Install Coldfusion MX on IIS server

Correction - to access the new site there is no error - you just get a windows login screen and then you gain access to the site.  Seems like a permission thing with the folders - but I have given read rights to all of them.

I think you may have installed wrong.

You want to install CF onto the C Drive - or whichever drive your windows install is on - it doesn't matter where the root of IIS is.  In fact it is better not to have the website root on the same drive as CF or other programs.

SO you install to C:/CFusionMX and choose IIS.

Then you configure IIS to point to the root of your website - which is not on the C drive.

This would be the best method.  So, while you could probably get it working this way, you would be better off uninstalling CFMX and reinstalling as above.

So I would do this:

There is no room on the C drive for coldfusion - so I need to install it onto the D: drive and put it into the D:\CFusionMX directory.  The site is outside of this directory on d:\CFfusion.  I then have IIS point the default site to D:\CFfusion.

I tried placing an index.htm file into my coldfusion site and the site launched just fine.  the .cfm files are not being recognized.  Any ideas?  Or is all this because I really need to load onto the C drive where windows was installed and not the d drive?

OK that is okay.

But you should not have IIS point to the CFusionMX install.

It needs to point to the root of the website.

Such as D:\Mywebsiteroot

thats what I did - I installed Coldfusion MX to D:\CFusionMX and then have my site sitting on the D:\  I then tell IIS to look at D:\mysitename.  When I install there are two places in the wizard where you have to specify 1) where to install coldfusion and 2)where is the web root.

The first one should go to d:\CFfusionMX and the webroot is d:\mysitename - correct?

Technically when I installed CF I only specified where to install cold fusion and left the root as default.

Then you specify during the install to use IIS over the built in CF runtime engine.

THen you specify in IIS where the actual web root is.  CF doesn't need to know this to function.  Because the web root may not even exist when you install CF to the server.

I still think the best bet would be a clean install.

I will try that out today and let you know if it works. Thanks for your quick responses!

Hello there again,

Looks like that didn't work either - I am beginning to think this is more of an IIS issue than a coldfusion issue.  I will leave this question open so if you come up with any ideas that resolve this issue I will gladly give you all the points.  I think I better post though in a different area for the IIS issue and see if I get any bites.

Thanks for your help and hopefully between the two of us
(or whom ever else participates) I can get this thing up!  Thanks!!

Are you using IIS 6? Check to be sure that .cfm is set up under "Home Directory>>Configuration>>App Mappings" in your IIS website. For IIS 6 you will need to allow the CF extensions under "Web Service Extensions" in the IIS MMC

Yea - I made sure the extensions are there.  

Have you made sure the service is running? Are there any errors in the event log?

Yes -no errors - If I don't have the application mappings(extensions) then I don't have a login screen that pops up - but of course my applications don't work then.  when they are added in then I get the windows login screen and then it takes me to my site.  I  have tried giving full permissions to everyone on my website and even that makes me login through authentication.

Any ideas?

What are the permissions on the folder?

Also, what is the mapping for the extension, both for

Home Directory>>Configuration>>App Mappings

And

Web Service Extensions

TY

Well - the permission have web sharing and everyone has read persmissions.
The mappings I know are supposed to go to folder 1\jrun.dll but for some reason they are going to 2\jrun.dll. The 1 folder under wsconfig was empty but folder 2 has the jrun.dll and readme notes etc....

The services are going to :  root directory\CFudionMX\runtime\bin\jrunsvc.exe

CFusion was misstyped - it is correct on directory

I believe you should add SYSTEM to the permissions and set it to FULL CONTROL, if CF is using the system account. Or if it is using another account to run, then give that user FULL CONTROL.

