OCSP missing in IIS 8.5

Similar Messages

• Providers section was missing in iis 7.5 web site

  hi all,
  am trying to set up claims - fba in sp 2013. so for thepurpose of adding .net users
   [[Membership provider and Role provider ]]
  and  .net roles section using IIS 7.5,
  i went to the site in iis and tried to add the same:
  but i  saw that Providers was missing from iss 7.5 . in prev version of iis , it was existing after pages and controls section.
  but in iis 7.5 its NOT available  [[ my  framework is .net 4.0 ]].
  Can anyone point me , how to get that Providers section within ASP.NET
  section ?
  already added the windows  authentication  security roles  from  server manager.

  Hi,
  According to your post, my understanding is that providers section was missing in iis 7.5 web site.
  The <providers> collection of the <windowsAuthentication> element defines the list of authentication providers that are used with the Internet Information Services (IIS) 7 Windows authentication module.
  The <providers> element was not modified in IIS 7.5.
  To use Windows authentication on IIS, you must install the role service, disable Anonymous authentication for your Web site or application, and then enable Windows authentication for the site or application.
  For more information, please refer to
  Windows Authentication Providers <providers>.
  Regarding IIS, I suggest you also open a thread at IIS forums
  http://forums.iis.net/
  I believe at that forum, more people in expertise in IIS may help you regarding this.
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• CA / NDES Virtual Directory Structure Missing in IIS 7 unable to implement SSL for ADMIN sites

  We've recently finiallized both an Enterprice 2008 R2 CA and NDES service installtion configuration.  All services are running, to include web enrollment for both.  CA sits on a DC, as required, and the NDES roll sits on a standalone machine. 
  All service generated certificates / templates are in place and or issued including SSL certificates for service web front ends.
  I'm trying to take the next step in hardening both of the web front ends by requiring SSL web validation and client SSL authentication.
  Problem:  When examining the site structures, CA and NDES, within the IIS7 configuration manager the following inconsistancies are present:
       Enterprise CA:
                 o  No virtual directory is configured or listed under the Certsrv or Enrollment sub-sites, however as previously stated all servies are up and operational.
      2.        NDES:
                 o  IIS7 configuration manager doesn't list any Certsrv sub-site, but once again all services are up and runniing.  I can process SCEP requests via the web. 
                     The following 2 items are listed under the default site on the NDES service machine:  Rpc and RpcWithCert    
                     In past experience I would expect those items to be associated with Exchange, but since NDES is new to me they may be standard.
  Not to state the obvious but all Sys32 files and folders  are correct as both services are running properly.  Can anyone tell me if I've missed some critical article on AD CS or IIS7 that tells me why these 2 conditions are present. 
  Since the Certsrv sub-site exists on the CA I would assume a normal SSL bind will work, but with critical items missing from within IIS7 (at least from my view) i don't want to compound the problem..  Since there is no Certsrv
  structure on the NDES machines I'm not sure what the best way to proceed is.  Any help would be greatly appreicated.
  V/R BE

  CA / NDES all function properly.  I'm still reseaching proper IIS 7 SSL implementation, when the virtual directory and sub-site structer is either missing or imcomplete when viewed from within the IIS7 manager.
  These services where put into production without a thurough configuration check prior to implementation, so I don't have a test environment setup at the moment to just start playing.  I'm thinking this weekend I'm going to have to VSS the current
  machines and throw them on the Dev network and see how badly I can break them.
  V/R BE

• Enable Multiple Stapled OCSP Responses in IIS

  I would like to configure IIS to send multiple stapled OCSP responses when sending its certificate chain to a web client at the start of an SSL/TLS connection.  Currently, IIS only sends the OCSP response (signed indication from the issuing CA
  that the certificate is still valid and not revoked) for the server certificate, but doesn't send it for the intermediate certificates. 
  For instance, if my IIS web server certificate is issued by the Entrust CA, it may be signed by the Entrust intermediate certificate "Entrust L1C", which is then signed by the Entrust root CA certificate "Entrust 2048".  In that
  circumstance, IIS is only sending the client the OCSP status for the server certificate, but not the OCSP validation status for the "Entrust L1C" certificate.  So, the web client doesn't have to currently do an OCSP query to the Entrust
  CA for the server certificate (since the web server sends that OCSP response to the web client), but does have to do an OCSP query to the Entrust CA for "Entrust L1C" to verify the intermediate certificate also isn't revoked.  If the web client
  is behind a tight firewall that doesn't allow browsing to random Internet IPs for OCSP, the web client is unable to know if the certificate is still valid.  The response from the IIS forum http://forums.iis.net/post/2097704.aspx was that
  I should post the question here.
  How can I configure IIS to send OCSP responses (OCSP stapling) to web clients for the intermediate certificates in its certificate's chain as well?  Multiple Certificate Status Request Extension is an Internet standard documented in RFC 6961 at
  http://tools.ietf.org/html/rfc6961.  Is there a way to configure IIS to do this?

