.14 forbidden exception.

All settings are similar as working web application on same IIS :(

Error:

HTTP Error 403.14 - Forbidden
The Web server is configured to not list the contents of this directory.

One thing that I have noticed, If I create a new plain mvc application and deploy on IIS8- it is working. However, I am not sure what changes are stopping my application to execute.

cyber attacks (via ScriptResource.axd?)

0
0

Hello everyone,

Sorry for my poor English

in recent months we are literally ravaged by cyber attacks on ours websites that cause insertion on them of various hidden strings (<div style = "display: none"> ...) containing invitations to buy VIAGRA AND CIALIS. We passed hours over the research of the server log files for clues, but we do not find anything.
It does not seem to be a classic sql injection, to which we are already protected by a strict "request filtering". The only "evidence" that seems to come out is the call to ScriptResource.axd (eg ScriptResource.axd d = dvG6TfJvv9lEBUXJUZHnSmh2oP_iv3k3AlYodbE9n2IjZrVb aaHAyB8CVchRKX_gIzRfRVI1ZH-UF3O-WiYBsbcOgK8mGpUh0hzO5UMFl-68KMkHYkA9CWzXz8k3uAMiLYtrWWvRfIRo-1akskCTANjKbFSAj1eydc42BcBxeavKmMtDBzk7Fvhjj0AOQnN w0 & t = ffffffffeea0dba9)
Our Server is Windows Server 2012.
Reading various documentations I discovered that ScriptResource can be used for attacks of this type. I ask you: Is there a valid countermeasure ON IIS to prevent this kind of attack?

Thank you so much for any help,
Francis.

IIS is throwing an error for some URLs

0
0

NO SOLUTION FOUND YET!

Summary:

Why does this URL cause IIS/Urlrewriter to just send a response "ERROR":

http://localhost/MSR-Hubba-Hubba-NX-Tent-sku51147401.asp

But this one is OK (I just changed the first M to N:

http://localhost/NSR-Hubba-Hubba-NX-Tent-sku51147401.asp

Help needed?

Since posting this question I have found that this is a Windows Version Specific error it fails on Windows Version 10.0.14393 but works on Version 10.0.10586.

I will reinstall the URL rewrite to see if that resolves the problem.

I did some research and found that Microsoft.com offers 2 different versions of the IIS URL Rewrite Module 2. A file dated 2010 and one dated 2015.  I reinstalled the 2015 version but is still failing.

Below are 2 samples to reproduce this error.

1) An ASP Page $master.asp

2) The <rewrite> section from the web.config file

The theory is that all requests except the usual files like .jpg & .gif etc are handled by $master.asp.

If I type a URL like: http://localhost/anythingyoulike.asp

I get a good response like this:

<html><body>TEST<br>Sent URL /anythingyoulike.asp<br>URL:/$master.asp<br></body></html>

Headers: Content-Length: 87
Cache-Control: private
Content-Type: text/html
Date: Tue, 23 Aug 2016 17:34:49 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET

Status: OK

If I change the URL to this one:  http://localhost/MSR-Hubba-Hubba-NX-Tent-sku51147401.asp

I get this response:

ERROR

Headers: Content-Length: 5
Cache-Control: private
Content-Type: text/html
Date: Tue, 23 Aug 2016 17:38:55 GMT
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET


Status: OK

If I change the url very slightly changing MSR- to NSR- I get a good response. I am not sure what is causing the problem.

Help would be very much appreciated.

Platform:

Windows 10 IIS 10 Url rewriter V2

=========

ASP Page: $master.asp

<% Option Explicit
Dim str
str = "<html><body>TEST<br>Sent URL " & Request.Servervariables("HTTP_X_ORIGINAL_URL")
str = str & "<br>URL:" & Request.Servervariables("URL") & "<br></body></html>"
Response.Write str
%>

======

Web.config URL Rewrite rules

    <rewrite>
        <rules>
    <rule name="Igonore Usual Files" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
                    <match url="^(/.+(\.gif|\.png|\.jpg|\.ico|\.pdf|\.zip|\.7z|\.exe|\.txt|\.xml|\.css|\.js)(\?.+)?)$" ignoreCase="true" />
                    <action type="Rewrite" url="{R:1}" appendQueryString="false" />
                </rule>

