Quantcast
Channel: All Forums
Viewing all 28504 articles
Browse latest View live

IIS 8 Returns Could not create SSL/TLS channel

April 14, 2020, 4:45 am
$
0
0

I'm working on a C# project which runs fine from my development workstation VS2019. The application makes a REST API call to a server which runs a procedure and returns a response. Everything works fine from my workstation. But when I post the project to IIS8 server and run it I get an error Could not create SSL/TLS channel.

The error occurs when I call WebResponse webResponse = request.GetResponse();

I've updated the server to .NET 8.0 . Any help is much appreciated.

        //Production Server
        HttpWebRequest request = (HttpWebRequest)WebRequest.Create("https://api.myibservices.com/v1/authenticate");
        string authInfo = "XXXXXXXXX:XXXXXXXXX";

        request.ContentType = "application/json";
        request.Method = "GET";                               
        authInfo = Convert.ToBase64String(Encoding.Default.GetBytes(authInfo));
        request.Headers["Authorization"] = "Basic " + authInfo;

        WebResponse webResponse = request.GetResponse();

        using (StreamReader reader = new StreamReader(webResponse.GetResponseStream()))
        {
            response = reader.ReadToEnd();
        }

In addition the server uses Tls12 which is part of my code at the beginning of the method: ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
Search

IIS binding on multiple ip,s Other program needs IP address, but IIS is using them all.

April 14, 2020, 12:57 pm
$
0
0

Hi All. 

I have 3 ip adresses.  1 is specificly for IIS and the other 2 are for my mailserver. (webmail and webadmin) 

However each time i add a ip address via the network config IIS claims them right away. 

This is causing the webmail app to no longer function as the port is already is use by IIS.  ( 80 or 443)

Is there a way to force IIS to only use  1 IP address ?  I,ve checked netsh http show iplisten, but currently there is no ip address in the IP listen list. 

So my goal is :

1.1.1.1  IIS ports 80 and 443   ( already works)

1.1.1.2 Mdaemon port 80 and 443  ( currently not possible as IIS has managed to get connected to this IP (which I don`t want))

1.1.1.3 Webadmin Mdaemon port 80 and 443  ( currently not possible as IIS has managed to get connected to this IP (which I don`t want))

Any idea how to get this working ?

 

Failover cluster

April 14, 2020, 1:50 pm
$
0
0
Hello team,
How can configure failover cluster in for a websites
Roemesh

MinBytesPerSecond for Slow HTTP Post Attack

December 27, 2018, 3:24 pm
$
0
0

I recently received a Qualsys report which listed - SLOW HTTP POST as a vulnerability with my application.

I have checked the various countermeasures, and configuring - MinBytesPerSecond, in the <webLimits> section of applicationhost.config, has been suggested. However, setting this field, does not seem to have any effect. The documentation of this setting states :

"Specifies the minimum throughput rate, in bytes, that HTTP.sys enforces when it sends aresponse to the client."

Does this mean the setting only applies to responses and not to requests? If so, how can one implement any minimum speed on a Slow HTTP POST Request?

IIS 7 : MaxHttpCollectionKeys

April 14, 2020, 4:12 pm
$
0
0

Hi Team,

I have been looking for the key and value for the attribute MaxHttpCollectionKeys at IIS level config files.

i have searched in the machine.config and applicaticationhost.config and could not find it specified there.

Could there be someother files that i should check for where it could be specified?

Thanks in advance,

Jayashree

the following product have failed to install php 5.4.45

April 14, 2020, 5:42 pm
$
0
0

PHP Manager for IIS

This product did not install succefully: Downloaded file  failed signature verification and may have been tampered with 

Web Platform installer log ....

how to fix this issue ...asap

Thanks.

IIS10 & ASP.NET - 404 on Endpoints

April 14, 2020, 8:09 pm
$
0
0

Hi all,

I have developed my app in VB.net and all working fine. Have now deployed it onto IIS, using the Folder option when publishing.

I can access all the HTML but all my endpoints fail with a 404.0 Error. I am using the Integrated mode with .net 4.0 and without it, makes no difference. When running on local host, I can access it over "http:s//localhost:5001/api/students/getyear" fine but something like "intranet.domain.co.uk/studentnotices/api/getyear" will return the error. Server is 2019 using IIS10.

