Quantcast
Channel: All Forums
Viewing all 27852 articles
Browse latest View live

Session Timeout

0
0

Hi, 

I would like to ask some issues regarding session timeout.

I did some configuration in the IIS.

Is Windows Operating System has anything to do with this?

Best Regards,
icezkiwi


http to https URL Rewrite for one folder failing

0
0


I'm trying to rewrite HTTP to HTTPS for a specific subfolder on my IIS 8.5 web server but it's not working. I've read countless other solutions and blog postings but nothing I've tried works.

http://domain.example.com/one/two/three/
should redirect to... (same url but using https)
https://domain.example.com/one/two/three/

but instead is redirecting to... (site root using https)
https://domain.example.com

loading... (desired url with https)
https://domain.example.com/one/two/three/
also redirects to... (site root using https)
https://domain.example.com

it's removing the subfolders from the url.

This folder needs to also be protected with Windows Authentication, which I can get to work but the https redirection is failing with or without authentication enabled so I don't think that's the cause.

Within IIS I selected the desired subfolder (/three/ in the example above) and created the Rewrite rule there.

<rewrite><rules><clear /><rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true"><match url="(.*)" /><conditions logicalGrouping="MatchAny"><add input="{HTTPS}" pattern="^OFF$" /></conditions><action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="SeeOther" /></rule></rules></rewrite>

This should of course work with any files and folders contained within the desired subfolder. (/three)

I also tried this and it redirects to the apparent correct url but gives the "too many redirects" error:

<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true"><match url="(.*)" /><conditions logicalGrouping="MatchAll"><add input="{HTTPS}" pattern="^OFF$" /></conditions><action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="SeeOther" /></rule>

This server is behind an F5 load balancer which provides the cert but I don't think that's causing the problem. If I remove all attempts to get this rewrite/redirect to work then simply typing in the desired url with http or https will work.

Require SSL is unchecked

Microsoft FTP service not working

0
0

I am 501 Server cannot accept argument when I am trying to connect via FTP to Microsoft server from netbeans. The funny thing is that this error comes at random times and it starts working again without any edit or change in microsoft configuration. It has been the same case for two weeks now. It is at times that I am into some important work that this error pops up .Can someone help?

Thanks

Exchange Server Backoffs Causing Major Issues

0
0

Hi,

I wanted to take a stab at this here because I feel this is something configurable via IIS as opposed to Exchange. Truth be told, I've exhausted all Exchange-side tweaks, but I've had success at resolving some other Exchange issues by tweaking or adding settings to the web.config files for various virtual directories. Exchange server itself serves all it's data via client-connectivity to various IIS virtual directories tied to application pools.  The main one being /mapi since that is how Outlook clients connect.

I have a few very heavily used shared resources. During peak usage, I see client backoffs in the connectivity logs. Today there were 70,000. That obviously causes client-side problems for people.  People can access that resource without issue using other connectivity methods which are tied to different virtual directories and app pools.  The server itself also does not experience any noticeable load.  It's simply an issue with that virtual directory.  Everything else is fine.  

I'm a pretty high level and experienced Exchange admin. I've exhausted everything server side that is Exchange specific. I've also run this through max escalations to Microsoft Exchange support on two continents to no avail.  I've also posted in the technet forums only to be suggested things I tried months prior. At the outset of this, I imagined it was an IIS thing, but despite being experienced with Exchange, my experience with IIS outside of Exchange usage is very limited. I don't know where to begin looking.

I've managed a similar issue on another connectivity method by adding a key <add key="MaxRequestsQueued" value="5000" /> to the web.config for that directory. However I could see the cause of that using perfmon. I could see the queue build until 500 when issues started happening. I don't see similar queue building here, so I'm not saying it's not the case, but the evidence isn't the same.

Any input at all or places to look to troubleshoot this is appreciated.   Thanks.

PHP 7.1 support

0
0

Hello DropPhone,

Is PHP 7.1 support planned soon in WinCache ?

The last PHP 7.1 Release Candidate (RC6) will be released on the 10th of November. The final version probablylittleafter.

