DefinIT

Keep it simple stupid!

| 24/03/2011 | Tags:

iisselfsignedcertificatelogo.pngI am a firm believer in trying to keep things simpler where ever possible (but not for the sake of it) In years gone by I have heard many admins lament about the complexities of deploying IIS to work alongside third party plugins such as PHP. I can remember numerous occasions where I have wrestled with the config and “best practice”.

I am however glad to say finally Microsoft have taken notice of this and produced a very simple and effective deployment toolkit.

The Microsoft Web Platform Installer (now in version 3.0)

I have recently deployed an IIS7.0 server that required PHP and MySQL using this tool and I am very happy with  the results!

I know generally any system admin will avoid “wizards” as it were but in this instance it is time well saved!

Using PowerShell to add IP addresses to IIS7’s FTP IPv4 Address and Domain Restrictions

| 24/11/2010 | Tags: , , , , , ,

iis-self-signed-certificate-logo Today I was configuring a new FTP server based on IIS7 (well, 7.5 technically as it’s a Server 2008 R2 host), and I wanted an easy way to add and remove allowed IP addresses based on either an XML config file or a CSV import. Customers’ IP addresses are added or removed regularly, but I didn’t want to have to update their details twice, once on the server and once in the documents.

(more…)

Configuring Server 2008 R2 Core Series: Installing and Managing IIS

So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!

In this post, I’m covering Installing the IIS web server (and a few useful bits) and managing it from the IIS Management Snap-in.

Installing the basic IIS installation

Installing optional components in Server 2008 R2 Core is handled by two commands, OCList and OCSetup. OCList, as the name suggests, lists the optional components and their status, installed or not installed. It’s a long list, so I recommend issuing the command with the “|more” pipe:

oclist | more

The output looks something like this:

image

OCSetup will accept any one, or multiple, of the roles listed in OCList as an argument to install. It’s recommended you use the command with “start /w” preceding so that the command prompt will wait for the installation to finish before continuing.

To install the basic IIS web server install, use

start /w ocsetup IIS-WebServerRole

As far as I can see, this installs the roles:

Installed:IIS-WebServerRole

Installed:IIS-WebServer

Installed:IIS-ApplicationDevelopment

Installed:IIS-CommonHttpFeatures

Installed:IIS-DefaultDocument

Installed:IIS-DirectoryBrowsing

Installed:IIS-HttpErrors

Installed:IIS-StaticContent

Installed:IIS-HealthAndDiagnostics

Installed:IIS-HttpLogging

Installed:IIS-Performance

Installed:IIS-HttpCompressionStatic

Installed:IIS-Security

Installed:IIS-RequestFiltering

Installed:IIS-WebServerManagementTools

In order to get .Net functioning and allow remote management, you’ll also need the following components installed, a registry key added and the Web Management Service Started (in order):

start /w ocsetup WAS-NetFxEnvironment
start /w ocsetup IIS-ISAPIExtensions
start /w ocsetup IIS-ISAPIFilter
start /w ocsetup IIS-NetFxExtensibility
start /w ocsetup IIS-ASPNET
start /w ocsetup IIS-ManagementService

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server /v EnableRemoteManagement /t REG_DWORD /d 1

net start wmsvc

You should now be able to manage your IIS server via the IIS Management Console on a Windows Server 2008 or Windows 7 PC with Remote Server Administration Tools installed.

image

You can also manage IIS through a PowerShell addin, if you run powershell.exe on your Server Core installation, then import the WebAdministration Module:

C:\Users\Administrator>powershell
Windows PowerShell
Copyright (C) 2009 Microsoft Corporation. All rights reserved.

PS C:\Users\Administrator> Import-Module WebAdministration
PS C:\Users\Administrator> Get-Command -PsSnapin WebAdministration