          <rule name="Redirect all requests to $master.asp" stopProcessing="true">
            <match url="^(.*)$" ignoreCase="false" />
            <conditions>
              <add matchType="IsFile" negate="true" />
              <add matchType="IsDirectory" negate="true" />
            </conditions>
            <action type="Rewrite" url="$master.asp?v=x" appendQueryString="true" />
          </rule>
        </rules>
      </rewrite>

Performance Counter to Measure Concurrent Requests

0
0

We periodically receive this error in our IIS 7.5 web app:

HTTP Error 503.2 - Service Unavailable. The serverRuntime@appConcurrentRequestLimit setting is being exceeded

How can I monitor our current "appConcurrentRequestLimit"? 

IIS Live Smooth Streaming - Apple HLS Transmuxing audio sample rate problem

0
0

Hi,

I am generating H.264 360x240 400 Kbps video and AAC 44100Hz stereo audio. These data is muxed into fragmented MP4 and sent to IIS server. I can successfully receive and play smooth streaming manifest from IIS Server via Silverlight player. However, I am unable to play the audio from HLS manifest.

When I first encountered this problem, I manually requested a '.ts' file from IIS server via HLS manifest and noticed that ADTS header is not correctly set for this file. I am appending the mp4 file and the wireshark trace of my stream for further analysis. It can be seen in 'esds' atom of the audio 'trak' audio specific config is correctly set. In 'esds' atom audio specific config is 0x1210, meaning 44100Hz stereo AAC-LC, however adts header in the ts file shows us 0x4080251FFC, meaning the sampling frequency is 96KHz. This inconsistency leads to audio not being played in players.

ts file adts header: https://s16.postimg.io/zeo704rqd/tsfile.png

mp4 file esds atom: https://s12.postimg.io/tyiu9bdjh/mp4file.png

mp4 file : http://www.filedropper.com/data_18

wireshark trace: http://www.filedropper.com/data_19

ts file: http://www.filedropper.com/data_24

Windows Server 2012 Version: 6.2 Build 9200

IIS Version: 8.5

IIS Media Services Version 4.1

Thanks in advance

IIS 7 to 8.5. .Net version issues

0
0

Hello.

I have installed the Web Deployment tool on a old 32  server running IIS 7 and a new server running IIS 8.5. Both are 64 bit. I have updated the msdeploy.exe.config file to be the same in the multiple versions of the tool I have found in Program Files and Program Files (86).

<configuration>
<startup useLegacyV2RuntimeActivationPolicy="true" >
<supportedRuntime version="v2.0.50727" />
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0" />
</startup>
</configuration>

I create the file on the old server, FTP it to the new server and run Web Deploy from the IIS gui but whatever I do I can't get rid of the .Net incompatibility error below. I have rebooted both machines and also run this command on the old server:

  • net stop msdepsvc & net start msdepsvc

And these commands on the new server

  • net stop msdepsvc & net start msdepsvc
  • net stop wmsvc & net start wmsvc

But to no avail. Any help to sort this out would be appreciated.

Web Deploy .Net error

Thanks.


winhttp.dll on windows 2008 r2 x64

0
0

hello,

I use WinHttp.WinHttpRequest.5.1 object and the PCI DSS provider upgrade to TLS 1.1 and TLS 1.2

if I try to use any of this options:

obj.Option(9) = 2048  'TLS 1.2

obj.Option(9) = 512 'TLS 1.1

I get an error.

I upgrade all the kb realted but I get the same result

if I try from web-browser the URL load using TLS 1.1 and TLS 1.2

what is the solution ?

ServerXMLHTTP.6.0 || WinHttpRequest connecting to TLS 1.2 server

0
0

Hi

I have a server side application that connects to a third party server and is currently able to communicate with it via SSL 3.0. The third party server will be upgraded to only support TLS 1.1 and TLS 1.2. I have enabled TLS 1.1 and TLS 1.2 on my server for both client and server and am able to connect to my server via TLS 1.2 from a browser. I am also able to browse from my server with Internet Explorer to the test TLS 1.1 page however my server application is unable to connect to the third party test page.

An example of my application that connects to the third party server below. Server Registry changes below code.

I would be most grateful for any assistance.

