<div>
<b>EDIT:<br />
</b><br />
I'm not an IIS guru, but a few thoughts ... is the 500 error from IIS - or CF and what is the error text? &nbsp;If it's an IIS error, anything related in the IIS and/or o/s logs?<br />
<br />
&nbsp; &nbsp; &nbsp; &gt;&gt;&nbsp;I created a separate limited account for CF access <i>as well as one for IIS. &nbsp;</i><br />
<br />
I'm wondering if it's <a href="https://weblogs.asp.net/owscott/iis-using-windows-authentication-with-minimal-permissions-granted-to-disk" rel="ugc">due to the permissions on the IIS account</a>. Did you use a custom account for IIS in your previous installs as well? &nbsp;What happens when you temporarily run IIS under the default application pool user?
</div>


<div>
CF doesn't appear to see the request, so I suspect it is within IIS. &nbsp;I'm away from the machine for a few hours but when i get back I will clear the log files for that domain and see what I get when I try it again. &nbsp;And also check the permissions as well and the application pool. &nbsp;Practically everything was tweaked during this process. &nbsp;When done properly, it barely has enough authority to return pages and no more.<br />
<br />
Thanks!<br />
<br />
--Ben
</div>


<div>
Sounds good.<br />
<br />
&gt;&gt;&nbsp; Practically everything was tweaked <br />
Yes, I did it a while ago. Don't remember if I used a custom account for IIS last time around, but did run into a few problems with requests in IIS afterward. In my case, I hadn't set all of the folder permissions properly. Granting the app pool account the necessary permissions resolved it.
</div>


<div>
Dang. &nbsp;Let me look through that list again. &nbsp;Could have tanked that part easily.
</div>


<div>
In particular, double check the permissions for <b>IUSR</b>, which the <a href="https://www.adobe.com/content/dam/Adobe/en/products/coldfusion/pdfs/cf11/cf11-lockdown-guide.pdf" rel="ugc nofollow">CF11 guide</a> says is the anonymous authentication account. &nbsp;Likely something's off with its permissions or settings since anon requests seem to be the ones that aren't working.
</div>


<div>
Tried swapping out the account for the test domain in the application pool and used Administrator. &nbsp;That had no effect, so I swapped it back. &nbsp;<br />
<br />
Bringing up my security properties, the {cf.root}/config/wsconfig/<wbr /> folder has read&amp;execute, list folder contents, and read set for IUSR(as well as the app pool account I created). &nbsp;{cf.root}/config/wsproxy/ is identical. &nbsp;{cf.instance.root}/wwwroot<wbr />/CFIDE as well.<br />
<br />
Ah. &nbsp;May have found it. &nbsp;Looks like I didn't add the cfuser account to all the CF services. &nbsp;Doing that now...<br />
And still no change after the mods.<br />
<br />
Hm.
</div>


<div>
I've had the &quot;pleasure&quot; of encountering a few errors setting up IIS, and the exact codes and causes vary. &nbsp;For example <a href="https://support.microsoft.com/en-us/help/942055/-http-error-500.19-error-when-you-open-an-iis-7.0-webpage" rel="ugc">500.19</a>. Exactly what 500.x error are you getting and what is the full error message? I still suspect it is permissions related, but knowing the exact error should tell us if we're on the right track.
</div>


<div>
&gt;&gt; Bringing up my security properties<br />
In addition to the error message info, what about <br />
<br />
- The web root permissions?<br />
- Permissions for {cf.root}/config/wsconfig/<wbr />n/isapi_re<wbr />direct.log<wbr />? <br />
<br />

<blockquote>
The ColdFusion IIS connector writes logs to a file called isapi_redirect.log - the IIS Application Pool<br />
user (iisuser in our example) needs <u>write </u>permission to this file.
</blockquote>
</div>


<div>
In the browser, all I see is:<br />
<br />
500 - Internal server error.<br />
There is a problem with the resource you are looking for, and it cannot be displayed.<br />
<br />
I'm not sure why, but I have 5 '/n/' folders, 1-5 under the wsconfig folder. &nbsp;I gave all of them modify permission to the iisuser account. &nbsp;There isn't an isapi_redirect.log file in any of them yet. &nbsp;I -do- see the isapi_redirect.dll in 2-5, as well as isapi_redirect.properties in each of them.<br />
<br />
The most recent entries from the IIS log file for this site are in the attached file.<br />
<br />
The ip.cfm file just returns the ip address of the client connecting to it.<br />
<br />
--Ben<br />
<a href="https://filedb.experts-exchange.com/incoming/2017/03_w10/1150264/iis.txt" target="_blank" class="file-inline" title="iis.txt (1 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>iis.txt</a>
</div>


iis.txt

<div>
<b>EDIT: Add link<br />
</b><br />
From what I've read, the relevant error is these 3 values:<br />
<br />
c-status | sc-substatus | sc-win32-status<br />
500 &nbsp; &nbsp; &nbsp; &nbsp;| &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; | 193 <br />
<br />
<a href="https://msdn.microsoft.com/en-us/library/ms681382.aspx" rel="ugc">This doc</a> says 193 means:<br />
<br />

<blockquote>
ERROR_BAD_EXE_FORMAT &nbsp; &nbsp;- 193 (0xC1)<br />
&nbsp; &nbsp; %1 is not a valid Win32 application.<br />

</blockquote>
<br />
Wonder if it's related to bitness... did you install the 64bit version of CF? If not, did you enable 32bit in the app pool settings?<br />
<br />
Also, check the event logs for any other errors.
</div>