Thanks ;)

IIS Url Rewrite ARR issue

0
0

I configured IIS as a reverse proxy using Url Rewrite module and ARR 3.
I have a public domain which redirect to my application on localhost.
It's working fine excepted when the application redirect to another host.
ie: redirecting to "https://www.google.com/search?q=url+rewrite+iis+arr+3"
My browser shows "http://localhost/search?q=url+rewrite+iis+arr+3"
which fails

The hosted application is using Asp Net Mvc with framework.net 4.5.
The application is working with integrated pipeline in IIS application pool configuration.

Using Fiddler, I can see the following trace on redirect :

    HTTP/1.1 302 Found
    Cache-Control: private
    Content-Length: 350
    Content-Type: text/html; charset=utf-8
    Location: http://localhost/search?q=url+rewrite+iis+arr+3
    Server: Microsoft-IIS/7.5
    X-Powered-By: ARR/3.0
    X-Powered-By: ASP.NET
    Date: Wed, 02 Nov 2016 16:39:18 GMT
    
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href="https://www.google.com/search?q=url+rewrite+iis+arr+3">here</a>.</h2>
    </body></html>

My IIS config :

    <?xml version="1.0" encoding="UTF-8"?>
    <configuration>
        <system.webServer>
            <rewrite>
                <rules>
                    <rule name="ReverseProxyInboundRule" stopProcessing="true">
                        <match url="(.*)" />
                        <action type="Rewrite" url="http://localhost/{R:1}" />
                    </rule>
                </rules>
                <outboundRules>
                    <rule name="ReverseProxyOutboundRule1" preCondition="IsRedirection" stopProcessing="true">
                        <match filterByTags="A" pattern="^http(.*)" negate="false" />
                        <action type="None" />
                    </rule>
                    <preConditions>
                        <preCondition name="IsRedirection">
                            <add input="{RESPONSE_STATUS}" pattern="3[0-9][0-9]" />
                        </preCondition>
                    </preConditions>
                </outboundRules>
            </rewrite>
        </system.webServer>
    </configuration>

Best regards

Tony

Copying Logging Definitions, hand-editing config?

0
0

I'm new to Advanced Logging.  Have to start using it as our servers are getting stuck behind an F5.

I've found the process of setting up the Log Definition through the gui to be cumbersome.   Is the gui writing to a file I could just edit by hand?

Also...once created, can I copy configs from one server to another?

EDIT: found the applicationHost.config in C:\Windows\System32\inetsrv\config.   I can see the advanced logging settings in there.   can I work live within that file and copy what I come up with from machine to machine?  or does that not work?

2nd EDIT: also found it doesn't seem I can make changes to this file affect the server.

Finally, when I turn on advanced logging, I don't get one log file... I get a number of them. Having read other threads here... some people speculate it's making 1 per app pool... but in my case, that number doesn't jive.   it also doesn't seem to be 1 per web app.   Anyway to force this to only make one log?

I'm asking this stuff because once I get my format set up, I'll want to copy the definition to x other iis 7 web servers.   Later, i'll have to touch the newer servers as well, and haven't even started to investigate the Enhanced Logging to see if it works the same way.

Issue blocking referral having a russian caracter in domain name.

0
0

Hi,

I am trying to block, in my web.config, a referral which has got a russian caracter in its name. 

I thought that using this rule would do the trick but it doesn't or should I save my web.config as Unicode ?

<rule name="Block somenameĸer.com" patternSyntax="Wildcard" stopProcessing="true"><match url="*" /><conditions><add input="{HTTP_REFERER}" pattern="*.somename*" /></conditions><action type="AbortRequest" /></rule>  




Cannot Access Site Without Typing WWW - 403 Forbidden: Access Denied

0
0

Hello, couldn't find a solution to this on the net as of yet...when I type http://www.mydomain.com all is good but http://mydomain.com give me a Error 403 - says my credentials aren't good.  I set IUSR permissions.  I am using IIS 7.5 on Server 2008 R2.

WebDAV on Windows Server 2012: Cannot map drive: A device attached to the system is not functioning

0
0

Hi, I am an IT Consultant, but this is my first time setting up WebDAV for a client. I cannot figure out what I've done wrong and the client is getting impatient. Help will be much appreciated!

I am trying to set up Secure WebDAV access to a file share on their file server (Windows Server 2012 (not R2)).

