CA / NDES Virtual Directory Structure Missing in IIS 7 unable to implement SSL for ADMIN sites

We've recently finiallized both an Enterprice 2008 R2 CA and NDES service installtion configuration.  All services are running, to include web enrollment for both.  CA sits on a DC, as required, and the NDES roll sits on a standalone machine. 
All service generated certificates / templates are in place and or issued including SSL certificates for service web front ends.
I'm trying to take the next step in hardening both of the web front ends by requiring SSL web validation and client SSL authentication.
Problem:  When examining the site structures, CA and NDES, within the IIS7 configuration manager the following inconsistancies are present:
     Enterprise CA:
               o  No virtual directory is configured or listed under the Certsrv or Enrollment sub-sites, however as previously stated all servies are up and operational.
    2.        NDES:
               o  IIS7 configuration manager doesn't list any Certsrv sub-site, but once again all services are up and runniing.  I can process SCEP requests via the web. 
                   The following 2 items are listed under the default site on the NDES service machine:  Rpc and RpcWithCert    
                   In past experience I would expect those items to be associated with Exchange, but since NDES is new to me they may be standard.
Not to state the obvious but all Sys32 files and folders  are correct as both services are running properly.  Can anyone tell me if I've missed some critical article on AD CS or IIS7 that tells me why these 2 conditions are present. 
Since the Certsrv sub-site exists on the CA I would assume a normal SSL bind will work, but with critical items missing from within IIS7 (at least from my view) i don't want to compound the problem..  Since there is no Certsrv
structure on the NDES machines I'm not sure what the best way to proceed is.  Any help would be greatly appreicated.
V/R BE

CA / NDES all function properly.  I'm still reseaching proper IIS 7 SSL implementation, when the virtual directory and sub-site structer is either missing or imcomplete when viewed from within the IIS7 manager.
These services where put into production without a thurough configuration check prior to implementation, so I don't have a test environment setup at the moment to just start playing.  I'm thinking this weekend I'm going to have to VSS the current
machines and throw them on the Dev network and see how badly I can break them.
V/R BE

Similar Messages

  • Can't browse to DP IIS site, but can browse the virtual directory. Content distributes, but client can't connect to SMS_DP_SMSPKG$ site to pull content

    Hello everyone.
    I have been having some issues at one of my clients where content will distribute, but cannot be deployed.  This is a new ConfigMgr 2012 SP1 CU1 install, on Server 2012 and SQL Server 2012 SP1.  Single server, single site.  DP and MP are both
    installed on this box.  I'm getting an error 80070002 when deploying a task sequence to install Windows 7, which is failing on the Apply Operating System step.  The SMSTS.LOG file shows that it's getting an error 404 from the http://SERVER/SMS_DP_SMSPKG$/<PKG
    ID> website.  I am also not able to browse this website locally.
    Here is the SMSTS.LOG file I am referring to:
    http://tny.cz/f90082de
    Here is the DISTMGR.LOG file:
    http://tny.cz/01c2734a
    I also would like to note that I have been working with a Microsoft support for the past 4 days and have had no resolution.  Anyone know what I'm missing?
    Thanks!

    Hi,
    I would highly suggest that you avoid making any changes suggested in the forum if you're actively working with Microsoft on this.
    I am no longer working with Microsoft support.  They have had four days to resolve the issue and do not have a resolution.  This is a new site for a client of mine and I could have rebuilt the environment in less time.  I am reaching out to a
    community of ConfigMgr experts as a last resort before rebuilding the environment.

  • MAPI over HTTP not working correctly, Outlook 2013 clients prompting for credentials during profile creation or opening depending on security of virtual directory

