Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have several IIS servers that are Windows 2012 r2. I was just asked to produce logs that identify usernames or IP address of individual users that logged in, what time, etc. I sent our Developers logs out of C:\inetpub\LogFiles\W3SVC1  and they do not identify and individual users. Is there another place I should be looking?

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

I have a windows application that has it own built-in web server using https:// as https://localhost:10880/api/v1/companies/ 

It has a self-generated SSL certificate that I can't change nor add a valid certificate. I have asked the developer of the application and they are just ignoring my request

I like to use IIS web server to redirect http://app.example.com:8080 to https://localhost:10880

I have created an A Record for app.example.com pointing the IP of the server where the application is installed

Is this possible and if so how would I do this?
Hi EE,

After restarting a website in IIS I get the following popup see attached

Now I am getting a 404 error when trying to access the website.

Any assistance is welcome.

Thank you.

    I installed Windows 2012 R2 on a server to run a single ASP site.  Copied the content from a working copy running on a developer's machine and got the following error when I tried to access it in IE locally(I defined the url in the hosts file):

    HTTP Error 500.19 - Internal Server Error

    The requested page cannot be accessed because the related configuration data for the page is invalid.

    Detailed Error Information:

       IIS Web Core


       Not yet determined

    Error Code

    Config Error
       This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".  

    Config File

    Requested URL

    Physical Path

    Logon Method
       Not yet determined

    Logon User
       Not yet determined

    Config Source:
      143:     </modules>
      144:     <handlers>
      145:       <remove name="WebServiceHandlerFactory-Integrated"/>

    Line 144 is actually highlighted in red.

    The full handlers block consists of:
          <remove name="WebServiceHandlerFactory-Integrated"/>
          <remove name="ScriptHandlerFactory" />
          <remove …
    I want to use URL Rewrite to redirect a page to an outside url.  Example:  www.test.com/jar  redirects to www.google.com
    I can't use http redirect because I don't want the entire site sent there, just the www.test.com/jar

    I tried setting it up but the original page keeps coming up.
    I have some internal websites to my corporation. My issue is that when I use an address that is strictly the server name everything is fine.  But when I use the fully qualified internal domain name it requires me to authenticate.  When I authenticate it works fine, I just don't want to have to do that.

    http://<servername> = no problem
    Http://<servername>.<internaldomain>.net = requires me to authenticate
    I'm about to decommission an old Exchange 2003 Server and was going through the logs.
    In the IIS logs, I found suspicious activity that appears to be port scanning.  

    Can any one shed some light on this?  
    Should I be taking any precautions before decommissioning this server (which needs to be online when doing so, although I disconnected it from the network at the moment)?  

    #Software: Microsoft Internet Information Services 6.0
    #Version: 1.0
    #Date: 2017-12-27 00:49:47
    #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 
    2017-12-27 00:49:47 W3SVC1 GET /index.html - 80 - masscan/1.0+(https://github.com/robertdavidgraham/masscan) 200 0 0
    #Software: Microsoft Internet Information Services 6.0
    #Version: 1.0
    #Date: 2017-12-27 02:41:54
    #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 
    2017-12-27 02:41:54 W3SVC1 GET /index.html - 80 - Scanbot 200 0 0
    #Software: Microsoft Internet Information Services 6.0
    #Version: 1.0
    #Date: 2017-12-27 04:36:54
    #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 
    2017-12-27 04:36:54 W3SVC1 GET /xmlrpc.php - 80 - curl/7.35.0 404 0 2
    #Software: Microsoft Internet Information 

    Open in new window


    What is the recommended way to create a limited login to an admin section for a specific website in Windows 2016 for a public-facing webserver in IIS?  I see several options: Basic/Digest/Windows authentication methods.  I'd like not to have to add a local account for each client if possible, but will if I need to.  Part of their admin functionality is to upload and manage images, if that has any impact.


    Hi ,

    I have a got few certificates .
    1. "Microsoft Exchange Server Auth certificate" ,
    2.Microsoft Exchange.
    3.Exchange Delegation Federation.
     certificates which are  going to expire soon on CAS SERVER 1,CAS SERVER 2,MAILBOX SERVER 1 & MAILBOX SERVER 2 of my exchange server 2013 Enterprise in DAG . How do i renew the Certificate or do these certificates really required?