Your mappings under Home Directory>>Configuration>>App Mappings should map to this for Windows 2003 Server, IIS6

(replace path with your own)

C:\CFusionMX\runtime\lib\wsconfig\jrun_iis6.dll

take a look at http://www.sanative.net/cfmappings.jpg to see how i have mine configured

Where did you locate the web extensions properties box you show on the right side?

if you are on Windows 2003 Server, it is under Web Service Extensions in IIS

We are on windows 2000 server

ok, then you wont have that option

And I was getting all jubilant because I thought that could be it!  :)  The other screen shot is like mine - only we aren't on IIS 6

Bummer, sorry :)

Does your CFMX folder have SYSTEM full control permissions on it?

hey also check to be sure that the JRUN connection filter is running under the ISAPI Filters tab. To check this, go into the MMC panel for IIS, right click on the Server (not virtual server), and select Properties. In the Internet Information Services tab, click the Edit button next to Master Properties. The ISAPI Filters tab is there.


Also your extensions should be mapped in IIS 5 (W2K) to:

(replace path with your own CFMX dir)

C:\CFusionMX\runtime\lib\wsconfig\1\jrun.dll

Taking a look now....

http://www.sanative.net/isapifilters.jpg

will show you how mine looks on my W2K server

Yep thats how mine looks...So you know - could not install to my C: drive had to go to D:

do me a favor, go into the services control applet, go into the properties of ColdFusion service, and change the account to the admin account and password. restart CFMX and then try it. You dont need to leave it set to this, just for testing

Local administrator or network administrator?

either one should work fine, try both :)

Says it couldn't start the application server due to login failure.

that's interesting. are you sure you typed the password correctly? ;) for network admin you have to use the domain\username or username@domain.com

okay - got it started under a different administrator password - forgot we retired the old one!  :)

okay cool :) will the CF pages run now?

Nope :(  Still have that darn windows login!  If I put in the credentials then I get admitted to the site.  I have already gone through all of IIS on another this topic and exhausted that as a conclusion of fault.  It has to be something with the permission of seeing .cfm files.

so when you put the credentials in, will CF pages run? If that is the case, then the default domain is probably not set correctly for the virtual server

Yes the pages run perfectly. What do you mean about the default domain for the virtual server - can you walk me through to double check?

Do you have the "Basic Authentication" option checked in IIS under the virtual server security settings? If not, do so, and click the edit button to make sure the domain is set to the same domain as the user in the Anonymous Access options. Basic authentication is required even though you are allowing Anonymous access, because the anonymous accoutn still sends a username and password to the Windows server. At least that is my understanding

also you can try from the command line

adsutil set w3svc/DefaultLogonDomain "YOURDOMAINNAME"

You must be in the AdminScripts folder, which is installed into the Inetpub folder at IIS installation time. If you have never run these scripts before it will probably ask you to change to CScript, which is OK

Actually we have the windows authentication checked - even though you would think this would explain things it doesn't.  Even if I have nothing checked in the authentication beyond admitting users - I still get a windows authentication login.

K, remove the WIndows Authentication, this is likely the problem. Change it to Basic. Windows Authentication is pretty much only good for intranets, at least in my experience :)

Nothing is loaded into C:\Inetpub\wwwroot.  We have had that hacked into a few times so we run our sites from D: instead.

I still get a login screen - but good info to keep in mind for the future.

ya common problem unless you are strict with your security settings. You might be able to pull adsutil.vbs from the install CD and just put it whereever you want to run it to change the default domain

Just so you know - don't remember if I stated this here or not - but the previous webmaster disableds localhost in order to force the IP address to be used.  Is this causing problems?

So you are saying that its my default domain thats causing the problems?

potentially, i cant say for sure. I believe there are issues with disabling localhost, but cant say what

The reason given was also that localhost can pose security risks.

Default Logon Domain has caused me a lot of issues like you are seeing. I would like to set it to be sure, and the adsutil has always been the best at doing so.

Also make sure that the IUSR_ account you are using in the anonymous access tab has the same password as the account in Windows, especially if it is not the default password assigned by windows. Recently I went and changed this password and had to go into every virtual and change the password in the web serttings.... pain.

Also, make sure that account is not disabled, and that is has permissions to log on locally

localhost poses no security risk to my knowledge. it is a loopback address that only the local machine can make requests too. If there is some documentation behind that I would be highly interested in reviewing it!

