IIS security question

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ IIS
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - InSession valid H I get an error message when trying to open up a webside The error message seems to come from IE Explorer and says InSessionValid webservice call failed: Service unavailable The server is W2000 I can't find this message anywhere on the web so I hope that I can get some help here // Christina Tag: IIS security question Tag: 326100
  - 2
    - Move Certificate from IIS4 to IIS5 I'm trying to move a certificate from IIS4 to IIS5 because I want to be able to export the certificate in .pfx or .p12 format. (which seems impossible with IIS4 key manager). I export the certificate to a .key file which I then import in IIS5. Everything seems to work ok here. Now when I export this certificate from IIS5 to a .pfx file and then import it in a third party key manager (or install it in IE6) I seem to have lost the certificate's certification path. The original certification path (on the site managed by IIS4) was something like GlobalSign Root Ca GlobalSign Primary Secure Server Ca GlobalSign Secure Server CA www.domainname.com The certification path I get after exporting from IIS5 is simply www.domainname.com which is of course not recognized as a trusted CA. If anyone can give me pointers on how to succesfully transfer the certification path or or simply export to pfx in iis4 I'd be very gratefull Kristof Baute Tag: IIS security question Tag: 326099
  - 3
    - "Username/Password validation failed" error on Win2000AS I've tried to switch an IIS Application from Isolation Level Medium to High, but when I press Ok or Apply the "Username/Password validation failed" error message appears. The IIS Application is demoted to a simple Virtual Directory. The user that I'm using is a Local Administrator, but I've also tried with a Domain Administrator. It's on a Windows 2000 AS used as a member server. The authentication is set to Anonymous. I've already tried to search on Google but I haven't found anything. -- Lorenzo Barbieri MCT, MCSD.NET, MSF Practitioner http://weblogs.asp.net/lbarbieri Tag: IIS security question Tag: 326097
  - 4
    - FTP Over Copying Files. Hi, I have users that need to transfer data from workstation to server, the data is big roughly 200MB - 300MB at a time, at the moment they are copying to a network drive which is slowing everything down. What are the advantages of using ftp rather than copying the data, would this stop any performance issues we are having with the copying of files. Thanks. Ray. Tag: IIS security question Tag: 326089
  - 5
    - Multi FTP Sites Hi, My iis5 server has two web sites on it (using host headers). Whats the best way to setup ftp for the sites. I would like abc user only to have access to abc.com's site folder. Thanks Tag: IIS security question Tag: 326086
  - 6
    - Errors returned by InternetWriteFile() Hi everyone I'm confused about error conditions returned by InternetWriteFile() when uploading a file manually using FTP. Is the handle that was passed to InternetWriteFile() no longer useable following any error, or only some. For example, if GetLastError() returns ERROR_INTERNET_TIMEOUT, can I just add a 'retry y/n' dialog to my application and then retry if required using the same file handle as before, or is the file handle invalidated by the original error condition. If anyone can direct me to any info on handling FTP errors in this situation, I'd be very grateful. Thanks in advance Nick Tag: IIS security question Tag: 326082
  - 7
    - Managing Sessions This is a multi-part message in MIME format. ------=_NextPart_000_0028_01C4014E.37B7DD50 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I am hosing website using ASP on windows2003 standard server in IIS 6.0 = sessions are getting expired immediately. Could any one help me in = managing sessions in iis 6.0 and ASP? ------=_NextPart_000_0028_01C4014E.37B7DD50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY style=3D"COLOR: #000000; FONT-FAMILY: Arial" bgColor=3D#ffffff=20 bmark=3D"business_card"><LABEL id=3DHbSession = SessionId=3D"2066735060"></LABEL> <DIV><FONT size=3D2>I am hosing website using ASP on windows2003 = standard server=20 in IIS 6.0 sessions are getting expired immediately. Could any one help = me in=20 managing sessions in iis 6.0 and ASP?</FONT></DIV> <P></P></BODY></HTML> ------=_NextPart_000_0028_01C4014E.37B7DD50-- Tag: IIS security question Tag: 326074
  - 8
    - Managing sessions in iis 6.0 with asp This is a multi-part message in MIME format. ------=_NextPart_000_000E_01C4014E.07EB6240 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable How to manage sessions in iis 6.0 with asp? ------=_NextPart_000_000E_01C4014E.07EB6240 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2800.1276" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY style=3D"COLOR: #000000; FONT-FAMILY: Arial" bgColor=3D#ffffff=20 bmark=3D"business_card"><LABEL id=3DHbSession = SessionId=3D"3903933874"></LABEL> <DIV><FONT size=3D2>How to manage sessions in iis 6.0 with = asp?</FONT></DIV> <P></P></BODY></HTML> ------=_NextPart_000_000E_01C4014E.07EB6240-- Tag: IIS security question Tag: 326073
  - 9
    - IIS6 redirect http to https IIS6/Exchange 2003 I've added the SSL cert and now when users go to http://... I want them to automactically be redirected to https://... but nothing I've found on Google seems to work. Does anyone have this working and would you please share the steps. Thank you Tag: IIS security question Tag: 326072
  - 10
    - Performance issue with RDS using IIS6 Two Windows boxes with identical COM objects and databases for comparing and testing purposes (2000 and 2003) exists as virtual mashines on one big host server. Network settings for these VMs are identical (except IP address, of course). We have on remote client request executing time (getting 3000 rows from DB ~ 1.4 Mb amount - measured via Network Monitor) about 3 sec on Windows 2000 VM and 50 (!) sec for 2003 VM. For local request both time are identical and ~ 1.5 sec. Without using RDS both machines have similar responce time for remote client characteristics, so the root of problem is RDS. Anybody have such problem? How to configure RDS on Windows 2003 to avoid such strange behaviour? Thanks for any suggestions, Nick Tag: IIS security question Tag: 326069
  - 11
