Authentication in clustered web application without sticky session
I have built JSP/Servlet/Struts application in the past on a cluster of app servers. Each app server has its own JVM running the Servlel Container. All of the HTTP requests come into a hardware load balancer, which directs the requests to one of the app servers in the cluster.
I have wanted to use the Java HttpSession management without any kind of distributed session provided by the app server. We have used "sticky" sessions. The application writes a cookie to the client on the first request. The load balancer looks for that cookie on subsequent requests and directs the request to the server that originally wrote the cookie. This ensures that all requests within the same session are handled by the same application server. This also means that if I do request.getSession().setAttribute("authenticated",true) on one request, when I do request.getSession().getAttribute(authenticated) on subsequent requests in the same session, I can be sure the value will not be null. This allows me to create a filter that checks for that session attribute on each request, and if it is false or null, redirect the request to some sort of login page. Otherwise I can be sure the user has logged in.
I want to build a stateless/non-session based application that can still handle authentication. What I mean by that is that I don't want the load balancer to have to send requests for the same session all to the same server. I would like the load balancer to send each request where ever it wants. That means the simple authentication example I explained in the last paragraph would not work. The user could login on server A, but then on a subsequent request during the same "session", the user's request could be handled by server B. In that case, the session attribute would be null, and the app would think that the user has not logged in.
My application can require that users have cookies enabled, so therefore I can assume the user is accepting cookies (I would have something to check that and redirect the user to an error page saying "turn cookies on" if cookies weren't on). I think one thing that I could do is use encrpytion with a key that is shared between all the servers in the cluster. For example, user logins in on server A, server A writes a cookie with the contents "username,1109272102009". The first part being the username that the user successfully authenticated as and the second part being a timestamp for when the cookie was created. The contents of the actual cookie would be encrypted and I would send the ciphertext as the value of the cookie. When server B gets the cookie, it can decrypt the ciphertext (using the same key as was used to encrypt the data on server A), and check that the username is valid and that the timestamp does not exceed some timeout. The timestamp in the cookie would then have to be updated for the next request.
So my question is (thanks for sticking with me and reading this really long post), has anyone done anything like this before? Is what I have described totally ridiculous or insecure? Are there any books or articles that describe a pattern similar to this that has been know to work well?
I have worked on a web site that did exactly that.
The cookie contained a little bit more information - there was a small amount of user data that were needed on heavily accessed pages.
You'll have a problem if your web application uses attributes. We solved this by keeping most stuff in hidden inputs (backed up by hidden input cryptographic checksums in places where forgery was a concern.) HttpSession attributes have some problems and gotchas.
A few possible fine tunings:
Add a random number to the cookie. Should make known plaintext attacks harder.
Add some extra stuff to the cookie, so that any random hex string that happens to decode to "xZoiyqw,15" isn't accepted. It's easy to try a million cookies until you get "<something>,<integer>" but getting "<something>,<integer>,HelloHowAreYou" is a lot harder.
Be paranoid in checking the format of the cookie. If you add a random number, check that it is all digits etc. Belt and suspenders: also check that the time stamp isn't in the future (allow e.g. 15 seconds future time, in case different servers' clocks are a bit off.)
Don't update the cookie at every hit, only if the time stamp is older than a couple of minutes. Saves encryption CPU power.
After encrypting, prepend a short version number to the cookie. E.g. if the hex cookie is ABCDEF, make it 1ABCDEF. If you later e.g. change the encryption algorithm, change version to 2 and you can easily skip any obviously non-decipherable cookies. A second version number within the cookie might or might not be useful.
Even though you can make random load balancing, consider not doing that. E.g. a server might pull the user's name from the database into memory cache. You get less database traffic and smaller caches if the user still goes to the same server. If a server goes down, only then switch him elsewhere. Downside though: if one server is "half alive" (doesn't respond to requests but alive enough so the load balancer doesn't notice the malfunction), all users bound to that server see a 100% failure.
Benchmark cookie decryption time when selecting the crypto algorithm. How many hits per second you can get and how many you need.
Guard your crypto keys like the crown jewels. Change them periodically and whenever someone in your company (especially IT department) gets the pink slip.
Similar Messages
-
How to execute web applications without deploying them?