  It is working as designed. Currently OCSP Stapling only includes the revocation status for the leaf/server certificate. The assumption is that the offline CA certificates use CRLs, the CRLs are cached and should not need to be included in the stapled responses.
  Brian

• Virtual Directory for NDES server missing on IIS

  I installed an NDES server on windows 2008 R2 Enterprise server. I am able to connect to the website via the url
  http://<severname>certsrv/mscep and
  http://<servername>certsrv/mscep_admin. I can successfuly issue certs with the following urls also.
  but if I look in the IIS Managment Console I am unable to view the certsrv directory even if I am logged on as an enterprise admin. Does anyone know how to make those directories appea?
  The only way I have been able to make the Certsrv directory viewable is to also install the WebEnrollment service also.
  I dont need the webenrollment service but I need to enable https on those directories.
  Does anyone know what might be going on?

  You don't need a virtual directory in order to manage NDES. The whole thing installs as an ISAPI application. Manage it through the link
  http://localhost/certsrv/mscep_admin/. If you are having some trouble with NDES, check out
  http://social.technet.microsoft.com/wiki/contents/articles/9063.network-device-enrollment-service-ndes-in-active-directory-certificate-services-ad-cs-en-us.aspx that discusses NDES quite thoroughly.
  As for verifying your installation, check the Application Pools in IIS and the registry settings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP\

• RDWeb site has gone missing.

  I had a client call today that they were unable to access their "Anywhere Access" website on their Server 2012R2 Essentials server. Everything had been working just fine for several months. Now suddenly the /RDWeb page under the Default Web Site
  is missing in IIS. I was able to provide a work around by directing the users to <a href="https:///remoteHow">https://<sdomainname>/remoteHow can I recreate the RDWeb page without having to reconfigure everything?
  MZ

  I'll spin up my essentials VM this evening to confirm, but I am fairly incident that Essentials doesn't *have* a /rdweb directory in a normal default installation. Anywhere Access is a unique feature and has its own structure. It should not be confused with
  the rd web access role, even though there is some overlap in user experience. So as far as it "missing" my instinct is to say that is to be expected and normal. If anywhere access isn't working, that is not a valid symptom.
  Troubleshooting steps could include the essentials BPA as well as the fix network wizard.

• An authentication error has occured (Code: 0x607)

