Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post


I am a web developer, not a server administrator. Due to unfortunate circumstances at my office, we no longer have staff that manages our servers, and I have been asked to get our server PCI compliant. Good times. The server is running Windows 2008 R2 64 Bit. There were 9 issues and I have resolved 7 of them. I am having a hard time with the last two. I have been reading for the last two days and I am still unclear how to resolve the issues. Hopefully someone here has the missing pieces I am looking for.

The two issues are:

1. SSL/TLS Weak Encryption Algorithms
2. Reflected Cross-Site Scripting Vulnerability

I don't want to over simplify the solution, but if there's anyone out there who can help me resolve these two items I'd appreciate it. I've included a screenshot of IIS Crypto 2.0 below.

Thanks for any guidance.
Technology Partners: We Want Your Opinion!
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

We have an old application that used a program for Classic ASP called XQASP that was basically a URL rewrite before there were thing. I am moving a website from an old Windows 2003 server to a new Windows 2016 and do not want to loose the function as there are 1000's of links that would have to be re-written and Google indexing that has been done.   The basic premise of how it works now... also uploaded the Help CHM file  (Added TXT to the end to upload)   I need help converting the function to ISS URL Rewrite
should execute :

QueryString Values :

This is the INI file that has some interesting information too

#0=disabled(default), 1=enabled


#Starting Delimiter, must be 3 characters long e.g. /XQ /BA /CB STR


#Ending Delimiter, must be 3 characters long e.g. /QX /AB /BC END


#Variable=Value seperator, must be 1 character long, defaults to . (single period)
# Change Microsoft URLScan options or use an underscore ("_") as the seperator.


#Variable Variable Separator, use "-" instead of a slash "/" to make it appear as a long filename from the root web
# e.g. http://localhost/STR-ASP-ZZ_1-abc_123-xyz_ggg-END-1.htm
# calls /1.asp?ZZ=1&ABC=123&XYZ=GGG

Open in new window

W3WP IIS process worker using 100% CPU in exchange 2013 CU 18 server? Unable to open ECP and OWA giving 503 service unavailable error.
One of our web developers is creating a new website for our customer service to access orders. Our current one requires a user to enter their domain username/password to access the site. With the new website he would like the browser to automatically use the current AD user credentials. I think i have the command formatted correctly. One thing i am unsure of is the netbios name of the server...if i should also include the netbios name of the domain or not. ( option 2a in this link is what he is trying to accomplish )

internal url is
netbios name of IIS server is QA2008IIS
netbios domain name is domainname

the command i have is    Setspn –a http/ QA2008IIS

is this the correct syntax for what he wants to accomplish?  What about netbios server name formatting.?? should that be domainname\QA2008IIS or just QA2008IIS   ??
Saya mau menyetingphp server dibandrol saya
Our SharePoint 2010 farm occasionally locks up and we have to reset IIS (or just do an application pool restart) on a specific web front end to bring things back.

We haven't been able to identify a root cause from looking at standard logs, and we're not really sure how to trouble-shoot it. Any ideas on how we can narrow things down?
Well I would like to build a e-commerce site in .net  
I stucked in designing the DB tables , and my problem IS:

let us say I need as a seller to sell a 2 products :
1. ring
2. cat

the "Ring" product have this fields:
A. category :"Product"
B. CategoryType : "jewelry"
C. ProductCondition: "New"
D. ProductMaterial: "Silver"

the "Cat" producthave this fields:
A. category :"Product"
B. CategoryType : "Pet"
C. Age : "1 year"
D. Color : "White"

It means , that will be MANY products at same category  with VARY different fields/sub-category .
how can i solve this problem in designing the DB field/tables/relations between each other?
Hi All,

Could someone help me with the web.config code i need to ensure all websites are prefixed with www.

Many thanks
Disclaimer:  Completely new to IIS and  I was assigned the task of copying a website that resides in an Windows server 2003 running on IIS 6.0 and making run on a Windows 2012 R2 server with IIS 8.5.  I have read you can deploy websites using IEMT or Web deploy.  My fear using these tools is that if I use them the website on the source server will stop working.  What we want is to test if the site can run in IIS 8.5.  Can anyone help me and tell me more less how to do this?  A couple of thing more.  The website was created using ASP 1.1.4xxxx and the SQL server is sitting in another computer.  Can I make this happen or do I need to recreate the website.
We have a server environment consisting of a load balance (hardware), 3 web servers and a single database server.  Against the environment we have run 3 load tests, scaling up to 600 concurrent users over a 20 minute period.  On each test the response time for the page load begins to degrade at exactly the same point, when the number of concurrent users hits 100.  