How can I execute web applications without deploying them (without mentioning them in the server.xml)?
I have an IWS 6.1 SP1 installed with default parameters (JES). I would like that a posix user could execute his own web application without administrator collaboration.
Does it exist some sort of "autodeploy" like in tomcat?
(I know about the invoker mapping in default-web.xml, just I don't realy understand what does it eventuate. I tried to unzip webapps-simple.war in the directory $IWS_SERVER_HOME/webapps/$instance_name/servlet/tmp/
but the http://a.a.tg/servlet/tmp request failed:
javax.servlet.ServletException: WEB2784: Wrapper cannot find servlet class tmp or a class it depends on
----- Root Cause -----
java.lang.ClassNotFoundException: tmp
How can I solve this? Users should have write permission to the directories in the classpath to put their servlet.class files into? Bad idea...
(I tried to "execute" the $IWS_SERVER_HOME/plugins/java/samples/webapps/simple/webapps-simple.war)
(Sorry for my language skills)Do as many of the rest of us do, until this behavior is changed (if ever). Eport your WEb gallery to your Hd and use an FTP client, there are so many, including Drreamweaver's, and Shareware ones, and upload just the relevant files/folders. Some can even check and do this for you.
Don
Don Ricklin, MacBook 1.83Ghz Duo 2 Core running 10.4.10 & Win XP, Pentax *ist D
http://donricklin.blogspot.com/ -
Authentication Across Multiple Web Applications (Revisited)
Its been an ongoing battle, but I've made some insight into this situation. The problem stands as it seems impossible to authenticate against one web application deployed as a WAR archive and have that authentication carry across to another web application with the same security constraints. I've been told by BEA that, quote:
"It seems to me that we are violating section 11.6 of the servlet 2.2 spec which talks about webapps"
I've also been told that this is fixed in WLS 6.0, reference issue #38732.
For those of us building production environments using 5.1 instead of 6.0 XML based configuration, this does NOT solve our problem.
I've dug further into the bowels of 5.1 and found that if you manually set the realm name in the login-config of the security constraint in the web.xml file in each WAR deployment as such:
<login-config>
<auth-method> [whichever method] </auth-method>
<realm-name>WebLogic Server</realm-name>
</login-config>
Authentication will carry across web applications. However, I've noted that the session management then becomes unpredictable. For example:
I log into the application TESTAPP1 which contains a protected servlet that outputs the session ID and attempts to get the authenticated principal name from the "_wl_authuser_" session variable. Upon first load of the page (after the login dialog box), the session is null [can be fixed with .getSession(true) call instead] and the "_wl_authuser_" object does not exist. Reload the page and the session appears as well as the "_wl_authuser_" object. Strange.
I then move to TESTAPP2, which does not prompt me for authentication but also is missing the session in the same manner. Upon browser reload, the session is created with a different ID and the "_wl_authuser_" object is now available with the appropriate principal name.
Upon moving back to TESTAPP1, I am not prompted for authentication however, I am assigned yet another session ID after browser reload, different from the first.
So it seems that although authentication is carried across web applications, the session IDs as you move from TESTAPP1 to TESTAPP2 change, and then change again but not back to the original when going back to TESTAPP1.
This is a particular problem since we are using Vignette's V5 as our main client and tracking sessions through V5 - this would quickly become unmanageable if a single page view access three or four different application components with three or four different session ids.
I'm wondering if we can expect the same behavior from WLS 6.0?
Ideally, I'd like to see WebLogic use a single session ID to track users across multiple web applications but still have session independence between applications. So if I store something in session in TESTAPP1, its not available in TESTAPP2. Does this outline the behaviour in WLS 6.0? Can anyone verify this?
Some food for thought. Thanks!
./Chris
Senior Systems Anaylst
MassMutual Financial Group
Hello! I am searching an answer to this question too!!!
Did you get some news regarding this item?
Regards,
C.M. -
Hi,
I am currently trying to migrate our SharePoint 2010 environment to SharePoint 2013. The first thing I'm doing is creating a 2013 development environment to verify that this migration goes smoothly. I'm also doing this so that we will have a testing environment
after the upgrade to 2013 is complete.
