Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

Pertinent info:
IIS 7.5
Win 7
Classic App Pool

I receive a 401.2 error on screen but 401.5 error in the logs. Have anyone else seen this?

I have 3 sister applications that usually all install on a machine (usually IIS 7) and work out of the box.  In this scenario (see above), 1 of the 3 fails with the 401.2 error displayed and 401.5 error in the logs.  The one that fails is developed by the same team as one of the working apps and their web config is almost exact (modules and handlers). The permissions on their folders are also identical.

Has anyone seen this before where two different error codes are displayed and is there a solution for such?

I can post more information if needed.

Comprehensive Backup Solutions for Microsoft
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

I deployed my C# MVC ASP .Net website with a deploy package, edited the web config with the correct appsettings and connection strings, then all o the sudden I am getting this after running iisreset and browsing to the site eternally:

401 - Unauthorized: Access is denied due to invalid credentials.

Don't know what has changed, it used to work before.
If I browse to the site locally on the server using https://localhost, then all works fine. If I use the external domain address and thereby enter via the public IP of the server, I get the error shown above displayed in the browser. This happens using the external domain address of the website both locally on the server itself and remotely from some other location.
getting below error message while loading the site.

500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.

Parser Error Message:
config section 'system.web/compilation' already defined
Sections must only appear once per config file.  See the help topic <location> for exceptions.

Please help me to resolve this.
I'm looking for help getting a jump start on implementing SAML 2.0.   I have read a lot of documentation but it all seems geared towards the user-end, not the developer end.   Here is our situation.

We provide a website to corporate clients, each corporation has many users.   These companies have their own websites and their users have their own logins.   Our clients want their users to login to their website and be able to pass through to our website without needing a login on our website.

-Our clients' websites would login the user  and then pass the user onto our site without needing to login
-Our site would accept the user as long as the client says they are valid, we are ok accepting them.  
-We would create a corresponding user record on our end for each user

What do we need to do on our end to implement SAML?  
Can we code something and/or do we need a third party?
We code in Coldfusion (CF 11)

While I do understand Single Sign-On and the parts of SAML needed.  I have yet to find steps to actually implement.  Any help with this would be greatly appreciated.
Dear All

             i have a question regarding on Setting up Proxy .pac files in IIS7 in server 2012, our company running a TMG Proxy 2010, currenty i have a server 2008 webserver running a proxy .pac file in iis 6, for some reason this server is too old, i'm planning to migration it to a new server which is a server 2012, i installed a iis , copied the pac file to "c:\inetpub\wwwroot\pac" , and start the service , in ipad i manually configure the http proxy to "" , the ipad can not access to internet whereas using the current http proxy i could access to internet, any idea what i have done wrong ?

We have a web server IIS 7.5 that is running 40 -50 sites. is there a way to generate a list of the version of php that is running on each site?

I was trying to setup a WebDAV site as my default site for IIS. I enabled the service, added it to the site, checked my permissions, and now NOTHING happens when I try to connect to it. Web browsers just hang trying to connect indefinitely and I can't map a drive to it as it gives me a generic connectivity error. Are there any common issues I should be looking into?

My apologies, I am new to WebDAV.
we are reviewing share permissions for a security audit and noticed on an IIS server, the folder c:\inetpub is accessible with read only rights to domain users. Knowing IIS as you do, could this default IIS folder contain any security sensitive information that should not be openly accessible, or is it pretty anonymous data that poses no real risk.
Have a 2012 remote desktop server for GP deployment, we are using a wildcard cert from GoDaddy, everything was fine until last week our Network engineer rekeyed it with godaddy, Anytime someone would go to GP Web services they would get a certificate revoked error, downloaded the new cert and rebinded in IIS, this fixed that issue, today the issue is anytime the connect via RDP they are getting the same error that the cert has been revoked.  I've gone into the RD gateway manager and reimported the right cert, rebooted and then tested, same error. I check the cert and it looks like the old one still, is there another place i need to put this cert?
Hello all,

I have a requirement where I need to be able to do the following:

1.  User from anywhere in the world types
2.  They are either presented a prompt or a page that asks for username and password
3.  After they successfully authenticate their username and password they are automatically redirected to their specific URL.

I would prefer to keep this as absolutely simple as possible as this is the one area none of us are an expert in.  So the goal would be a simple solution using IIS for example and once the configuration is done, we could easily add others as we expand.  I am open to other ideas as well as long as it's easy to maintain and cheap.

