IIS 7.5 and IIS 8.0 European Hosting

BLOG about IIS 7.5 Hosting, IIS 8.0 Hosting and Its Technology - Dedicated to European Windows Hosting Customer

SSL Installation issue on Windows 2008r2: How to Fix a “CertEnroll::CX509Enrollment::p_InstallResponse: ASN1” Certificate Private Key Error

clock September 18, 2013 08:17 by author Ronny

This error means that the private key does not match the public key (the .crt file).  The keypair is not successfully joined into a working SSL certificate.

 

Here solution to resolve this error

1. (Start button -> RUN -> Type : MMC)

2. Choose Tab “File”

3. Add/Remove Snap-ins -> certificates and click “Add >”.

4. Select “Computer account” and Finish. OK

 

5. Personal > Certificates >  right-click and select All Tasks > select Import > guide to the .crt file.)

6. Double-click the crt certificate file you just imported -> select the Details tab, scroll all the way down to Thumbprint and highlight Thumbprint.

7. In the lower pane, block and copy all the letters of the thumbprint.  Paste the thumbprint characters into notepad.  Open the command prompt and run this command: Certutil /?

8. The command you’ll want to run is:

certutil -repairstore my “{PASTE THE CODE }”

9. When you see “CertUtil: -repairstore command completed successfully” the private key will be associated with the .CRT file in the personal store. The certificate should show up in IIS 7.5 under Server Certificates.

10. Now you should be able to assign the SSL certificate to the appropriate website(s).



European IIS 7.5 Hosting - Amsterdam :: Managing IIS 7.5 (Final Chapter)

clock September 16, 2013 07:13 by author Ronny

After we read the post about Istalling IIS Services, continue with Using New IIS Services, and previous post about Hosting Applications, now time for final chapter post titled Managing IIS 7.5. The biggest improvement in IIS 7 .5 is in the area of management.  Windows Server 2008 R2 includes a number of IIS configuration tools that were previously available only as separate downloads, and Microsoft has enhanced many of the existing tools.

Automating IIS administration with Windows powerShell
As in many other areas of the Windows Server 2008 R2 operating system, Microsoft is emphasizing Windows PowerShell as an important tool for managing IIS 7.5. The IIS PowerShell snapin provides dozens of new cmdlets and enables administrators to manage IIS properties in several different ways.

Selecting Windows PowerShell Modules from the Administrative Tools program group loads the system modules included with Windows Server 2008 R2, including the WebAdministration module that provides the IIS functionality. You can also import the module manually from any Windows PowerShell prompt by using the following command:
Import-Module   WebAdministration

Once you have access to the IIS Windows PowerShell snap-in, you can display all of the cmdlets it contains by using the following command:
Get-Command  –pssnapin WebAdministration

The snap-in uses three different types of cmdlets, as follows:

  • PowerShell provider cmdlets
  • Low-level configuration cmdlets
  • Task-oriented cmdlets

These cmdlet types correspond to three different methods of managing IIS from the Windows PowerShell prompt, as described in the following sections

Using the IIS powerShell provider
The IIS PowerShell provider creates a hierarchical IIS namespace that administrators can navigate just like a file system directory structure. When you type iis: and press Enter at a Windows PowerShell prompt (with the WebAdministration module imported), the prompt changes to PS IIS:> and typing the dir command displays not the file system, but the top level of the IIS namespace, as follows:

Name
----
AppPools Sites SslBindings

After changing to the Sites directory with the cd  Sites command, the dir command displays a list of the IIS sites on the server, as follows:

Name

ID

State

Physical  Path

Bindings

----

--

-----

-------------

--------

Default Web

Site 1

Started

%SystemDrive%\inetpub\wwwroot

http *:80:

The Get-Item cmdlet enables you to display selected sites in the same format. By piping the results of the Get-Item cmdlet to the Select-Object cmdlet, you can display all of the properties of a selected site,

Generic cmdlets such as Get-Item and Select-Object are part of the standard Windows PowerShell interface. Any module that includes a provider hierarchy must support them. Once within the IIS hierarchy, you can use low-level configuration cmdlets to manage specific IIS elements without having to type extended path names.

Using Low-Level Configuration Cmdlets
IIS 7.0, first released as part of Windows Server 2008, represents a complete revision of the IIS architecture, and extensibility was a major priority of that revision. This new architecture, carried over into the IIS 7.5 release in Windows Server 2008 R2, is schema driven and uses XML-based configuration files, which are two major contributing factors to its complete extensibility. This extensibility complicates the process of developing a Windows PowerShell management strategy, however.  Cmdlets might have static parameters that enable them to manage specific properties of an element, but if a third-party developer creates an IIS extension that adds new properties to that element, the existing cmdlets cannot manage them.