<div>
I did install the 64 bit version. &nbsp;The application pool advanced options also has the 'enable 32 bit applications' set to true. &nbsp;Should it be?
</div>


<div>
<b>EDIT:</b> No. &nbsp;It should only be set to true if you are running CF 32bit - or if you had another web app using the same pool that needs 32 bit. Though in the latter case, you can't mix the two. You'd need to set up 2 separate app pools: one for the 32bit apps (enable 32 bit = true) and another for CF 64 bit (enable 32 bit = false).
</div>


<div>
Well that's interesting; when I changed the 32 bit option to 'false', I now get a 404 when I try to access the test cfm page.
</div>


<div>
Edit: Is the test page located in the web root or virtual directory? If the latter, could be a mapping/virtual directory issue.
</div>


<div>
<b>Edit:</b> Not sure what physical directory that is or if you it's in the IIS root or a virtual directory. &nbsp;If it's in a virtual directory, it's likely the 404 is happening because the path isn't resolving properly. To confirm that's the problem, try it script that's in the webroot, so there are no mappings involved.
</div>


<div>
When you say 'webroot' are you talking about the CF Install wwwroot folder? &nbsp;If so, IIS doesn't know about that. &nbsp;And the page still gets returned properly when I'm logged in to the machine.
</div>


<div>
Depends on how the CF app is configured, but I was thinking the IIS webroot of the Default Web App, ie c:\inetpub\wwwroot\yourTes<wbr />tPage.cfm.<wbr />
</div>


<div>
Hi,<br />
<br />
Yes, that is what is failing. &nbsp;I sent you a screenshot of what I'm seeing.
</div>


<div>
Good grief. &nbsp;I found out why this wasn't working. &nbsp;I don't even want to admit it....but hopefully it might help another knucklehead. &nbsp;<br />
<br />
I had set the test box up on one virtual machine and set up access to it but hadn't implemented the dns pointers to it yet. &nbsp;So I added an entry via the hosts file in the windows\system32\drivers\e<wbr />tc\ folder.<br />
<br />
Much later I set up dns for it but did not use the same IP address. &nbsp;So my personal workstation has been barking up the wrong tree for who knows how long. &nbsp;&lt;banging head against the wall&gt;<br />
<br />
Sigh...
</div>


<div>
Thank you for the careful thought and even approach while running this to ground. &nbsp;At times just having someone ask the 'obvious' questions can resolve an issue. &nbsp;Much appreciated!
</div>


<div>
Heh.. happens to all of us once in a while. &nbsp;Glad I could help and that everything is working now.
</div>


<div>
Ran into a post-install issue during testing: I am unable to delete a DSN. &nbsp;It throws an error (There was an error accessing this page. &nbsp;Check logs for more details. &nbsp;Click <u>here</u> to login). &nbsp;I'm not actually logged out as I can still navigate on the left side.<br />
<br />
But there is nothing in the log files (under ..\cfusion\log\) regarding this. &nbsp;Couldn't find an updated log file anywhere else in the CF file structure.<br />
<br />
I did check the security permissions on the CF install folder structure; the cfuser has full authority over the cfusion\lib folder where neo-datasource.xml maintains the DSN entries.<br />
<br />
?<br />
<br />
--Ben
</div>


<div>
<div class="content wysiwyg-content">
Hi,<br />
<br />
I installed CF 11 on a Windows 2008 R2 (IIS 7.5) server following the CF 11 Lockdown Guide wirtten by Pete Freitag. &nbsp;I've done this several times before at other installations and am hitting a snag now.<br />
<br />
I'm able to bring up a test website on this server using standard html pages, as well as CF pages when I am logged in to that server. &nbsp;On a different machine I can get to static pages, but CF pages come back with a '500 server error'. &nbsp;So the difference is anonymous vs authenticated access.<br />
<br />
I have CF 11 admin on a separate port using its internal web server. &nbsp;I created a separate limited account for CF access as well as one for IIS. &nbsp;<br />
<br />
I don't see any additional entries in the CF logs in the admin panel, so I suspect this is something related to anonymous access in IIS and how it hands off requests to the CF server. &nbsp;Anyone have any suggestions on tracking this down?<br />
<br />
Thanks!<br />
<br />
--Ben
</div>
</div>


Hi,

I installed CF 11 on a Windows 2008 R2 (IIS 7.5) server following the CF 11 Lockdown Guide wirtten by Pete Freitag.  I've done this several times before at other installations and am hitting a snag now.

I'm able to bring up a test website on this server using standard html pages, as well as CF pages when I am logged in to that server.  On a different machine I can get to static pages, but CF pages come back with a '500 server error'.  So the difference is anonymous vs authenticated access.

I have CF 11 admin on a separate port using its internal web server.  I created a separate limited account for CF access as well as one for IIS.  

I don't see any additional entries in the CF logs in the admin panel, so I suspect this is something related to anonymous access in IIS and how it hands off requests to the CF server.  Anyone have any suggestions on tracking this down?

Thanks!

--Ben

Installing CF 11 in secure mode on Windows 2008 R2 server has problems with anonymous access

ColdFusion is a server-side rapid application development platform originally created by Allaire and now sold by Adobe, implementing the dynamic general purpose CFML programming language. The term ColdFusion is sometimes colloquially used to refer to the CFML language (Cold Fusion Markup Language), but can also include discussions of the server software implementation. ColdFusion runs using a customised version of Apache Tomcat. Earlier versions are bundled with JRun.

ColdFusion Language

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.