The IUSR is a local account not in active directory.  How do I run the adsutil and where do I find it please?

The security issue was the answer I was given when asking the same question of why was it disabled?

i can email you a copy of adsutil if you like

Yes please - when I receive it I can just copy it to a floppy and then run it from our server?

you can. how do i email to you ;)

ahillman@fulton.cnyric.org - I will try it out and get right back to ya!  This is much better than sitting around reviewing everything for the 20th time just to be sure....

sent

by the way is this an executable that you are sending? if so it won't make it past our security settings.  Also once I receive this - can I just run it from the floppy?

okay so i ran the script - still the same thing:  This is what shows up on my address bar:
http://serverIP/CFfulton/index.cfm

I was looking in the adsutil.vbs script and where do I need to name the domain name?

adsutil set w3svc/DefaultLogonDomain "YOURDOMAINNAME"  


Yourdomainname should be the name of your domain

But when I open the script to edit it - where in the script should I look?  :)

oh you dont need to... you just run that command from the command line

It doesn't recognize adsutil as a command - obviously I am missing something arent' I?

you need to be in that folder when executing the command. So if the file is on A:\scripts\ here is what you do

a:

cd scripts

adsutil set w3svc/DefaultLogonDomain "YOURDOMAINNAME"  


OR alternatively

A:\scripts\adsutil set w3svc/DefaultLogonDomain "YOURDOMAINNAME"  

so c:\inetpub\AdminScripts\adsutil ....

if that is where the file is, yes :)

open a command line window

cd to c:\inetpub\AdminScripts\

then

adsutil set w3svc/DefaultLogonDomain "YOURDOMAINNAME"  

Well - I did it and it ran just fine.  :)  BUT - still no go with the viewing of the site.  Still have that pesky login window.  do I need to stop services or restart or anything?

you should, but it probably isnt necessary.

are you certain that the IUSR_ user isnt disabled or had a password change?

the iusr is just a local profile on the guest account.  the settings are password never expires and user can't change password but the account isn't disabled.  does the iusr need to be in active directories?

it doesn't... it can be a local account

*thinking*

check the security settings on the folder CFusionMX\lib

Mine are set to Everyone Full Control

sorry that should be CFusionMX\runtime\lib

checking

I tried that - still no go - are you drained of solutions yet? ha!

also, just to be sure: Under the Anonymous user settings is "Allow IIS to control password" checked?

Also I just noticed most of my webs are setup using Windows Authentication checkbox, so I could be very wrong about my comments on that!

Yep - all there - and yes - I had changed my authentication back to windows.

you know, my entire CFusionMX is set to Everyone Full Control (will have to look into potential security risks with that!) . Is yours set the same?

No - I was concerned to do that - but I will try it out.

No go - I even gave full permission to everyone on the site directory - do you have directory browser checked?

When I installed CFMX - I loaded it to D:\CFusionMX and then I have the root being D:\ and then IIS pointing to the d:\mysitename.  Is this correct or do I need to reinstall?

Thank you for all of your help - hopefully a good nights rest will bring a solution to mind.  Have a good day - and again thanks for taking so much time out of your day.

:)

Hello there - I got it working!  There was a read only checked on one of the main folders and that was causing problems!  It figures - always the small things!

I do have another question though and I think maybe you could assist?  Let me know if I need to open another question though.
I am able to see my calendars and do searchs but when I want people to log into the calendar administration on my pages - they cant login.  When I test it on the server it works fine - when I test it on my developers server it works fine - so its not the code - seems that there is a persmissions thing stopping it.  I tried making the folder that contains the application shared but that didn't work - plus I want the security anyway.  Any thoughts?

Thanks!  Hope that water didn't cause too much of a headache yesterday!
Aimee

Scripts access was not checked either - that seems to be the real solution!  Still can't get my calendar application to login under IIS though - if you get the chance and you think of something - please let me know your thoughts.  I appreciated all of your devoted time!