So here is my question: I have a 3 tier farm including; 1 app server, 1 wfe, and 1 sql server. I have made a copy of our SharePoint 2010 database and installed that on our sql server 2012 sever (This new environment is on 3 completely separate servers from
our 2010 environment). I have also installed the prereqs and configured SharePoint 2013 on the App server and wfe servers, as well as configuring the necessary service applications (I have created a completely new 2013 database where I will migrate my 2010
database content when I'm ready).
I am now at the point where I need to create a new web application on the 2013 app server, where I will be migrating the copied 2010 database. (Also note that we have a 2010 development site called https://[email protected])
When I go to create a new web application in our 2013 dev environment, can I use the same url (https://[email protected]) to create this web app, or will this screw up our current 2010 dev environment?
I'm new to SharePoint migrations, so I apologize if this is a stupid question.
Thanks in advance for any insight you can share on this!
Boe BarlageSo, what you are recommending is that before I create a web application in my new 2013 environment, I need go into my hosts file on my 2013 app server and alter it to point to my 2013 wfe.
Then after I do that, then I can create my new web application on my 2013 app server with the same url as my 2010 testing environment
(https://[email protected]).
Then after that I should be able to access my new sharepoint 2013 environment at the same URL (https://[email protected])?
I must be missing something.
In your first reply, you told me to alter the host file on my 2010 app server and point it to my 2010
wfe (I guess I thought it probably already is). You also told me to alter the host file on my 2013 app server and point it to my 2013 wfe.
so I am confused on after I do this, what url would I access my 2010 test environment, and what url would
I access my 2013 test environment?
I am fine with having my test environment as a different URL until I am totally ready to roll everything over and kill the 2010 site. But I want to make sure that when I migrate my database, none of the site links are broken.
I also want to make sure that if I proceed this way, I want to be sure that I will be able to modify the URL to what my 2010 environment is (without a lot of headaches) when I am ready to kill the 2010 site.
Thanks again for your help, it's much appreciated!
Boe Barlage -
How to call Xcelsius in Java Web application without OpenDoc
Hi,
We require to call Xcelsius Dashboard from a Java Web application. We cann't use OpenDoc function as result of some client preferences/restrictions
Please let me know, what would be the other method to call the Xcelsius Dashboard from a Web application.
Regards,
SachinXcelsius docs are in swf format. You could probably just host them without security and view with flash.
-
Please help me to undeploy web applications without starting weblogic.
My colleague deployed his web application to my weblogic domain. However, the domain cannot be started after deployment. How to undeploy that application without starting the weblogic?
I use weblogic 10.3.3. His application uses servlet and jsp and tests that application in weblogic 10.3.2Delete the application from the deploy directory. The domains/base_domain/autodeploy is the directory for auto deployed applications, which get deployed when server is started. Or, the domain's InstallDir directory.
Edited by: dvohra16 on Jan 22, 2011 4:43 PM -
May 2 web applications share user session info ?
I have 2 web application (app1.war and app2.war).
app1 set user session info.
I wish app2 to read that user session info.
Is this possible ?
Thank you.As far as I understood, SSO needs an Infrastructure or (OID) installed. If the original idea of LDAP is to help the enterrprise centralized their User information, makes management of the commonly used information easier. Why Oracle requires its own OID to do SSO?
Now, say, in an environment, if an organization has already had an LDAP server (such as MS AD, or Sun's iPlanet AD) in place, why should they install the Oracle's Internet Directory?
This is big headache for management just trying to configure and keep different LDAP servers synchronized.
Sharing user session info is a very common requirement for integrating. Is there a simple way (other than SSO) to achieve this? Will Servlet Filter be able to handle this?
Thanks. -
Access Denied Web Application with Claims authentication NTLM only when using secondary URL
I have a SharePoint 2010 server farm with 2 web front ends, an application server and a database server. Both front ends are internal to
our network and are not behind a load balancer.