    ENVIRONMENT
    -1 Exchange 2013 SP1 CU7 server with all roles that is also a hybrid server with Office 365 tenant, mailboxes are all on premise only LYNC online is being utilized right now.
    -Exchange 2013 public folders
    -Mix of Outlook 2013 SP1 and Outlook 2010 SP3 clients all fully update to day as of Feb 2015
    Outlook anywhere is working perfectly across all clients both internally and externally using autodiscover.  Both Outlook 2013 and 2010 clients can open the program and create a profile automatically via autodiscover and no additional logon prompts
    are seen.
    We set the internal and external mapi virtual directory URLs to a valid URL that also matches the Exchange 2013 SSL certificate.  We set the security to ntlm, negotiate on the mapi virtual directory.  We reset IIS and enabled mapi over http in
    the org config.  We run in to problems here.
    Outlook 2010 clients appear to be working fine.  We can create a new profile and open and close Outlook without any logon prompts and verify that MAPIHTTP and Negotiate are used to connect to Exchange.
    Outlook 2013 clients are having problems.  As soon as we try to create a profile it says your administrator has made a change that requires you to restart outlook and then a windows logon prompt appears. If we authenticate Outlook will open and connect.
      This logon prompt should not occur.    We can confirm that it is connecting via MAPI HTTP and Negotiate.
    If we set the mapi virtual directory to NTLM only then a logon prompt also appears during every open of Outlook 2013.  We can confirm that it is trying to connect with MAPIHTTP via NTLM in the outlook connection test screen.
    I do not understand this behavior by Outlook 2013 which was supposed to be designed with MAPI HTTP in mind.  I would think the same issues would occur with Outlook 2010 but they do not.  I am not sure how to resolve this and I am looking for help.

    I have the same problem. Exchange and Outlook are both up to date. After creating a new profile Outlook prompts for username/password. A lot of users also get this prompt while
    working - the profiles have been "migrated" from Exchange server 2010. <o:p></o:p>
    Niko, as i can see in your screenshot you do not have Mapi over HTTP enabled. Why? You can change settings in the security tab – if you have Mapi over
    HTTP enabled all options are grayed out (please correct me if I
    am wrong):
    This is a very annoying thing – does anybody else have the same problem?
    Any suggestions on this?
    Marc

  • Several paths   with the virtual-directory-mapping    in weblogic.xml

    Hello! I don´t know if this is well posted here. Sorry, and my english is aswful :(.
    I´m trying to put several paths for jsp files in an application, similar to how the extendend document root works in websphere.
    How can I get this on weblogic? With this lines I only managed to get the first but the second url-pattern doesn´t work.
    <weblogic-web-app>
    <virtual-directory-mapping>
    <local-path>/path1/</local-path>
    <url-pattern>*.jsp</url-pattern>
    </virtual-directory-mapping>
    <virtual-directory-mapping>
    <local-path>/path2</local-path>
    <url-pattern>/jsp/*.jsp</url-pattern>
    </virtual-directory-mapping>
    </weblogic-web-app>
    My intention is make that the app could access to jsp´s files in path1 and in path2. Is this possible on weblogic?
    Thanks in advance

    I see. In my case, x == images, so if I reverse my directory
    structure I could still get this to work for me. For instance:
    <virtual-directory-mapping>
    <local-path>C:\webapps\context\y</local-path>
    <url-pattern>/images/*</url-pattern>
    </virtual-directory-mapping>
    /images/z.gif would map to C:\webapps\context\y\images\z.gif.
    I'll have to weigh changing our directory structure vs. keeping the
    servlet we have that rewrites the URL.
    Thanks for your help.
    Scott Steimle.
    Rajesh Mirchandani <[email protected]> wrote in message news:<[email protected]>...
    From the developer
    Virtual directories just replace the doc root. The doc root in your case
    is C:\webapps\context\x\y. The request uri is /images/Z.gif. So the whole
    thing resolves to C:\webapps\context\x\y\images\Z.gif. Which is where the
    image should be located.
    We have cleared up the docs. Sorry for any inconvenience.
    Scott Steimle wrote:
    Hi. I noticed in WebLogic Platform 7.0 there is a entry for
    WEB-INF/weblogic.xml that defines a virtual directory. Example:
    <!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web
    Application 7.0//EN"
    "http://www.bea.com/servers/wls700/dtd/weblogic700-web-jar.dtd">
    <weblogic-web-app>
    <virtual-directory-mapping>
    <local-path>C:\webapps\context\x\y</local-path>
    <url-pattern>/images/*</url-pattern>
    </virtual-directory-mapping>
    </weblogic-web-app>
    In this case I'm assuming that a request of the form
    http:/host:7001/context/images/z.gif would map to the physical file
    C:\webapps\context\x\y\z.gif. However I cannot get this to work. Is
    my assumption about it's use incorrect? Is the syntax of
    <local-path/> or <url-pattern/> wrong? Is there something you have to
    do to get WebLogic to recognize the weblogin.xml file?
    This is urgent. Please help.
    Thanks.
    Scott Steimle
    Software Engineer
    Convera

