Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Share tech news, updates, or what's on your mind.

Sign up to Post

Failed to install web server service IIS windows authentication & ASP due to error "Attempt to install ASP failed  with error code 0x8007007E. The specified module could not be found &  "Attempt to install windows authentication failed  with error code 0x8007007E. The specified module could not be found
Three Reasons Why Backup is Strategic
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Hi All,

After installing new CAS role and then configuring the Virtual Directories to use single name space, I cannot access OWA on my new Exchange Server 2013 Standard edition ?

Error: is currently unable to handle this request. HTTP ERROR 500

Why is this happening ?
We are using Oracle's Primavera Contract Manager that requires a SMTP server to send email but allows for no options to use anything that requires a username or password. So in order to make it work we have the IIS SMTP service setup that requires no authentication and anonymous access. This is a problem as it appears some outside source is using it to send bogus/spam emails. Any ideas if there are options to secure the smtp server service on the Windows 2012 server so it's not anonymous access to send? or possible some sort of free online smtp server? The ISP is Comcast which requires a username and password for smtp services so that will not work. Any thoughts? Or addiotional questions please feel free to ask and thank you in advance for your help.
Hi all,

Having being doing some extensive work around our public facing webservers we are now getting down to less known issues. Most of the work we have being doing was around Certificates and encrption. Following another recent scan we are still getting the saem result come up for most servers:

  • Strict-Transport-Security      
  • Content-Security-Policy      
  • Public-Key-Pins      
  • X-Frame-Options
  • X-XSS-Protection      
  • X-Content-Type-Options      
  • Referrer-Policy      

I have read a bit about them but its a bit over my head not having a web background. To mitigate these problems can someone tell me are these weaknesses linked to IIS or encryption. Knowing that would be a good start.

Apologies if this is a simple one but I'm an Apache guy and need to amend a instance of IIS Server 2012 to be able to serve content located on the d:\ drive of the server using a path of /supplementary

Can anyone please advise how I accomplish this is IIS as in Apache I'd simply use
Alias /supplimentary "D:/infrastructure_data/supplimentary"

Open in new window

Hi All,

Can anyone here please sanity check the below Powershell script if it makes sense or I missed out something that I should be configured ?

Set-OWAVirtualDirectory –Identity "PRODMBX20-VM\owa (Default Web Site)" -ExternalURL "" 
Set-OWAVirtualDirectory –Identity "PRODMBX20-VM\owa (Default Web Site)" -InternalURL ""

Set-OABVirtualDirectory –Identity "PRODMBX20-VM\OAB (Default Web Site)" -ExternalURL "" 
Set-OABVirtualDirectory –Identity "PRODMBX20-VM\OAB (Default Web Site)" -InternalURL ""

Set-ECPVirtualDirectory –Identity "PRODMBX20-VM\ecp (Default Web Site)" -ExternalURL "" 
Set-ECPVirtualDirectory –Identity "PRODMBX20-VM\ecp (Default Web Site)" -InternalURL ""

Set-WebServicesVirtualDirectory –Identity "PRODMBX20-VM\EWS (Default Web Site)" -ExternalUrl ""
Set-WebServicesVirtualDirectory –Identity "PRODMBX20-VM\EWS (Default Web Site)" -InternalUrl ""

Set-ActiveSyncVirtualDirectory –Identity "PRODMBX20-VM\Microsoft-Server-ActiveSync (Default Web Site)" -ExternalURL ""
Set-ActiveSyncVirtualDirectory –Identity "PRODMBX20-VM\Microsoft-Server-ActiveSync (Default Web Site)" -InternalURL ""


Open in new window

I had this question after viewing Enabling CAS role on current mailbox server ?.

Hi All,

When I run the command get-clientaccessserver | fl to check the URI for all of my CASserver, the result is:

AD Site: Default-First-Site-Name
Server name: PRODMAIL08-VM

AD Site: Head_Office
Server name: PRODMAIL02-VM

The SSL certificate that is used in both CAS servers are wildcard *

so do I still need to execute the command below from my newly added server:

get-clientaccessserver | set-clientaccessserver -autodiscoverserviceinternaluri ""

Open in new window

Thanks in advance,
Hi all,

Being doing some work around tightening security on internal and external communications with stronger certificates and removing weak ciphers. All though this fairly straight forward I had a problem yesterday that has raised questions mainly around my understanding.

