Category Archives: Windows Server

DotNetNuke 6 install onto Windows 2008 R2 Server

Here is the proper way to avoid getting the dreaded “System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.” error while attempting to get DotNetNuke 6.x installed onto Windows Server 2008 R2.

  1. download and extract the DNN installer.  In my case, I downloaded DotNetNuke_Community_06.01.03_Install and extracted it into a temporary directory.
  2. Make sure you add feature .NET Framework 3.5.1 Features, and enable ASP.NET at the same time
  3. In my case, I am installing DNN to the root of a new subdomain, so I created a new folder in my website directory named for the domain name.
  4. Copy over the DNN files into your website directory
  5. Go to the IIS manager and setup a new website and point it to your directory
  6. Make sure you add default.aspx as the default document type
  7. Make sure you create a new dedicated application pool.  In my case I used DNN as the name of the application pool.
  8. on your WWW directory, grant the following permissions.  {machinename}\IUSR (full control), ASPNET (F.C.), Network Service (F.C.)
  9. Using SQL manager, create a new database for the site.  An empty database will suffice.  Create a login for the database.
  10. Update the SQL server connection strings in the web.config file to point to the database server and using your UN/PW from above.
  11. Now try accessing the site you’ve created and you will get this error:
    1. Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application’s trust level in the configuration file.
      Exception Details: System.Security.SecurityException: Request for the permission of type ‘System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ failed.
    2. Application Error b77a5c561934e089
  12. To solve that, go to the Application pool and edit the Application Pool you created for this site, in my case it is DNN
    1. Click Advanced Settings
    2. Set Managed Pipeline Mode to CLASSIC
    3. Set Identity=Network Service.
    4. Click OK
    5. Click Recycle
    6. Go back to the IIS manager and do a restart of the IIS service on the webserver.
    7. Application Pool Advanced Settings
  13. Try to access your DNN site again now and it should work properly.
  14. Complete the DNN wizard and you should pass all tests (like permissions)

IIS WordPress images 500 error

If you are here you probably are having the dreaded “broken images” problem while running WordPress under IIS.

You may have found this issue by looking at the IIS logfiles for your site and seeing 500 errors logged when it’s supposed to be pushing out images.

I will save you a lot of time.

This is all about fixing permissions so that images/media/files uploaded via WordPress will properly render.

This is the fix for the infamous “500” error that is thrown when your server has wrong file permissions and the visual result is all the images you uploaded are “broken images” and won’t display. Also called HTTP Error 500.50 – URL Rewrite Module Error when you have Detailed errors on.

  1. Don’t sweat it, I will save you HOURS of time on this one.   Thanks to the article I found here after HOURS of tracking this issue down, this problem is caused because PHP first uploads the document to a temporary directory (by default C:\Windows\Temp), and then moves it from that directory to the actual /blog/wp-content/uploads/ subdirectory.  What happens is that because IIS does not have any permissions to your “C:\Windows\Temp” directory, when the file is uploaded there, then moved by PHP, the file inherits NO permissions.  So when IIS trys to serve out that file from your /blog/wp-content/uploads/subdirectory it throws a 500 error and that is actually a permissions error.
  2. The solution:  on the Windows\Temp folder, grant “modify” permissions to both IUSR and {servername}\IIS_IUSRS user accounts.
  3. Now when you upload files via PHP and PHP moves them to the correct directory, the files will have the correct permissions and can be accessed.
  4. Important note #1:  If you already have uploaded files and are getting the dreaded broken images issue, go to the /blog/wp-content/uploads/directory and replace/update the permissions to add access for both user accounts noted above.  That will solve that issue.
  5. Important note #2: as with any change off the defaults for Windows, you do this AT YOUR OWN RISK.  It’s up to you if you want to grant the Windows\Temp directory permissions for those two accounts.  If you don’t PHP won’t be able to upload without the 500 issue (unless you move the PHP temp folder elsewhere and grant those accounts access to the other folder).  Do these changes at your own risk… I cannot and won’t take any responsiblity for your systems.  Please know what you are doing.

UPDATE: 04/29/2011:  One reader commented to me that he is concerned about changing security permissions on the Windows TEMP directory, and he noted that you can also edit the php.ini file and change the location of the “upload_tmp_dir” variable and point it to another location.  It’s up to you how you want to do this, as long as you have the right permissions mentioned above, your WP images and future uploads will work fine.