Test one was done with two web servers balanced
Test two was done with three web servers balanced
Test three was done with three web servers balanced but with +2 cpu allocated

All three tests have exactly the same result.  I have had the hosting provider for the infrastructure review the network and none of the hardware elements in the route have restrictions or limits on users and the network is handling the load with ease.  The individual web servers are also handling the load, even at peak evenly and without maxing out CPU or memory. Its seems highly irregular that the drop-off point remains identical despite the increase in resource and has lead me to question whether there is a configuration or set-up default value which is reaching its limit (100) within the system.

This is a theory but it posing a major challenge to what should be a robust server set-up and I would appreciate some expert opinion on what could be causing the issue.  In preparation I have already ensured I have New Relic APM data available for all three sessions as well as general hardware monitoring data.
Microsoft Certification Exam 74-409
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Hi to all,

I want to redirect subdomains to another subdomains and was wondering if anyone can provide a simpler solution.

This is what I'm trying to achieve. redirect to redirect to redicect to

My solution is to add the rules on each web.config file for each site but is it possible to have it on the applicationhost.config

                <rule name="Redirect to new subdomain" stopProcessing="true">
                    <match url="(.*)" />
                    <action type="Redirect" url="{R:0}" />

I need help to write a IIS 8 url rewrite to change




Basically adding "staff-detail" to all of the matching urls, as there would be different user names referenced - if that makes sense.


After a security review of our new WordPress site it was pointed out that we're vulnerable to "External Service Redirecton - DNS". Specifically, if a URL is entered into the "Your Name" field of our Contact 7 Form then the testers have found that: "It was possible to induce the application to perform server-side DNS lookups of arbitrary domain names"

The suggested remedial action is to implement a whitelist of permitted services and hosts and to block interaction not on this whitelist.

I'm something of a newbie when it comes to this, and it occured to me (perhaps wrongly!) that there may be different whitelists; one for those who cannot enter the site, and a separate for sites to which our server is allowed to speak. Or does a whitelist imply both ways?

Anyway, all help on this gratefully received and I'm imagining this is something that's been done a zillion times before!

I'm using IIS and would prefer that answer, although Apache related help just as good because I've realised I can kind of 'translate' how to do it once I've got the idea.

Thanks in advance Iain
Hi, We are a non profit organization and we have footage of streets and city from early 1900's. We want to store this all in most economical and safe way. The videos are no more than max 25GB in size each or no more than 60 mins in length each but the total amount of videos may go upto 40 TB, Is youtube a best place to store . I read that we can make those videos private in youtube channel but would those videos can be linked or embedded to our webpage even though they marked as private ?

Is there a paid youtube service which gives us more options and are there any restrictions of amount of videos (quantity and size) we upload ?

We have 2 projects running on 2 different servers that are using the same code. One server is a 2008 R2 server and the second is a 2012 R2 server.

One of the main functions of the project is to retrieve a list of websites from IIS and then use that list to perform various functions on the websites.

We recently were forced to update all of our servers to 2012 because Microsoft stopped supporting 2008. Everything works fine, except when it comes to trying to retrieve the list of websites from IIS. On the 2008 server the process takes about 1 sec to get the list of 200 websites. On the 2012 server the process takes about 30 - 40 seconds and it's w3wp.exe process uses about 3 times as much memory for the exact same set of websites

Does anyone have any idea on what we could be doing wrong? Or what we can do to fix this?

We have written a test below so that you can see our code and diagnose what may be causing the issue.

Thanks ahead of time for your help.

1. Copy GetSiteList.aspx to the root of the project

2. Modify GetSiteList.aspx file for correct settings:

    private string ServerName = "Your Server Name";
    private string LoginId = @"Your Login Id";
    private string Password = "Your Password";

3. Modify Web.config file for correct settings.
   Make sure you have "impersonate" and also assemblies reference for "System.DirectoryServices"

4. Open page http://[your-server-name]/GetSiteList.aspx


We have a Server 2012 R2 Standard running as a DC in a small office of about 8 PC running Windows 7 pro. I needed to set up an SSTP VPN service but found that I could not obtain the self signed certificate required for the client PC. Further investigation found that the ADCS Configuration is not complete and cannot be completed.