===============================================================================

<%@ EnablesessionState=False
Language=JScript %>
<%
var URL = "https://test.paygate.co.za/process.trans";
//URL = "https://www.paygate.co.za/payxml/process.trans" /*Current SSL Server*/
var Data = "";
var ReqStatus;
var ReqStatusTxT;
var PageTxT;

try {
var XMLobj = Server.CreateObject("Msxml2.ServerXMLHTTP.6.0");
XMLobj.open ("GET", URL, false);
XMLobj.send(Data);
ReqStatus=XMLobj.status;
ReqStatusTxT=XMLobj.statusText
PageTxT=XMLobj.responseText;
}
catch(e){
ReqStatus=-1;
ReqStatusTxT=e.message;
PageTxT=""; 
}
XMLobj = null;


%><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "https://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="https://www.w3.org/1999/xhtml">
<head>
<title>Test SSL</title>
</head>
<body>
Status code:<%=ReqStatus%>&nbsp;&nbsp;&nbsp;&nbsp;<%=ReqStatusTxT%><br /><br />
Returned XML:
<hr>
<%=Server.HTMLEncode(PageTxT)%>
<hr>
<br /><br />
</body>

===================================================================================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server]
"DisabledByDefault"=dword:00000001
"Enabled"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001

 

URL rewrite part of URL

0
0

Hello All,

I am trying to re-write a partial URL and I am not getting the desired outcome.

I have a url : https://www.mycompany.com/organization/eag/mypage.html

every time I see "/organization/eag" I would like to change it to /org/eag

thus the output would be: https://www.mycompany.com/org/eag/mypage.html

This is what I thought the rule should be, but it does not seem to work correctly

        <rewrite>
            <rules>
                <rule name="EAG Rewrite" stopProcessing="true">
                    <match url="^(.*)/organization/eag(.*)$" />
                    <action type="Redirect" url="{R:1}/org/eag{R:2}" />
                </rule>
            </rules>
        </rewrite>

Thanks for your help

login fail from an app to database

0
0

Error Message: [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'GoMocha'.
DB: MS SQL Server 2008 R2
Environment: Windows Server 2008 R2 - IIS 7.5 
Problem: although GoMocha has access to SQL server database, the application fail to login using GoMocha; the page throw an error message [Microsoft][ODBC SQL Server Driver][SQL Server]Login failed for user 'GoMocha'. I tried different ways to resolve this issue but no use; please assist 

Able to browse websites from remote machine but not on local

0
0

I was doing a few deployments on the IIS server. Every time I deploy, I will browse the site on the IIS server, and then on my machine.

After my last deployment, I got "This page can't be displayed" on the IIS server. However, I am able to browse on my machine.

I tried both http://localhost and http://<servername>.

Unicode '%C3%B4' (ô) chararacter in URL let request fails

0
0

Hi,

we are hosting an ASP.NET WebForms application on an IIS 8.5. If we send a request to

https://{base}/map/Detail/Country;C%C3%B4te%20d'Ivoire;1/CI?_=1472228654202

a "403 Forbidden" is returned.

The %C3%B4 (ô) unicode character seems to be the problem. If we remove it from the URL the request works well.

The ASP.NET WebForms routing configuration within the Global.asax file is:

routes.Add( "MyRouteName",
	new Route("map/Detail/{DetailType};{Title};{ShowBackButton}/{Id}",
	new RouteValueDictionary
	{
		{ "DetailType", "Unknown" },
		{ "Title", "Unknown" },
		{ "ShowBackButton", "0" },
		{ "Id", "-1" }
	},
	new RouteValueDictionary
	{
		{ "DetailType", @"Country|City" },
		{ "Title", ".*" },
		{ "ShowBackButton", "0|1" },
		{ "Id", "[A-Z0-9]{2,3}" }
	},
	new RouteHandler("~/MyPage.aspx")
	)
	);

Does anyone have an idea?

