Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

Had a Windows Server 2008 crash, had to reinstall OS.
We're trying to get a basic website that was on the server back up & running. Reinstalled IIS7, created website w\same name as previous. Pointed to previous data directory. Web browsers can get to default.html at the root of the directory, but once we go into subdirectories, are getting "404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable."
The directories and files exist; wondering if it's a permissions issue?
We've tried granting ServerName$ permissions on the subfolders, but still getting 404 error.
Free Tool: IP Lookup
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

we are reviewing share permissions for a security audit and noticed on an IIS server, the folder c:\inetpub is accessible with read only rights to domain users. Knowing IIS as you do, could this default IIS folder contain any security sensitive information that should not be openly accessible, or is it pretty anonymous data that poses no real risk.
Have a 2012 remote desktop server for GP deployment, we are using a wildcard cert from GoDaddy, everything was fine until last week our Network engineer rekeyed it with godaddy, Anytime someone would go to GP Web services they would get a certificate revoked error, downloaded the new cert and rebinded in IIS, this fixed that issue, today the issue is anytime the connect via RDP they are getting the same error that the cert has been revoked.  I've gone into the RD gateway manager and reimported the right cert, rebooted and then tested, same error. I check the cert and it looks like the old one still, is there another place i need to put this cert?
We have to access Exchange control panel 2016 internally and externally. For security reason I would like to stop ecp for external access so what will be the best way to stop...

Virtual directory

Hello all,

I have a requirement where I need to be able to do the following:

1.  User from anywhere in the world types
2.  They are either presented a prompt or a page that asks for username and password
3.  After they successfully authenticate their username and password they are automatically redirected to their specific URL.

I would prefer to keep this as absolutely simple as possible as this is the one area none of us are an expert in.  So the goal would be a simple solution using IIS for example and once the configuration is done, we could easily add others as we expand.  I am open to other ideas as well as long as it's easy to maintain and cheap.

Our initial goal in mind was to have a dedicated Server 2016 IIS server in a DMZ with this authentication page on it, that once successful will redirect them to the specific Web Application running inside the same data center.

We moved a website from a server 2008 to a server 2012 system with Windows Authorization turned On and Anonymous turned Off.  Now, we get a HTTP Error 401.2 error.  However, if I turn On Anonymous it works.  Is there a way to take a deeper dive into this type of error to see what permissions we are missing?  I have turned on tracing, but it doesn't produce any trace logs.  To make a short story longer, the Old web code is invoking the Neevia Document Converter product and using the WebKit to parse HTML.  I suspect it has little to do with the Neevia product and more to do with the permissions differences between 2008 and 2012 server.  The building IE parser doesn't work either (gets a timeout).

HT T P Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reac
h the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
Verify the authentication setting for the resource and then…
We have recovered a server which has IIS server, the server was restored successfully, , however if I try to access the website, it brings up a http 500 error message

Not sure what the issue is since we have recovered the exact server ?

I need help please ?
I have a WordPress website running on IIS.  After it runs for a few days I get many instances of php-cgi.exe loaded versus the normal two that I normally have..  When this happens my website crashes.  Below is the error I see in the event log.  Any ideas?

Faulting application name: php-cgi.exe, version:, time stamp: 0x58803748
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x0001427b
Faulting process id: 0x4d30
Faulting application start time: 0x01d3104f94382d27
Faulting application path: C:\Program Files (x86)\PHP\v5.6\php-cgi.exe
Faulting module path: C:\Windows\SYSTEM32\KERNEL32.DLL
Report Id: d33efe6a-7c42-11e7-80c7-d8b1f2452a7f
Faulting package full name:
Faulting package-relative application ID:
One of our 2012R2 IIS web servers starting having a weird issue with port exhaustion resulting in an error 'Tcpip 4231'.  All of the outgoing ports are in use.  This was a brand new server, not serving any pages, but we monitor the availability.  We assumed it was related to a Windows update and began looking in to the issue; but then another server which hasn't had updates since April 2017 started having the same issue.

When I ran netstat, lo and behold every port in the range was in use by IIS.  It looks like there were ~120 inbound connections but the full port range was in use.  I was able to work around it temporarily by extending the range from 10000 - 65535 but this is a temporary fix.

So far as I can tell, no Windows 2008R2 IIS servers have become problematic.  

I'll post more info as I have more detail, but if anyone has run across this before it would be helpful.

Thanks in advance!
I am trying to create pdf file in temp folder programmatically.

 I am getting Access Denied to temp folder in IIS while generating pdf  using background service.

But when i generate file inside the temp folder by web app then it allows file creation.

