Microsoft IIS Web Server

35K

Solutions

16

Articles & Videos

29K

Contributors

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hello,

The vendor who does our security audit express concern about SSL certificate we are using on our websites.  They mention version 3 and TLS v1 are not secured.  

I check the version of the cert we purchase is SHA-2.  

I usually purchase the latest version cert and apply it to my IIS website.  Are there additional things I need to do?

Please advise.  

Thanks.
0
Instantly Create Instructional Tutorials
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Hi All,

I just renewed one of our web certificates and im now trying to export the certificate to add to another server in a cluster. But the export wizard wont allow me to export the cert private key a sits greyed out?

Any way I can get round this?
0
Hi

I'm developing a web application to be used by thousands of users.

The development is done under Alpha anywhere that relies on IIS
My question is the following: what are the limitations of IIS in terms of "servicing" users ?
How many users can hit the server at the same time ?

What are the configuration possible if I have 15000 users ?
How do u calculate the need ?
Thx
0
Greetings:

I recently performed a clean install of Windows 10 Pro on my desktop and included IIS version 10.

I'm looking for the steps to allow other computers on my network to view pages on my local website and client websites under development. I believe this is a security issue but I'm not sure.

Any assistance is most appreciated.


Much thanks,
David Bach
0
Hi all, I've got a very old .asp web application that prints to pdf.  I developed this app 13 years ago, and we've now come to record number 10,000 and I need to expand the record number field in the pdf to accommodate for the extra digit.  I've managed to find the file 'requisition.pdf' and I can edit it, I've moved things, expanded the field, but I don't see my modifications reflected in the application, when the pdf is created inside the application.  I move things around but everything stays the same in the app.  What am I missing here?  It's been 13 years and I'm struggling to remember how I did this.  

Some code (reqnum is the field in question):

Dim UserID
UserID = rsReqs("UserID")
strsql2 = "SELECT * FROM [User] Where UserID = '" & UserID & "'"
            set rsUser = Server.CreateObject("ADODB.Recordset")
            rsUser.Open strsql2, connDB, 1, 2
Dim User
User = rsUser("FN") & " " & rsUser("LN")
Set FdfAcX = Server.CreateObject("FdfApp.FdfApp")
Set outputFDF = FdfAcX.FDFCreate      
outputFDF.FDFSetValue "ReqNum", rsReqs("ReqNum"), False
outputFDF.FDFSetValue "UID", User, False       
outputFDF.FDFSetValue "DateEntered", rsReqs("DateEntered"), False       
outputFDF.FDFSetValue "DueDate", rsReqs("DueDate"), False
If rsReqs("Vendor2") = "" Then
outputFDF.FDFSetValue "Vendor", rsReqs("Vendor1"), False
Else
outputFDF.FDFSetValue "Vendor", rsReqs("Vendor2"), False
End If

(a lot more code in here)....

If rsReqs("qty19") > "0" then
outputFDF.FDFSetValue "qty19", …
0
I'm looking for a most straightforward way to kill a process when it reaches a user defined memory usage threshold.

The Problem: I host multiple websites via IIS 10 on a Windows 2016 server. However I have one or two sites that start returning a 500 Error to users when the sites WPW3.EXE process exceeds 150,000K of Private Working Set Memory,

Simply ending the process resolves the issue because it re-spawns automatically.

POSSIBLE SOLUTION: I'd like to create a monitor that will automatically kill a specific WPW3.EXE process belonging to a certain user (website) when the process reaches a specific memory usage value.

Any and all constructive input is appreciated.

Best regards.
0
Hi,

I have a site with anonymous access to the public side and userid/password protection to the admin side.  I've suddenly started getting failures trying to log in to the admin section.  

Environment: Windows server 2008 R2 Standard;  IIS 7.5
For the admin folder, I have Basic authentication and Windows Authentication enabled.

Tried logging in with the local administrator account and that failed.
Detailed error information was:

Module  WindowsAuthenticationModule         Requested URL: http://..../admin
Notificaiton: AuthenticateRequest                     Physical Path   d:\...
Handler: StaticFile                                                 Login Method  Not yet determined
Error code   0xc000006d                                      Logon User       Not yet determined

In the Security event log I'm seeing 4625 failures:

An account failed to log on.