    - IIS Internal server error iam using windows xp pro's built in component iis 5.1 when i try to run localstart.asp or any asp page the following error appears: The server has encountered an error while loading an application during the processing of your request. Please refer to the event log for more detail information. Please contact the server administrator for assistance. event viewer shows: description:The server failed to load application '/LM/W3SVC/1/ROOT'. The error was 'Class not registered'. user: N/A type:warning source: W3SVC category: none iis 5.1 has been installed and reinstalled many times,but the problem persists. can anybody help me out. Tag: IIS security question Tag: 326066
  - 12
    - block access based on referer I would like to restrict (block) access to my site if a request uses a specific referer. I know that this would not be 100% efficient, still it looks like something very usefull. If this can't be done with "just" IIS, maybe a 3rd party? dirk. Tag: IIS security question Tag: 326065
  - 13
    - ASP.NET Page cannot be displayed. H I am using Windows 2003 server on my machine and have an ASP.NET application that loads files, parses them and loads in the database. I have configured the SessionState and the httpRuntime tag attributes in the web.config file to appropriate values. When I load a text file after the file is parsed and loaded in the database the page is redirected to a new one. The problem is, after the file parsing is over and the data is commited to the database, i get "Page cannot be displayed error". This is just before Redirection. I am not sure whether thare is a problem while redirecting. Please, help Regard Shekhar Tag: IIS security question Tag: 326064
  - 14
    - Running IIS State on Production Machine Hosted Externally Hi I am having a problem where by visitors to our website are failing to receive all of the resulting HTML from a number of different ASPs. This problem is intermittent and the amount of HTML delivered, (as seen in view source), varies for the same page for different requests. I was advised to install and run IIS State but of course this problem is occurring on a server hosted with an ISP and I only have Terminal Services access to it. I set up a scheduled task to run but it kept failing. So despite being told that it didn't run under T/S, I ran it and up popped a MS License Agreement Dialog. This may explain why it failed to run as a S/T. Is this license agreement for the symbols or something? Is this a new thing since the IISState documentation for running under T/S or have I done something wrong? I am not looking for a soft crash or hard crash, just some information that may help someone ascertain why my pages are randomly not being fully delivered to the client. This is the command I used: iistate.exe -p 1104 -d Then, the program appeared to hang so I hit Ctrl+C which was successful although the webservice was hung/paused and could not be controlled using net stop/start. How long should IISState take to execute? Have had to reboot the server which is not good as we have about 50 concurrent users most of the time. Regards David M Tag: IIS security question Tag: 326061
  - 15
    - IIS and PDF Hi I run IIS on win 2k server. Recently we have added some pdfs on the site and since then nobody can open them. Even though the file is there the error reurned looks like that: Internet Explorer was unable to open this Internet Site.. Any suggestions would be appreciated. Tag: IIS security question Tag: 326058
  - 16
    - Secure website - explanation required. Dear all I'm in need of an explanation of secure websites and authenticated certificates. I believe that my understanding is particularly flawed.... What I understand is as follows - please comment/correct: When one wants to set up a secure web site, one has to generate a certificate. The "level" of security is obviously based on the bit length. The copy on my workstation offers anywhere between 512 and 4096 bit encryption. There's also a check box for "server gated cryptography" which I don't understand. My understanding of the "hand-shake" process is as follows. The browser connects to the secure site which then sends it the public key. The browser then generates a session key which is encrypted using the public key and returned to the secure site which decrypts it using the private key. Both server and browser are then aware of the session key for encrypting data. If one really requires good security then one should choose the biggest bit length available, but this obviously will affect performance. Presumably, this only will be an issue for the initial encryption/decryption of the session key; once the session key is used then the bit length of the private/public key is irrelevant. I'm assuming that the bit length of the private/public key will have no affect on the bit length of the session key - is that correct? Does one have to worry about old browsers? If one chooses a high bit length for the public/private key then will all browsers be able to handle it? If not, what guidelines are available to choose the most appropriate bit length? Having chosen an appropriate bit length, one can then generate the certificate. Having done this, one needs to have the certificate authenticated to prevent those annoying boxes stating that the site may be untrustworthy. I understand that there are companies such as Verisign who will authenticate the certificate. They offer "pro" and "normal" options here. What does this really mean? If you have chosen a long bit length then do you have to choose the pro version or are the two things completely unrelated? I know that the pro version is more expensive.... If I understand correctly, then the authentication is also encrypted - the "pro" version uses a longer encryption for the authentication. Presumably, the highest security is offered by having the longest bit length available for the private/public key and the highest level of encryption on the authentication. However, how would a long bit length on the private/public key with low authentication encryption compare with a short bit length on the private/public key coupled with a high level of authentication encryption? I guess that I want to set up my server with a good level on security that will be accessible by all our customers (browsers unknown) but I'd rather not have to pay too much to a company such as Verisign. Suggestions? Many thanks in advance Griff Tag: IIS security question Tag: 326056
