we are reviewing share permissions for a security audit and noticed on an IIS server, the folder c:\inetpub is accessible with read only rights to domain users. Knowing IIS as you do, could this default IIS folder contain any security sensitive information that should not be openly accessible, or is it pretty anonymous data that poses no real risk.

We have https://mail.domain.com/ecp to access Exchange control panel 2016 internally and externally. For security reason I would like to stop ecp for external access so what will be the best way to stop...

IIS
Virtual directory
Firewall



Regards
S

We moved a website from a server 2008 to a server 2012 system with Windows Authorization turned On and Anonymous turned Off.  Now, we get a HTTP Error 401.2 error.  However, if I turn On Anonymous it works.  Is there a way to take a deeper dive into this type of error to see what permissions we are missing?  I have turned on tracing, but it doesn't produce any trace logs.  To make a short story longer, the Old web code is invoking the Neevia Document Converter product and using the WebKit to parse HTML.  I suspect it has little to do with the Neevia product and more to do with the permissions differences between 2008 and 2012 server.  The building IE parser doesn't work either (gets a timeout).


HT T P Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reac
h the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
Verify the authentication setting for the resource and then…

I have a WordPress website running on IIS.  After it runs for a few days I get many instances of php-cgi.exe loaded versus the normal two that I normally have..  When this happens my website crashes.  Below is the error I see in the event log.  Any ideas?

Faulting application name: php-cgi.exe, version: 5.6.30.0, time stamp: 0x58803748
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x0001427b
Faulting process id: 0x4d30
Faulting application start time: 0x01d3104f94382d27
Faulting application path: C:\Program Files (x86)\PHP\v5.6\php-cgi.exe
Faulting module path: C:\Windows\SYSTEM32\KERNEL32.DLL
Report Id: d33efe6a-7c42-11e7-80c7-d8b1f2452a7f
Faulting package full name:
Faulting package-relative application ID:

I am trying to create pdf file in temp folder programmatically.

 I am getting Access Denied to temp folder in IIS while generating pdf  using background service.

But when i generate file inside the temp folder by web app then it allows file creation.

The temp folder has Read , Write permissions and background service is running as administrator.  

Plz suggest.

Hi, i'm really desperate, facing a problem that is obsessing me.
I'm managing a legacy web-application entirely wrote in classic asp 3.0, connected to a mysql database.
I'm experiencing hangs, like, someone sometimes go on a page and it takes FOREVER to reply, without any apparent reason. If i later try to launch that same page, it loads without problems, so it's NOTHING related to code cause it's not repeatable at all.
In this attached screen took at Worker Process monitor on IIS u can see quite the example situation.
At this point, to start, would be enough for me to tell IIS "PLease, if a process takes more than 2 minutes, TERMINATE IT!". Using "Idle time-out" from application pool settings seems to not work (it's set to 1 minutes and you can see here there are process waiting forever).
Server.scriptTimeout doesn't work either (it's set to 3 minutes).
These process get terminated only when i recycle the appPool, but i can't recycle it cause it will disconnect all users that are current logged in.
Another thing that i noticed, is that if a user start a long-time operation (for example an inventory), he cannot interrupt it till it ends, in few words even if i rethink about it and wanna do other things, he have to wait that page to reply before he can open another page on the same domain with the same browser.
I have tons of things to say but at least this is a starting point. Anybody can point me to the right direction to face this problem?

Failed to install web server service IIS windows authentication & ASP due to error "Attempt to install ASP failed  with error code 0x8007007E. The specified module could not be found &  "Attempt to install windows authentication failed  with error code 0x8007007E. The specified module could not be found

Hi All,

After installing new CAS role and then configuring the Virtual Directories to use single name space owa.domain.com, I cannot access OWA on my new Exchange Server 2013 Standard edition ?

Error: owa.domain.com is currently unable to handle this request. HTTP ERROR 500

Why is this happening ?

Dear community,
We have Problems with active sync in Exchange 2016 CU5.
After a Migration from Exchange 2010 to Exchange 2016 CU5 the following error occours when we connect with active sync:

OWA is working!


Event code: 3008
Event message: A configuration error has occurred.
Event time: 07.07.2017 08:10:45
Event time (UTC): 07.07.2017 06:10:45
Event ID: d049c0dd0f3b4cc4986b58ec61b74869
Event sequence: 1
Event occurrence: 1
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/2/ROOT/Microsoft-Server-ActiveSync-4285-131438814449264551
    Trust level: Full
    Application Virtual Path: /Microsoft-Server-ActiveSync
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\
    Machine name: XXX
 
Process information:
    Process ID: 18536
    Process name: w3wp.exe
    Account name: IIS APPPOOL\DefaultAppPool
 
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load file or assembly 'Microsoft.Exchange.Security, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\web.config line 251)
   at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)
   at …

im using windows server 2012 and iis 6.2
i have it configured to point at a smtp exchange server
the portal on iis sends out emails
this seems to work for a day or 2 then the emails stop going out
if i do a iisreset that will fix for another few days
then it fails again
i know i could schedule an iis reset but i would like to know why this is happening

We are using Oracle's Primavera Contract Manager that requires a SMTP server to send email but allows for no options to use anything that requires a username or password. So in order to make it work we have the IIS SMTP service setup that requires no authentication and anonymous access. This is a problem as it appears some outside source is using it to send bogus/spam emails. Any ideas if there are options to secure the smtp server service on the Windows 2012 server so it's not anonymous access to send? or possible some sort of free online smtp server? The ISP is Comcast which requires a username and password for smtp services so that will not work. Any thoughts? Or addiotional questions please feel free to ask and thank you in advance for your help.

Hi,

Apologies if this is a simple one but I'm an Apache guy and need to amend a instance of IIS Server 2012 to be able to serve content located on the d:\ drive of the server using a path of /supplementary

Can anyone please advise how I accomplish this is IIS as in Apache I'd simply use

Alias /supplimentary "D:/infrastructure_data/supplimentary"

Select all Open in new window

I had this question after viewing Enabling CAS role on current mailbox server ?.

Hi All,

When I run the command get-clientaccessserver | fl to check the URI for all of my CASserver, the result is:

AD Site: Default-First-Site-Name
Server name: PRODMAIL08-VM
AutoDiscoverServiceInternalUri: https://PRODMAIL08-VM.domain.com/Autodiscover/Autodiscover.xml

AD Site: Head_Office
Server name: PRODMAIL02-VM
AutoDiscoverServiceInternalUri: https://PRODMAIL02-VM.domain.com/Autodiscover/Autodiscover.xml

The SSL certificate that is used in both CAS servers are wildcard *.domain.com

so do I still need to execute the command below from my newly added server:

get-clientaccessserver | set-clientaccessserver -autodiscoverserviceinternaluri "https://autodiscover.domain.com/autodiscover/autodiscover.xml"

Select all Open in new window

Thanks in advance,