Any help is appreciated

Files downloaded using Network Load balancing are significantly slower than when bypassed

April 15, 2020, 1:27 pm
$
0
0

I don't believe this is an IIS issue but the people in the NLB forum sent me here.

I have been tracking a problem with download issues.  We think we have tracked it back to the NLB that is running on our ARR farm.  If I point directly to one of the ARR server its 1.2Mbps but when I connect to NLB its less then 300Kbps.  I created an open source load balancer and set it up to load balance all traffic that I send to it to the 2 ARR servers.  I then set up some tests where I created 2 URLs that point to either NLB or are open source NLB solution.  Once past the load balancing it flows through ARR as it normally would and routes the request to the same file on the same server.

I just performed another test and while the speeds are slower than yesterday the difference between the 2 is still very apparent.

Search

IIS Express missing config files

April 15, 2020, 6:25 am
$
0
0

Hello,

I try to add a rewrite rule to my project but I'm not able to find a web.config or a applicationhost.config in my project folder, or in "documents/IISExpress".

I'm running VS 2017 on a Windows 10 PC.

In my C: partition I find many applicationhost.config files but  I can't find in the "site" tag of my new created project in one of them.

Renaming of applicationhost.config has no effect:

  • C:\Program Files\IIS Express\config\templates\PersonalWebServer
  • C:\Program Files (x86)\IIS Express\config\templates\PersonalWebServer
  • C:\Program Files\IIS Express\AppServer
  • C:\Program Files (x86)\IIS Express\AppServer

I can't rename those two applicationhost.config files:

  • C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.18362.1_none_7be8fb8aed470665
  • C:\Windows\WinSxS\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.18362.418_none_ff86ff25018d57e3

This two applicationhost.config files are hex files:

  • C:\Windows\servicing\LCU\Package_for_RollupFix31bf3856ad364e35amd64~18362.720.1.0\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.18362.418_none_ff86ff25018d57e3\f
  • C:\Windows\servicing\LCU\Package_for_RollupFix31bf3856ad364e35amd64~18362.720.1.0\amd64_microsoft-windows-i..raries-servercommon_31bf3856ad364e35_10.0.18362.418_none_ff86ff25018d57e3\r

Am I totally wrong with something? Why is the ISSExpress running and I can't find a file with my new created "site"-name  in it?!

Problem Getting Problem Resolved

March 19, 2020, 10:34 am
$
0
0
I have a problem that causes IIS 64bit to freeze after an "unexpected" exception that does not happen with IIS 32bit. I raised a paid for support ticket and was told that the people handling the ticket did not have, "the expertise necessary to solve the problem" that has something to do with IIS or Office. I can find no way of circumventing the problem and neither can the Microsoft support staff I have spoken to! The Microsoft Support Ticket reference is:[Ticket #:19159148] I have been informed that the paid for support ticket will be closed as unresolved and that they MAY refund what I paid. Does anyone know how I can get this problem resolved? Any help would be greatly appreciated.

VBScript server tags in ASP pages not recognized in IIS 8.5

April 15, 2020, 6:12 pm
$
0
0

I'm migrating an ASP web app from IIS 6 to IIS 8.5, and none of the server tags (<% %>) which contain VBScript are being recognized.  In some cases, they're being ignored, in other cases, they are being displayed as text along with the VBScript code they contain.  For example, this VBScript is displayed as plain text inside a TextBox instead of evaluating to a string value:

<%=Session("EmpName")%>

I have made numerous configuration changes to enable ASP:

  • Installed ASP and ISAPI on Windows Server 2012.
    - Enabled Active Server Pages under the root server node in IIS Manager.
    - Enabled Parent Paths under ASP for the website in IIS Manager.
    - Enabled ASPClassic IsapiModule under Handler Mappings for website.
    - Enabled ISAPI-dll (IsapiModule) and CGI-exe (CgiModule) under Handler Mappings for website.
    - Created a series of ServerSideIncludeModules for .asp and other related file extensions under Handler Mappings.
    - Verified there are no MIME Types for .asp for the website in IIS that might interfere by rendering it as static content.
  • After making all these settings, ASP pages render fine -- but I still have the issue with the one that makes extensive use of VBScript inside server tags (<% %>).  The VBScript is not recognized and does not get rendered properly.
  • What else needs to be done to resolve this?
  • Thank you -
    Kevin

Can the Site root be used as an Application?