  - 17
    - It is not processed SSI on IIS5 even after corresponding line in App Mappings: .shtml ->> ssinc.dll. It is not processed SSI on IIS5 even after corresponding line in App Mappings: .shtml->> ssinc.dll. Before it has been used IIS Lock Down Tool by which has been killed SSI and others (all but no ASP). Again, for return of adjustments, I can not use IIS Lock Down Tool, owing to what is an alive server and on it a heap of sites. Restart IIS-Ð°, and a server - did. Any advice or offers. Beforehand thanks. Tag: IIS security question Tag: 326053
  - 18
    - SSI: Including other script languages Hello, is it possible to include other script languages like PHP oder CFM in a server side include file on IIS? Example: The statement:  will output the source code of the cfm file (example: "<cfoutput>test</cfoutput>") instead of the result ("test"). Calling "/ssi/test.cfm" will work fine. Someone said, that Apache can process this, but I don't know it. Can IIS 6.0 process this? System: IIS6 / ColdFusion MX 6.1 Kind regards Karl-Heinz Tag: IIS security question Tag: 326052
  - 19
    - Migration Tool 2.0 problem I am trying to use the migration tool to move content from a Win NT server to a 2003 server. However I want to put this content in a seperate directory that is not on the system volume. All migrated web sites end up in c:\inetpub\SourceMachineName\SourceDirs\. Is there a way to specify the target directory. I would like all sites to be in a a place like d:\websites\sitename Thanks, Kent Tag: IIS security question Tag: 326038
  - 20
    - IIS web services in W2K Professional I have W2K Pro installed at home and have installed IIS 5.0 to do ASP.NET development. However, there is no default web site listed below my computer, nor the ability to create web sites. I suspect that because I only have W2K Pro not W2K Server edition, I can't create web sites on my computer in IIS, only have the Default FTP Site and Default SMTP Virtual Server. However, this is not mentioned in any of the document. Am I correct? Tag: IIS security question Tag: 326032
  - 21
    - IIS Ver 6.0 Shifting Ip Address I Have Just built a server 2003 with exchange 2003 and after setting up one fixed pci network card and another Wireless Usb Nic and given them local ipaddress (172.21.2.8 & 172.21.2.9) when i use a browser from external computer i can connect to the one i have set as the default web site fine for a bit then it stops me from getting in but if i go to the default web site properties and change ip address then i can connect ok....But then after a while this to stops working and i then have to change to the other ip address and all is fine again ..... Any Ideas anyone Tag: IIS security question Tag: 326030
  - 22
    - Clear cache IIS 5.0 Hi, I am running IIS 5.0 on a win 200 server. I have been asked to clear the cache so as a web page can be viewed correctly, and I was wondering how to perform this. Thanks Tag: IIS security question Tag: 326027
  - 23
    - CreateObject of java class dosen't work with IIS6 I am try to call a simple java class from ASP page it dosen't work in IIS 6 Windows 2003, it works perfectly ok when executed on Windows 2K and IIS 5, is their any setup change or setting needs to be done on IIS 6 to use Java class I have checked MIME tyeps it includes .class and .java file extension, any help or suggestion would be much appreciated Tag: IIS security question Tag: 326026
  - 24
    - replicating content on load balanced IIS Hi, I am currently configuring 2 IIS 6.0 servers running win2k3 behind a load balancing switch. I need to ensure the content is up to date on both servers in case of an outage or failure on either server. This is also required to allow for the load experienced during peak times. I need the content from both serves to replicate in both direction in case a change is made on either server. I have read several posts relating to clustering, iissync, MS Site Server Content Replication Service and application center, but these are a very expensive option and do not fulfill the requirements. I have also read articles relating to DFS and replication, but need to know if anyone has solved this problem of real time syncronisation in both directions on live iis servers. Any suggestions appreciated Tag: IIS security question Tag: 326022
  - 25
    - Directory Security ->Edit disabled On one of our NT40 servers we have IIS 4.0 installed and also Site Server 3.0. The problem is that on the Directory Security tab of Website properties the first EDIT button is disabled ( the one where Anonymous access and authentication control can be changed). All the other buttons in the Propeties dialog box are OK, do you encounter the same situation? Thank you, Mihai Tag: IIS security question Tag: 326019
- Next
  - 1
    - w3wp.exe stop responding!!! Hi there, I have a new server 2003 with IIS6 and since I had set it up, I have a major problem with the IIS. The w3wp.exe will stop responding to any ASP pages and all my sites will stop work! I found out the a static HTML pages still runs fine. All my site use Access database and I had upgrade to JET4 already. can anybody help me??? All my sites had run fine under 2000 server IIS5 with the same code. I also got this email from a friend that claims Microsoft 2003 have a bug with any databases and they do not give a patch to anyone but Great Plains company! Is that is true???? Here is the email i got: Windows 2003 Gotcha: Opportunistic File Locking "I have been running W2K3 since it was a beta and had no problems with the OS. I then decided it was becoming time to start offering it to my customers so the first step was to get my office running it first. I upgraded the servers all to Windows Server 2003 and as with most engineers I was rushed back into the wild to fix something and let the office jockeys run on it. I felt that I had a successful migration after a few weeks so I moved on to a contract customer of mine that I have had for six years. I upgraded his Dell PowerEdge 1500SC from Windows 2000 Server to 2003 and immediately the users started complaining of problem accessing there QuickBooks files, then the no access turned into file corruption. This customer also runs a older Paradox database system on the server and files started becoming corrupt with it as well. I ran through the basic