  • Virtual directory mapping in weblogic platform 7.0

    Hi. I noticed in WebLogic Platform 7.0 there is a entry for
    WEB-INF/weblogic.xml that defines a virtual directory. Example:
    <!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web
    Application 7.0//EN"
    "http://www.bea.com/servers/wls700/dtd/weblogic700-web-jar.dtd">
    <weblogic-web-app>
    <virtual-directory-mapping>
    <local-path>C:\webapps\context\x\y</local-path>
    <url-pattern>/images/*</url-pattern>
    </virtual-directory-mapping>
    </weblogic-web-app>
    In this case I'm assuming that a request of the form
    http:/host:7001/context/images/z.gif would map to the physical file
    C:\webapps\context\x\y\z.gif. However I cannot get this to work. Is
    my assumption about it's use incorrect? Is the syntax of
    <local-path/> or <url-pattern/> wrong? Is there something you have to
    do to get WebLogic to recognize the weblogin.xml file?
    This is urgent. Please help.
    Thanks.
    Scott Steimle
    Software Engineer
    Convera

    I see. In my case, x == images, so if I reverse my directory
    structure I could still get this to work for me. For instance:
    <virtual-directory-mapping>
    <local-path>C:\webapps\context\y</local-path>
    <url-pattern>/images/*</url-pattern>
    </virtual-directory-mapping>
    /images/z.gif would map to C:\webapps\context\y\images\z.gif.
    I'll have to weigh changing our directory structure vs. keeping the
    servlet we have that rewrites the URL.
    Thanks for your help.
    Scott Steimle.
    Rajesh Mirchandani <[email protected]> wrote in message news:<[email protected]>...
    From the developer
    Virtual directories just replace the doc root. The doc root in your case
    is C:\webapps\context\x\y. The request uri is /images/Z.gif. So the whole
    thing resolves to C:\webapps\context\x\y\images\Z.gif. Which is where the
    image should be located.
    We have cleared up the docs. Sorry for any inconvenience.
    Scott Steimle wrote:
    Hi. I noticed in WebLogic Platform 7.0 there is a entry for
    WEB-INF/weblogic.xml that defines a virtual directory. Example:
    <!DOCTYPE weblogic-web-app PUBLIC "-//BEA Systems, Inc.//DTD Web
    Application 7.0//EN"
    "http://www.bea.com/servers/wls700/dtd/weblogic700-web-jar.dtd">
    <weblogic-web-app>
    <virtual-directory-mapping>
    <local-path>C:\webapps\context\x\y</local-path>
    <url-pattern>/images/*</url-pattern>
    </virtual-directory-mapping>
    </weblogic-web-app>
    In this case I'm assuming that a request of the form
    http:/host:7001/context/images/z.gif would map to the physical file
    C:\webapps\context\x\y\z.gif. However I cannot get this to work. Is
    my assumption about it's use incorrect? Is the syntax of
    <local-path/> or <url-pattern/> wrong? Is there something you have to
    do to get WebLogic to recognize the weblogin.xml file?
    This is urgent. Please help.
    Thanks.
    Scott Steimle
    Software Engineer
    Convera

  • Virtual Directory Error in Afaria Installation

    Hello All , I  have installed afaria server and unistalled once . Now  i am trying to install  again then i got  stuck with error Product is already installed in virtual directory 'Afaria' those files will be validated in Afaria 7 Admin Setup . As per my knowledge there is no such vitual directory in IIS server . Because i have created new one . Can you please guide ? Thanks & Regards,   Kunal Varaiya
    Message was edited by: Michael Appleby