Our initial goal in mind was to have a dedicated Server 2016 IIS server in a DMZ with this authentication page on it, that once successful will redirect them to the specific Web Application running inside the same data center.

New feature and membership benefit!
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

We moved a website from a server 2008 to a server 2012 system with Windows Authorization turned On and Anonymous turned Off.  Now, we get a HTTP Error 401.2 error.  However, if I turn On Anonymous it works.  Is there a way to take a deeper dive into this type of error to see what permissions we are missing?  I have turned on tracing, but it doesn't produce any trace logs.  To make a short story longer, the Old web code is invoking the Neevia Document Converter product and using the WebKit to parse HTML.  I suspect it has little to do with the Neevia product and more to do with the permissions differences between 2008 and 2012 server.  The building IE parser doesn't work either (gets a timeout).

HT T P Error 401.2 - Unauthorized
You are not authorized to view this page due to invalid authentication headers.
Most likely causes:
No authentication protocol (including anonymous) is selected in IIS.
Only integrated authentication is enabled, and a client browser was used that does not support integrated authentication.
Integrated authentication is enabled and the request was sent through a proxy that changed the authentication headers before they reac
h the Web server.
The Web server is not configured for anonymous access and a required authorization header was not received.
The "configuration/system.webServer/authorization" configuration section may be explicitly denying the user access.
Things you can try:
Verify the authentication setting for the resource and then…
We have recovered a server which has IIS server, the server was restored successfully, , however if I try to access the website, it brings up a http 500 error message

Not sure what the issue is since we have recovered the exact server ?

I need help please ?
I have a WordPress website running on IIS.  After it runs for a few days I get many instances of php-cgi.exe loaded versus the normal two that I normally have..  When this happens my website crashes.  Below is the error I see in the event log.  Any ideas?

Faulting application name: php-cgi.exe, version:, time stamp: 0x58803748
Faulting module name: KERNEL32.DLL, version: 6.3.9600.17415, time stamp: 0x545049be
Exception code: 0xc0000005
Fault offset: 0x0001427b
Faulting process id: 0x4d30
Faulting application start time: 0x01d3104f94382d27
Faulting application path: C:\Program Files (x86)\PHP\v5.6\php-cgi.exe
Faulting module path: C:\Windows\SYSTEM32\KERNEL32.DLL
Report Id: d33efe6a-7c42-11e7-80c7-d8b1f2452a7f
Faulting package full name:
Faulting package-relative application ID:
Hi All,

Can anyone here please assist me in troubleshooting as to why my Outlook Web Access is randomly signing me off while reading or typing email ?

I also cannot access the below OWA option with HTTP ERROR 500:
Change OWA Account settings:
Change AD Password:
Enable OWA Add On:

However, when I manually type in the Public IP address or the server name instead of, I can access the server with no problem.

This is my current deployment of the Exchange Server 2013 Standard Edition in my domain:

AD Site: Default-First-Site-Name [old CAS & MBX server] [new CAS & MBX server]

AD Site: Head_Office [CAS & MBX server] [MBX server]

I have just created multiple A Record for and pointing to my existing 3x CAS-MBX Exchange 2013 server roles.

Public DNS (A) records Round Robin: – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM

Internal DNS (A) records Round Robin: – Public IP address of PRODMAIL14, PRODMAIL20-VM and PRODMAIL42-VM
Hi All,

I noticed that from my Outlook 2016 connection status, I am using RPC, is this the old slow and insecure protocols ?
Connection Status
I've found the steps below:
Set-MapiVirtualDirectory -Identity "PRODMAIL20-VM\mapi (Default Web Site)" –InternalURL -ExternalUrl -IISAuthenticationMethods Negotiate
Set-MapiVirtualDirectory -Identity "PRODMAIL30-VM\mapi (Default Web Site)" -InternalURL -ExternalUrl -IISAuthenticationMethods Negotiate
Set-OrganizationConfig -MapiHttpEnabled $true
Get-OrganizationConfig | fl *mapi*

Open in new window

Note: I have wildcard * SSL certificate installed on the both CAS servers above.

So I wonder if anyone here knows what's the impact in executing the steps above during the business hours ?

Any help would be greatly appreciated.