troubleshooting, then the second phase of troubleshooting all with no victory. I called QuickBooks and they said must be hardware, I called Dell and the said must be Windows Server 2003, so I called MS and they said it must be hardware. To shorten this up some I removed Windows 2003 upgrade and reinstalled Windows 2000 Server and the problems immediately went away. The only thing at time my searches on the internet showed had something to do with Opportunistic File locking features in Windows, but nothing conclusive to me. So I put it on the back burner until yesterday and started searching again, wow what a difference a month makes, now people all over the place are having the same problems with Windows Server 2003 and Database applications, it seems opportunistic file locking is the problem, I found one news group posting where someone stated that Great Plains was experiencing this problem so I took a shot and called our Great Plains contact at MS and he stated that MS had patched it for them but he was not allowed to release it to anyone not running Great Plains. To wrap this up Microsoft has let down an engineer that lives and breathes their product, I make my living off of this software and to be told first that nothing is wrong (must be hardware) and then told that they have a fix but it is only for the big clients is not pretty." Please contact me if you have any information about this so i know if i need to downgrade to 2000 and stop waisting my time and money on 2003. Tag: IIS security question Tag: 326018
  - 2
    - ASP and IIS4 I have an NT4 Server (SBS 4.5) running IIS. All ASP applications that are virtual directories under the default web site (including iisadmin and OWA) will not operate. Either pages are not found or internal server error 500 (no additional error information is disclosed and debugging is enabled). Yet, the administration web site works fine (same as the iisadmin virtual directory but a different port). What gives? I must be missing something simple. I have checked setting betweeen the two but cant find any differences. Tag: IIS security question Tag: 326017
  - 3
    - windows 2003 bug I had set a new web server with windows 2003 enterprise. All my sites are ASP with Access database with the new JET4 engine installed! What a big mistake!!! Since it is up the w3wp.exe stop responding at list once or twice a day! can not find why, can not get help from microsoft or anybody else so far... Log files don't give too much info and I had setup iisstate as well. Anybody have the same problem??? I also found this artical about windows 2003 and database: I ran across this on a mailing list, written by an MCSE, and thought you all ought to be aware of this problem -- at least until it gets fixed. ------------------------- Windows 2003 Gotcha: Opportunistic File Locking "I have been running W2K3 since it was a beta and had no problems with the OS. I then decided it was becoming time to start offering it to my customers so the first step was to get my office running it first. I upgraded the servers all to Windows Server 2003 and as with most engineers I was rushed back into the wild to fix something and let the office jockeys run on it. I felt that I had a successful migration after a few weeks so I moved on to a contract customer of mine that I have had for six years. I upgraded his Dell PowerEdge 1500SC from Windows 2000 Server to 2003 and immediately the users started complaining of problem accessing there QuickBooks files, then the no access turned into file corruption. This customer also runs a older Paradox database system on the server and files started becoming corrupt with it as well. I ran through the basic troubleshooting, then the second phase of troubleshooting all with no victory. I called QuickBooks and they said must be hardware, I called Dell and the said must be Windows Server 2003, so I called MS and they said it must be hardware. To shorten this up some I removed Windows 2003 upgrade and reinstalled Windows 2000 Server and the problems immediately went away. The only thing at time my searches on the internet showed had something to do with Opportunistic File locking features in Windows, but nothing conclusive to me. So I put it on the back burner until yesterday and started searching again, wow what a difference a month makes, now people all over the place are having the same problems with Windows Server 2003 and Database applications, it seems opportunistic file locking is the problem, I found one news group posting where someone stated that Great Plains was experiencing this problem so I took a shot and called our Great Plains contact at MS and he stated that MS had patched it for them but he was not allowed to release it to anyone not running Great Plains. To wrap this up Microsoft has let down an engineer that lives and breathes their product, I make my living off of this software and to be told first that nothing is wrong (must be hardware) and then told that they have a fix but it is only for the big clients is not pretty." If that is the case, do not bother with server at all!!! *** Sent via Developersdex http://www.developersdex.com *** Don't just participate in USENET...get rewarded for it! Tag: IIS security question Tag: 326014
  - 4
    - Dynamic vs Static in Win XP Hi, I have a problem My ISP give me a dynamic IP 10.23.2.143 and I want to use a Personal Web in Internet hosted in my computer, when I use some web like http://checkip.dyndns.org:8245/ to determine my IP this return 200.12.238.166. I tried to see this two addresses in Internet but is imposible, I installed the IIS 5.1, the tcp port is 80. In some web page I saw that some ISP block this port, is possible to use another? and were I find it? This are my caracteristics Windows XP Pro all service packs and updates Cable Mode 2 networks adapters. One is for Internet, the other is for my own network Thanks for help Javier Valverde Tag: IIS security question Tag: 326011
  - 5
    - Permissions to administer IIS What are the minimum permissions a user needs to administer IIS on a Server? I don't want to grant the user Administrator rights to the entire server. Tag: IIS security question Tag: 326008
  - 6
    - about to deply SBS 2003.. any warnings? I'm about to deploy SBS 2003 with 10 user licenses. Anything I should look out for before I dive in? (aside from what is on the ms site) Tag: IIS security question Tag: 326005