Therefore, the IIS Windows PowerShell snap-in includes low-level configuration cmdlets that you can use to view and manage all of the hundreds of IIS configuration settings, including custom settings added by IIS extensions. One set of these low-level cmdlets, concerned with IIS configuration elements, is as follows:

  • Add-WebConfiguration, Adds a collection element to an existing IIS configuration collection
  • Backup-WebConfiguration, Creates a backup of an IIS configuration
  • Clear-WebConfiguration, Removes configuration settings from the specified loca- tion
  • Get-WebConfiguration, Gets an IIS configuration element at a specified location
  • Restore-WebConfiguration, Restores IIS configuration elements from a previously executed backup
  • Select-WebConfiguration, Returns Web configuration objects
  • Set-WebConfiguration, Sets an IIS configuration element to a specified value

Using task-Oriented Cmdlets
In addition to the low-level configuration cmdlets, the IIS Windows PowerShell snapin includes a large collection of cmdlets designed to simplify common IIS maintenance tasks, such as creating, removing, starting, and stopping specific IIS elements. One set of task- oriented cmdlets, concerned with managing IIS sites, is as follows:

  • Get-Website
  • New-Website
  • Remove-Website
  • Start-Website
  • Stop-Website

Unlike the low-level cmdlets, the task-oriented cmdlets do not rely on the IIS namespace (although they can utilize it), and they use static parameters to configure specific properties . For example, to create a new Web site, you might use a command like the following:
New-Website  –Name Intranet –Port 80 –HostHeader intra.example.local –PhysicalPath "$env:systemdrive\inetpub\intranet" -Ssl

This command creates a new site with the name Intranet, using the default port number value 80, and using the host header value intra.example.local to differentiate this site from other sites that use the same address and port number.  The Web site will use content files located in the \inetpub\intranet folder on the computer’s system drive, and it will allow users to connect with SSL encryption by using the HTTPS: prefix in their URLs.

Once you have created the site, you can even use the Windows PowerShell interface to create new content .  After switching to the site directory in the IIS hierarchy with the command cd\sites\Intranet, you can use the following command to open a Notepad window containing a new Index .html file:
notepad "$(Get–WebFilePath .)\index.html"

Using IIS administration pack extensions
The IIS Administration Pack is a downloadable collection of extensions for IIS 7.0.  In Windows Server 2008 R2, most of the contents of the Administration Pack are included in the IIS 7.5 implementation.  For example, the ASP .NET and FastCGI configuration capabilities described earlier in this chapter were originally part of the Administration Pack, and are now incorporated into the default user interface of the Internet Information Services (IIS) Manager console in Windows Server 2008 R2. Also accessible through the console are the features described in the following sections .

Using Configuration editor
Configuration Editor is a graphical tool that enables administrators to view and manage any setting in any of the IIS configuration files. Because the tool is based on the IIS configuration schema, it can even manage custom settings without any interface modifications. In addition, once you have performed your modifications, the Configuration Editor can generate a script that duplicates those modifications for execution on other servers.

For example, you can use Configuration Editor to create a new IIS site, setting the same parameters as the New-Website Windows PowerShell cmdlet if desired. To do this, you open the Configuration Editor in the Internet Information Services (IIS) Manager console at the server level and, in the Section drop-down list, select system .applicationHost/sites.

When you open the Collection Editor window, you see the server’s existing Web sites and an interface for creating a new one, you can configure a multitude of settings for the new site, after which it appears as part of the collection

Finally, back on the Configuration Editor page, clicking Generate Script in the Actions pane displays script code that will create a new site identical to the one you just added, using managed code (C#), JavaScript, or the Appcmd .exe program at the command prompt, from this window, you can copy the code to a text file to save for later use.

Using request Filtering
The Request Filtering module integrates the capabilities of a separate product called Microsoft Urlscan Filter 3 .1 into the default Internet Information Services (IIS) Manager console in Windows Server 2008 R2. Request Filtering is essentially a graphical interface that inserts code into Web .config files that limits the type of HTTP requests a particular IIS server or site will process. Requests that the filtering mechanism rejects are logged with error codes that indicate the reason for the rejection.