NOTE THAT I HAD TO SUBSTITUTE hzzp with hzzp so that I had no links in the body of this post since I am not verified
I setup a new web application called "SharePoint 41171" with:
Public URL:
hzzp://testserver1:41171
Claims authentication
NTLM only: no forms auth
No SSL
New web site "SharePoint 41171"
New app pool
New content database
I create a top level site collection and name mydomain\myusername as the primary site collection admin
I am able to access this site as expected at
hzzp://testserver1:41171 with the aforementioned site collection owner id: mydomain\myusername
I add an alternate access mapping for a secondary URL for this web application in the Intranet zone:
hzzp://iwatest.mydomain.com
So my AAMs for the site read as:
hzzp://testserver1:41171
Default hzzp://testserver1:41171
hzzp://iwatest.mydomain.com
Intranet hzzp://iwatest.mydomain.com
When I attempt to log on to
hzzp://iwatest.mydomain.com with the same user name and password, I get "access denied".
I can access this site using
hzzp://iwatest.mydomain.com if I log in as the farm account. This is the only account that seems to work.
Side Note: If I create a separate web application without claims - just NTLM and create the same AAMs, I can login fine with the same secondary
URL and the same user name
IP address properly maps to this machine.
I reviewed the ULS logs and find the following:
10/30/2012 16:20:23.45 w3wp.exe (0x0E78)
0x1724 SharePoint Foundation Monitoring
nasq Medium Entering
monitored scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom))
10/30/2012 16:20:23.45 w3wp.exe (0x0E78)
0x1724 SharePoint Foundation Logging Correlation Data
xmnv Medium Name=Request (GET:hzzp://iwatest. mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45 w3wp.exe (0x0E78)
0x1724 SharePoint Foundation Logging Correlation Data
xmnv Medium Site=/ 8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45 w3wp.exe (0x0E78)
0x1724 SharePoint Foundation General
8e2s Medium
Unknown SPRequest error occurred. More information: 0x80070005 8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
10/30/2012 16:20:23.45 w3wp.exe (0x0E78)
0x1724 SharePoint Foundation Monitoring
b4ly Medium Leaving
Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/AccessDenied.aspx?Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)). Execution Time=8.66003919492561 8f313b5e-8476-4dd4-9abe-0cb6dbe024b6
Basically it tells me that access is denied. I didnt see anything that stood out here.
I found this article:
hzzp://social.technet.microsoft.com/Forums/en-US/sharepointadminprevious/thread/ded9188b-ee03-4ef0-bb50-3ad138110e0c, which pointed me in the direction of ensuring that the portal
super user and portal reader accounts were properly added to my web application. I followed the every popular article on doing this:
hzzp://technet.microsoft.com/en-us/library/ff758656.aspx, but still no luck. As per the thread, I added the 2 domain accounts to the user policy with appropriate privilege
and then set them as the super user and super reader accounts via powershell, and yes I did prefix those names with "i:0#.w|mydomain\". To be exta sure, I repeated this for all web applications on this server with slightly different powershell steps
depending on wether or not claims was enabled on the web application.
The Claims to Windows Token Service is running.
I saw some mention of ensuring that the secure token service is running with a proper application pool account, but we are not running that service
and I cant imagine what that would have to do with my situation.
I have deleted and readded the web application and repeated these steps to no better effect.
I gave the mydomain\myusername full control for the web application through the user policy, ensured that it was indeed the primary site collection
owner and added it to the default site owners group. None of this helped.
I changed the application pool account to the farm account. No change in behavior.
Rebooted IIS and the machines many times along the way.
Further, when I attempt to sign in as a different user after being denied, I get "an unexpected error has occured message. I found the following
in ULS:
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation Logging Correlation Data
xmnv Medium Name=Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)
cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.71 w3wp.exe (0x182C)
0x1210 SharePoint Foundation Logging Correlation Data
xmnv Medium Site=/ cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation General
8e2s Medium Unknown SPRequest error occurred.
More information: 0x80070005 cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.72 w3wp.exe (0x182C)
0x1210 SharePoint Foundation Runtime
tkau Unexpected System.NullReferenceException: Object reference not set to an instance
of an object. at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.LogInAsAnotherUser() at Microsoft.SharePoint.ApplicationPages.AccessDeniedPage.OnLoad(EventArgs e) at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
10/30/2012 11:19:03.74 w3wp.exe (0x182C)
0x1210 SharePoint Foundation Monitoring
b4ly Medium Leaving Monitored Scope (Request (GET:hzzp://iwatest.mydomain.com:80/_layouts/accessdenied.aspx?loginasanotheruser=true&Source=hzzp%3A%2F%2Fiwatest%2Emydomain%2Ecom)).