First off, why is there no straightforward documentation from Microsoft on how to share one folder via WebDAV?!  Why is this so complicated?   I understand some need granular control of settings, but geez, why can't a newb just "flip a switch" and share a folder via WebDAV?  Okay, rant over, please help me figure this out.

I followed these articles to install WebDAV, create Certificate Signing Request (CSR), create Root and SSL Certificates using OpenSSL, install the SSL Certificate into IIS on the server and bind to port 443, set Port Forwarding on their Verizon router for port 443 to the server's LAN IP, and import the Root Certificate into the Trusted Root Certificate Store of the client PC.
http://advancedhomeserver.com/webdav-and-windows-server-2012/
http://advancedhomeserver.com/if-you-plan-to-use-ssl-read-this-first/
http://advancedhomeserver.com/making-a-pc-a-secure-webdav-server/
http://advancedhomeserver.com/iis-and-the-certificate-signing-request/
http://advancedhomeserver.com/openssl-and-your-root-certificate/
http://advancedhomeserver.com/domain-certificates-and-windows-server-2012/
http://advancedhomeserver.com/exporting-and-importing-root-certificates/
http://advancedhomeserver.com/webdav-and-windows-server-2012/

Verizon Static IP:  xxx.xxx.xxx.38
Server name: SERVER12
Domain:  COMPANYDOMAIN
Physical folder: E:\TestWebDAV
Virtual directory: TestWebDAV

When I attempt to Map Network Drive using this path:  https://xxx.xxx.xxx.38/TestWebDAV

I get challenged, enter my domain username and password 2 or 3 times, and receive the following error. Same error if I use the administrator username/password.

   The mapped network drive could not be created because the following error has occurred:

   A device attached to the system is not functioning.

Note: I cannot use their domain name address (https:\\www.companydomain.com\TestWebDAV) since their website is hosted by an external provider.  I got them a Static IP address from Verizon and have Port Forwarding configured on the Verizon router for TCP 443.

============================================================
After I enabled Directory Browsing for the Default Web Site in IIS, I can now browse to https://localhost/TestWebDAV and its subfolders from within IIS, Internet Explorer, and Google Chrome on the server.

The problem occurs when I attempt to connect across the Internet.  I have tried to Map Network Drive from the client's laptop (from my office) which is a member of the domain, and from my desktop PC.  Both are Windows 7.

============================================================

I followed these instructions for converting the Virtual Directory to an Application and associating a different application pool to the Application instead of using the DefaultAppPool:
http://blogs.msdn.com/b/benjaminperkins/archive/2013/08/01/setting-up-webdav-on-iis-using-windows-authentication-and-a-unc-mapped-drive-or-file-share.aspx

I ran thru the instructions a week ago, then reverted the changes when it did not get WebDAV working. I then discovered the SSL Certificate I had installed on the server had disappeared somehow. I reinstalled and re-did the binding, so I am now following the instructions again, but:

I am stuck on the SETSPN commands, I cannot figure out what "accountname to use". I have tried:

SETSPN -L administrator
SETSPN -L COMPANYDOMAIN\administrator
SETSPN -L SERVER12\administrator

None are working now, although when I tried this previously, I got the SETSPN commands to work.

============================================================

As a sanity check, I had a friend create a WebDAv share on his website, which is hosted at hostgator.com

I can successfully Map Network Drive to:

https://gatorNNNN.hostgator.com:2078

using the username and password he set up for me.

So the problem getting WebAV working for my client is not my computer/router/firewall, etc.

I do wonder if I am formulating the URL correctly using the Static IP (https://xxx.xxx.xxx.38/TestWebDAV)?

============================================================
Server = Windows Server 2012 (not R2)

Roles - File Server / IIS / Desktop Experience feature added

Here are the things I have done already:

1. Created a test file share (TestWebDAV) with subfolders, some Full Control for the Sales group, others explicitly denied Full Control for the Sales group.  Exploring those same file shares from a LAN computer works fine: folders are either Read/Write or "invisible" per their permissions.

2. Added webDAV/IIS role and created virtual directory, pointing to that file share.

3. Created WebDAV Authoring Rule and allowed all users to access all content.

4. At this point with basic configuration it failed, so then I tried other things.
 
5. Enabled Windows authentication, but have tried Basic and Digest.   Currently I'm allowing Windows Authentication only.
    