 

Trying to install/run ASPDOTNETSTOREFRONT on W2K8R2 Windows 2008 R2 Server

If you happen to get this message when trying to launch ASPDOTNETSTOREFRONT under Windows 2008 R2 Server:

The page you requested has generated an error. Please visit our homepage by clicking this link.

The issue is most likely that you are running a 32 bit version of ASPDOTNETSTOREFRONT on a 64 bit server.

to fix this:

  1. IIS Manager
  2. Application Pools
  3. click on the application pool for the ASPDOTNETSTOREFRONT app
  4. advanced settings
  5. Enable 32-bit applications = TRUE
  6. Click recycle

Retry your application.  It should work now.

 

Sothink Video Encoder for Adobe Flash under Windows 2008 Server

Need help getting the Sothink Video Encoder for Adobe Flash working under W2K8 or W2K8 R2 server?

Here is how to properly configure your server:

  1. Install the Sothink Video Encoder for Adobe Flash software and register it using your registration key.
  2. In the destination folder for the videos, you will need to grant {machinename}\IUSR full control.
  3. the MyRequest.dll file (for ASP) won’t work properly, so if you are using ASP, you will need to use some other method to upload files to the server.  One good choice is ASPUPLOAD.COM
  4. Presuming you have already setup a site under the IIS 7.5 management tool, you need to change the pool to LOCAL SYSTEM.  Do this by locating the application pool for this site, then click ADVANCED SETTINGS (on the right nav) and under PROCESS MODEL, for Identity, select LOCALSYSTEM
  5. Click OK to close out of the property page above, then click RECYCLE
  6. You will need to grant scripts and executables property to the site.  It’s different under IIS 7 and IIS 7.5 to do this… so on the site home, open HANDLER MAPPINGS, and click “edit feature permissions” and check execute.  Then click OK and exit out.
  7. I would advise at this point to restart IIS on this box by clicking the server name and then RESTART in the right nav.
  8. If you’ve done all the above properly, you should have no problems encoding videos using Sothink Video Encoder for Adobe Flash on a Windows 2008 server.

 

IIS 7 and IIS 7.5 script map .htm to asp.dll

I recently upgraded a site from a Windows 2003 server to a Windows 2008 R2 Web Server and needed to be able to continue running .htm files through the ASP engine, because many of the pages on the site comingled ASP and HTM.
After spending about 3 hours looking into this, I finally worked out the process (below). I hope this gives some of you a time savings!
  1. Make sure that ASP is installed on IIS 7 or IIS 7.5 (obviously)
  2. Setup your web site
  3. Your ASP files should work normally
  4. to allow your .htm files to run through the ASP engine, do the following
  5. On your IIS 7 or IIS 7.5 server, go into the C:\Windows\System32\inetsrv\config directory and edit the file applicationHost.config (you will need to do this in administrator mode, or do it from a different computer networking over to that server, otherwise Windows will protect that file and won’t allow you to change it.)
  6. Scroll all the way to the bottom and look for the section that corresponds to your web site <location path=”Your Web Site”>
  7. Change/edit the code block to add in the HANDLERS and HTM map below
  8. <location path="Your Web Site">
    <system.webServer>
    <asp appAllowClientDebug="true" scriptErrorSentToBrowser="true" />
    <handlers>
    <add name="htm" path="*.htm" verb="*" modules="IsapiModule" 
           scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="File" />
    </handlers>
    </system.webServer>
    </location>
  9. Save the file.
  10. Restart the web server in the IIS Manager by right clicking the server name.
  11. Test your site. .HTM pages should now work as ASP files by running through the ASP.DLL

WordPress Windows 2008 Web Server R2 IIS 7.5 setup

I thought I would share a few important tips on getting WordPress 3.x to work properly – with PERMALINKS / SEO friendly URL’s.  It’s taken me a lot of trial and error to figure out the finer points, but assuming you can get it installed, these tips should help you get it 100% functional.