The Request Filtering page, contains seven tabs that enable you to create the following types of filters:

  • File Name Extensions, Filters incoming HTTP requests based on the extension of the file requested .  For example, to prevent IIS from serving any Active Server Pages files, you would add a Deny File Name Extension entry, using the extension .asp.
  • Rules, Filters incoming HTTP requests based on rules that specify text strings that cannot appear in the URL, a query string, or the HTTP header of a request for a par- ticular file extension.
  • Hidden Segments, Filters incoming HTTP requests based on specific segments of a URL.  For example, this enables you to filter out requests for files in the bin folder with- out rejecting requests for files in the binary folder.
  • URl, Filters incoming HTTP requests based on specified character strings in the requested URL.
  • HTTP Verbs, Filters incoming HTTP requests based on the verb specified in the HTTP message.
  • Headers, Filters incoming HTTP requests based on size limits for particular HTTP header values.
  • Query Strings, Filters incoming HTTP requests based on specific query strings. This capability is particularly useful in preventing SQL injection attacks, in which query strings contain escape characters or other damaging code.



European IIS 7.5 Hosting - Amsterdam :: Hosting Applications with IIS 7.5 (Chapter 3)

clock September 10, 2013 05:50 by author Ronny

After we read the post about Istalling and Using New IIS Services, now we continue with Hosting Applications with IIS 7.5, this is a continuation of my previous post titled Using New IIS Services. The IIS 7 .5 implementation in Windows Server 2008 R2 includes some major enhancements in its application hosting capabilities, as described in the following sections.

Running ASP.Net Applications

One of the most significant improvements in IIS 7.5 is that it now supports ASP .NET applications on computers running the Server Core installation of Windows Server 2008 R2. Server Core is a stripped-down version of the Windows Server operating system that eliminates many roles and features and most of the graphical interface.  One of the features not available in Windows Server 2008 Server Core is Microsoft .NET Framework, and IIS requires this fea- ture to support ASP .NET.  Because ASP .NET is one of the most commonly used development environments for Web applications today, this was a major shortcoming.  However, Windows Server 2008 R2 provides support for .NET Framework 2.0, 3.0, 3.5.1, and 4.0 in Server Core; IIS 7.5 can therefore host ASP .NET applications.

The ASP .NET implementation in IIS 7 .5 also now supports different Common Language Runtime (CLR) versions, enabling administrators to switch versions without modifying the underlying IIS infrastructure.  Microsoft has also incorporated this capability into Windows Server 2008 Service Pack 2. You can specify different CLR settings for individual application pools by creating custom ASPNET .config files. To use these files, you add code specifying their locations to the pool’s applicationHost .config file, as in the following example:

<applicationPools>
<add name=”MyApplicationPool” CLRConfigFile=”c:\InetPub\CLRConfigFile.txt”   />
</applicationPools>

IIS 7.5 also includes a new application auto-start feature in its ASP .NET 4.0 implementation. This feature enables an administrator to configure an application pool to start up automatically, while temporarily not processing HTTP requests.  This allows applications requiring extensive initialization to finish loading the data they need or to complete other processes before they begin accepting HTTP requests.  To use this feature, you must add code like the following to the pool’s applicationHost .config file:

<applicationPools>
<add name=”MyApplicationPool” startMode=”AlwaysRunning”   />
</applicationPools>

FastCGI Support in IIS 7.5

FastCGI is a language-independent extension to the Common Gateway Interface (CGI) that enables Web servers to execute applications more quickly and efficiently.  Unlike CGI, which creates a separate process for each incoming request, FastCGI uses a single process to handle multiple requests. IIS uses FastCGI to support the popular PHP scripting language, which makes it one of the more important features of the product.

IIS 7.5 includes a number of enhancements to its FastCGI support, including the following:

  • FastCgI configuration in IIS Manager - The graphical FastCGI administration interface, previously available only in Administration Pack for IIS 7.0, is now fully integrated into the Internet Information Services (IIS) Manager console, as shown in the following graphic.

  • Real-time tuning - In the Edit FastCGI Application dialog box, the Max Instances property specifies the maximum number of FastCGI processes that IIS can launch for each application pool. This equates to the maximum number of FastCGI requests that IIS can process simultaneously for that application. The default value is 4, but in IIS 7.5, if you change the value to 0, the FastCGI module automatically shifts the number of requests up and down, based on the current system load and the number of queued requests.
  • Configuration file monitoring - In the Edit FastCGI Application dialog box, the Monitor Changes To File property enables you to specify the path to a configuration file, such as Php .ini, for each application. When IIS 7.5 detects a change to the specified file, it recycles the FastCGI processes for that application.
  • New error-handling options - IIS 7.5 now provides a choice of four FastCGI error handling options, which you configure in the Edit FastCGI Application dialog box using the Standard Error Mode property. These options enable you to specify what error information IIS logs and how much of it gets returned to users. You can also configure the property to terminate the FastCGI process when an error occurs.
  • Failed request tracing - In IIS 7.5, the FastCGI module can send the information in a process’ STDERR stream to the Failed Request Tracing (FREB) logs maintained by IIS for debugging purposes (as long as Failed Request Tracing is enabled).