  - 7
    - We're getting an error when going to our website People who try to reach our external website (which is nothing more than "brochure-ware") are getting a "403 Forbidden" error message. Now, I know for a fact that it was working just fine a few weeks ago. I edited the home page using FrontPage 2003, just last Wednesday, and from that point onward (I believe) it stopped working. I have to believe that it is because I have edited the file and FrontPage 2003 did something funny; perhaps to IIS, or something else. It is sitting on our servers, which are Windows 2000 Servers, with SP3 installed. That server only have FrontPage 2000 Server Extensions, but than again I felt that it wasn't necessary to install anything higher than that, and like I said it has been working fine when I've edited it before using FrontPage 2003. It has IIS 5.1 installed on it. So, the question is, what do I need to do in order to make it work again? Rod Tag: IIS security question Tag: 325993
  - 8
    - Programmatically setting IIS6's Connection Timeout Guys, help please..... I have a WebService that backsup a couple of databases. This takes time as you can imagine. I need to set the Connection Timeout to a amount slightly larger than 120. I was wondering if this could be achieved other than using the IIS MMC snap in. Can one do this via web.config for egsample? Any help is much appreciated. Regards Mike Tag: IIS security question Tag: 325986
  - 9
    - Performance problems in IIS Sorry if this is a repeat. It's been 3 hours and I haven't seen my question appear I have an ASP application on a 4-way IIS 5.0 server that is running at a moderate level. 99% of the time for a set of pages it runs just fine. 1% of these page hits fall off a cliff and take between 20-60 seconds. At that time the IIS logs do not show any unusual volume. Also other pages may respond quickly during the same time period Some of these pages do no database interaction and are very simple and some of them are just JS or CSS files Any suggestions on how to monitor IIS to understand what could cause such a slowdown Thanks Tag: IIS security question Tag: 325981
  - 10
    - Perl and IIS 6.0 I recently installed ActivePerl 5.8 on my Windows 2003 server with IIS 6.0 installed. It installed fine and supposedly changed the configuration of IIS to work with .pl extensions. I can see that it has enabled Perl CGI and Perl ISAPI in Web Appliations and has added the .pl extenion to application mapping. However, whenever I try to open the simple sample "helloworld.pl" application - I get 403 Access Denied error. I know this is a permissions error - I have read/execute enabled for the IIS Anonymous User and I have given Network Service read/execute to the c:\perl\bin directory (where the perl executable files are). Any ideas? I have looked at Active State and Microsoft's sites - didn't find anything. I have tried this on 2 servers - both the same problem. Both do have .asp pages working correctly. Tag: IIS security question Tag: 325979
  - 11
    - IIS 6 Session_Start Inconsistency??? Setup: - global.asa - Contains Session_Start event which checks to see if the user has a cookie...if so, connect to the database and load their settings into Session from the database. - login.asp - Writes a cookie and loads user settings into Session from the database. (They will not go to login.asp each visit to the site. After they are authenticated the cookie will prevent forcing login for 24 hrs.) The problem we are having is that after the user has logged in and has a valid cookie, an exception may trigger the recycling of a worker process causing them to recieve a new session. At this point, it appears that the Session_Start event is not firing because the cookie is available and the user settings are not being loaded into Session. It is as if the Session_Start event does not fire in each worker process. We know that the Session_Start event works because if we open a new instance of IE while the user has the cookie, theie settings are loaded and they are able to use the application. This was working fine for years with IIS 5 and works with IIS 6 and only one worker process. NOTE: We DO NOT need to share session information across worker processes as I know this will not work and is unnecessary since settings "should" be loaded for each session in each process separately using the Session_Start event. Any ideas? Thanks Tag: IIS security question Tag: 325977
  - 12
    - How to Install on different drive? I'm trying to figure out how to change the default IIS install folder, is there a way? If not how do I move verything (NNTP, SMTP, HTTP) to a different drive after install. Tag: IIS security question Tag: 325973
  - 13
    - IIS crash I am running IISv5.1 with Windows XP Pro SP1 on a local terminal. I am not connected to the server over a network. I use localhost to connect to the IIS server. Everything works fine until I close my browser and reopen it. After that it won't connect again, until I reboot or restart IIS Admin service. Does anyone have a solution? Tag: IIS security question Tag: 325970
  - 14
    - virtual directory referenced in a script I am trying to reference a virtual directory in an asp script. For testing purposes I'm trying to list the contents of the virtual directory in the script. The problem I am having is that when I do so the script returns an error "path not found" even though it is setup correctly. I have tried every combination of "/path" "www.fullyqualified.com/path" \\server\share", etc. What am I doing wrong in referencing the virtual path in my script? Tag: IIS security question Tag: 325966
  - 15
    - Make IIS 5.0 recognize NTFS Permissions?? Okay, I think this should be much easier than it is becoming.... I have a directory under c:\inetpub\wwwroot named "website" and it's accessed via my intranet via http://server/website. What I'd like to do is assign it some NTFS permissions and have those permissions take effect on who can view the web site. What I'm encountering is that nothing seems to work in this fashion. I've played with the IIS security settings but what I think should be right is to leave all options except "Integrated Windows Authentication". The web server is a 2000 server running in a Windows NT domain. The rights on the directory are cascaded so that all the files underneath inherit the rights. One thing I've noticed is that if I set the users to have admin rights on my web server that they can then browse the sight (the "website" directory has both system and local admins set to full rights). Can someone please tell me how I can make only the NTFS group, system and local admins be able to browse this sight? Oh yes, one more piece of info, the site runs on port 80 and both the default and administration web sites on this box is assigned to other ports. I'm buying beers for anyone who helps me figure this out!! Dan Tag: IIS security question Tag: 325960