  1. to install, use the Microsoft Platform Installer 2.0, and let it do the work of installing PHP, WordPress etc.  IT IS FANTASIC!!! It will automatically setup PHP/FASTCGI for you and it is slick!  You can access the direct link to install WordPress on IIS here http://www.microsoft.com/web/wordpress/
  2. Secondly, I am going to make an assumption you are installing this as a subdirectory on your root site, such as www.mysite.com/blog.  If you are installing this to the root the same directions will basically apply but you’ll need to figure out which setting will need to be adjusted to put WP on the root.
  3. Third, we use a dedicated MySQL 5.x box, so we don’t install MySQL as part of the MPI 2.0 install (from step 1).  If you don’t already have a MySQL server you’ll need to let it install that as well, or make a new empty database on your MySQL box and use that info as part of the install process.  For security and speed reasons, a dedicated server for MySQL is the best choice, but not everyone has the resouces to permit a dedicated server.
  4. Under IIS 7.0 or 7.5, make sure you have downloaded and installed the free URL REWRITE 2.0 add-in for IIS.  This is a free download here: http://www.iis.net/download/urlrewrite
  5. PERMALINKS.  Once you get WP installed and are able to login to the admin interface, it’s pretty simple to get permalinks running.
    1. in the WP admin, go to SETTINGS->Permalinks.  We chose to use the “DAY AND NAME” setting.  Any other setting is your choice.  Pick a setting and click save changes.
    2. make sure you have a web.config file in your /blog/ subdirectory. 
    3. here is what your web.config file should look like – customized just for WP 3.0 in the /blog/ subdirectory (below).  (Download a ZIPPED copy of my file here)
    4. <?xml version=”1.0″ encoding=”UTF-8″?>
      <configuration>
        <system.webServer>
          <httpErrors errorMode=”Custom” />
          <rewrite>
            <rules>
             <rule name=”Main Rule” stopProcessing=”true”>
              <match url=”.*” />
              <conditions logicalGrouping=”MatchAll”>
               <add input=”{REQUEST_FILENAME}” matchType=”IsFile” negate=”true” />
               <add input=”{REQUEST_FILENAME}” matchType=”IsDirectory” negate=”true” />
              </conditions>
             <action type=”Rewrite” url=”index.php” />
            </rule>
         </rules>
          </rewrite>
          <defaultDocument>
            <files>
              <clear />
              <add value=”index.php” />
            </files>
          </defaultDocument>
        </system.webServer>
      </configuration>
    5. Save this into your web.config file – this is all you need for WP running in the /blog/ directory.  Once you replace your file with this one your permalinks should work flawlessly.
  6. Troubleshooting.  One easy way to troubleshoot things with your WP install, is to enable DETAILED errormode.  To do this, edit your web.config file within the /blog/ folder and change just the one line above to this <httpErrors errorMode=”Detailed”/>  Of course when you are all done and going live with WP, change that line back to “Custom”
  7. Fixing permissions so that images/media/files uploaded via WordPress will properly render.  This is the fix for the infamous “500” error that is thrown when your server has wrong file permissions and the visual result is all the images you uploaded are “broken images” and won’t display. Also called HTTP Error 500.50 – URL Rewrite Module Error when you have Detailed errors on.
    1. Don’t sweat it, I will save you HOURS of time on this one.   Thanks to the article I found here after HOURS of tracking this issue down, this problem is caused because PHP first uploads the document to a temporary directory (by default C:\Windows\Temp), and then moves it from that directory to the actual /blog/wp-content/uploads/ subdirectory.  What happens is that because IIS does not have any permissions to your “C:\Windows\Temp” directory, when the file is uploaded there, then moved by PHP, the file inherits NO permissions.  So when IIS trys to serve out that file from your /blog/wp-content/uploads/subdirectory it throws a 500 error and that is actually a permissions error.
    2. The solution:  on the Windows\Temp folder, grant “modify” permissions to both IUSR and {servername}\IIS_IUSRS user accounts. 
    3. Now when you upload files via PHP and PHP moves them to the correct directory, the files will have the correct permissions and can be accessed.
    4. Important note #1:  If you already have uploaded files and are getting the dreaded broken images issue, go to the /blog/wp-content/uploads/directory and replace/update the permissions to add access for both user accounts noted above.  That will solve that issue.
    5. Important note #2: as with any change off the defaults for Windows, you do this AT YOUR OWN RISK.  It’s up to you if you want to grant the Windows\Temp directory permissions for those two accounts.  If you don’t PHP won’t be able to upload without the 500 issue (unless you move the PHP temp folder elsewhere and grant those accounts access to the other folder).  Do these changes at your own risk… I cannot and won’t take any responsiblity for your systems.  Please know what you are doing.
  8. Another site with good info on WordPress/IIS installs is here

Best of luck on your Windows 2008 R2 IIS 7.5 WordPress install. We use it here and it is fantastic!

