Category Archives: IIS Tips & Tricks

Classic ASP switch to TLS 1.2

I recently came across a failed PCI scan for one of our clients.  This failure was due to TLS 1.0 being enabled on that Windows server.

We ran IISCRYPTO (link) and disabled TLS.

Upon restarting the server, the Classic ASP site threw the following error:

Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC SQL Server Driver][DBNETLIB]SSL Security error

That error is because the web server is no longer using TLS 1.0 and the Classic ASP application (web site) is using too old of a driver on the server, to communicate with TLS 1.1 and/or 1.2.

To get around this, go download the latest ODBC driver from Microsoft, which is version 13.1 as of today.  You will most likely need to install the 32-bit version (as most ASP apps run in 32 bit mode).  Link here

Install that driver.

then go to your Windows server, Administrative tools and open the ODBC Data Sources (32-bit)

The 32-bit ODBC Administrator is found here: C:\Windows\SysWOW64\odbcad32.exe

go to the SYSTEM tab

add a new data source

Pick “ODBC DRIVER 13 for SQL Server”… (hit finish)


put in the name (no spaces or punctuation)

server name (or IP address) (NEXT)


authentication (USE SQL server auth, enter the LoginID and PW) (NEXT)


continue, then test the connection (it should work).

go to your Classic ASP application.



You will need to update the connection string to this:


You can now use IISCrypto and disable TLS 1.0

Reboot the server

re-test your Classic ASP app and now you should be up and running on TLS 1.1 or 1.2





WordPress 4.x auto updates under windows

If you want your WordPress install to do auto-updates (in a Windows Server based hosting setup), you need to do one simple step.


Edit the hosts file.

Put a local IP in there for the domain name of the site.

Save the changes.



Re-log into WordPress and go to dashboard-updates and in there it should tell you “future updates will be automatically applied”

Why is all of this needed?  WordPress uses PHP CRON and that is reliant on the server being able to find the local website.  Therefore it is necessary to put a hard-coded IP in the hosts file so the CRON job can “see” the wordpress site.  Without the hosts entry the website will resolve to the external IP of the site, and you will have an unreachable IP issue and auto-update won’t work.

Proper FTP setup via IIS using Passive FTP

Since PASSIVE FTP seems to be a relative standard (that I experience), and since most clients don’t understand or want to use “ACTIVE” FTP, here is the easy way to configure your firewall and FTP software on an IIS machine to permit PASSIVE FTP.

Firewall Setup

You’ll need two rules and one “one to one” NAT mapping (this may vary a bit due to your firewall software).

The one to one NAT mapping needs to map the external IP address to the internal IP of the server.  Such as “” mapped to “”

One rule to allow the world into TCP port 21, mapped to the specific server in question.  (Allow * from ANY to TCP port 21).

Second rule, specifically for PASSIVE FTP.  Allow * from ANY to on ports range 50000 to 50100.

FTP Server Setup

We normally use Filezilla Server (latest version, of course).

Add a user and setup the standard settings.

Passive settings are as follows (below).

Most importantly, the “X.X.X.X” area below is your PUBLIC IP that is mapped through your firewall.

Click OK and save the settings.



FTP Client Settings

Nothing fancy here, just check to make sure the settings look like this:


Throttling bandwidth on an IIS based site

If you need to throttle (or limit) the amount of bandwidth a specific site on Microsoft Server — this is for you.  This should work with any Microsoft Server OS from 2008 to present. Open IIS. Go to the specific site in question (in the tree to left expand and click on the specific site name).

on the right side panel, click Configure — Limits.

Check “limit bandwidth usage” and type in a number.

Click OK.


How to stop attacks on your site via IIS

Often we see hack-bots or other automated hacking tools crawling our sites and hammering various pages looking for vulnerabilities.  There is an easy way to put a stop to this through Microsoft IIS 7.0 (and later).

Make sure you have the “IP Address and Domain Restrictions” module loaded in IIS (if not, install it.)

Launch it and add a DENY entry.

If the attacker is coming from AAA.BBB.CCC.49, I usually put a range block in there from


At that point I usually restart the server because I’ve noticed that these blocks do not tend to take effect until (at minimum) the whole IIS process is restarted.  Restarting the box works for me.

Attacks blocked…

eXtplorer does not allow login under PHP 5.6 and IIS Windows Server

Have you deployed out eXtplorer and received this error:

PHP Deprecated:  Non-static method PEAR::isError() should not be called statically, assuming $this from incompatible context in X:\XXXXXX\\www\libraries\JSON.php on line 828

it’s an easy fix.

edit the file


edit line 247

change this:

function isError($data, $code = null)

to this:

static function isError($data, $code = null)