CommandType     Name                            Definition
-----------     ----                            ----------
Cmdlet          Add-WebConfiguration            Add-WebConfiguration [-Filte...
Cmdlet          Add-WebConfigurationLock        Add-WebConfigurationLock [-F...
Cmdlet          Add-WebConfigurationProperty    Add-WebConfigurationProperty...
Cmdlet          Backup-WebConfiguration         Backup-WebConfiguration [-Na...
Alias           Begin-WebCommitDelay            Start-WebCommitDelay
Cmdlet          Clear-WebConfiguration          Clear-WebConfiguration [-Fil...
Cmdlet          Clear-WebRequestTracingSettings Clear-WebRequestTracingSetti...
Cmdlet          ConvertTo-WebApplication        ConvertTo-WebApplication [[-...
Cmdlet          Disable-WebGlobalModule         Disable-WebGlobalModule [-Na...
Cmdlet          Disable-WebRequestTracing       Disable-WebRequestTracing [[...
Cmdlet          Enable-WebGlobalModule          Enable-WebGlobalModule [-Nam...
Cmdlet          Enable-WebRequestTracing        Enable-WebRequestTracing [[-...
Alias           End-WebCommitDelay              Stop-WebCommitDelay
Cmdlet          Get-WebAppDomain                Get-WebAppDomain [-InputObje...
Cmdlet          Get-WebApplication              Get-WebApplication [[-Name] ...
Cmdlet          Get-WebAppPoolState             Get-WebAppPoolState [[-Name]...
Cmdlet          Get-WebBinding                  Get-WebBinding [[-Name] <Str...
Cmdlet          Get-WebConfigFile               Get-WebConfigFile [[-PSPath]...
Cmdlet          Get-WebConfiguration            Get-WebConfiguration [-Filte...
Cmdlet          Get-WebConfigurationBackup      Get-WebConfigurationBackup [...
Cmdlet          Get-WebConfigurationLocation    Get-WebConfigurationLocation...
Cmdlet          Get-WebConfigurationLock        Get-WebConfigurationLock [-F...
Cmdlet          Get-WebConfigurationProperty    Get-WebConfigurationProperty...
Cmdlet          Get-WebFilePath                 Get-WebFilePath [[-PSPath] <...
Cmdlet          Get-WebGlobalModule             Get-WebGlobalModule [[-Name]...
Cmdlet          Get-WebHandler                  Get-WebHandler [[-Name] <Str...
Cmdlet          Get-WebItemState                Get-WebItemState [[-PSPath] ...
Cmdlet          Get-WebManagedModule            Get-WebManagedModule [[-Name...
Cmdlet          Get-WebRequest                  Get-WebRequest [-InputObject...
Cmdlet          Get-Website                     Get-Website [[-Name] <String...
Cmdlet          Get-WebsiteState                Get-WebsiteState [[-Name] <S...
Cmdlet          Get-WebURL                      Get-WebURL [[-PSPath] <Strin...
Cmdlet          Get-WebVirtualDirectory         Get-WebVirtualDirectory [[-N...
Function        IIS:                            set-location IIS:
Cmdlet          New-WebApplication              New-WebApplication [-Name] <...
Cmdlet          New-WebAppPool                  New-WebAppPool [-Name] <Stri...
Cmdlet          New-WebBinding                  New-WebBinding [[-Name] <Str...
Cmdlet          New-WebFtpSite                  New-WebFtpSite [-Name] <Stri...
Cmdlet          New-WebGlobalModule             New-WebGlobalModule [-Name] ...
Cmdlet          New-WebHandler                  New-WebHandler [-Name] <Stri...
Cmdlet          New-WebManagedModule            New-WebManagedModule [-Name]...
Cmdlet          New-Website                     New-Website [-Name] <String>...
Cmdlet          New-WebVirtualDirectory         New-WebVirtualDirectory [-Na...
Cmdlet          Remove-WebApplication           Remove-WebApplication [-Name...
Cmdlet          Remove-WebAppPool               Remove-WebAppPool [-Name] <S...
Cmdlet          Remove-WebBinding               Remove-WebBinding [-Protocol...
Cmdlet          Remove-WebConfigurationBackup   Remove-WebConfigurationBacku...
Cmdlet          Remove-WebConfigurationLocation Remove-WebConfigurationLocat...
Cmdlet          Remove-WebConfigurationLock     Remove-WebConfigurationLock ...
Cmdlet          Remove-WebConfigurationProperty Remove-WebConfigurationPrope...
Cmdlet          Remove-WebGlobalModule          Remove-WebGlobalModule [-Nam...
Cmdlet          Remove-WebHandler               Remove-WebHandler [-Name] <S...
Cmdlet          Remove-WebManagedModule         Remove-WebManagedModule [-Na...
Cmdlet          Remove-Website                  Remove-Website [-Name] <Stri...
Cmdlet          Remove-WebVirtualDirectory      Remove-WebVirtualDirectory [...
Cmdlet          Rename-WebConfigurationLocation Rename-WebConfigurationLocat...
Cmdlet          Restart-WebAppPool              Restart-WebAppPool [[-Name] ...
Cmdlet          Restart-WebItem                 Restart-WebItem [[-PSPath] <...
Cmdlet          Restore-WebConfiguration        Restore-WebConfiguration [-N...
Cmdlet          Select-WebConfiguration         Select-WebConfiguration [-Fi...
Cmdlet          Set-WebBinding                  Set-WebBinding [[-Name] <Str...
Cmdlet          Set-WebConfiguration            Set-WebConfiguration [-Filte...
Cmdlet          Set-WebConfigurationProperty    Set-WebConfigurationProperty...
Cmdlet          Set-WebGlobalModule             Set-WebGlobalModule [-Name] ...
Cmdlet          Set-WebHandler                  Set-WebHandler [-Name] <Stri...
Cmdlet          Set-WebManagedModule            Set-WebManagedModule [-Name]...
Cmdlet          Start-WebAppPool                Start-WebAppPool [[-Name] <S...
Cmdlet          Start-WebCommitDelay            Start-WebCommitDelay [-Verbo...
Cmdlet          Start-WebItem                   Start-WebItem [[-PSPath] <St...
Cmdlet          Start-Website                   Start-Website [[-Name] <Stri...
Cmdlet          Stop-WebAppPool                 Stop-WebAppPool [[-Name] <St...
Cmdlet          Stop-WebCommitDelay             Stop-WebCommitDelay [[-PSPat...
Cmdlet          Stop-WebItem                    Stop-WebItem [[-PSPath] <Str...
Cmdlet          Stop-Website                    Stop-Website [[-Name] <Strin...