    Thanks in adavance,
    Dear experts, how can we migrate or import the saved logins in web browser when joining a domain? We would like to keep the passwords in web for users when they move from local to domain account. Please suggest.
    Free Tool: Path Explorer
    LVL 11
    Free Tool: Path Explorer

    An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

    One of a set of tools we're offering as a way of saying thank you for being a part of the community.

    An older website has address site.com, but now we need the address site.net to point to site.com as well. I understand we need to create a dummy web in IIS for site.net, and on Properties of the dummy web, tab Documents, one can choose to redirect to site.com. However, I'd still need to figure some issues as follows:

    1. Is the dummy site a must? (can such redirection be done without the dummy site - IIS only)
    2. Properties for the dummy site in IIS don't make much sense - one should just leave the defaults?
    3. In this case above one should choose "Permanent redirection" I guess. Then a user going to "site.net" will actually get to the default page of site.com. But what happens if a user tries to get to "site.net/page2.html"? Where page2.html is a page in the root folder of site.com.
    One of our web developers is creating a new website for our customer service to access orders. Our current one requires a user to enter their domain username/password to access the site. With the new website he would like the browser to automatically use the current AD user credentials. I think i have the command formatted correctly. One thing i am unsure of is the netbios name of the server...if i should also include the netbios name of the domain or not. ( option 2a in this link is what he is trying to accomplish https://blogs.msdn.microsoft.com/webtopics/2009/01/19/service-principal-name-spn-checklist-for-kerberos-authentication-with-iis-7-07-5/ )

    internal url is   orders.example.com
    netbios name of IIS server is QA2008IIS
    netbios domain name is domainname

    the command i have is    Setspn –a http/orders.example.com QA2008IIS

    is this the correct syntax for what he wants to accomplish?  What about netbios server name formatting.?? should that be domainname\QA2008IIS or just QA2008IIS   ??
    Hi All,

    Could someone help me with the web.config code i need to ensure all websites are prefixed with www.

    Many thanks
    Disclaimer:  Completely new to IIS and asp.net.  I was assigned the task of copying a website that resides in an Windows server 2003 running on IIS 6.0 and making run on a Windows 2012 R2 server with IIS 8.5.  I have read you can deploy websites using IEMT or Web deploy.  My fear using these tools is that if I use them the website on the source server will stop working.  What we want is to test if the site can run in IIS 8.5.  Can anyone help me and tell me more less how to do this?  A couple of thing more.  The website was created using ASP 1.1.4xxxx and the SQL server is sitting in another computer.  Can I make this happen or do I need to recreate the website.
    We have a server environment consisting of a load balance (hardware), 3 web servers and a single database server.  Against the environment we have run 3 load tests, scaling up to 600 concurrent users over a 20 minute period.  On each test the response time for the page load begins to degrade at exactly the same point, when the number of concurrent users hits 100.  

    Test one was done with two web servers balanced
    Test two was done with three web servers balanced
    Test three was done with three web servers balanced but with +2 cpu allocated

    All three tests have exactly the same result.  I have had the hosting provider for the infrastructure review the network and none of the hardware elements in the route have restrictions or limits on users and the network is handling the load with ease.  The individual web servers are also handling the load, even at peak evenly and without maxing out CPU or memory. Its seems highly irregular that the drop-off point remains identical despite the increase in resource and has lead me to question whether there is a configuration or set-up default value which is reaching its limit (100) within the system.

    This is a theory but it posing a major challenge to what should be a robust server set-up and I would appreciate some expert opinion on what could be causing the issue.  In preparation I have already ensured I have New Relic APM data available for all three sessions as well as general hardware monitoring data.
    I just created a 3 node, Windows Server 2012 cluster for hosting websites.  HTTP requests are no problem.  HTTPS requests are timing out.  netstat -a shows a 443 port listening.
    I'm sure there is something obvious that I'm missing.  However I'm finding myself unable to connect via SSL to an FTP server.

    The strange thing is I have no problems connecting via regular FTP on the same server.  

    I'm using IIS for Windows Server 2016 FTP site.

    On the client side I'm using WinSCP.

    I'm not sure what I'm doing wrong.  Any assistance would be appreciated.
    I need help to write a IIS 8 url rewrite to change




    Basically adding "staff-detail" to all of the matching urls, as there would be different user names referenced - if that makes sense.


