Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

SSL Redirect IIS 6.0

Posted on 2009-05-18
5
Medium Priority
?
3,062 Views
Last Modified: 2013-12-14
Hey Experts,

I followed the guide from the link below to setup a SSL Redirect script for a site we are hosting internally on IIS 6 and everything was working fine, requests for http://intranet.domain.com would receive the 403.4, a custom error message was setup in IIS to point to a directory containing an .aspx file with a simple Response.Redirect script.  Furthermore the appropriate location path was added to the web.config file.

http://weblogs.asp.net/pwilson/archive/2004/12/23/331455.aspx

All was working well until some changes to our sharepoint site were made and I received the Inheritance Overrrides error in IIS, the only child node it prompted me for was NoSSL which is the SSL redirect, this is the only service we are hosting currently, Ive seen exchange users with similar issues however this is not the case for our environment.

Regardless of whether I choose the 'NoSSL' child node or not when prompted by inheritance overrrides, the redirect stops working.  I have removed the custom error, the folder, the changes to config.aspx, etc..reimplemented them and still received the same problems.

When http://intranet.domain.com is entered the following is returned by the browser:
'Secure Channel Required
This Virtual Directory requires a browser that supports the configured encryption options.'

Thanks for the help!

Custom Error 403.4:
<%
Response.Redirect("https://intranet.domain.com")
%>
 
 
 
 
Web.conf:
  <location path="_NoSSL/SSLRedirect.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>

Open in new window

IIS-Inheritance-Overrides.JPG
0
Comment
Question by:joefreedom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 37

Expert Comment

by:meverest
ID: 24418596
Hi,

your snapshot shows that when you try to set the custom error page, it also wants to set the 'UNCPassword' value.

what you apparently need to do is to set the custom error without changing the UNCPassword.  You can do that in two ways:

1.  set the custom error on the 'noSSL' node, and then go back and set the UNCPassword credentials, OR
2.  set the custom error using adsutil.vbs instead of the GUI, something like:

C:\Inetpub\AdminScripts>adsutil set w3svc/1/Root/_private/HttpErrors "403,2,FILE,c:/path/errorfile.aspx"
0
 
LVL 8

Author Comment

by:joefreedom
ID: 24426223
Thanks for the response I appreciate your support,

I don't know how to "set the UNCPassword credentials" so number 1 isn't an option unless you can explain how to do so?

I attempted to run the adsutil command you posted however I receive
'the path requested could not be found'
ErrNumber: -2147024893 (0x80070003)
Error trying to get the object: w3svc/1/Root/_private

Can you explain if 'w3svc', and '1' are supposed to represent an actual value?  Should the 1 represent the site id or something?

does '403,2,FILE,C:/path/errorfile.aspx' mean http error 403.2 file redirect or just 403?
Should this be '403,4,URL,_NoSSL/SSLRedirect.aspx' in my case?

Sorry I have no prior experience with adsutil utility and I have had minimal luck with resources explaining those questions.

Thanks!
0
 
LVL 8

Author Comment

by:joefreedom
ID: 24426901
I Ended up using the following code in a .htm page on the root directory of the site.  I went into IIS custom errors settings and changed 403.4 to redirect to a file, browsed to the root directory and selected the .htm page.

All is working well.  Thanks for the help.
<SCRIPT type=text/javascript>
<!--
if (location.protocol != 'https:')
{
window.location = 'https://'+ location.host + location.pathname + location.search;
//alert(location.host + location.pathname + location.search); Just for sanity check
 
}
// -->
</SCRIPT> 
 
Code Taken From:
http://blog.opsan.com/archive/2005/04/17/395.aspx

Open in new window

0
 
LVL 37

Accepted Solution

by:
meverest earned 2000 total points
ID: 24427503
Hi,

looks like you have it sorted - good! :-)

to answer your questions:

the UNCPassword option is set when the virtual directory exists on another server and is only relevant when "a share located on another server" option is selected on the virtual directory tab of the vd properties.  In that case, click on "connect as" to set UNCUsername and UNCPassword properties.

if this vd is NOT on another server, then that property has probably been inherited (somehow) from a parent node incorrectly, in which case it would be a good idea to remove and recreate it.

for the adsutil tool, yes- the path information is important.  I probably should have written it like this:

C:\Inetpub\AdminScripts>adsutil set w3svc/<site-ID>/Root/<path>/HttpErrors "403,2,FILE,c:/path/errorfile.aspx"

you can see the siteID by looking at the 'Identifier' column in the IIS admin when you click on the 'web sites' node and view all configured sites in the right hand pane.

Cheers!




0
 
LVL 8

Author Closing Comment

by:joefreedom
ID: 31582629
Thanks for all of the help, much appreciated.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question