Hi Aimee,

Ya the water did tons of damage... such is life. Trying depserately to get carpets replaced, ugh!


When you say "login under IIS" do you mean that you want to have a Widows username/password prompt and that it is not working on one of the servers?

TJ

I have a db in SQL 2000 that I use to authorize users to a calendar events application.  This application lets administrators add events to their respective calendars in the school district for everyone to view on our site.  The code behind the application is just fine - its just not letting me login.  No errors - just does what it is supposed to do if the username and/or password are not recognized.  The other pieces in my site that need to grab information from the same db are working just fine.

Any clue??

Sorry about your carpets - its a nightmare - had our basement flood and all of our things got ruined - been running our de-humidifier for weeks now!

Hmmm, you are certain that the users are in the database and the calendar datasource is correct? These are tough to pinpoint, because it is usually code-related if it is a CF-based login and not a Windows login. you could send your code to me for review if you like, but i also understand the need for secrecy on these types of apps :)

Well.....The application works great on the localhost:8500 developement server - I would think that if it was code related then it wouldn't work at all?

Here is the code though - just so you can get a feel for the application.

Login Form:
<CFIF IsDefined("Form.UserLogin")>
  <CFINCLUDE TEMPLATE="LoginCheck.cfm">
</CFIF>

Then your basic cfform for input.

Login Check:

<cfif ISDEFINED ("Form.UserLogin")>
      

<!--- Make sure we have Login name and Password --->
<CFPARAM NAME="Form.UserLogin" TYPE="string">
<CFPARAM NAME="Form.UserPassword" TYPE="string">

<!--- Find record with this Username/Password --->
<!--- If no rows returned, password not valid --->
<CFQUERY NAME="GetUser" DATASOURCE="#datasource#">
  SELECT *
  FROM [table]
  WHERE username  = <cfqueryparam value="#Form.UserLogin#" cfsqltype="CF_SQL_CHAR">
        AND password = <cfqueryparam value="#Form.UserPassword#" cfsqltype="CF_SQL_CHAR">
</CFQUERY>

<!--- If the username and password are correct --->
<CFIF GetUser.RecordCount EQ 1>
  <!--- Remember user's logged-in status, plus --->
  <!--- ContactID and First Name, in structure --->
  <CFSET SESSION.Auth = StructNew()>
  <CFSET SESSION.Auth.IsLoggedIn = "Yes">
  <CFSET SESSION.Auth.userID  = GetUser.userID>
  <CFSET SESSION.Auth.username = GetUser.username>
  <CFSET SESSION.Auth.fName  = GetUser.fName>
  <CFSET SESSION.Auth.userRole        = GetUser.userRole>
 
<CFQUERY DATASOURCE="#datasource#" NAME="getlocs">
Select *
From [table]
WHERE username = '#session.auth.username#'
</CFQUERY>
<cfset "session.auth.loclist" = "">
<cfloop query="getlocs"><cfset "session.auth.loclist" = Insert(",#locID#,", session.auth.loclist,0)></cfloop>

  <!--- user is logged in--->
   
        <cflocation url="{appropriate url}" addtoken="no">
 <cfelse>
 <cflocation url="LoginForm.cfm">
 
      </CFIF>
      
</cfif>

questions

GetUser.RecordCount EQ 1
Are you certain there is only one user with the username and password you are testing?

are you certain Form.UserLogin is being passed?

The username is unique - and yes the userlogin is being passed - at least it is under the developement server.

try outputting form.UserLogin on the production server and see if it displays a value on the page

What happens is:

when I login from the production form - it does work - since it takes me to the location specified by the login check.  I use the session.auth.username to identify to the administrator that is logged in who they are.  id - #session.auth.username#  - this outputs correctly.

Here is a text of the application on the site - notice the username is identified:
 
You are currently logged in as tvanduze

Calendar Administration
Add New Event

You can add new events from this section, and view all events in the calendar.
 Modify Event

Edit/Delete Events.
 