Subject:
  Security ID:     NULL SID
  Account Name:     -
  Account Domain:  -
  Login ID:                0x0
 
Logon Type:            3

Account For Which Logon Failed:
   Security ID:         NULL SID
   Account Name:   administrator
   Account domain: cf

Failure Information:
   Caller Process ID:  0x0
   Caller Process Name:   -

Network Information:
   Worksation Name:  CF
   Source Network Address: 127.0.0.1
   Source Port: 54061

Detailed Authentication Information
  Logon Process:
  Authentication Package: NTLM
  Transited Services:   -
  Package Name (NTLM only): …
0
People,

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

Existing:
AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

Proposed:
AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
0
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
0
I have set up and created a website in IIS 10.  I have posted the settings in screenshots below.  The issue is, I can access the website when I go to www.favoritepicks216.com on my LOCAL PC that hosts the website, however when I go to the same www.favoritepicks216.com on my phone or other PC not connected to my local network, it gives an error saying cannot find my website.  My question is, what am I missing that I cannot view my website from devices not on my local network?
applicationpool.png
bindings.png
moresettings.png
sitesettings.png
0
Enroll in June's Course of the Month
LVL 8
Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

For HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader (REG-DWORD) i realised that on some IIS servers in the registry there is no such entry.

May i find out if this entry is not found in the registry, what is the default?

Thanks!
0
Is it possible for me to map a drive for someone to some files on my server without giving them permission on the server or how would I set this up on the server side to ensure minimal access.
0
Hi there,

I need some help write a powersheet so that when i run it on my IIS 7 or 7.5 it will check if each of this exisit. If exisit, it will throw a statement, "exisit, please have it removed"

http://localhost/iissamples
http://localhost/iisadmpwd
http://localhost/IISHelp
http://localhost/Printers

I want to ensure that  the default Virtual Directories and the files and folder they point to should be removed.
0
Hi there,

Any kind experts out there can help me to list the following: %systemroot%\system32\inetsrv\ on a default windows IIS 7 or 7.5 in a text file or screenshot will be of great help.

As i do not have access to a IIS 7 or IIS 7.5 at the moment.

Any references to Microsoft website or MSDN will be of great help too.

I am trying to determind if in the default IIS installation the folders are there:
  1. inetsrv\IISADMPWD
  2. inetsrv\IISHelp
  3. inetsrv\Printers
  4. inetsrv\IISSamples
0
Hi there,

i need help to write a windows power shell script to run a command to check if IIS_IUSRS group have access to the iisWasKey revoked.

- I need the script to pull the windows server <MachineGUID> dynamically before running the command:

- Obtain the machine GUID at the Registry Value "MachineGuid" in the Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography

Next, open a command prompt and run the following icacls command, ensuring that BUILTIN\IIS_IUSRS(R) has been removed:

icacls %ALLUSERSPROFILE%\Microsoft\Crypto\RSA\MachineKeys\76944fb33636aeddb9590521c2e8815a_<MachineGUID>

Open in new window


Refernce to this is: 3.11 Ensure 'encryption providers' are locked down of https://benchmarks.cisecurity.org/tools2/iis/CIS_Microsoft_IIS_7_Benchmark_v1.8.0.pdf

Great thanks!
0
i AM TRYING TO SET UP AN OOKLA SERVER FOR MY COMPANY

IM USING SERVER 2012 - WHEN TESTING FROM OOKLA'S SERVER TESTER TOOL .

ONE OF THE SECTIONS IS GIVING ERROR 405 METHOD NOT ALLOWED..

I NEED TO ALLOW POSTS FOR THAT FILE OR LINK TO WORK .. THE FILE IS BY NAME (UPLOAD.ASPX)

I WANT TO KNOW  HOW TO GIVE PERMISSIONS - WITHIN HANDLER MAPPINGS

AND WHAT PERMISSIONS I NEED TO GIVE.
0
Hi guys. I have a situation where I have a dc with the domain.local setup. IIS was already setup for a database application. I've been asked to setup Microsoft work folders. Ports 443 are already in use.
I've setup the role, the service groups atc. However I'm stuck on the ssl part. Do I have to go for a public ssl very, do I need a public addressable domain name and an A record setup or is it possible to have a local domain do this. If a public domain is needed how do I get it to work with a .local private dc convention?
0
I have 2 servers (Windows Server 2012 R2 and Windows Server 2008) being scanned by Qualys that have surfaced this finding:

HTTP Security Header Not Detected HTTP Security Header Not Detected port 80/tcp

THREAT:
This QID reports the absence of the following HTTP headers:
X-Frame-Options: This HTTP response header improves the protection of web applications against clickjacking attacks. Clickjacking, also known as
a "UI redress attack", allows an attacker to use multiple transparent or opaque layers to trick a targeted user into clicking on a button or link on
another page when they were intending to click on the the top level page.
X-XSS-Protection: This HTTP header enables the browser built-in Cross-Site Scripting (XSS) filter to prevent cross-site scripting attacks. X-XSSProtection:
0; disables this functionality.
X-Content-Type-Options: This HTTP header prevents attacks based on MIME-type mismatch. The only possible value is nosniff. If your server
returns X-Content-Type-Options: nosniff in the response, the browser will refuse to load the styles and scripts in case they have an incorrect MIMEtype.
QID Detection Logic:
This unauthenticated QID looks for the presence of valid X-Frame-Options, X-XSS-Protection HTTP and X-Content-Type-Options headers in a
HTTP request.
IMPACT:
Depending on the vulnerability being exploited, an unauthenticated remote attacker could conduct cross-site scripting, clickjacking or MIME-type
sniffing attacks.
SOLUTION:
N/A
0
I am trying to configure SMTP on a webserver 2008 r2 sp1 for a php contact form in one of my websites.  However, when i go into IIS 6.0 manager to configure it, It doesnt give me the option to create a virtual SMTP Server. I have watched a multitude of videos on how to setup and configure SMTP but server is not cooperating with the instructions I find.   Also,  as a FYI... I rebooted the server several times and especially as IIS 6.0 keeps on crashing or when I expand the webserver, it show me Application pool and Website and all the websites have a red Triangle with an exclamation point and no name just site #
0
Free learning courses: Active Directory Deep Dive
LVL 1
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Hello all,

I've spent so many hours on this now and can't figure it out.

I've created a really basic proxy.pac file, published as a website in IIS7.

Chrome and Firefox show the contents of the pac file within the browser as plain text, this is good.

But Internet Explorer always tries to download the file when I go to the URL!

It's driving my crazy trying to figure this out!


Only specific changes I've made in IIS7 are...

- MIME type (.pac) = application/x-ns-proxy-autoconfig

- HTTP response header (Content-Type) = text/plain


I am an amateur at IIS, been working in IT for 13 years but first time looking at this stuff.

First time I've ever had to post anything technical on a forum because I'm completely stumped.

I'm sure it's going to be one simple setting somewhere that I've missed, But I must have clicked on every Google result ever trying to find the answer!

Screenshots attached.


Please help I will be so grateful  : - )

Thank you,

Lewis.
chrome.jpg
InternetExplorer.jpg
0
When I type in Localhost in the web browser on a Server 2008 RS webserver, i get this message. I was attempting to install PHP  7.0. and was doing some testing of phpinfo.php file and it could not find it.   127.0.0.1  does not bring up a page either.
0
are permissions to be set for all users in inetpub and do they filter down to the root directory ?

Are all of the accounts such as Creator owner, system, etc. to be set to full permissions?
On the other hand are there some to be left out in inetpub and basic permissions to be set for the root directory?

Michael
0
Hi,
I'm getting ready to migrate to Exchange 2016 from Exchange 2010.
I've asked questions, watched videos and read many guides online for the migration.
All resources are similar in steps that need to be taken.
However, only one resource (A video on Pluralsight.com) mentions "Getting IIS ready for Co-Existence". They say to run the attached command.

My questions.
1. What exactly is this command doing and is there a way for me to do it using IIS GUI? Or is there  way to do it in several shorter commands? I seem to recall running this one long command on a test server months ago and It gave me some powershell errors I couldn't get past.

2. Will the Exchange 2016 setup automatically  take care of what this command is doing?

Thanks!
Nacht
IIS co-existence
0
I HAVE DOWNLOADED  Microsoft WEB PLATFORM INSTALLER 5.0.
 WHAT COMPONENTS DO YOU RECOMMEND I DOWNLOAD FOR php ?

  which  VERSION OF php, iis AND MYSQL ARE BEST FOR Windows 7 64 BIT INCLUDING ANY DRIVER THAT MIGHT BE NEEDED?

Michael hOGGATT
0
People,

Can anyone here please assist me with the PowerShell script to assist me with restarting the Windows Server 2012 R2:

If the HTTP service is unavailable,
then restart IIS server only.

How to do it in Powershell script so that the script is running every 1 minute ?

Thanks.
0

Microsoft IIS Web Server

35K

Solutions

16

Articles & Videos

29K

Contributors

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.