The temp folder has Read , Write permissions and background service is running as administrator.  

Plz suggest.
NFR key for Veeam Backup for Microsoft Office 365
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Hi, i'm really desperate, facing a problem that is obsessing me.
I'm managing a legacy web-application entirely wrote in classic asp 3.0, connected to a mysql database.
I'm experiencing hangs, like, someone sometimes go on a page and it takes FOREVER to reply, without any apparent reason. If i later try to launch that same page, it loads without problems, so it's NOTHING related to code cause it's not repeatable at all.
In this attached screen took at Worker Process monitor on IIS u can see quite the example situation.
At this point, to start, would be enough for me to tell IIS "PLease, if a process takes more than 2 minutes, TERMINATE IT!". Using "Idle time-out" from application pool settings seems to not work (it's set to 1 minutes and you can see here there are process waiting forever).
Server.scriptTimeout doesn't work either (it's set to 3 minutes).
These process get terminated only when i recycle the appPool, but i can't recycle it cause it will disconnect all users that are current logged in.
Another thing that i noticed, is that if a user start a long-time operation (for example an inventory), he cannot interrupt it till it ends, in few words even if i rethink about it and wanna do other things, he have to wait that page to reply before he can open another page on the same domain with the same browser.
I have tons of things to say but at least this is a starting point. Anybody can point me to the right direction to face this problem?
Just installed Exchange 2013 and when i try to browse to https://localhost/ecp?ExchClientVer=15 nothing happens. It just hangs.

Failed to install web server service IIS windows authentication & ASP due to error "Attempt to install ASP failed  with error code 0x8007007E. The specified module could not be found &  "Attempt to install windows authentication failed  with error code 0x8007007E. The specified module could not be found
Hi All,

Can anyone here please assist me in troubleshooting as to why my Outlook Web Access is randomly signing me off while reading or typing email ?

I also cannot access the below OWA option with HTTP ERROR 500:
Change OWA Account settings:
Change AD Password:
Enable OWA Add On:

However, when I manually type in the Public IP address or the server name instead of, I can access the server with no problem.

This is my current deployment of the Exchange Server 2013 Standard Edition in my domain:

AD Site: Default-First-Site-Name [old CAS & MBX server] [new CAS & MBX server]

AD Site: Head_Office [CAS & MBX server] [MBX server]

I have just created multiple A Record for and pointing to my existing 3x CAS-MBX Exchange 2013 server roles.

Public DNS (A) records Round Robin: – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM

Internal DNS (A) records Round Robin: – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM
Hi All,

After installing new CAS role and then configuring the Virtual Directories to use single name space, I cannot access OWA on my new Exchange Server 2013 Standard edition ?

Error: is currently unable to handle this request. HTTP ERROR 500

Why is this happening ?
Hi All,

I noticed that from my Outlook 2016 connection status, I am using RPC, is this the old slow and insecure protocols ?
Connection Status
I've found the steps below:
Set-MapiVirtualDirectory -Identity "PRODMAIL20-VM\mapi (Default Web Site)" –InternalURL -ExternalUrl -IISAuthenticationMethods Negotiate
Set-MapiVirtualDirectory -Identity "PRODMAIL30-VM\mapi (Default Web Site)" -InternalURL -ExternalUrl -IISAuthenticationMethods Negotiate
Set-OrganizationConfig -MapiHttpEnabled $true
Get-OrganizationConfig | fl *mapi*

Open in new window

Note: I have wildcard * SSL certificate installed on the both CAS servers above.

So I wonder if anyone here knows what's the impact in executing the steps above during the business hours ?

Any help would be greatly appreciated.

Dear community,
We have Problems with active sync in Exchange 2016 CU5.
After a Migration from Exchange 2010 to Exchange 2016 CU5 the following error occours when we connect with active sync:

OWA is working!

exchange analyzer
Event code: 3008
Event message: A configuration error has occurred.
Event time: 07.07.2017 08:10:45
Event time (UTC): 07.07.2017 06:10:45
Event ID: d049c0dd0f3b4cc4986b58ec61b74869
Event sequence: 1
Event occurrence: 1
Event detail code: 0
Application information:
    Application domain: /LM/W3SVC/2/ROOT/Microsoft-Server-ActiveSync-4285-131438814449264551
    Trust level: Full
    Application Virtual Path: /Microsoft-Server-ActiveSync
    Application Path: C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\
    Machine name: XXX
Process information:
    Process ID: 18536
    Process name: w3wp.exe
    Account name: IIS APPPOOL\DefaultAppPool
Exception information:
    Exception type: ConfigurationErrorsException
    Exception message: Could not load file or assembly 'Microsoft.Exchange.Security, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35' or one of its dependencies. The system cannot find the file specified. (C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\sync\web.config line 251)
   at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective)
   at …
I have one domain e.g. and I want to host 4 different locations in order to gain faster bandwidth for the end users. How can I do that? Or let me know if azure has something I can use.