We have a web server in the DMZ 2008 R2 IIS. It has an external signed certificate (SHA256). scanning the website shows a number of weaknesses around Ciphers that are part of TLS 1.0, 1.1 and 1,2.

We have to keep TLS 1.0 enabled because of application compatibility.

Is it possible to disable specific ciphers that are weak rather than disabling the tls protocol?
We have a web site that has been working fine.

It is in .Net 3.5 or 4 (Can't access to see if it was upgraded)

In any case...
On a RadGrid
When clicking on a different page (From paging list on grid)

I get an eeror page in Chrome

This page isn’t working

Chrome detected unusual code on this page and blocked it to protect your personal information (for example, passwords, phone numbers, and credit cards).
Try visiting the site's homepage.
   I have Windows server 2012 R2 server and my IIS version is 8.5, My website currently  was working on IIS7 on different server. But I want to run my website on IIS8.5(on new server) . I had setup website and when I tried to run I got error on web.config file. Even it's not allowing to set default document and giving error. Please go through attached file and help me for that.

Get 15 Days FREE Full-Featured Trial
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

I would like to setup redirection from a server that host a site to a different server that host a landing page in IIS.  

How do I setup a redirection in DNS and on the new site?

Hello Experts,

We are getting intermittent timeouts on some of our sites on a windows 2008 r2 box with iis 7.5, this started recently.

The sites are down for a while and then run again (Its limited to a small subset of sites on the box) The are all DNN sites but not all DNN sites are effected

The sites can be browsed locally on the local ip but not external, some have ssls installed

Any advise on how to troubleshoot this

Hello Experts - I am running an internal web based application called Deltek Vision on an instance of Server 2012 R2.  I would like to be able to make this available over the internet.  My firewall is a Fortigate 90D.  I took a peek at how the Exchange server was configured and tried to duplicate the logic for the Vision server since both are using http.  I created an Object for the Vision server using it's IP address, created two virtual IPs which is forwarding a spare public IP address on ports 80 (http) and 1433 (SQL), then duplicated the policy for Exchange to allow traffic to flow.  So far I'm getting no response which is where I'm stuck.  I'm not sure if I'm missing something on the routing side or if there is something else in IIS that needs to be done to allow access from the internet.

I'd appreciate any advice getting this working!
Hi all,

We have a number of webservers that I have been renewing the web certificates after upgrading our root CA to SHA256. I have processed this through IIS by selecting the certificate and choosing the renew option. I then following the renew wizard that allows me to select the CA and then simply select renew. However one server doesn't want to play ball. The option to select the CA is greyed out.

Cant figure this one out, any ideas appreciated.
Hi All,

I just renewed one of our web certificates and im now trying to export the certificate to add to another server in a cluster. But the export wizard wont allow me to export the cert private key a sits greyed out?

Any way I can get round this?

I'm developing a web application to be used by thousands of users.

The development is done under Alpha anywhere that relies on IIS
My question is the following: what are the limitations of IIS in terms of "servicing" users ?
How many users can hit the server at the same time ?

What are the configuration possible if I have 15000 users ?
How do u calculate the need ?

I recently performed a clean install of Windows 10 Pro on my desktop and included IIS version 10.

I'm looking for the steps to allow other computers on my network to view pages on my local website and client websites under development. I believe this is a security issue but I'm not sure.

Any assistance is most appreciated.

Much thanks,
David Bach
Hi all, I've got a very old .asp web application that prints to pdf.  I developed this app 13 years ago, and we've now come to record number 10,000 and I need to expand the record number field in the pdf to accommodate for the extra digit.  I've managed to find the file 'requisition.pdf' and I can edit it, I've moved things, expanded the field, but I don't see my modifications reflected in the application, when the pdf is created inside the application.  I move things around but everything stays the same in the app.  What am I missing here?  It's been 13 years and I'm struggling to remember how I did this.  