    I am trying to set up a rewrite url in my iis web.config file.

    something like this:
     <rule name="car-donation pages">
    <match url="^car-donation-(.*)-(.*).asp$" />
    <action type="Rewrite" url="car-donation.php?city={R:1}&state={R:2}" />

    Open in new window

    These are sample of pages that are coming in

    I need to get the name after the 2nd dash as city and the words after the 3rd dash is for state.

    But I am running into an issue that i have some cities that have dashes in it.
    and even

    really if it would be possible to separate it
    -  'car-donation- '
    - whatever is here is city
    - extra dash '-'
    - these 2 characters is the states
    - '.asp' (at the end)

    How can I set that up?
    Independent Software Vendors: We Want Your Opinion
    Independent Software Vendors: We Want Your Opinion

    We value your feedback.

    Take our survey and automatically be enter to win anyone of the following:
    Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

    I have a 2012 R2 ADFS 3.0 server on my internal network and a 2012 R2 Windows Application Proxy in my DMZ. I have published two web apps. My issue is a double login prompt at the ADFS login page. I enter my email and password and login. It immediately reloads the same login page. I enter my creds again, and then it takes me to the web app. Both logins appear successful. There is no indication of incorrect creds.

    This issue only happens for one of my web apps. The other web app only prompt once like its supposed to do. Both web apps are hosted on the same internal server.
    Hi EE,

    Getting this message when trying to launch a website see attached. I am using Windows server 2008 R2 Standard SP1, IIS 7. I know it's a browser check of some sort I am just wondering if there is a way around it or a windows update that fixes it.  

    Server Error in 'Service/myGuest' Application.

    Configuration Error

    Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.

    Parser Error Message: The browser or gateway element with ID 'InternetExplorer' cannot be found.

    Source Error:

    An application error occurred on the server. The current custom error settings for this application prevent the details of the application error from being viewed remotely (for security reasons). It could, however, be viewed by browsers running on the local server machine.

    Source File: d:\inetpub\wwwroot\Service\myGuest\App_Browsers\ie11.browser    Line: 2

    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.1040


    ie11 browser file below:

      <browser id="IE11" parentID="IE">
          <capability name="majorversion" match="^11$" />
          <capability name="browser"  value="IE" />
          <capability name="type"     value="IE${majorversion}" />

    Open in new window


    Is there a configuration file within IIS that defines current existing websites?  From yesterday to today one of the sites on my server disappeared.  I'd like to recover it gracefully if I could, from backups.  The site content folders are still intact.

    This is on a Windows 2008 server.


    Hi, We are a non profit organization and we have footage of streets and city from early 1900's. We want to store this all in most economical and safe way. The videos are no more than max 25GB in size each or no more than 60 mins in length each but the total amount of videos may go upto 40 TB, Is youtube a best place to store . I read that we can make those videos private in youtube channel but would those videos can be linked or embedded to our webpage even though they marked as private ?

    Is there a paid youtube service which gives us more options and are there any restrictions of amount of videos (quantity and size) we upload ?

    my current setup has exchange 2003 and exchange 2010 in co existence. My active sync doesnt work.

    The error is
    Attempting the FolderSync command on the Exchange ActiveSync session.
           The test of the FolderSync command failed.
            Tell me more about this issue and how to resolve it
          Additional Details
    Exchange ActiveSync returned an HTTP 500 response (Internal Server Error).
    HTTP Response Headers:
    Pragma: no-cache
    MS-Server-ActiveSync: 6.5.7638.1
    Content-Length: 56
    Content-Type: text/html
    Date: Thu, 30 Nov 2017 04:10:45 GMT
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    Elapsed Time: 1050 ms.

    I have tried the following


    Requesting for steps to be taken next
    I am have a 2012 server running IIS.  I created a CSR, dropped it into Godaddy's tool and was issued a certificate and an intermediary certificate.  I put those on the local server, went into MMC and added the certficate snap in.  I imported the certificate to the personal and the Trusted Root Certification Authorities areas.  

    I then went to IIS manager and tried to edit the binding for the server on port 443.  When selecting the certificate, nothing is there to select.

    A support person from Microsoft said that it was because there wasn't a private key.  I tried the "certutil -repairstore my "s/n (or thumbprint) of cert here)" but I am then prompted to insert a smart card.  We don't use these.  

    This IIS server is using owncloud and is connected to the LDAP.  Does that have anything to do with it?  

    Hoping someone that is better at SSL certs then I can help.

    Thanks in advance.  IIS server is down until I get a certificate back on.

    Microsoft IIS Web Server





    IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.