6. After I enabled Directory Browsing for the Default Web Site in IIS, I can now browse to https://localhost/TestWebDAV and its subfolders from within IIS, Internet Explorer, and Google Chrome ON SERVER12.  But when I attempt to Map Network Drive across the Internet, I get the error  "A device attached to the system is not functioning".


7. Since I have the SSL cert on SERVER12 and the clients, i have enforced Use SSL only. The bindings are 80 and 443.  

8. I increased the Registry values:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient\Parameters\
   FileAttributesLimitInBytes = 200000000
   FileSizeLimitInBytes = 4200000000

============================================================

Here is the bottom section of the applicationHost.config file in C:\Windows\System32\inetsrv\config:

    </system.webServer>
    <location path="Default Web Site">
        <system.webServer>
            <security>
                <requestFiltering>
                    <fileExtensions applyToWebDAV="false" />
                    <verbs applyToWebDAV="false" />
                    <hiddenSegments applyToWebDAV="false" />
                </requestFiltering>
                <authentication>
                    <windowsAuthentication enabled="true" />
                    <anonymousAuthentication enabled="false" />
                    <basicAuthentication enabled="false" />
                    <digestAuthentication enabled="false" />
                </authentication>
                <access sslFlags="Ssl" />
            </security>
            <webdav>
                <authoring enabled="true" requireSsl="true" />
                <authoringRules>
                    <add users="*" path="*" access="Read, Write, Source" />
                </authoringRules>
            </webdav>
        </system.webServer>
    </location>
    <location path="Default Web Site/TestWebDAV">
        <system.webServer>
            <security>
                <authentication>
                    <digestAuthentication enabled="false" />
                    <basicAuthentication enabled="false" />
                    <windowsAuthentication enabled="true" useAppPoolCredentials="true" />
                </authentication>
                <access sslFlags="Ssl" />
            </security>
        </system.webServer>
    </location>

</configuration>

============================================================

Thank you very much for any assistance.  Let me know if you need more info.

One to one certificate with webservice and Android client

0
0
Hi
I have read the article on iis.net about 1to1 certificate mapping and its installation but need the help of community for the following please.
I want to configure a webservice site in IIS that has certificate from DGCert and to be accessible by the Android client application. The webservice and android client are not publically available i.e no Google store etc.
Question: How to get client certificate from DG CERT and configure 1to1 mapping so only the client having certificate can use the webservice. Thanking in advance

SSL not working properly on IIS 7.5

0
0

Hi,

This 2008 R2 web servers have many web sites hosted here either under a default website or sites would have its own domain bind to it.  I have this website that is configured to be IP limited for Intranet and certain partners' IP access.  It's bind with port 80 for http and that works just fine.  The problem is the SSL binding.  If I use 443 then it complains that another site is already using it and it would stop this site of mine.  If I use port 444, in the browser I would need to append :444 at the end of the home page url to display properly.  If I don't append :444 then I get errors in IE and FF like "Security Connection Failed" or "Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings" (but it's already turned on) or

<div id="CertCNMismatch" style="display: block;" name="CertCNMismatch">The security certificate presented by this website was issued for a different website's address.</div>

if I enter https://ip-address:444    The ip address I enter here is the server's IP.

I would like for users to be able to enter the url with just the domain and not having to append the port number.  How can I make that work?  Thank you.

Why IIS create duplicate worker processor?

0
0

Hello All, 

Not sure if this is a default behavior If I enable "auto-restart", I've noticed that before IIS app pool recycle happen I see two W3WP.exe in the task bar for the same app pool?.

Server - Windows 2012 R2 
IIS Version - 8.5

Internal Server Error

0
0

I can't acces my website because of this and I have no clue how to fix it.

<div class="content-container">

HTTP-fout 500.19 - Internal Server Error

De aangevraagde pagina kan niet worden geopend omdat de desbetreffende configuratiegegevens voor de pagina ongeldig zijn.