I have one domain e.g. and I want to host 4 different locations in order to gain faster bandwidth for the end users. How can I do that? Or let me know if azure has something I can use.

im using windows server 2012 and iis 6.2
i have it configured to point at a smtp exchange server
the portal on iis sends out emails
this seems to work for a day or 2 then the emails stop going out
if i do a iisreset that will fix for another few days
then it fails again
i know i could schedule an iis reset but i would like to know why this is happening
Our website currently uses the following web.config file:


        <rule name="wordpress" patternSyntax="Wildcard">
            <match url="*"/>
                    <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
                    <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
            <action type="Rewrite" url="index.php"/>
        <rule name="HTTP to HTTPS redirect" stopProcessing="true">
            <match url="(.*)"/>
                  <add input="{HTTPS}" pattern="off" ignoreCase="true"/>
            <action type="Redirect" redirectType="Permanent" url="{R:1}"/>


we have internal pages such as application, pricing, about-us, blog etc like:

what I want is to set a 1 to 1 301 redirection of the pages without https in the URLs to the respective https version pages of the site.
For example: Set a 301 redirect for the page to

Right now it gets redirected from to

I've got the existing Exchange Server 2013 Standard SP1 that is running as MBX&CAS role in one AD site called Default-First-Site-Name.
I want to decommission it so that I can run the both MBX & CAS on new Win2012 R2 VM so I can configure DAG on the other AD site called Head-Office1.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Mailbox & Client Access Server] - Windows Server 2008 R2 existing legacy.
PRODMAIL15-VM [Mailbox server only] - Windows Server 2012 R2 newly built for DAG.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG.

AD Site Default-First-Site-Name
PRODMAIL14-VM [Decommissioned]
PRODMAIL15-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 setup for DAG with Head Office.

AD Site Head-Office1
PRODMAIL20-VM [Mailbox & Client Access Server] - Windows Server 2012 R2 existing newly built for DAG with PRODMAIL15-VM.

How to do that safely without causing email flow issue during the production business hours ?
What're the steps in installing CAS so that it does not cause any email flow during the business hours on PRODMAIL15-VM ?
If I install the windows update now during the business hours on PRODMAIL15-VM is there any impact or problem when I reboot it ?

Thanks, in advance.
NEW Veeam Agent for Microsoft Windows
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

I have set up and created a website in IIS 10.  I have posted the settings in screenshots below.  The issue is, I can access the website when I go to on my LOCAL PC that hosts the website, however when I go to the same on my phone or other PC not connected to my local network, it gives an error saying cannot find my website.  My question is, what am I missing that I cannot view my website from devices not on my local network?
Hi guys. I have a situation where I have a dc with the domain.local setup. IIS was already setup for a database application. I've been asked to setup Microsoft work folders. Ports 443 are already in use.
I've setup the role, the service groups atc. However I'm stuck on the ssl part. Do I have to go for a public ssl very, do I need a public addressable domain name and an A record setup or is it possible to have a local domain do this. If a public domain is needed how do I get it to work with a .local private dc convention?
Hello all,

I've spent so many hours on this now and can't figure it out.

I've created a really basic proxy.pac file, published as a website in IIS7.

Chrome and Firefox show the contents of the pac file within the browser as plain text, this is good.

But Internet Explorer always tries to download the file when I go to the URL!

It's driving my crazy trying to figure this out!

Only specific changes I've made in IIS7 are...

- MIME type (.pac) = application/x-ns-proxy-autoconfig

- HTTP response header (Content-Type) = text/plain

I am an amateur at IIS, been working in IT for 13 years but first time looking at this stuff.

First time I've ever had to post anything technical on a forum because I'm completely stumped.

I'm sure it's going to be one simple setting somewhere that I've missed, But I must have clicked on every Google result ever trying to find the answer!

Screenshots attached.

Please help I will be so grateful  : - )

Thank you,



Michael hOGGATT

I've got two load balanced IIS servers that are balanced via F5 round robin load balancing to a shared SQL Backend and File Server, I will call the IIS servers 1 & 2. Both servers have a pretty evenly distributed load, with 2 normally seeing slightly more connections than 1. Somehow though, 1 seems to be experiencing more worker process CPU load across the application pools.

All IIS Settings appear to be the same, CPU wait time seems to be the same on the worker processes. I'm really struggling here to find any differences between the two sites.

Any help would be appreciated.

It's been a couple of times our user's credentials got comprised via phishing scheme. As the result, the hacker logged into that user's OWA account and remained logging in forever to read the email communication or download, etc. My question is, is there a way to detect a user(s) who remain logged in OWA for long time, say 10 hours, using IIS log file?

Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.