 

ok so I am confused :)

You can login on both the dev and production server? (dev is development, as you know, production is the live server)

I can login on the dev server which uses the CFMX local server - but the production server just goes back to the login form - like it is supposed to do if the username is not found.

This is really strange - when I logged into the CF adminsitrator on the production server and then with out closing it out I tried went and viewed the new site - then tried to log into the application - it worked!  So I then closed the window which logs me out of both the CF administrator and the application - I went and opened the website again and tried to log into the application and the thing didn't work.  Why when the administrator was open did it work and not when it wasnt open???  

are sessions enabled on the production server? In the CF Administrator go to Memory Variables and ensure the "Enable Session Variables " option is checked

hehe, ya i think you need to enable session variables in the admin... i believe the cf administrator tool temporarily enables them during its use, which is why it may be working

All three are enabled

:(

Ok, are you using an application.cfm file? if so it should have the following in the cfapplication tag

sessionmanagement="yes"

fyi, you must have an application.cfm if you are using sessions :) you probably know this already tho

Yep - and it is set to yes

<cfapplication      
      name="[name]"
      sessionmanagement="Yes"
      clientmanagement="no"
      setclientcookies="no"
      setdomaincookies="no">

And you thought this was going to be a walk in the park! HAHAHAHAHAHAHA  - one thing I have learned about CF or any other language - nothing is as it seems!

thats wierd... it seems to me that the session is not being instantiated. Can you replace the LoginCheck.cfm with a test file and output all session and form variables?

hehe, I been doing CF since 2.0, so I know that the stuff that seems the easiest to solve is always the thing that will drive ya nuts. and usually when you find the solution it was as easy as you thought!

actually just replace the logincheck with a file that does this:

<CFQUERY NAME="GetUser" DATASOURCE="#datasource#">
  SELECT *
  FROM [table]
  WHERE username  = <cfqueryparam value="#Form.UserLogin#" cfsqltype="CF_SQL_CHAR">
        AND password = <cfqueryparam value="#Form.UserPassword#" cfsqltype="CF_SQL_CHAR">
</CFQUERY>

<!--- If the username and password are correct --->
<CFIF GetUser.RecordCount EQ 1>
  <!--- Remember user's logged-in status, plus --->
  <!--- ContactID and First Name, in structure --->
  <CFSET SESSION.Auth = StructNew()>
  <CFSET SESSION.Auth.IsLoggedIn = "Yes">
  <CFSET SESSION.Auth.userID  = GetUser.userID>
  <CFSET SESSION.Auth.username = GetUser.username>
  <CFSET SESSION.Auth.fName  = GetUser.fName>
  <CFSET SESSION.Auth.userRole       = GetUser.userRole>
 
<cfoutput>#Form.UserLogin#<br>
#GetUser.RecordCount#
</cfoutput>
<cfdump var="#SESSION.Auth#">


This will tell us where the problem is

oops, take out the cfif :)

thinking....

Well - I am annoyed now - I set up the loginform to go to the the test.cfm instead of the the login chech and it is still taking me to the designated page as though it went through the login check!

cached probably.... try closing the browser and reopening, maybe restart the CF service if you can to clear the CF cache

Okay - its working properly the output was correct.

admin
[number] struct
FNAME admin
ISLOGGEDIN Yes
USERID [id was here]
USERNAME admin
USERROLE [role was here]

Here is another twist:

I have made the site live now - if you try to log into it through the www.fulton.cnyric.org address it doesn't work - if you use the server IP address then it does log you in.

ok, cool. so the structs are being created properly, the form fields are being passed and the record count is only 1, correct?

Yep - and never mind about it working through the IP address - it was cached.  :)

ok, so from looking at the LoginCheck.cfm I do not see any reason why it would be working. Is there any reason why the calendar page (or any page it calls/includes) might be pushing to the login page? Any exception catches, etc?