  - 16
    - ASP 145- HTTP/1.1: New Application Failed I had a new production envrionment running ASP pages, and after 4 days in production, I am getting HTTP1.1/ New Application Failed error. Old environment which worked OK: Windows 2000 Server with SP3, IIS5 with lock down tool ODBC connection from ASP to SQL Server: connection string is driver={SQL Server};server=yjbweblive;uid=Publications;pwd=publications; database=publications New Environment which failed today: Windows 2000 Server with SP4, IIS5 with lock down tool OLE DB Connection Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=Publications;Data Source=Production A quick search on the Internet reveals that this kind of problem occurs with either 1) Bad Global.asa file 2) Inefficient use of database connections (e.g. connections not closed) 3) Someone also suggested that changing the "Application configuration" in IIS from Medium (Pooled) to either High or Low The global.asa file we have not changed and contains: <script language="vbscript" runat="server"> sub Session_OnStart session.Timeout = 30 end sub </script> The database connections, as indicated above has been updated to use ADODB connections instead of ODBC. I also experienced an HTTP/500 error yesterday which resulted in a fix to change the CursorLocation of the ADORecordSet from adUseServer to adUseClient. Note, however, that the first request which result in the above error is for an ASP file which has not been updated yesterday (for CursorLocaiton) SOS- 1) How could I track down the cause of the problem? 2) What would be the impact of changing the "Applicaiton Protection" in IIS Tag: IIS security question Tag: 325955
  - 17
    - Setting up Web Folders on a Server I have a Windows 2000 Pro computer using IIS and hosting a small Front Page website at home. I was just reading about Web Folders and thought they would be a great idea for doing some backup from the office to my home computer. My problem is that everything I find online seems to be related to setting up the client to point to a server that already has web folders set up. How do I set up web folders on the server itself? I'm obviously not looking in the right place. Can someone point me to the right place to find out how to set this up? Thanks Richard Speiss Tag: IIS security question Tag: 325954
  - 18
    - IIS and unix backend has anyone used IIS as the webserver and a Unix box as a disk farm? I currently have a unix/apache environment and would like to use IIS as the server with unix maintaining the webpages. Am I crazy? If so, why? Thanks Rich Tag: IIS security question Tag: 325952
  - 19
    - FrontPage 4.0 Error I get a warning in my event log stating: Error message #50004 There is no web named "". Can anyone please tell me what this means? Thanks in advance. Tag: IIS security question Tag: 325950
  - 20
    - "cs-username" in IIS Log Trying to get the IIS log to capture the cs-username. We have it truned on in IIS, but the log is not capturing the information, any suggestions? Thank you in Advance, Allan Tag: IIS security question Tag: 325944
  - 21
    - How to Re-enable WebDAV after IIS Lockdown Hello. On a Windows 2000 server with IIS 5.0, can WebDAV be re-enabled after IIS lockdown has been run, without undoing the entire lockdown? If so, how Thank you Ron Sochanski Tag: IIS security question Tag: 325941
  - 22
    - Can't View One Website I'm having trouble viewing one certain website. I have a wireless connection at my home and I can get to all other websites just fine. I can even access the website at my place of work, and I have a wireless connection through the same ISP as I do at home. I called my ISP about this and they checked into it further to see if there was some sort of routing issue, however they said that they cannot find anything. Plus, if there is a routing issue, I wouldn't be able to get a complete tracert, and I can. I can ping it just fine too. I don't understand it. What can I do to solve this problem? Tag: IIS security question Tag: 325939
  - 23
    - Don't install Crystal Reports 9 over VS.NET 2003 Maybe is this issue for everybody very obviously, but perhaps can help somebody. I didn't find anything about it in the newsgroups After installing Crystal Reports 9, IIS does not work anymore, when trying to see an html under localhost. It appears on the browser: "Logon failure: user not allowed to log on to this computer. Asp-Pages no longer function. When opening an asp-page error in event log: "Server failed to load application "/LM/W3SVC/1/ROOT" no such interface supported. In VS.NET could not open any WebApplication, and couldn't do a new one Lucky, I have XP on my machine and I just restore the system to the point right before Crystal where installed, and all worked just like before (cool XP!) Afterwards find out in: http://support.businessobjects.com/library/kbase/articles/c2013041.asp the whole thing... (yes I know, I should have begun there... Good luck Tag: IIS security question Tag: 325935
  - 24
    - IIS Cache When I make modifications to an asp/html file sometimes IIS doesn't pick up the changes for a couple hours (i.e. shows the cached version). The ASP/HTML files are all located on a clustered file share. Can I clear the IIS file cache with restarting the server Thanks!! Tag: IIS security question Tag: 325930
  - 25
    - hosting on adsl Hi, Anyone tried to host IIS on 1mb adsl connection. Not sure what upload speeds to expect. BT contention ratio is 1:20 i think. Im just wondering if this is a possibility assuming no more that 10 concurrent users viewing html pages with occasional download of 1-15mb. What sort of problem would i expect ? I have hosting several IIS machines on a single 1MB telewest cable connection (1:7 contention) with no major problems. (this is 950k downlaod 256 upload in theory). Thanks for any advice. Scott. Tag: IIS security question Tag: 325929