Serve up a .NET page, to taste

Not that you’d doubt me (!) but there’s one last thing to do – prove it worked. Fortunately, there’s an easy way to do that. I borrowed the code from www.codefixer.com to create a little “hello world” page. Since the default website is c:\inetpub\wwwroot\ I saved the page there as default.aspx and fired up my browser – et voila!

image

BlogEngine.Net 1.6 is released – and I’ve upgraded! Also migrated to IIS 7

| 04/02/2010 | Tags: ,

I’ve just upgraded to BE.Net 1.6, and I thought I’d migrate to GoDaddy’s IIS 7 servers at the same time. The theory is that this would be a an easy migration and I’d have the weekend to iron out any bugs. Not so.

After testing on my local IIS 7 and working perfectly, I uploaded the updates to my live blog and hit the “Migrate to IIS 7” button, which promises it will be completed in 24h. I received the “update your DNS” email, and duly updated my A records to the new server, and the transfer seems to be ok – aside from the fact that viewing any specific post causes an error – I’m guessing with the permissions of the App_Data folder. The catch being that I can’t access my IIS settings until GoDaddy have completed their 24h migration process.

It’s now been more than 72 hours since I kicked of the migration and still I cannot access and fix the IIS permissions issue which is dogging my blog. I’ve emailed twice and am still waiting for some resolution. Perhaps I won’t be renewing this year?

MOSS 2007 – Alternate Access Mapping authentication fails

| 16/10/2009 | Tags: , , ,

If you have an Alternate Access Mapping configured for a MOSS 2007 site with Integrated Authentication you might find that you get prompted for the DOMAIN\UserName and Password. After 3 attempts you get to a HTTP 401 error.

This can be resolved by following the steps in MS KB 896861

HTH,

Sam

Outlook Web Access over SSL using Forms Based Authentication AND Integrated Authentication

Outlook Web access is a fantastic tool for our company, providing on-the-go
access to people's mailboxes – which is of course secured by SSL and uses Forms
Based Authentication. Internally, we have an intranet portal that allows us to
access the various systems – one of which is OWA. One of the stipulations for
this internal portal is that it is all Single Sign On using NTLM authentication
– integrated authentication. This is where the problem lies because enabling OWA
with Forms Based Authentication over SSL disables Integrated Authentication. So
our choice is to have users enter their credentials twice (not acceptable) or to
disable FBA and have external users log on with the annoying pop-up.

OR…

You can create a copy of the /Exchange and /Public Virtual Directories and
configure them to use Integrated Authentication. You can also restrict access to
them by IP…here's how:

 I'm assuming you've already set up OWA with SSL on your Exchange server. If you need to do that, try How
do I configure OWA to use SSL? at Daniel Petri's site

  1. Log onto your Exchange Server, and open up the IIS control panel. Locate
    your /Exchange and /Public virtual directories.
  2. Right click /Exchange, select "All Tasks" and then "Save Configuration to a
    File…"
    Figure 1
  3. Go through the dialogue, save to a file and if you're worried about security, add a password.
  4. Once you're done, right click any white space in the root web site (or the exchange web site) and select "New", then select "Virtual Directory (from file)…"
    Figure 2
  5. You will be presented with the "Import Configuratio" dialogue, click "Browse…" and select the file you've just created. Click "Read File" and select the Exchange location underneath
    Figure 3
  6. Click "OK" and you'll be asked to provide a new name, or replace the existing Virtual Directory – select create a new one and put an appropriate name (I uses ExchangeIA)
    Figure 4
  7. Now, this step is optional, but read on anyway because you might want to think about it. I only want to allow people on my network to access this using Integrated Authentication, no one else, so I am going to restrict access to the Virtual Directory that I've just created to my IP subnet. To do this right click the newly created Virtual Directory (ExchangeIA) and select the "Directory Security" tab. Under "IP address and domain name restrictions" click "Edit". Now select "Denied access" to deny anyone other than the exceptions, then click "Add.." and enter the details of your network to allow those computers access.
    Figure 5
  8. Now head back to step 1 and repeat for the /Public folder, if Integrated Authentication is required for Public Folders.

Restoring the ASP.NET tab in IIS

| 04/04/2008 | Tags: , , ,

If you've logged onto the properties for your IIS install and found that the ASP.NET tab has mysteriously disappered, you can try a couple of things.

Firstly, try re-registering ASP.NET with IIS using the ASPNET_REGIIS.exe located in the .NET installation folder:

c:\WINDOWS\MICROSOFT.NET\framework\\aspnet_regiis -i

 

Chances are though, that it won't work, and that you can try and number of command using aspnet_regiis.exe or even uninstalling and reinstalling .NET and you won't actually fix the problem. (Note: on x64 systems this could be a different problem, Google again with x64!)

This was solved by switching a flag (Enable32BitAppOnWin64) to false in the IIS metabase:

cd c:\Inetpub\AdminScripts\

cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 FALSE

You should then be able to see the ASP.NET tab restored in the site properties.