    Hi Kunal
    Can you check these three locations for any traces of a previous Afaria Administrator install:
    - The physical directory (default: \Program Files (x86)\AfariaAdminUI
    - In IIS, the presence of an Afaria Admin directory under the Default Web Site
    - In the registry, the key HKEY_LOCAL_MACHINE\SOFTWARE\Afaria\Afaria\AdminUI
    Regards
    Nick

  • Web app directory structure

    Is there some standard directory structure when building J2EE web application that consists for example JSP pages, servlets, EJB components, pictures etc.

    place all your jsps in "jsp" folder under the project folder.
    Create a folder called "WEB-INF" under the project folder which contains all your servlets, and web.xml and taglib.tld files. Your servlets that is .class files should be in a folder "classes" under "WEB-INF".
    The .html files and picture files are under the project folder.
    I hope it will help you some how.
    But, the directory structure depends upon the Framework you are using such as Struts, Spring or Axis.

  • CIFS directory structure

    Hi,
    I’m curious about something we heard from a Cisco tech a while back.  What he said was that the WAAS caches file content but not directory structure.  In order to resolve a request for content the request still goes back to the original file server in order to read the directory entry.  We have seen instances in the past where it seemed like directories with a large number of files consistently performed worse (even for small files).   We had a situation where a single folder was being used to store all of the images from a document management system for an entire year (20,000+ files).  That was completely unusable.  Even after we prepositioned most of the current year, in many cases, access to these files would time out completely and fail.  This did not happen when the processing was all local.  When we broke the folder structure down into months rather than years, the performance of the system was improved 100 times over and we’ve had very few complaints about this system (related to network performance) since we did that. 
    Have either of you seen anything like this?  I admit this was an extreme case of poor folder design on our part. Just wondered if the number of files in the directory seems to have anything to do with poor performance.
    Jan Rockstedt

    Anyone who can answer this?
    Jan

  • Changing directory Structure Problems

    I've created a new Flex Project with a new directory
    structure that I'm unable to import! No error message, anything...I
    would like to be more specific, but I have no clue about what's
    happening...

    There may be additional details you could provide to help us
    understand the situation.
    So you create the project in Flex, move folders around,
    export the project, delete the project from FB (but not from the
    file system), and then try to import and it fails? What happens, at
    what point during the import to show that it fails, and how are you
    importing it?

  • Creating an AVCHD Directory Structure?

    Is it possible to recreate a Directory Structure on an HD on my Mac in order to be able to Log and Transfer AVCHD files?
    The reason I ask is my client has given me his external HD, which has 13 chips of clips.
    Out of those 13 chips, 4 of them have an incorrect Directory Structure so I'm unable to transfer the clips into FCP 7.
    I've tried to create the following structure but it doesn't work;
    PRIVATE/AVCHD/BDMV/STREAM
    This structure leads to the .MTS files.

    Thanks Tom.
    I downloaded it, and about half an hour later my client came and dropped off another hard drive with the correct structure!
    At least I'll have Clipwrap to use in future if need be.

  • Virtual Directory for NDES server missing on IIS

    I installed an NDES server on windows 2008 R2 Enterprise server. I am able to connect to the website via the url
    http://<severname>certsrv/mscep and
    http://<servername>certsrv/mscep_admin. I can successfuly issue certs with the following urls also.
    but if I look in the IIS Managment Console I am unable to view the certsrv directory even if I am logged on as an enterprise admin. Does anyone know how to make those directories appea?
    The only way I have been able to make the Certsrv directory viewable is to also install the WebEnrollment service also.
    I dont need the webenrollment service but I need to enable https on those directories.
    Does anyone know what might be going on?

    You don't need a virtual directory in order to manage NDES. The whole thing installs as an ISAPI application. Manage it through the link
    http://localhost/certsrv/mscep_admin/. If you are having some trouble with NDES, check out
    http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs-en-us.aspx that discusses NDES quite thoroughly.
    As for verifying your installation, check the Application Pools in IIS and the registry settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\

  • MP Related Logs and IIS Virtual directory not created After re_installation of SCCM 2007

    Hi
    We have re-installed the IIS and SCCM secondary site. tried to intsall the MP role and DP role but it has not created any logs or IIS virtual directory in the secondary site server which is in WAN link.
    Trouble shooting:
    - checked the ports 443,445 and 80
    - Disabled symantec
    - exchanged the public key ( still it is in progress in Despooler log)
    - checked the site to site permission and added the accounts.
    please suggest further.