Execution Time=22.5439266722447 cc409ec2-4889-42fa-aa7d-9cc4535e4f0e
By the way, this occurs for the farm account also after a successful login and an attempt to sign in as a different user.
Any help would be greatly appreciatedThanks spadminspadmin:
I have, though I am not sure that what I've added there is correct:
The URL that I am trying to use to access the web application's IIS site is hxxp://iwatest.mydomain.com. I added a binding to the IIS site as follows:
Type Host name port IP address
http iwatest.mydomain.com 41171 *
Is that correct? -
Session time out in a web application
Hi,
I am making a struts based web application. For session time out validation I have made an entry in the web.xml file as <session-config>
<session-timeout>1</session-timeout>
</session-config>
In case the user's session time out occurs then he should be directed back to the log in page.
Can any one tell me how to proceed in this case and what are the best practices.
thanksHi
I've tested it with OC4J and it works both ways.
I do think that you must have the
<session-config> tag present though for the setMax... method to
work, observe that this method is for seconds and not millisecond
regards
//Mike
Hi all,
I try to manage by my application the http session time-out.
Change it in a web.xml works fine , but if in my servlet i try
to change it using setMaxInactiveInterval(MILLISECOND) the result
is that the session became invalidate after few seconds instead
50 minutes ad example ....
Answer ????
thks
Carlo Mossa -
How to include xml file without embedding in flex web application?
Hi
I have a big XML file around 11 mb. I want to include this xml in my web application without embedding.
So anyone have idea to include.
Please suggest me any idea.
ThanksIf you don't want to embed the XML file into a SWF, then the SWF can download the XML file from the server at runtime when it needs it. But there will be a delay while that happens. Maybe it would be better to put the data in the XML file into a database and then access only the parts of it that you need.
Gordon Smith
Adobe Flex SDK Team -
Hello Community
In WS2012 and SharePoint 2013 Server is it possible when creating a
web application to enable both Windows Based Authentication/Negotiate
(Kerberos) and enable Forms Based Authentication or does the web application
use either one or the other?
Thank you
ShabeautYes , you can use dual authentication on same web application. You can use same web application , at OOB login page you will have option to use windows or form login.
Or you can extend your web application to a new web app and configure extended web application to use Form Based Authentication(Note extended web application will also show same content database , so the content will same only url will be different)
http://blogs.technet.com/b/ptsblog/archive/2013/09/20/configuring-sharepoint-2013-forms-based-authentication-with-sqlmembershipprovider.aspx
http://gj80blogtech.blogspot.in/2013/11/forms-based-authentication-fba-in.html
Thanks
Ganesh Jat [My Blog |
LinkedIn | Twitter ]
Please click 'Mark As Answer' if a post solves your problem or 'Vote As Helpful' if it was useful. -
Web application and site collection not accessibe
I have created a web application and a site collection. But when I tried to access the site by browser on the server the page cannot be displayed or the server cannot be found. What should I configure? Please say by detailed steps.
I created a host header extranet.xxx.xx and alternate access mapping is ok. But still I'm not able to access the site by http://server name:port no. It gives The web page cannot be found or this web page can't be displayed.
Now when I try with Firefox with http://server name:port no, it gives
"Bad request - Invalid hostname
HTTP Error 400. The hostname is invalid."
More: if I go to Alternate Access Mappings > Add Internal URL:s > Save is grayed out.
You have two options,
Option 1 : Accessing the web application without any host header name and with the port no you have created. (ex: (http://server1:5500 )
Option 2. Accessing it with the host header name (ex:http://mywebapp.contoso.com) you have created for which you need to create a DNS and set an AAM accordingly in the corresponding zone.
For the option no 1. you need to have a host header in IIS which would be created by default while you create a web application and it should be like this unless you did nit change it. http (Type)---blank host name--All Unassigned in the IP section---and
the port no in which you have created.
PS : If you have one more IP address in the server, its good to set the same IP address which is set for server for the name resolution to happen properly.
If you have n't specified the hostheader while creating the web application, then you need to add it manually with the existing one which is there for option no 1. It should be added as below. http---Mywebapp.contoso.com--IP address in which you have created
the DNS and Port 80.
