Solved

How do I setup IIS virtual directory for external access.

Posted on 2011-02-17
10
974 Views
Last Modified: 2012-06-21
I am inexperienced with IIS so I hope that you will bear with me here.  We are running IIS 7.5 on Windows Server 2008 R2.  We have a site that we need both external and internal access to.  We are using SSL and I have successfully installed the cert and the site seems to be working fine internally.  The external dns resolution of the external address is working fine and I am port forwarding the static IP to the internal IIS server.  I can get to the IIS start page via SSL fine but when i try to type in a virtual directory like "https://xxx.domain.com/virtual_path", I recieve "internet explorer cannot display the webpage".  Any help is much appreciated.
0
Comment
Question by:jwiang4u
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34916945
You need to set a defaul page for the virtual directory.  That is, if you typed in "https://xxx.domain.com/virtual_path/somepage.aspx", you'd probably be okay, but IIS doesn't know what to do if you don't specify what page you want served.

In this case, select the virtual directory in the treeview, then specify the default document using the icon on the right.
0
 
LVL 1

Author Comment

by:jwiang4u
ID: 34917049
There is a default document select called "index.cfm".  If i navigate to this directory "https://xxx.domain.com/virtual_path/index.cfm", the page has only a few elements on it and IE shows me some errors.  When I look at the errors, they point to "Permission denied" on index.cfm.

This site was created by the installation of a document management product.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34917071
Does index.cfm exist?  Does the virtual directory allow anonymous access, or do visitors have to be authenticated?  Does index.cfm have NTFS permissions on it so only authenticated users can view it?
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 1

Author Comment

by:jwiang4u
ID: 34917695
The virtual directory doesn't allow anonymous access so i guess that is probably my problem.  I am contacting the vendor of the software that was installed to find out what they recommend.

In normal scenarios, would you provide anonymous access to virtual directory when it is an external website?

I will update as soon as I hear back from the software vendor.
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34917747
To follow what paulmacd says, I bet that you are using IE internally which can automatically authenticate to an internal IIS server. That doesn't happen externally. Some of the elements of that document management product are requiring access as someone other than anonymous, but IIS is allowing anonymous access. You probably need to remove anonymous access to the web site, but you should check with the vendor for the specifics.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 250 total points
ID: 34917758
Most public web sites allow for "anonymous" access.  In the case of IIS, the anonymous account is by default a dedicated user account for the asp.net worker process (IUSR_something).  It's this account - by default - that anonymous visitors map to when they visit your site.
0
 
LVL 42

Assisted Solution

by:kevinhsieh
kevinhsieh earned 250 total points
ID: 34919497
You would normally allow anonymous access for things that don't require that you authenticate the users who are accessing the content. If the documents are not meant to be public (ie searchable via Google) and if there is any administrative function available, those should be secured by some sort of mechanism such as NTFS permissions on the files themselves or some sort or mechanism within the application to handle access control.
0
 
LVL 1

Author Comment

by:jwiang4u
ID: 34920516
I think you guys have pointed me in the right direction.  I noticed that when the application was installed, the virtual directories it created under the default site don't have the IUSR_something user in the permissions but do have the domain users.  The default site itself does have the IUSR_somthing user which is the reason why i could reach the IIS Welcome page externally but not any of the virtual directories.  The files that are housed in the doc-mgt system are protected via encryption in a flat file structure.  I am guessing that i need to grant the IUSR_something user permissions booth in IIS on the virtual directories and in NTFS in the inetpub directory.

I am still waiting back to hear from the vendor as this system requires validation and I don't want to do anything outside of spec.  I will let you guys know what i find out.  Thanks for the quick responses.
0
 
LVL 34

Expert Comment

by:Paul MacDonald
ID: 34920532
No problem.  Hope you get it sorted.
0
 
LVL 1

Author Comment

by:jwiang4u
ID: 35001163
I finally worked with the vendor to resolve the issue today.  The problem was that the IUSR user didn't have permission on the virtual directories under the default site.  Thanks for the help.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question