  Hi all,
  This one is driving me NUTS! The problem itself is when I go to connect to a session host using a web access server I get the error in the title.  This is only happening to some of my session hosts and not all.  I have compared them and can't find
  a single difference.  I also cant find anything useful in the event logs about this.  Below is my setup.
  A full RDS environment using all Windows Server 2012 Data Center.  Nothing 2008 R2.  All Clean installs.
  I have 6 servers a VM's split evenly between 2 ESXi 5.1 Hosts.
  1. MP-RDP-CB1.inucoda.net (Connection Broker 1)
  2. MP-RDP-CB2.inucoda.net (Connection Broker 2)
  3. MP-RDP-GW1.inucoda.net (Gateway Server 1)
  4. MP-RDP-GW2.inucoda.net (Gateway Server 2)
  5. MP-RDP-WA1.inucoda.net (Web Access Server 1)
  6. MP-RDP-WA2.inucoda.net (Web Access Server 2)
  inucoda.net is an network that is the Domain that all servers are joined to via 2 Domain Controllers splits between each ESXi Host.
  My outside domain that you can get to from the web is ucoda.net
  The connection brokers have all servers used including session hosts added to the server pool and are configured in HA mode. They use a SQL Server 2012 Fail-over cluster that is on a separate set of VMs for their database and the DNS is configured as round
  robin. MP-RDP-CB.inucoda.net.  There are two entries of this each with one of the two IPs of the CB1 and CB2 servers.
  On each CB server there is a RDS License server role installed with CALs installed and activated/registered. Both LIC servers have been added to the RDS deployment properties.
  The GW servers each have the NLB role installed with an extra network adepter for NLB use. There is a DNS name of MP-RDP-GW.inucoda.net that points to the NLB IP of the GW Cluster.  Also both GW servers were added to the GW Server Farm part of the the
  GW properties.  
  The WA servers are also in a NLB Cluster with an extra adapter and a DNS of MP-RDP-WA.inucoda.net pointing to the NLB IP.
  Up steam from our inside Windows Domain at our ISP level there is a DNS entry of MP-RDP-WA.ucdoa.net and it points to the NLB IP of the WA NLB Cluster.  (This is not a public IP, we require you be on our VPN to be able to access the IP).
  For certificates we have a Comodo issued wildcard of *.ucoda.net with the corresponding Comodo Root Trust and Intermediate Certs. We also have a wildcard *.inucoda.net created by our inside CA.
  The *.inucoda.net cert is used for the CB SSO, CB Publishing, and GW while the *.ucoda.net cert is used for the WA.
  All session hosts have been configured to use the *.inucoda.net for their RDP sessions.
  I can confirm that the *ucoda.net cert is used for the WA part and all other parts are reporting the *inucoda.net, all with no errors or warnings.
  For each session collection only one session host is used with no apps, (just RDP).  Security is set to only use NLA, SSL 1.0, High.
  On each session host I have verified that the *inucoda and *ucoda certs are installed and the internal CA and Comodo CA/Intermediate CA is installed in the correct stores.  I have also verified that COM Security has the domain\TS Web Access group set
  with full perms for the Access and Launch/Activation. Also for WMI  Root\CMIV2\TermicalServcies Security has the domain\Ts Web Access group set with full perms. Lastly each group/user that has access to RDS is listed in the Remote Desktop users.
  I've checked that both WA servers are listed in the TS Web Access group.
  The GW servers RAS/RAP policies are set to be pretty open for testing with using any port, any network resource, and Domain Users and Domain Admins listed.
  I have been trying to connect with Windows 8 and Windows 7 clients as the domain\administrator account.  Some of my session hosts connect fine and other don't .  It's always the same ones that connect and don't connect.  I can't find any difference 
  between the.   I've also blown away my entire RDS and started over with just a 3 server single node model with no NLB or RR DNS and the same exact error happens on certain servers.  I have sense gone back to the 6 server setup described here
  and again the same error on the same session hosts.
  I have also tried Negotiate and RDS Compatible and disabling NLA only for security.  No change.  Now here is the interesting part. If I remove GW servers from RDS by just saying not to use them (not actually uninstalling them or anything), all
  session hosts connect just fine every time.  When I first did my RDS setup I got he same error with code 0x607 for every connection attempt and found i had to set the RAS/RAP to use any network resource instead of Domain Computers.  However, it is
  currently set like that and some still don't connect.   So it works with out the GW servers just fine.  It also works without them in the 6 node setup as well as the 3 node setup. 
  I don't want to use it without the GW servers because since I am using all inside subnets with a VPN I have to add the CB IP/Name to my host file or it will not resolve and give an error about reaching the Connection Broker. Because I want to use a HA setup
  this is no good as there are two servers for it.  That's why I use the NLB IP of the WA and publish it with outside DNS with our ISP. 
  Any ideas at all??
  Thanks,
  Chris