just started a www server using IIS 5.01 and found some strange
entries on log file, could anybody explain what these are? It seems on
the 1st glance that smb. wanted to access a console on the computer, and
i am unaware if he succeded, is there a possibility to find out?

11:40:29 - HEAD /scripts/..Á%pc../winnt/system32/cmd.exe
11:40:30 - HEAD /winnt/system32/cmd.exe
11:40:35 - HEAD /scripts/..ðEUREUR¯../winnt/system32/cmd.exe
11:40:39 - HEAD /winnt/system32/cmd.exe
11:40:44 - HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe
11:40:47 - HEAD /winnt/system32/cmd.exe
11:40:49 - HEAD /scripts/..Á%8s../winnt/system32/cmd.exe
11:41:02 - HEAD /winnt/system32/cmd.exe
11:41:35 - HEAD /scripts/..%5c../..%5c../..%5cwinnt/system32/cmd.exe
11:41:39 - HEAD /scripts/..%5c../winnt/system32/cmd.exe
11:41:40 - HEAD /winnt/system32/cmd.exe
11:41:42 - HEAD /scripts/winnt/system32/cmd.exe
11:41:45 - HEAD /winnt/system32/cmd.exe
11:41:46 - HEAD /winnt/system32/cmd.exe
11:41:48 - HEAD /scripts/winnt/system32/cmd.exe
11:41:56 - HEAD /winnt/system32/cmd.exe
11:42:21 - HEAD /winnt/system32/cmd.exe