Can you rephrase?

ok, after logging in what page is the user directed to? Does that page have any cflocation or cfinclude tags in it?

that is the defualt page after loggin into it.  The page is set up for 3 user roles.  If you are an administrator then you get to see everything - if your userrole is greater than 2 then you see the next level - if just 3 then you are a default user.  No other cflocations etc...

try commenting out the cflocation tag and see what happens

on the login check form?

yea :)

The login form just returns to itself.

actually - if I actually comment out the whole cflocation - (both of them) then I get a blank white page.

so your form submits to logincheck.cfm, and in logincheck.cfm you have 2 cflocations:

<cflocation url="{appropriate url}" addtoken="no">

<cflocation url="LoginForm.cfm">

comment out

<!--- <cflocation url="LoginForm.cfm">  --->

replace with LOGIN FAILURE

looks like this:

<cflocation url="viewAdmin.cfm" addtoken="no">
 <cfelse>

 <cflocation url="LoginForm.cfm" addtoken="no">

<cflocation url="{appropriate url}" addtoken="no">

I wonder if this tag is causing the session to be lost.... so lets try this:

<!---<cflocation url="viewAdmin.cfm" addtoken="no"> --->
Login Success

 <cfelse>

 <!--- <cflocation url="LoginForm.cfm" addtoken="no"> --->

Login Failure

showed login success

Actually showed login success twice

ok, so now we know logincheck.cfm works properly. you can undo those changes.

Our problem is either in the process of the cflocation or in the viewAdmin.cfm page. any place in the viewAdmin.cfm where you StructClear() the session? or reset any of the session values?

Maybe try doing a cfinclude instead of a cflocation to viewAdmin.cfm

"Actually showed login success twice" that is wierd.... i do not see anything within that page which may cause that, unless you accidentally have "login success" there 2x

Could be -

well I changed the cfinclude to a cftemplate - and that logs me in - but how do I keep the user logged in though - anytime the user goes somewher else they have to relog in.

for some odd reason CF is not saving the session variables to memory. Are you running on clustered servers?

Nope - I am going to change the logincheck back though so I can maintain my code.  Very strange!  

I added this to my viewAdmin.cfm which is the default page and it seems to be working - give me a minute to test.  Let me know if you come up with a less messy way.

<cfif isDefined ("#session.auth.username#")>
IsloggedIn
</cfif>

Nope - didn't work out - shoot - thought it would be a good work around.

When I log into the CF administrator it never comes up properly - I have to insert the server IP address first and then the login screen pops up for the CF administrator - would this be interfereing with the session variables?

by the way - do you want me to open a new question up for this issue - so you can get awarded more points??  :)

oh wait, are you guys using host headers for your site. meaning, do you have a single IP address on the server and multiple website using that IP?

If you want to open a new question that is fine. Im not too worried about points ;)

 also do you have setclientcookies="yes" in your application.cfm application tag?

setclientcookies is ="no",
there is X-Powered By: ASP.Net set as a host header - its in there from out .asp site - do I need to remove it for the .cfm site to work? I really don't know anything about the headers. And yes we only have a single IP address on the server - but only one website - our default - we will be adding an intranet later.

setclientcookies is ="no" needs to be YES, which is why it isnt working ;)

X-Powered By: ASP.Net  - no biggie. I always remove this to remove MS's insistance on adding their branding to everything. it does nothing except add that info to the headers of the site.

https://www.experts-exchange.com/questions/21062477/Session-Variables-not-working-on-all-network-computers.html

This link will give you more info on your problem!

YOU HAVE GOT TO BE KIDDING ME!!!!!!!
Oh man....................that did it - where do I send my check - the least I can do is buy you new carpets! HAHAHA

hehe, ty for the offer but not necessary ;) When I started programming I used to bug the heck out of Ben Forta, so I am happy to offer the same help to others. The landlord and I just got through tearing out the carpets and awaiting the insurance adjuster...

Happy repairs - and just so you know - I am keeping your KoldFuzun name in mind for any upcoming issues we may have with our intranet! :)

excellent, ty. You have my email address, and I would be happy to give you my IM info and phone number... happy to know everything is ok :)