  Hi All,
  I'm the original poster and if you have been following this I was never fully able to get things working.  Sometimes it would just work and other times it would just fail with the 607 error.  I have finally got it all working
  for over a week now with multiple systems using it!  Below is a rather large explanation of what I had to do and what I learned about RDP.   I've included links to guides that helped a lot. 
  First a small recap of my environment.
  Using all windows server 2012.
  Using two Gateways, Connection Brokers, and Web Access servers.
  Two domain names, ucoda.net for external connection via web to web access servers and inucoda.net to inside windows domain that all servers are members of.
  No external client systems are domain members, all just workstations.
  Using two wildcard *.domain certs for both domain names.
  External wildcard cert is from Comodo CA and internal wildcard cert is from my internal CA.
  Now for how I setup the RDS environment.
  I used this guide for setting up high availability of the connection brokers. 
  http://blogs.msdn.com/b/rds/archive/2012/06/27/rd-connection-broker-high-availability-in-windows-server-2012.aspx
  I used a back end SQL Server 2012 that was configured in a two node failover cluster for maximum HA.  As you can see by the guide it uses round robin DNS for load balancing the two CBs and does not require any hardware or software NLB.  
  For both the two gateways and web access servers you need to use some kind of NLB.  You can use the MS NLB to create a virtual Cluster IP and set a DNS record for you gateway and web access name to point to that cluster IP. HOWEVER!  If you are
  in a virtualized vmware environment as I am then you have some other things to do.  I can not comment as to Hyper-V setups, only vmware on ESXi-5.1.  If you use MS NLB then you must use it in Multicast mode and not Unicast. You must also setup static
  ARPs on your Layer 3 router/firewall and Layer 2 switches.  The static ARP should match the NLB cluster IPs to the NLB Cluster MAC address.  Below are the guides for a Cisco Cat switch and ASA firewall.
  http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1006525
  http://www.cisco.com/en/US/docs/security/asa/asa84/asdm64/configuration_guide/mode_fw.html#wp1224694 see adding a static arp section.
  Now in the end I still was not fully happy with MS NLB as it is not Layer 7 aware and can only check the network health.  So I ditched my MS NLB for a linux solution. HAProxy.  It is a software NLB that is Layer 7 aware and easy to setup.
  I used two Ubuntu Server 12 VMs with 1 GB RAM, 8GB HDD, and 1 vCPU each.  I also used Keepalived to setup virtual cluster IPs for HAProxy to use with failover.  so the HAProxy NLB is in high availability mode as well.
  Setup HAProxy on Ubuntu
  http://www.networkinghowtos.com/howto/compile-haproxy-from-source-on-ubuntu/
  Configure HAProxy and Keepalved
  http://leowadsworth.com/blog/2012/02/21/high-availability-load-balanced-web-servers-using-ubuntu-10-04-haproxy-keepalived-apache/ Skip the install part and see just the config parts for HAProxy and Keepalived. 
  Now once NLB is done and you have DNS pointing to it you need to add both Gateways to a Gateway Web Farm.  Not required for the Web Access Servers only the Gateways.  for the Web Access server you only need NLB with a common DNS.  
  Setup Gateway Farm
  http://technet.microsoft.com/en-us/library/cc732370.aspx
  Also as my client systems are not a part of the domain and have different subnets I needed to set the gateway RAP and CAP to allow users to connetc to any network resource.
  Now that the main configuration was done and running I had to fix/fine tune/and mess with a bunch of other things!
  There should be a domain user group account called TS Web Access Computers.  It should be populated with the Web Access server computers.  However in my deployment it was empty! great.  However, I also found other documentation that states
  it should be populated with the Gateway servers.  So for me I added both Gateways, Web Access, and Connection Broker Servers.  I figured it can't hurt.
  Now this group account needs to be added to COM security and WMI security for terminal services.  Below is a guide for both of these. I applied this configuration to every single system including all session hosts. 
  http://technet.microsoft.com/en-us/library/ee891251%28v=ws.10%29.aspx
  Now something interesting. Most of my systems were all server 2012 but a few were 2008R2 that had been upgraded in place to 2012.  For these systems the above config is till needed but you will find on the local systems user groups a TS Web Access Computers
  group.  This is not in the local groups for 2012 but got merged over from 2008 R2.  So for it I also added the domain\TS Web Access Computers group to the local TS Web Access Computers group and added the local one to COM and WMI security as well.
  Further into local user groups. On all systems in the deployment there is a local RDS Management Server group and it should have both Connection Broker servers listed.  I found this to be true on all my session hosts but
  on the Connection Brokers them self they only have their own server listed but not the other connection broker server.  I added both to each.  I also found a few of my systems had a third ? SID account listed that was no longer was a real
  account in the domain.  I removed it. Possibly from how many freaking times I had to re do my setup. 
  Now on the Connection Brokers local group accounts there is a RDS Remote Access Servers group.  It should have all the Gateway and Web Access Server listed here.  In my setup I found only the Web Access Servers were listed and no Gateways.
   GREAT! This only needs to be populated on the Connection Broker Servers. There is also a RDS End Point Servers group and it should have every Session Host server listed.  Again only needed on the Connection Brokers.