Some code (reqnum is the field in question):

Dim UserID
UserID = rsReqs("UserID")
strsql2 = "SELECT * FROM [User] Where UserID = '" & UserID & "'"
            set rsUser = Server.CreateObject("ADODB.Recordset")
            rsUser.Open strsql2, connDB, 1, 2
Dim User
User = rsUser("FN") & " " & rsUser("LN")
Set FdfAcX = Server.CreateObject("FdfApp.FdfApp")
Set outputFDF = FdfAcX.FDFCreate      
outputFDF.FDFSetValue "ReqNum", rsReqs("ReqNum"), False
outputFDF.FDFSetValue "UID", User, False       
outputFDF.FDFSetValue "DateEntered", rsReqs("DateEntered"), False       
outputFDF.FDFSetValue "DueDate", rsReqs("DueDate"), False
If rsReqs("Vendor2") = "" Then
outputFDF.FDFSetValue "Vendor", rsReqs("Vendor1"), False
outputFDF.FDFSetValue "Vendor", rsReqs("Vendor2"), False
End If

(a lot more code in here)....

If rsReqs("qty19") > "0" then
outputFDF.FDFSetValue "qty19", …
I'm looking for a most straightforward way to kill a process when it reaches a user defined memory usage threshold.

The Problem: I host multiple websites via IIS 10 on a Windows 2016 server. However I have one or two sites that start returning a 500 Error to users when the sites WPW3.EXE process exceeds 150,000K of Private Working Set Memory,

Simply ending the process resolves the issue because it re-spawns automatically.

POSSIBLE SOLUTION: I'd like to create a monitor that will automatically kill a specific WPW3.EXE process belonging to a certain user (website) when the process reaches a specific memory usage value.

Any and all constructive input is appreciated.

Best regards.
Do you have a plan for Continuity?
Do you have a plan for Continuity?

It's inevitable. People leave organizations creating a gap in your service. That's where Percona comes in.

See how relies on Percona to:
-Manage their database
-Guarantee data safety and protection
-Provide database expertise that is available for any situation


I have a site with anonymous access to the public side and userid/password protection to the admin side.  I've suddenly started getting failures trying to log in to the admin section.  

Environment: Windows server 2008 R2 Standard;  IIS 7.5
For the admin folder, I have Basic authentication and Windows Authentication enabled.

Tried logging in with the local administrator account and that failed.
Detailed error information was:

Module  WindowsAuthenticationModule         Requested URL: http://..../admin
Notificaiton: AuthenticateRequest                     Physical Path   d:\...
Handler: StaticFile                                                 Login Method  Not yet determined
Error code   0xc000006d                                      Logon User       Not yet determined

In the Security event log I'm seeing 4625 failures:

An account failed to log on.

  Security ID:     NULL SID
  Account Name:     -
  Account Domain:  -
  Login ID:                0x0
Logon Type:            3

Account For Which Logon Failed:
   Security ID:         NULL SID
   Account Name:   administrator
   Account domain: cf

Failure Information:
   Caller Process ID:  0x0
   Caller Process Name:   -

Network Information:
   Worksation Name:  CF
   Source Network Address:
   Source Port: 54061

Detailed Authentication Information
  Logon Process:
  Authentication Package: NTLM
  Transited Services:   -
  Package Name (NTLM only): …
HI all,

Im currently workign on a project on tightening security on our webservers. First step on this is disabling weak Ciphers that are still currently enabled. Im aware of the list of known weak ciphers, but im wondering if Im to disable these, what the impact be on the browsers connecting in?

We will disable SSLv3.

TLS 1.1 - Not sure what impact this will have?

Weak SHA  - RC4 MD5

Is anyone aware of a list  browser versions that maybe impacted?
For HKLM\SYSTEM\CurrentControlSet\Services\HTTP\Parameters\DisableServerHeader (REG-DWORD) i realised that on some IIS servers in the registry there is no such entry.

May i find out if this entry is not found in the registry, what is the default?

Is it possible for me to map a drive for someone to some files on my server without giving them permission on the server or how would I set this up on the server side to ensure minimal access.
Hi there,

I need some help write a powersheet so that when i run it on my IIS 7 or 7.5 it will check if each of this exisit. If exisit, it will throw a statement, "exisit, please have it removed"


I want to ensure that  the default Virtual Directories and the files and folder they point to should be removed.
Hi there,

Any kind experts out there can help me to list the following: %systemroot%\system32\inetsrv\ on a default windows IIS 7 or 7.5 in a text file or screenshot will be of great help.

As i do not have access to a IIS 7 or IIS 7.5 at the moment.

Any references to Microsoft website or MSDN will be of great help too.

I am trying to determind if in the default IIS installation the folders are there:
  1. inetsrv\IISADMPWD
  2. inetsrv\IISHelp
  3. inetsrv\Printers
  4. inetsrv\IISSamples

Microsoft IIS Web Server





IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.