Using Managed Service accounts

IIS 7.5 can use the managed service accounts—now supported by Active Directory Domain Services in Windows Server 2008 R2—as service identities, thus eliminating problems caused by expired application pool passwords. The Application Pool Identity is a concept first introduced in IIS 7 .0 which IIS uses to set permissions for an application pool’s configuration file. You can also use it for anonymous authentication in place of the IUSR account. In IIS 7.5, the Application Pool Identity is a man- aged service account, and IIS now uses it to run the W3wp .exe worker process in place of the Network Service account introduced in Windows Server 2003.



European IIS 7.5 Hosting - Amsterdam :: Using New IIS Services (Chapter 2)

clock September 9, 2013 08:14 by author Ronny

This is a continuation of my previous post titled Installing IIS 7.5, A number of Web services that were previously available as separate downloads are now integrated into IIS in Windows Server 2008 R2, as described in the following sections .

Using IIS WebDaV

Web-based Distributed Authoring and Versioning (WebDAV) is an IIS extension, now implemented as a role service called WebDAV Publishing, which expands the capabilities of the Hypertext Transfer Protocol (HTTP) by making it possible for administrators and users to publish documents on Web sites simply by copying them to a mapped network drive.  After installing the role service, you create an authoring rule that specifies what content you want to be able to publish and which users can publish it, using the interface shown. Then, using a feature called the WebDAV redirector on the client computer, you map a drive to your Web site.  Copying files to that drive automatically publishes them on the Web site.

The WebDAV implementation in Windows Server 2008 R2 is fully integrated into the IIS 7 .5 architecture, and supports the following features:

  • Standard compliance - The WebDAV implementation in IIS 7 .5 is fully compliant with the Request for Comment (RFC) 4918 standard published by the Internet Engineering Task Force (IETF) .
  • Site-level support - Unlike earlier versions, you can now enable WebDAV publishing at the site level, instead of on the entire server .
  • Support for HTTP over SSl - This enables clients to publish documents securely by encrypting transmissions using the Secure Sockets Layer (SSL) protocol .
  • Supports for locks - The WebDAV in IIS 7 .5 supports both shared and exclusive locks to prevent lost updates due to overwrites .
  • Per-URl authoring rules - This enables administrators to specify WebDAV security settings for individual Uniform Resource Locators (URLs) .  This provides the ability to create different sets of security parameters for standard HTTP requests and WebDAV authoring .

Using Ftp Server

File Transfer Protocol (FTP) is one of the early protocols in the Transmission Control Protocol/Internet Protocol (TCP/IP) suite .  It was created at a time when security was not as great a concern as it is now, and as a result, it has no built-in data protection of any kind .  Clients transmit passwords in clear text, and transfer files to and from servers in unencrypted form .  Windows Server 2008 R2, however, has an FTP server implementation that is enhanced with better security measures and other new features .

The FTP Publishing Service role service included in the Windows Server 2008 release is a holdover from Windows Server 2003.  It requires you to install the old IIS 6 .0 version of the management console because it is not compatible with the new IIS 7 .0 architecture.  Soon afterward, however, Microsoft released, as a free download, a new FTP Publishing Service that was compatible with IIS 7.0.  Administrators could create and manage FTP sites using the current Internet Information Services (IIS) Manager console, and the service also included new features, such as the following:

  • FTP over Secure Sockets layer (SSl)  - Enables the FTP server to establish secure connections using password protection and SSL data encryption.
  • Combined FTP and Web hosting - Enables a single IIS site to support both HTTP and FTP connections.
  • Virtual host naming - Enables a single IIS server to host multiple FTP sites using a single IP address and port number, distinguishing between the sites by using host names, just as it can with Web sites.
  • Improved logging and error handling - IIS log files include additional fields for FTP connections, and IIS can generate detailed error messages for clients on the local network.

Now, in Windows Server 2008 R2, Microsoft has fully incorporated that FTP Publishing Service into IIS 7.5, so there is no need for a special download and no need to install an outdated management console.  They have also included an additional role service, FTP Extensibility, which enables developers to use their own managed code to create customized authentication, authorization, logging, and home directory providers.