  That concludes user accounts/groups.
  Now onto the fun land of Certs!
  Something you need to make sure works is Revocation Checks!!!!!! It needs to pass from both the external client systems and internal server systems.  I had two certs used.  I used my *ucoda.net (external) for my Web Access Server Deployment and
  my *inucoda.net (Internal) for The Gateway and both Connection Broker parts. 
  My external was issued by Comodo so it passed rev checks just fine.  While my internal was issued from my internal CA and needed some work.  For the internal servers it could pass a rev check fine as it used the LDAP path in the CRL CDP
  part of the cert.  However my clients are external and not part of the domain.  So it can't use LDAP.  To check rev checks I used:
  certutil -f –urlfetch -verify <your_certificate>.cer
  You can download it for Windows 7 and 8 systems from:
  http://www.microsoft.com/en-us/download/details.aspx?id=7887 win 7 
  http://www.microsoft.com/en-us/download/details.aspx?id=28972 win 8
  To get it to pass on my client systems I had to add a CRL CDP http point that they could access instead of the LDAP point. In short on you internal CA you need to add a CRL that uses the FILE path to publish rev lists to a file share.  The file share
  is located on a server that has IIS and public access.  You then create a virtual directory with read rights to the that share in IIS and add a CRL HTTP point using the external FQDN of public web server for the CRL site.  Below is a guide
  to do all of this.
  http://blogs.technet.com/b/configmgrteam/archive/2009/05/01/how-to-publish-the-crl-on-a-separate-web-server.aspx
  Now once this is done you need to re generate a new cert and apply it to your RDS environment so it has the updated CRL CDP.
  Now after this I was able to pass using certutil tool.  But! wait there's more!  When I tried to connect to a server using normal RDP (not the full web access and gateway deployment), just direct to the end server I still got the warning about
  a rev check fail! I just didn't get it!  After a ton of researching it appears that RDP will only use LDAP and OCSP CDPs and not HTTP.  Great!  So while it passes the rev check from the tool it still fails for RDP. 
  So next was to add a OCSP CDP and Online Responder.  I chose to add the Online Responder role to my public web server where I had just added the HTTP CRL CDP.  Below are a few guides about setting this up and configuring your CA
  to use it.
  http://www.windowsitpro.com/content1/topic/online-certificate-status-protocol-ocsp-in-windows-server-2008-and-vista--103523/catpath/security
  http://blogs.technet.com/b/askds/archive/2009/06/24/implementing-an-ocsp-responder-part-i-introducing-ocsp.aspx
  http://www.sysads.co.uk/2012/10/install-and-configure-ca-online-responder-ad-cs-part3/
  I fond all helpful.  Now here comes a part that drove me NUTS!.  All these guides show that after installing the Online Responder role it automatically adds a ocsp webapp to IIS!  This is to be the CDP point you add to
  the CA. THIS IS NOT TRUE FOR 2012!  It does not add the IIS config what so ever.  Luckily I manged to find this:
  certutil -vocsproot  
  You need to run that command on the web server where you installed the Online Responder role.  It will add the IIS config and app pool!
  Now once this is all done and tested you need to re issue the cert again so it has the new OCSP CDP in it and install it in RDS deployment.
  Finally after this I received no rev check errors for RDP!
  Some more things on certs.
  For all my servers I installed the internal and external cert to their computer personal store and made sure the corresponding root and intermediate root certs were installed in the correct stores.  I also did this on my external client systems.  Be
  sure to add your internal CA's root cert to the trusted root store of you client systems or again the certs generated from it will not pass fully as the client system will not know to trust the CA that issued the cert.
  Now you also need to install a cert for each session host to use for RDP.  I really recommend wildcards as it much easier to just use a *domain cert for RDS deployment and install it on each session host for RDP than to have unique ones for
  each session host.  You use to be able to easily add a RDP cert in 2008R2 to a session host.  This is now gone in 2012.  So to do it you need to use the power shell.  Below is  guide on how to do this.
  http://blog.skadefro.dk/2012/08/windows-server-2012-server-8-remote.html
  Now I also used a little utility to help check that my certs were installed on each server correctly. I found on a few of my servers where one of my certs was missing the private key or had other problems.  This free tool from DigiCert can help and
  can also be used to test certs for rev checks.
  https://www.digicert.com/util/
  Lastly there is the issue of what RDP version you are using.  For me my systems they are all server 2012.  I found the only way to get SSO to fully work without a 2nd login prompt was to update all my Windows 7 RDP clients to the latest RDP. 
  http://blogs.msdn.com/b/rds/archive/2012/10/23/rdp-8-0-update-for-windows-7-sp1-released-to-web.aspx
  Well after all that I was able to access every RDSH in my environment without a single error!  It has been a ridiculously long and pain full journey.  I think MS needs to do more work and documentation of  2012
  RDS as it's changed so much, needs a better way to issue session host certs for RDP instead of just the power shell, and needs more documentation and clarity on RDP rev checks.   I hope this helps others and if anyone wants to see what my configs
  look like for HAProxy if they decide to use it feel free to ask.
  Thanks and Good Luck!
  Chris