Visiting the Server Manager and looking at a flagged Notification I see that there is a Post-deployment Configuration notice to 'Configure Active Directory Certificate Services on the destination server' If I start this process I'm presented with a credentials page which is completed just fine so I click Next. Then Role Services has 'Certification Authority' is the only Role selected from the 6 potential Roles available - the remaining 5 can't be ticked they appear greyed out and I can't untick 'Certification Authority' either. The only option I have is to click Previous or Cancel which will not help me to complete the post process.

How can I break out of this cycle whilst keeping the domain active. I'm working remotely from the site through a VNC service.

Can I remove the ADCS Role safely or will this impact the existing client logins etc. I'm assuming it will but not 100% sure.

I have also noticed that the CertSrv site under the Default IIS webpage is not listed. I'm sure this was there not too long ago but again can't be sure. NB This accounts for being unable to access CertSrv on this server either locally or externally.

Some …
Hi, Im getting following error Messages

HTTP Error 500.21 - Internal Server Error
Handler "ExtensionlessUrlHandler-Integrated-4.0" has a bad module "ManagedPipelineHandler" in its module list

I have run following command  no results

c:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I

%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -i
For example, domain changed from to, what is the best way to change website names in SBS2008 to the new site address?

In the SBS Console\Shared Folders and Web Sites\Web Sites

Thank you.

I need to setup a quick FTP site on a domain server and I am stuck.  Someone please help...

Here are the steps I have done:
create a local user.  This local user is in the USERS local group and have login locally right.
Open up Windows Explorer
create a ftproot folder in my E drive
grant users read only, administrators R/W
create a ftp site in IIS
specify physical path to point to the ftproot folder
enable virtual host names -
no ssl
basic authentication
specify a local user to have R/W
create a local DNS A record for

I open up a DOS prompt on a domain workstation and type ftp
I am getting this error: 530 user cannot log in, home directory inaccessible.
NFR key for Veeam Agent for Linux
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

The Report Viewer Web Control HTTP Handler has not been registered in the application's web.config file. Add <add verb="*" path="Reserved.ReportViewerWebControl.axd" type = "Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /> to the system.web/httpHandlers section of the web.config file, or add <add name="ReportViewerWebControlHandler" preCondition="integratedMode" verb="*" path="Reserved.ReportViewerWebControl.axd" type="Microsoft.Reporting.WebForms.HttpHandler, Microsoft.ReportViewer.WebForms, Version=, Culture=neutral, PublicKeyToken=89845dcd8080cc91" /> to the system.webServer/handlers section for Internet Information Services 7 or later.
Looking at the worker processes in IIS for the website, the time lapsed seems to be quite high and the cpu usage is also very high.
The webiste is down as well. Please help how to resolve this issue.
I have tried almost everything on the Internet, I am not sure what am still missing.
PC: Windows 10
Router: Port forward enabled with UnPnP

The webserver is a Datasnap REST webserver, (might be irrelevant), hosted with IIS on windows 10 PC, and its accessible to localhost as well as different computer on same network, However its failed to get connect to when accessible via public ip:port  even on same pc.
Tested the port which is listening correctly. I put firewall and Antivirus off for the test.

Please help.

Thanks and Regards,
Hi All,

I've saved a Visio 2016 file as a webpage, which works very well.

however, when I try to put it as an iframe on our intranet the links stop working.

If I browse the same file in the exact same location the li is work.

Any suggestions?

Hello Experts,

I have a web application that I would like to host on Windows Server 2016 using IIS? The following steps below have already been taken.

Steps already taken:

- Setup Windows Server 2016
- Added the Web Server Role
- Installed .NET Core Windows Server Hosting bundle

I have so far followed this article to the step Application configuration but get lost from there.
I'm trying to browse to my new website and I get the following error:  HTTP Error 404.17 - Not Found "The requested content appears to be script and will not be served by the static file handler."

Any suggestions?  I'm using a Windows Server 2012 IIS 8.5.

Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.