If AAM save is grayed out, check it from some other browser. Also Hostname invalid clearly implies that there is some problem with the name resolution. Check whether you could ping the webapplication from the server where you are trying to access it.
Veeramani.S -
Hi all,
I have a 2013 farm set up with the App model
1 web application for path based site collection using host name
1 web application with SSL (no host name)
1 web application for mysite
My business request is that I need to migrate SSL enabled 2007 content to this farm and use host name site collections. I tried to create one more web application for this without any luck (the 443 IIS folder is already used by another web application).
I thought I bind the previous 443 web application with another IP address should be fine. Seems like the IIS site is taken (https://server name:443) so it will not let me create one more. How can I solve this problem so I can create the web application
to host those host name site collections? Any suggestion is greatly appreciated.
Thanks in advance.
SallyHi Trevor,
Thanks again for your quick reply. I try the option 2 right after your post. I use my front end server name for public URL (https://WFEName:443) and it fails again. The error message is:
The directory C:\inetpub\wwwroot\wss\VirtualDirectories\443 is already being used by another IIS Web Site. Choose a different root directory for your new Web application.
After reading more, I saw mix Hosted Name Site collection and Path-based site collection aren't recommended. Unfortunately I already have Path-based site collection created with App model web application
(the web application without host name) in my farm. In my Option 2, that web application without host name is used for App routing. This takes the root folder 443 which will not allow any other web application to use the same name again.
Does that mean we can't create Host Named Site collection in the same farm? Is there any configuration I need to check?
Thanks again.
Sally -
Open a SAPGUI transaction from a Java web application
Hi all,
We are in the process of developing a Java based web application with SAP J2EE engine - but not SAP Enterprise Portal. One of the requirements we have is from one of the web screens there needs to be a button which launches SAPGUI and take the user to a particular transaction in SAPGUI. The user is going to have SAPGUI installed on their desktop.
We were planning to user SAP Shortcut technique for launching the SAPGUI but the issue with that is the user has to logon each time ( even thought it is possible to have the password stored - even then there will be other messages that the user has to pass through before reaching the final transaction ). The users are going to have a number of items in the screen and they need to go through this for every item.
I was wondering if there is anyway this can done so that the user does not have to go through all these steps ( BTW, the user is already authenticated on the web application and so functionally done not have to be authenticated again).
ANy suggestions will be highly appreciated.
Regards
RaviHello Gregor,
SAPGui is inatalled on each user box, we can launch the SAPGui thick client from an iview (to run on a seperate window).
How can I pass (R/3 logon) parameters to the SAPGui command line?
Thank you
AAAttar
eg:
would a batch file with saplogon then sapgui work?
DOS command prompt [CMD]
>saplogon.exe -user=... -password=... -system=QAS123 -client=001 -tcode=session_mananger
>SAPGui.exe... -
Extending Web Application - File Not Found
A quick search with no results and a ton of frustration are leading me here...I am attempting to use the very basic "Extend" functionality for a Web Application. We are trying to at the least add SSL/443 to SharePoint, if not convert entirely to
443.
I have tried simply extending the Web Application, or deleting the IIS Site (from Manage Web Applications -> Delete -> Remove SharePoint from IIS Web Site) and then extending the Web Application. Both are failing with the same error "File not
found." A review of the ULS logs shows that the site is failing to find the web.config for the brand new IIS site it should be creating...which I guess makes sense, but shouldn't it be creating this file?
I am tempted to mess around with the newly created site in IIS to make it work, but we are doing this in Dev as a proof of concept to do this in production. Needless to say, this needs to become much more reproducible before we'd even consider doing it in
production.
Some things I've tried:
Extending a Web Application with an existing site
Extending a Web Application without an existing site
Creating a new Web Application and extending existing port 80 site
Creating a new Web Application and extending after deleting existing port 80 site
I haven't tried creating a site 443 out of the gate mainly because I am afraid this functionality failing could be an indication of something wrong with the farm and want to fix this correctly, rather than deleting a Web Application and creating it 443 from
the get-go. Also, this method would obviously involve downtime.