    Yes, I know this is an old post, but I’m trying to clean them up.
    What error(s) are you getting within the logs? Without these details there isn’t much anyone can do to help you.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Parser Error Message: It is an error to use a section registered as allowDefinition='MachineToApplication' beyond application level. This error can be caused by a virtual directory not being configured as an application in IIS.

    I've copied a .NET application from an older 2008 server running IIS 7.0.600.16386 to a newer 2008 R2 server running 7.5.7600.16385.  The .NET framework version is 4.0.30319.  I've setup an application pool and copied the wwwroot directory. 
    I've checked for nested web.config files and I've been reading a lot about converting the site to an application.  The older server running the application is still up and running and the configurations look identical.  If I convert the site to an
    application the icon changes and doesn't look like it does on the old server.  I'm new and still learning the basics of programming and publishing applications.  Can someone point me in the right direction?  I've been on google for a few days
    to no avail.  Thanks.
    Description:
    An error occurred during the processing of a configuration file required to
    service this request. Please review the specific error details below and modify
    your configuration file appropriately.
    Parser Error Message: It
    is an error to use a section registered as
    allowDefinition='MachineToApplication' beyond application level.  This error can
    be caused by a virtual directory not being configured as an application in IIS.
    Line 20:       <add path="Telerik.Web.UI.DialogHandler.aspx" type="Telerik.Web.UI.DialogHandler" verb="*" validate="false" />
    Line 21:     </httpHandlers>
    Line 22:     <authentication mode="Forms">
    Line 23:       <forms cookieless="UseCookies" loginUrl="~/AccessDenied.aspx" protection="All" name="TVHRFORMAUTH" timeout="180" slidingExpiration="true" />
    Line 24:     </authentication>

    Hi,
    I agree with Tim that we can ask for better help in the following IIS forum.
    IIS.NET forum
    http://forums.iis.net/
    Best regards,
    Frank Shen

  • Virtual Directory Browsing in IIS Is what in OSX Server?

    Ok, forgive my ignorance.  I am coming from a better understanding of Microsoft IIS..
    Basically what I am looking for is.. In my Windows Server I would have a Partition Drive with a letter.. lets say e:\  and call the drive docs with data files saved on it.  I would then go into IIS and setup a Virtual Directory of that E drive..  So then I could have people own a browser at  www.website.com/docs and from there it would list all the files allow them me to download what they needed....  Yes, I know there is also a VPN option.. However, this is easier for my case...
    I think in Apache it would show a page and in bold letters "Index Of /" then list all the contents in that drive or folder..
    I have tried looking up what it would be called in Apache.. Yet not yielded much luck..
    Anyone have ideas?

    Yes! You are correct, I actually got it to work about 5 mins ago.. Thank you for the reply..
    I found a manual from Apple "web tech" that says to insert:
    <Directory "/Users/refuser/Sites">    Options Indexes MultiViews    AllowOverride None    Order allow,deny    Allow from all</Directory>
    I inserted this into the /etc/apache2/sites/website.conf file or even the Virtual_Host_Global.conf file
    I changed the directory to the path I have the "Aliases and Redirects"  such as /Volumes/Web
    Works great! 
    HOWEVER....... I have noticed.. that every time I then goto edit something in the Server Admin Console for Apache.. It removes the code out of the .conf files..
    I have tried making .htaccess files in the Drive with no luck or even adding a httpd.conf and no luck..
    It does seem to give Directory indexing when I add it into the location listed above.. yet no where else.. kind of stumped again..
    Any ideas?

  • How to create an IIS virtual directory programmatically?

    All-
    Is it possible to create an IIS virtual directory
    programmatically using Coldfusion? Is there some set of server
    objects that could be tapped into using COM, for example?
    Any guidance would be appreciated. Thanks.
    -Josh

    You should be able to do this (as well as all other
    administrative tasks) using CFEXECUTE, Windows Scripting Host, and
    IIS management object. Read IIS documentation. It contains tons of
    ready-to-use scripts.

Maybe you are looking for