European IIS 7.5 Hosting - Amsterdam :: Installing IIS 7.5 (Chapter 1)

clock September 5, 2013 13:09 by author Ronny

Windows Server 2008, Microsoft introduced Internet Information Services (IIS) 7 .0, a major architectural update to its Web and application server platform .  Since then, as anticipated, the IIS development team has been working on a variety of enhancements and extensions that build on that new architecture .  Now, in Windows Server 2008 R2, Microsoft introduces IIS 7 .5 .  Although based on the same basic structure as IIS 7 .0, this new version includes numerous new features and refinements .  This chapter lists the new features in IIS 7 .5 and explains how they enhance the capabilities of the Web and ap- plication server platform .

Installing IIS 7.5

The Web Server (IIS) role in Windows Server 2008 R2 is only slightly different in appearance from that in Windows Server 2008.  When you select the role in the Add Roles Wizard, the Add Features Required For Web Server (IIS) dialog box does not appear and prompt you to install the Windows Process Activation Service (WPAS) feature, as it didin Windows Server 2008. That dependency is still there, however. Even when you don’t explicitly install WPAS, IIS 7.5 starts the service as needed.

IIS 7.5 also adds three new role services, as follows:

WebDAV Publishing, Enables users to publish content to IIS Web sites inter-actively and securely. For more information, see the section “Using IIS WebDAV,” later in this chapter.

FTP Server, Enables users to transfer files to and from an IIS server and perform basic file management tasks.

IIS Hostable Web Core, Enables developers to integrate IIS request handling functionality into their own applications .

WebDAV Publishing and FTP Server were both add-on products for IIS 7 .0 that administra- tors had to download and install separately. Now, in Windows Server 2008 R2, they are both fully integrated into the Web Server (IIS) role, and you can install them as part of IIS 7.5.

Using Microsoft Web platform Installer

Although Windows Server 2008 R2 administrators can still install IIS and create Web sites in the traditional manner, using the Server Manager and Internet Information Services (IIS ) Manager consoles, Microsoft now provides another way. The Microsoft Web Platform is an integrated set of servers and tools that enable you to deploy complete Web solutions, includ- ing applications and ancillary servers, with a single procedure. The Microsoft Web Platform Installer is a tool that enables you to select, download, install, and configure the features you want to deploy on your Web server.

The Web Platform Installer file you download is a stub, a tiny file that enables you to select the modules you want to install and then to download them, using the interface shown in Figure 7-1. Unlike the Web Server (IIS) role in Windows Server 2008 R2, the Web Platform Installer enables you to download other servers and applications that are produced by Microsoft and third parties. The installer provides a selection of collaboration, e-commerce, portal, and blog applications, and enforces the dependencies between the various elements. If, for example, you select an application that requires a database, the installer will download and install SQL Server Express 2008, Microsoft’s free SQL database product.

During the installation process, Web Platform Installer prompts you for information needed by your selected applications, such as what subdirectory to install them into, what passwords to use, and so on. When the process is complete, you have a fully functional Web site, complete with IIS and applications and ready to use .

Using the IIS Web Deployment tool

The Web Deployment Tool (formerly called MS Deploy) is an IIS extension that enables administrators to package entire Web sites, Web servers, and applications for deployment on other computers, or just for backup purposes.  Packages include all of a site’s content, includ- ing configuration settings, permissions, databases, and certificates.

When you run the Web Deployment Tool offline, it adds a Manage Packages section to the Actions pane of the Internet Information Services (IIS) Manager console.

Selecting a server, site, or application and clicking Export Application launches a wizard in which you can select the elements that you want to export.  The wizard then creates a package in the form of a Zip file, which contains the original content plus configuration settings in Extensible Markup Language (XML) format

The package file now contains a complete copy of the server, site, or application you selected. You can save the package file to function as a backup or an archive of the site’s current configuration, or copy it to another IIS server running the Web Deployment Tool and import it. The tool also includes a Remote Agent Service, which administrators can use to synchronize Web servers in real time over a network connection. This enables you to replicate sites and servers on a regular basis so that you can create Web farms for load balancing and fault tolerance purposes



About HostForLIFE.eu

HostForLIFE.eu is European Windows Hosting Provider which focuses on Windows Platform only. We deliver on-demand hosting solutions including Shared hosting, Reseller Hosting, Cloud Hosting, Dedicated Servers, and IT as a Service for companies of all sizes.

We have offered the latest Windows 2016 Hosting, ASP.NET Core 2.2.1 Hosting, ASP.NET MVC 6 Hosting and SQL 2017 Hosting.


Tag cloud

Sign in