im using windows server 2012 and iis 6.2
i have it configured to point at a smtp exchange server
the portal on iis sends out emails
this seems to work for a day or 2 then the emails stop going out
if i do a iisreset that will fix for another few days
then it fails again
i know i could schedule an iis reset but i would like to know why this is happening
What is SQL Server and how does it work?
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

We are using Oracle's Primavera Contract Manager that requires a SMTP server to send email but allows for no options to use anything that requires a username or password. So in order to make it work we have the IIS SMTP service setup that requires no authentication and anonymous access. This is a problem as it appears some outside source is using it to send bogus/spam emails. Any ideas if there are options to secure the smtp server service on the Windows 2012 server so it's not anonymous access to send? or possible some sort of free online smtp server? The ISP is Comcast which requires a username and password for smtp services so that will not work. Any thoughts? Or addiotional questions please feel free to ask and thank you in advance for your help.
Hi all,

Having being doing some extensive work around our public facing webservers we are now getting down to less known issues. Most of the work we have being doing was around Certificates and encrption. Following another recent scan we are still getting the saem result come up for most servers:

  • Strict-Transport-Security      
  • Content-Security-Policy      
  • Public-Key-Pins      
  • X-Frame-Options
  • X-XSS-Protection      
  • X-Content-Type-Options      
  • Referrer-Policy      

I have read a bit about them but its a bit over my head not having a web background. To mitigate these problems can someone tell me are these weaknesses linked to IIS or encryption. Knowing that would be a good start.

Apologies if this is a simple one but I'm an Apache guy and need to amend a instance of IIS Server 2012 to be able to serve content located on the d:\ drive of the server using a path of /supplementary

Can anyone please advise how I accomplish this is IIS as in Apache I'd simply use
Alias /supplimentary "D:/infrastructure_data/supplimentary"

Open in new window

Hi All,

Can anyone here please sanity check the below Powershell script if it makes sense or I missed out something that I should be configured ?

Set-OWAVirtualDirectory –Identity "PRODMBX20-VM\owa (Default Web Site)" -ExternalURL "" 
Set-OWAVirtualDirectory –Identity "PRODMBX20-VM\owa (Default Web Site)" -InternalURL ""

Set-OABVirtualDirectory –Identity "PRODMBX20-VM\OAB (Default Web Site)" -ExternalURL "" 
Set-OABVirtualDirectory –Identity "PRODMBX20-VM\OAB (Default Web Site)" -InternalURL ""

Set-ECPVirtualDirectory –Identity "PRODMBX20-VM\ecp (Default Web Site)" -ExternalURL "" 
Set-ECPVirtualDirectory –Identity "PRODMBX20-VM\ecp (Default Web Site)" -InternalURL ""

Set-WebServicesVirtualDirectory –Identity "PRODMBX20-VM\EWS (Default Web Site)" -ExternalUrl ""
Set-WebServicesVirtualDirectory –Identity "PRODMBX20-VM\EWS (Default Web Site)" -InternalUrl ""

Set-ActiveSyncVirtualDirectory –Identity "PRODMBX20-VM\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL ""
Set-ActiveSyncVirtualDirectory –Identity "PRODMBX20-VM\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL ""


Open in new window

I had this question after viewing Enabling CAS role on current mailbox server ?.

Hi All,

When I run the command get-clientaccessserver | fl to check the URI for all of my CASserver, the result is:

AD Site: Default-First-Site-Name
Server name: PRODMAIL08-VM

AD Site: Head_Office
Server name: PRODMAIL02-VM

The SSL certificate that is used in both CAS servers are wildcard *

so do I still need to execute the command below from my newly added server:

get-clientaccessserver | set-clientaccessserver -autodiscoverserviceinternaluri ""

Open in new window

Thanks in advance,
Hi all,

Being doing some work around tightening security on internal and external communications with stronger certificates and removing weak ciphers. All though this fairly straight forward I had a problem yesterday that has raised questions mainly around my understanding.

We have a web server in the DMZ 2008 R2 IIS. It has an external signed certificate (SHA256). scanning the website shows a number of weaknesses around Ciphers that are part of TLS 1.0, 1.1 and 1,2.

We have to keep TLS 1.0 enabled because of application compatibility.

Is it possible to disable specific ciphers that are weak rather than disabling the tls protocol?

Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.