Kind regards,
Christian

Errors accessing php codes

0
0

I have MS Server 2012 R2 with IIS 8 and PHP 7.0.10 installed (all 64-bit). I set this up a couple months ago and it was working fine. I have been working with the files on another PC for this project but I have not installed any yet. When I tried to access it a couple days ago for some reason it simply stopped working; returning the “HTTP Error 500.0 – Internal Server Error”. I deleted the PHP folder and installed PHP again. Now I get two different errors depending on the site I access. My site is situated on the C: drive with two subfolders (Jokes, Contact) as such:

C:\testsite

……….Jokes

……….Contact

Jokes has the file ‘Index.php’ whereas Contact has the file ‘Index.html’ which calls the ‘contactforms.php’ within the code. Jokes returns the “403 – Forbidden: access is denied” error message but Contact returns the ‘webpage cannot be found’ error within the container where the form should be even though the HTML/CSS content is displayed properly. The file ‘contactforms.php’ is located in the same folder as the file ‘Index’html’ that calls it.

This looks like a permissions issue but I didn’t change the permissions in either folder when I re-installed PHP. I am guessing that since I didn’t change anything when it stopped working that an update must have changed something. While I know this isn’t enough information to help me solve the issue I would appreciate guidance in where I should start looking for the problem. Of course I am more than happy to provide any information should someone want to tackle this issue.


Format function issues running classic asp on server 2012

0
0
Hi
Wonder if anyone can help please

We've migrated our classic asp apps from server 2003 to server 2012

Has anyone experienced any problems using the vb format fuction running classic asp on server 2012?

Unable to access Shared directory using IIS 7.5

0
0

Hi Pals,

I am working on IIS 7.5 running on Server 2008 R2. I have created a main site and under the main site, I have added other sites as application so I have a parent URL and sub application which varies. 

Currently I am in the process of hosting an ASP.NET deployed application among the existing applications and I have a major issue which I need to access shared directory in another server.

To add more clarity to my above point, application is hosted in Server A and shared directory is in Server B and I have mentioned the UNC in the code for path mapping. As mentioned in earlier threads, I have changed the application pool identity to custom Account ( Domain Admin - Myself ) and I have set permissions to the directory ( Full Access ), Tried NETWORK Services, Tried all possible solutions available in the net but im helpless in getting it fixed.

Can someone help me on this. I am sure I am missing out the permission part somewhere, Is there anyone who could help me on this..

Thanks,

Ashvin Ashok

IIS + Subsonic

0
0

Hello all,

I am attempting to make a few things happen with Subsonic if I can, using IIS in conjuction. Let me explain my current setup:

  • Server: Windows 2012 R2 (VPS, single IP address)
  • Subsonic Music Server (Jetty backend, can control port 443 for SSL)
  • LetsEncrypt SSL certificate (installed through both IIS and Subsonic, only using Subsonic for web serving capabilities, IIS does not run)
  • Potentially wanting to run WordPress on the side, through the same instance
  • Within the Subsonic Control Panel, I specify the context menu as /music (Thus, I navigate to a specific directory instead of the root host address)

I believe my dilemma is the fact that Jetty needs to run and be able to control ports in order to function, but I want to use IIS on the same port with the same certficate. My current situation is as follows:

My goal is to essentially have www.mydomain.com/music to redirect tohttps://www.mydomain.com/music. With that being said, if I specify justwww.mydomain.com, I want it to redirect tohttps://www.mydomain.com and be communicating with WordPress. I have done extensive research into setting up a reverse proxy through IIS, however it seems like you have to specify a specific port other than port 80 or 443. I am attempting to do just that, with essentially 2 webservers running simultaneously and on port 80/443.

I do know that Subsonic has a separate .WAR file I can download and run Apache Tomcat to host the interface, but I am not sure that will solve my issue.

I appreciate anyone that reads this!

Thank you all!

1155.aspx

windows authentication force specific DC instead of default controller

0
0

Hi,

due to finding ourselvs in a beginning of a international domain migration we need to find an interim solution to keep local (legacy, .NET) webapplications running until new FMO takes place.

The solution we need to achieve this would be the redirect LDAP auth calls sent by IIS during user login/windows auth request from default domain controller to a different one (probably a dummy LDAP resonder application or fake DC, we dont know yet, since we want to manipulate the response based on several paramaters)

Windows forms or any other auth. method is not an option since we're not allowed to touch legacy apps at all. Those are tied to use win.auth only.

Is it possible to configure IIS to use specific DC instead of default? Or any other option we have to achieve this?

thank you in advance,

Kornel

Viewing all 27852 articles
Browse latest View live




Latest Images