April 15, 2020, 8:54 pm
$
0
0

Hi,

We set up a website with 3 applications under it.  We now want to see if it's possible/advisable/not advisable to add the root of the Site as a 4th application?  Or do just use the root instead of making an Application that points to it?

For example here is current setup:

Sites>>

WebsiteName (root)

    App1 ( directory = \WebsiteName\App1 )

    App2 ( directory = \WebsiteName\App2 )

    App3 ( directory = \WebsiteName\App3 )

What is proposed to add 4th Application that points to WebsiteName root:

Sites>>

WebsiteName (root)

    App1 ( directory = \WebsiteName\App1 )

    App2 ( directory = \WebsiteName\App2 )

    App3 ( directory = \WebsiteName\App3 )

    WebsiteName (directory = \WebsiteName) this would be the 4th Application

Hope that makes sense?

Thanks!

FancyIndexing Module for IIS

April 15, 2020, 9:39 pm

IIS 10 AppPool Machine Key permissions after Server 2016 in-place upgrade

April 15, 2020, 11:14 pm
$
0
0

We're signing PDF documents with a certificate on various websites, and after upgrading Server 2008 R2 > Server 2012 > Server 2016, all of the OLD AppPools have the proper permissions, and those websites create properly-signed PDFs just like they did before the upgrade.

But any NEW IIS Application Pools we create do NOT receive permissions on the MachineKey file in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ and document-signing fails.

Running Process Monitor shows the following:

* DocumentSigningSoftware.exe succeeds when accessing C:\Users\AppPoolUser\AppData\Roaming\Microsoft\Crypto\RSA\

* DocumentSigningSoftware.exe and LSASS.exe get Access Denied errors on CreateFile in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\

Questions:

1) For new App Pools, is the solution simply to use cacls.exe to add Full permissions on the Machine Key file in the \RSA\MachineKeys\ folder?

2) How can I get Windows Server to add the permissions when new App Pools are created?

3) Should I be concerned about any other problems that may arise due to the in-place upgrade to Server 2016?

Thanks.

IIS 10 rewrite is resulting in an infinite redirect loop

April 15, 2020, 8:22 pm
$
0
0

I have created an inbound rewrite rule that has been working for a year.  Today, suddenly, it is failing with a redirect loop error and i am stuck to figuring out why.  So my situation is my site has several statically generated pages that live on a remote sever that I have to serve. The bulk of the application is on our server and the DNS points to the application server.

So for example the blog of the site is located there, I created a rule that will rewite the request the to the static site

   <rule name="blog" stopProcessing="true">      <match url="^blog(/)?(.*)" />      <conditions logicalGrouping="MatchAll" trackAllCaptures="false" />      <action type="Rewrite" url="https://[REMOTEDOMAIN]/blog/{R:2}" />   </rule>

Up to now  I have never had any issues, but today every time i hit the urls now they are getting the redirect loops.  If I inspect the request in Fiddler to see whats going on I get.

HTTP/1.1 301 Redirect
Cache-Control: no-store
Content-Type: text/html
Content-Language: en
Location: https://www.[MYDOMAIN].com/blog/
Server: Microsoft-IIS/10.0
Access-Control-Allow-Origin: *
X-NF-Request-ID: 59f28a81-0c92-4b1f-8dbf-e2ee479ef83f-12425159
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
Date: Wed, 15 Apr 2020 20:12:11 GMT
Content-Length: 330<HTML><HEAD><TITLE>Document Has Moved</TITLE></HEAD><BODY BGCOLOR="white" FGCOLOR="black"><H1>Document Has Moved</H1><HR><FONT FACE="Helvetica,Arial"><B>
Description: The document you requested has moved to a new location. The new location is "https://[REMOTEDOMAIN].netlify.app/blog/".</B></FONT><HR></BODY>

I am not an IIS expert but if I understand the HTTP Response Headers the Location is where the request is being redirected to.  And the response from IIS is pointing back to my domain, which if the browser follows is where the infinite loop is occurring.  I am confused however that the html snippet has the correct url to follow but the response header does not.

If I change the rule above to redirect it works perfectly fine, but them obviously the url is showing the remote url and that is what we were solving with the re-write.

Can anybody offer some info?  I have been quite thoroughly stuck on this.

Search

IIS Windows Authentication prompts for site pages multiple times, authPersistSingleResponse=false

May 9, 2017, 5:02 pm
$
0
0

This refers to IIS 8.5. "authPersistSingleResponse" is set to false.