System.IO.FileNotFoundException: Could not find file 'C:\inetpub\wwwroot\wss\VirtualDirectories\ConstructionProjectsDev.agoc.com443\web.config'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Microsoft.SharePoint.Administration.SPAspConfigurationFile.ApplyZoneSettingsToWebConfig(Uri responseUri, SPIisSettings settings)
at Microsoft.SharePoint.Administration.SPWebApplication.Provision()
at Microsoft.SharePoint.ApplicationPages.ExtendWebFarmPage.BtnSubmit_Click(Object sender, EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Thanks,
Chris P.A quick search with no results and a ton of frustration are leading me here...I am attempting to use the very basic "Extend" functionality for a Web Application. We are trying to at the least add SSL/443 to SharePoint, if not convert entirely to
443.
I have tried simply extending the Web Application, or deleting the IIS Site (from Manage Web Applications -> Delete -> Remove SharePoint from IIS Web Site) and then extending the Web Application. Both are failing with the same error "File not
found." A review of the ULS logs shows that the site is failing to find the web.config for the brand new IIS site it should be creating...which I guess makes sense, but shouldn't it be creating this file?
I am tempted to mess around with the newly created site in IIS to make it work, but we are doing this in Dev as a proof of concept to do this in production. Needless to say, this needs to become much more reproducible before we'd even consider doing it in
production.
Some things I've tried:
Extending a Web Application with an existing site
Extending a Web Application without an existing site
Creating a new Web Application and extending existing port 80 site
Creating a new Web Application and extending after deleting existing port 80 site
I haven't tried creating a site 443 out of the gate mainly because I am afraid this functionality failing could be an indication of something wrong with the farm and want to fix this correctly, rather than deleting a Web Application and creating it 443 from
the get-go. Also, this method would obviously involve downtime.
System.IO.FileNotFoundException: Could not find file 'C:\inetpub\wwwroot\wss\VirtualDirectories\ConstructionProjectsDev.agoc.com443\web.config'.
at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
at System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy, Boolean useLongPath, Boolean checkHost)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String msgPath, Boolean bFromProxy)
at System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize)
at System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri, String role, Type ofObjectToReturn)
at System.Xml.XmlTextReaderImpl.OpenUrlDelegate(Object xmlResolver)
at System.Threading.CompressedStack.runTryCode(Object userData)
at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
at System.Threading.CompressedStack.Run(CompressedStack compressedStack, ContextCallback callback, Object state)
at System.Xml.XmlTextReaderImpl.OpenUrl()
at System.Xml.XmlTextReaderImpl.Read()
at System.Xml.XmlLoader.Load(XmlDocument doc, XmlReader reader, Boolean preserveWhitespace)
at System.Xml.XmlDocument.Load(XmlReader reader)
at System.Xml.XmlDocument.Load(String filename)
at Microsoft.SharePoint.Administration.SPAspConfigurationFile.ApplyZoneSettingsToWebConfig(Uri responseUri, SPIisSettings settings)
at Microsoft.SharePoint.Administration.SPWebApplication.Provision()
at Microsoft.SharePoint.ApplicationPages.ExtendWebFarmPage.BtnSubmit_Click(Object sender, EventArgs e)
at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument)
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
Thanks,
Chris P.
Maybe you are looking for
-
Some pdf attachments missing in mail 5.2
I fail to receive pdf attachments intermittently using Mail 5.2 running OS X 10.7.3 (Lion). When the attachments do not arrive, I see no paperclip in the attachments column. On a recent occasion, a colleague sent me three consecutive emails, each w
-
Editable regions and flash videos
Okay so im creating a new website and I have already got stuck with something. The problem is rather annoying, I could first easily insert flash videos to my website before I turned it into a template, but I have now turned my pages into a template a
-
How to change a docx file to a pdf file
trying to send an invite that is a .docx file - can't read it when sent out via email. how to change to pdf?
-
Third Party Sales- VPRS updation
Hi all, When i create Order related billng how system will know whether order qty=delivered qty by vendor? if Or is 10qty & Vendor has supplied 7 then? is it updated by MIRO transaction?& how VPRS(Statistical price) ie. price at which vendor has supp
-
IOS-G2, ASR1K how shaper is calculated
Hi together out there, I am doing a little bit troubleshooting with QOS and shaping. It s always a little bit difficult to find out how our Provider is calculating the BW they are offering to us and how we are calculating our shaping target rate. Nor