And a 2nd one containing strange entries, anybody knows what this 'hash' is?

18:49:43 - GET /.hash=4810cf41028aa6a5c61c8acbb8c5b7f404f5c5d1
17:42:20 - GET /.hash=5255433cb5e132fafdcd2daf1b355ad28cdca05e
15:37:13 - GET /.hash=f54637d66b30fb82fcaf6035ba8f2ab5fb1384ef

Any help mostly appreciated.

Top

Re: IIS security question by Dan

Dan
Wed Mar 03 10:08:58 CST 2004

<user@domain.invalid> wrote in message
news:egJwjVTAEHA.2632@TK2MSFTNGP12.phx.gbl...
> just started a www server using IIS 5.01 and found some strange
> entries on log file, could anybody explain what these are? It seems on
> the 1st glance that smb. wanted to access a console on the computer, and
> i am unaware if he succeded, is there a possibility to find out?

> 11:41:56 - HEAD /winnt/system32/cmd.exe
> 11:42:21 - HEAD /winnt/system32/cmd.exe

Looks like standard exploitation script looking for holes - probably
somebody's computer that they've never patched up doing it without them even
knowing.
Have you got URLScan installed? It should help filter this out.

Make sure server (Xp?) is patched up as well.

> And a 2nd one containing strange entries, anybody knows what this 'hash'
is?
>
> 18:49:43 - GET /.hash=4810cf41028aa6a5c61c8acbb8c5b7f404f5c5d1
> 17:42:20 - GET /.hash=5255433cb5e132fafdcd2daf1b355ad28cdca05e
> 15:37:13 - GET /.hash=f54637d66b30fb82fcaf6035ba8f2ab5fb1384ef

Not quite so sure about this one, but I'd guess it's the same as above-
trying to exploit a possible vulnerability.

Top