How to prep a Windows 2012 R2 Update 1 server for PHP / WordPress

1) Presuming you have already loaded the OS onto the machine (whether virtual or physical)
2) Join the machine to your business domain
3) windows updates
4) reboot
5) windows updates (again until no more updates)
6) configure role -> Web server and under Application Development, pick .NET Extensibility 3.5
7) once that is complete, run windows updates again
8) probably you’ll need to reboot
9) check windows updates ONE MORE TIME
10) install the Web Platform Installer (version 5.0 as of this post), from here:
11) after the WPI is installed, run it and choose the following: PHP 5.6.0 (or later), Windows Cache Extension 1.3 for PHP 5.6, PHP Manager for IIS
12) install those programs, when complete, open the IIS manager
13) verify that you see the following: URL Rewrite, PHP Manager under the main server features panel
14) download the latest version of PHP. (for me, it was 5.6.3)
15) unzip and move it to a new folder under “Program Files (x86)”\PHP\ called v5.6.3 (you should see v5.6 in there).
16) Make a folder called PHP-TEMP on the C:\ root
17) Give it the following permissions, IUSR and IIS_IUSRS to full control
18) Go to the PHP manager and register the new version
19) in the PHP manager, go to Manage all Settings and update the following:
Error Log -> PHP-TEMP directory
Memory_limit = 512mb
Post_Max_size = 10M
upload_max_filesize = 10M
upload_tmp_dir -> PHP-TEMP directory
SMTP->your internal email server IP
session.save_path -> PHP-TEMP directory
20) stop the default site
21) create your new site
22) make sure a static IP is assigned to the server for step 21
23) make sure firewall rules are in place to permit traffic to that IP
24) move or deploy the new wordpress site
25) adjust IIS settings-> Logging location and daily roll over, URL Rewrite rules for domain name and wordpress
26) you should have a web.config file from a previous (working) wordpress install. Use that for the above two things.

>more to come<

ASPMAKER v11 Image Resizer not working under IIS

If you are using ASPMAKER by HKVSTORE to build web admin interfaces, and you’ve arrived at this page, it’s likely because the Image Resizer ASP.NET add-on is not working for you.

Does this look familiar to you?

Warning: ASP.NET 2.0 or later is required but ASP.NET script is not executed properly on this server:

see this screenshot:2014-07-08_15-47-49Here is the solution to the issue.

  1. You need to have a HOSTS file entry on the server that will allow the server to resolve the domain name for the website you are using ASPMAKER and the Image Resizer on.  This is because the ASP.NET resizer uses MSXML2.ServerXMLHTTP to locally fetch and resize the image.  If there is no HOSTS file entry on the local server, there is no way for the resizer to work.
  2. Open the HOSTS file and add an entry like this
  3.  X.X.X.X
  4.  Make sure the upload folder is set properly in ASPMAKER here:file temp
  5.  This path will be relative to the folder you have deployed the ASPMAKER files to on the server.  For example, if the ASPMAKER files are in the directory /123/ then the upload folder (pictured above) will be /123/upload-temp/
  6. set the permissions properly on the /upload-temp/ folder.  this means adding machinename\IUSR and granting full control.
  7. Inside ASPMAKER, make sure the destination folder is correct. Note I had to use “../” to get ASPMAKER to upload to the correct path off the root.  It is NOT necessary to grant this folder any special permissions.correct-path
  8. Make sure the base site itself has a valid application pool assigned.  Here’s what mine looks like (It is not necessary to have an application for the subdirectory where the ASPMAKER app). app
  9. NOTE: depending on your setup, it may be necessary to set the .NET CLR version to v.2.X above.  (I HAD TO USE v.2.X for my setup…)
  10. Adjust the maximum file upload size in ASP.  ASP->Limits Properties ->Maximum Requesting Entity Body Limit.  The default value is 200,000 (200000) which is 200,000 bytes.  I upped mine to 20,000,000 (leave out the commas here).
  11. Launch the ASPMAKER web admin and try uploading an image.  The above should take care of all the issues.

Let me know if this saves you a headache!



Permission denied error dealing with Classic ASP loadpicture

To solve the following error, which is generated by the loadpicture object

Microsoft VBScript runtime error ‘800a0046’
Permission denied: ‘loadpicture’

set myImg = loadpicture(“C:\aaa\asdf.jpg”)


The solution is to simply add this permission as full control


to the directory in which this object is going to work…

How to migrate WordPress 3.X from one domain to another

I recently came across this situation on a client site where they wanted to change their domain from something like to and their site runs on WordPress 3.91. This is also applicable if you develop a site on a testing url like “” and you want to change the site to run off “” when it goes live. After a lot of research and trial & error, here is the easiest approach to handle this.

  1. go to plugins and download and install Velvet Blues Update URLs 3.2.2
  2. go to TOOLS -> Update URLs
  3. enter the OLD DOMAIN and the NEW DOMAIN
  4. check all the checkboxes that apply (I have always checked all 6 checkboxes and never had any issues)
  5. click on UPDATE URLs NOW
  6. go to settings -> general and update the domain info in there.  Save the changes.
  7. At this point you need to adjust your web server settings to begin serving and responding to the site on the new domain name.
  8. You can now access the site from the new domain name and all should be fine!


1 2 3