Server name does not show up under Network

I recently came across this problem where one of our servers would not show up in the “browse list” under the “Network” icon in Windows 7.  I also checked this same issue from other computers Network Neighborhoods and verified it was just this one server “webserver6” which was not showing up.  We are in a standard Windows AD (Active Directory) network here with a DHCP and DNS servers and two domain controllers.  I checked all the settings on those boxes and they all looked fine, so I suspected the issue was solely with that one particular server.

I examined the server (a standard Windows 2008 server box), and all the settings looked fine.  Static IP (yes), correct DNS servers (yes), enable NetBIOS over TCP/IP (yes), so the problem must be somewhere else.

I then checked the services and found that the COMPUTER BROWSER service was disabled.  I set it to automatic and started the service.

Since this particular server is a virutal server under the latest version of Hyper-V.  I shut down the server and checked the settings in the Hyper-V manager.  I noticed that this particular server was set to a “DYNAMIC MAC” address.   I switched that to STATIC.

Rebooted my workstation and “webserver6”.  Wow!  The server now shows up under the Network list.

Here are the steps again in a more formal list:

  1. Check to make sure the server has a static IP
  2. Check to make sure the server is using the correct DNS server (probably your AD domain server)
  3. Make sure NetBIOS over TCP/IP is enabled
  4. Make sure the Computer Browser service is started and set to Automatic
  5. HYPER-V machines:  Check to make sure the network adapter that the server is using is set to a STATIC MAC address.  (Not sure if this one makes any difference, but that type of a server shouldn’t be using a dynamic MAC address anyways).
  6. Reboot the server in question and your local workstation
  7. Server should show up if all the above is OK.

ADDENDUM 12/6/2010:

Another thing to check is your Windows Firewall settings. I had another server that would not show up on the Network list until I turned off the Windows Firewall.  That wasn’t a problem for us because we have a separate firewall that protects our systems.  But you need to use your own judgement and take that action on your own choice.  We aren’t responsible for your systems so I would presume that you know what you are doing and the risks of disabling Windows Firewall.

Classic ASP file upload limit of 200kb in IIS 7

During the process of migrating a site to IIS 7 we came across an issue with Classic ASP file uploads throwing 500 errors when larger than 200kb. There is an EASY fix for this.

In IIS 7, click your site and expand it then click the ASP icon.

Expand the Limits Properties icon, and change the value in the “Maximum Requesting Entity Body Limit” to a value larger than 200000 (which is about 200kb). 2000000 would be roughly 2mb, 20000000 would be 20mb.

Click the APPLY button. That’s it!

Serve static content from a cookieless domain – Google Page Speed Tip

Ok, so you are using the Google Page Speed plugin for Firefox and you can’t figure out how to clear the “Serve the following static resources from a domain that doesn’t set cookies” issue so that you score better…

First off, since we are using the Windows platform for our hosting, this entire post is making a big assumption you are too. If you are using some other platform or don’t have complete console or remote desktop access to your server, you can read on, but you’ll need to figure out this on your own.

The main thing you need to do is to REGISTER A NEW DOMAIN – or use one you’ve never used before – to specifically use for image and non-html things like JS and CSS.

If the web site is at this-is-my-site.com you should register this-is-my-site-static.com or something similar. YOU MUST register or use a completely different domain name than the base site.

Why is this? Because the way browsers store and cache cookies locally, even if you create a subdomain of your existing site, like static.this-is-my-site.com, the Google Page Speed score will still detect that that domain accepts cookies, and this will not suffice. Pick a domain that you’ve never used or hosted before and this will work fine. Keep in mind your web site visitors are NEVER going to know your images on are a different domain unless they start poking around in your HTML source code anyways.

This specific information will reference IIS 7.0, so if you are on an earlier version feel free to comment and I will see if I can pass along the settings.

So now that you’ve got your new and unused domain name ready to do, setup a new web site instance on your web server, preferably the latest OS such as Windows 2008 server.

DO NOT START the site after you set it up. Bind the site IP to the new domain name.

Bind it to the NO-MANAGED-CODE Application pool.

On this specific site you created, double click HANDLER MAPPINGS. Remove ASP, ASP.NET, PHP or any other script based handlers that appear here. ISAPI ones are OK to keep.