The site has a default landing page, written in ColdFusion, but doesn't do anything more than print HTML and basic JS to move around the site.  The site root has Anonymous access and Windows Authentication enabled.  Inside is a secure folder which has Anonymous access disabled, and Windows Authentication Enabled.  This works as expected.  The user is challenged for AD credentials, and when authenticated, the user is allowed in.

<location path="cfreports"><system.webServer><security><authentication><windowsAuthentication enabled="true" /></authentication></security></system.webServer></location><location path="cfreports/reports/"><system.webServer><security><authentication><anonymousAuthentication enabled="false" /></authentication></security></system.webServer></location>

As expected, when a user clicks on a link to any page (e.g. "/reports/create/default.cfm"), the user is allowed in without being prompted again.  Note that authPersistSingleRequest is set to FALSE. 

If they click a link on THAT page, they're prompted for credentials again.  If the user enters credentials, it works properly.  If the user hits Cancel, the user is still allowed access to that default.cfm page.  No matter what you do, ColdFusion sees the credentials are present on that page too.  From that point, if you hit refresh, you get challenged again, and then if you hit cancel, you get a 401.

(401 - Unauthorized: Access is denied due to invalid credentials.)

Then it becomes inconsistent.  Every time you access a different page, even ones you've authenticated before, sometimes you're prompted, sometimes you're not.  Sometimes entering credentials works, sometimes it doesn't.  

Digging into the security settings, I found that authPersistSingleRequest is not set, which means it's false.  Configuration Editor showed the same thing.

<security><access sslFlags="None" /><applicationDependencies /><authentication><anonymousAuthentication enabled="true" userName="IUSR" /><basicAuthentication enabled="false" /><clientCertificateMappingAuthentication /><digestAuthentication /><iisClientCertificateMappingAuthentication /><windowsAuthentication enabled="false" authPersistNonNTLM="true"><providers><add value="Negotiate" /><add value="NTLM" /></providers></windowsAuthentication></authentication><authorization />

I'm out of ideas, and I am unable to figure out the correct terms to search on.

IIS 10 - PHP v7.2.2 installed via Web Platform Installer - how to update to 7.3

April 11, 2019, 4:54 pm
$
0
0

Hi,

we installed the PHP via WebPI tool in 2018/04/09 which was the version 7.2 for IIS, today the PHP is already in 7.3.4 accordingly towww.php.net website but if we open the WebPI is offers only PHP v7.2.7.

>>>> So, is there a way to install the latest one?

We are asking since our wordpress v5.1 was hacked in the last week and we used cWatch from Comodo for cleanup process. 

web.config rules Wordpress Permalink

August 27, 2019, 3:07 am
$
0
0

wordpress site not showing inner pages, It show only home page and wordpress admin page. While click save changes in "Permalink Settings" it show "You should update your web.config now."

web.config 

<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer><rewrite><rules><rule name="WordPress: http://test.com" patternSyntax="Wildcard"><match url="*"/><conditions><add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/><add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/></conditions><action type="Rewrite" url="index.php"/></rule></rules></rewrite></system.webServer></configuration>



Reverse Proxy for Lync 2013

April 16, 2020, 5:41 am
$
0
0

Hi Guys,

Just new here and newbie. Can someone help me how should I setup IIS ARR Reverse Proxy on an existing Lync 2013 environment. Here is the existing Lync 2013 environment. Our existing environment has four frontend and two backend servers. On our existing corp network we only have 1 firewall located on the DMZ.. Here is my question:

1. We don't have perimeter ip as per network admin. Is it possible configure external public ip only? 

2. How can I allow external or federated users to communicate corp user?

Thanks in advance.

ARR - Monitoring and Management - Runtime Statistic - Incorrect date

April 16, 2020, 8:19 am
$
0
0

Hi all,

I have a strange issue maybe even a bug on one of our load balances.  We have multiple Server farms and the Runtime Statistic under  Monitoring and Management is displaying a date in the future. The OS time/date is set correctly but for some strange reason the date and time under ARR is set to the future.

OS Settings: 16 April 10:08AM

ARR Monitoring and Management Runtime Statistic: 10 May 11:05AM

I have no idea where or what to even look at, so any help would be greatly appreciated. 

Viewing all 28504 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>