</div> <div class="content-container">

Gedetailleerde foutinformatie:

<div id="details-left">
Module   IIS Web Core
Bericht   Onbekend
Handler   Nog niet vastgesteld
Foutcode   0x8007000d
Configuratiefout   
Configuratiebestand   \\?\C:\inetpub\wwwroot\web.config
</div> <div id="details-right">
Aangevraagde URL   http://localhost:80/
Fysiek pad   
Aanmeldingsmethode   Nog niet vastgesteld
Aangemelde gebruiker   Nog niet vastgesteld
<div class="clear"></div> </div>
</div> <div class="config_source content-container">

Configuratiebron:

-1:
    0:
</div> <div class="content-container">

Meer informatie:

Deze fout treedt op wanneer er een probleem is opgetreden bij het lezen van het configuratiebestand voor de webserver of webtoepassing. In sommige gevallen kunnen gebeurtenislogboeken meer informatie bevatten over de oorzaak van deze fout.

Meer informatie »

</div>

IIS 10 - fails out of the box cannot access wwwroot

0
0

WS 2016 Base

IIS 10 - add roles and features, chose IIS and also .net 3.5 - installed.

Go to the Default website is iismgr and "test"

Changed NO settings.

On the test, pass through authentication account is valid.

But Authorization fails with:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

---

This has GOT to be a common problem with an easy solution but I sure can't fathom it!  I've setup a ton of these with WS 2012 with no issues such as this so it has to be something new with WS2016.

Help!


ResourceOverUsed - what does it mean?

0
0

Hi,

I've been using the SEO Toolkit for some time, but recently a colleague mentioned about a "ResourceOverUsed " error that popped up on his report for the same website. I tried searching for more information about this error, including this forum, but nothing useful came up.

The error occurs on a link to Facebook's sharer.php which appears once on every product page of an online store. Each link has a different product URL in the querystring for Facebook to link back to the product page being shared, and there are around 5,000 product pages on the site, so 5,000 links to Facebook's sharer.php in total.

Does anyone have a definition of this error and what triggers it? Does it have any SEO impact in the real world outside of this toolkit?

Thanks!

Tim

Windows 10, PHP Manager will not install.

0
0

I enabled all the .NET framewroks.

I hacked the registry to majorversion 7.

I tried the WPI V1.2 PHP Manager Installer and I tried the V1.4 PHP Manager installer.

None of them work. I also tried to post my logs aand thta fails here as well.

This is the error I get, any ideas?

Error 1001. Unable to get installer types in the C:\Program Files\PHP Manager 1.4 for IIS 10\ ... yada yada yada ... Retreive the loaderexception for more information.

I tried to add the logs here, but I always get this error,

<div class="content-wrapper" id="content-wrapper"> <div class="left-col">

Sorry

The page you are looking for is not available...
If you typed in the URL yourself, please double-check the spelling.
If you got here from a link within our site, please Contact Us.</div> </div>

Remote IIS Management when TLS 1.0 is disabled (checking status?)

0
0

Per this thread:

https://forums.iis.net/p/1230207/2116728.aspx

When TLS 1.0 is disabled on a server, IIS remote management doesn't work. It seems to only affect this service.

In contrast, RDP requires a patch in order to operate and fix itself and some other services.

What is the status on a resolution to this?

We're running Windows 2012 and required to have TLS 1.0 off, but now unable to remotely manage or use webdeploy.

Many thanks, Aaron

Application Pool Identity doesn't have access to Inetpub\wwwroot

0
0

WS 2016 Base.

Created a bew site and in basic settings I'm testing it and it doen't have access to the wwwroot folder.  

Error:

And the permissions are thus:

How to fix?

IIS 10.0 fails out of the box with permissions for wwwroot

0
0

WS 2016 Base

IIS 10 - add roles and features, chose IIS and also .net 3.5 - installed.

Go to the Default website is iismgr and "test"

Changed NO settings.

On the test, pass through authentication account is valid.

But Authorization fails with:

The server is configured to use pass-through authentication with a built-in account to access the specified physical path. However, IIS Manager cannot verify whether the built-in account has access. Make sure that the application pool identity has Read access to the physical path. If this server is joined to a domain, and the application pool identity is NetworkService or LocalSystem, verify that <domain>\<computer_name>$ has Read access to the physical path. Then test these settings again.

---

This has GOT to be a common problem with an easy solution but I sure can't fathom it!  I've setup a ton of these with WS 2012 with no issues such as this so it has to be something new with WS2016.

I did try adding permissions for the following:

IIS AppPool\DefaultAppPool

And it fails the same.  

Help!

Viewing all 27852 articles
Browse latest View live




Latest Images