Start the web site instance.

You’ll now need to copy over your images to the new domain (via FTP or however).

Copy the following types of files

  • All images – png, gif, jpg
  • CSS files
  • favicon.ico file
  • JS files

In your HTML on your base site you’ll need to update ALL the image, CSS, JS, Favicon, and JS references to point to the server. You should know how to do this if you can get this far. We are talking HTML 101 here… 🙂

If you’ve done this all properly, re-run the Google Page Speed plugin and it should remove these issues off your task list and change them to “green checks”. If it doesn’t you probably have some script engine enabled on the domain and it is setting a cookie automatically (like ASP.NET). Remove it off that site.

Here at Amixa we use a dedicated server with all the script engines (ASP, ASP.NET, etc.) completely disabled to “serve cookieless domain content”.

TS Gateway – the poor man’s GotoMyPC

Want to connect into your business network, but don’t want to spend the $$$ paying for multiple GoToMyPC accounts?  Well, if you have control over your firewall, a static IP, Windows Server 2008 or later on your business server, and enough technical expertise, you can likely use Terminal Services Gateway service (TS Gateway) to connect into your computer (or any modern Windows OS computer on your LAN), for free!

  1. Start by reading the official Microsoft TS Gateway step-by-step guide.  Be aware even for me, a tech geek, that contains a pretty heavy duty dose of tech-babble.
  2. Configure your Windows 2008 server by reading these directions
  3. Configure each remote client (like your laptop) by reading this

Rather than re-hash all the above content, I will point out a few areas in which you may experience problems configuring  TS Gateway.

  • Configure a DNS record for your domain and point it at the office IP address, such as tsgateway.yourdomain.com point to your office IP.  If you don’t know your office IP, look at your firewall.  You will need a static IP or the capability to use a Dynamic IP address tracking service. If you don’t know what I am talking about already, this is not for you- use GoToMyPC!
  • While setting up the server, just create a “self signed” SSL certificate, and make sure you use the domain name you configured above to generate the self signed SSL, such as tsgateway.yourdomain.com
    • You will need to install this self-signed SSL into BOTH the server and client Trusted Root Certification Authorities store (the above links detail this process).
  • After the TS Gateway setup is complete, go check the IIS server BINDINGS for your default site and make sure the SSL certificate from above is properly installed onto your site.
  • These self-signed SSL certs expire after 6 months, so every 6 months you’ll need to generate a new one using the TS Gateway manager, or you can obtain a low cost SSL from GoDaddy or somewhere else that you can use as well. My advice is to just use the free self-signed ones.  If you are using self-signed ones just setup an Outlook recurring calendar event to remind you a week before each 6 month period.
  • Firewall configuration.  This is the most important part of the whole setup.  If the traffic can’t even get into your network, none of the above will work.
    • In general this is a two part process.
      • First, configure your NAT mappings, to map inbound port 443 TCP to your internal server IP address.
      • Second, add a rule to permit HTTPS traffic from anywhere to your internal server IP and HTTPS port 443
    • If you have properly configured your firewall, and imported in both the client and server SSL cert, go to an outside connection with your laptop (like a coffee shop) and go to https://tsgateway.yourdomain.com and see if you get the IIS 7.0 server multi-language single page splash screen.  If yes, then your TS Gateway setup is one step closer to working.
  • Enable all logging via the AUDITING tab.  These events will log to the Event Viewer in the area below.  This is extemely handy for troubleshooting things.

TS Gateway getting knocked offline due to IIS Restart

If you restart your IIS server at anytime, your TS Gateway service will get knocked offline.  As of June 27, 2010 this is a documented issue with Windows Server 2008 and later.

If you see an error in the TS Gateway event log that looks like this:

The TS Gateway service is shutting down. To diagnose possible causes for this problem, verify whether the following services are installed and started: (1) World Wide Web Publishing Service (2) Internet Authentication Service (IAS) (3) RPC/HTTP Load Balancing Service. Also, check Event Viewer for Network Policy Server (NPS) and IIS events that might indicate problems with NPS or IIS.

or if your client computer (laptop) that is trying to connect from the outside, gets an error like this

Remote Desktop Disconnected
----------------------------------------------
This computer can't connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.

You need to go to the service manager and make sure the following services are started:

  • Terminal Services Gateway
  • RPC/HTTP Load Balancing Service
1 2 3 4