• MBAM 2.5 - MBAMComplianceStatusService Site no installed

  I did not receive any errors during my install. I just realized that the site I configured for Compliance as part of GPO cannot be accessed...upon checking in IIS, I notice there is no site for it! Anyone else notice that the install did not create this
  site?
  PLEASE MARK ANY ANSWERS TO HELP OTHERS Blog:
  rorymon.com Twitter: @Rorymon

  I'm having this exact problem.  I've tried it on a clean, patched box and the MBAMComplianceStatusService site is still missing from IIS.  There are no errors in the logs, and no informational events about even trying to register the service.
  This is all the entries in the Microsoft-Windows-MBAM-Server/Operational event log:
  Event ID: Description
  410: Launching the Configurator.
  410: Checking the software prerequisites for feature AdministrationWebPortal
  410: Invoking feature provider to check the software prerequisites of the administration web portal.
  410: Invoking feature provider to check the software prerequisites of the agent services.
  410: Checking the software prerequisites for feature SelfServiceWebPortal
  410: Invoking feature provider to check the software prerequisites of the self service web portal.
  410: Validating the parameters for feature AdministrationWebPortal
  410: Invoking feature provider to validate the parameters of the administration web portal.
  410: Invoking feature provider to validate the parameters of the agent services.
  410: Validating the parameters for feature SelfServiceWebPortal
  410: Invoking feature provider to validate the parameters of the self service web portal.
  410: Committing the Enable task for feature AdministrationWebPortal
  410: Invoking feature provider to enable the administration web portal.
  603: Registering the 'MBAM Administration Support web service' performance counter category.
  603: The performance counters for the 'MBAM Administration Support web service' category were successfully registered
  410: Invoking feature provider to enable the agent services.
  603: Registering the 'MBAM Key Recovery web service' performance counter category.
  603: The performance counters for the 'MBAM Key Recovery web service' category were successfully registered
  410: Committing the Enable task for feature SelfServiceWebPortal
  410: Invoking feature provider to enable the self service web portal.
  Rorymon, could you look at the Operation log on the server that it worked on and see if there are any additional log entries relating to MBAMComplianceStatusService?
  Rorydon :-)

• Odd flash issue

  so i have a development server running version 8.0.1.195765 in multiserver mode. i have 13 different servers running. however some of them wont build flash content. is there some setting that I'm missing in IIS or Coldfusion. Its driving me nuts ive done (as best as i can) a side by side comparison and I just cant find anything. Has anyone else encoutered this
  Thanks,
  Adam

  Do they have acess to the flex /flash SDK?

• Can't get cgi.remote_user from cfc anymore

  I'm having trouble getting cgi.remote_user in cfc not
  returning to Flex in a cfc to return to Flex.
  The cfc returns the cgi.remote_user when invoked from a cfm
  page. But from Flex just &quot;&quot; empty. I can access
  the cfc from Flex, just can't get any cgi vars.
  It use to work from the Flex app using a RemoteObject until
  the other day, I had to reinstall the OS, IIS and Coldfusion again.
  OS: Window Server 2003
  IIS : 6
  ColdFusion: 8
  Don't know if I'm missing a IIS setting or if it was
  something left over for an old Fash Remoting or CF setup that was
  allowing this to work.
  Thanks

  I have a similar issue. Anyone have any ideas? Here is my
  scenario:
  A user hits my application and a remoteobject calls a CFC.
  The CFC has a login query that uses the CGI.REMOTE_USER variable.
  SELECT (..User stuff)
  FROM (sometable)
  WHERE (RemoteUser = '#cgi.remote_user#' (well, it is in a
  function, but you get the idea)
  Anyway, if I invoke it using a CFM file, I get a good result,
  as expected. But my Flex app see's nothing when I run it. All the
  other queries work just fine. If I replace the #cgi.remote_user#
  with actual text, like esc\mcneelg it works fine.
  Thanks.

• Handler "JWildCardHandler" has a bad module "IsapiModule" in its module list

  I get this Internal Server Error (500.21) after installing the 32 bit version of Cold Fusion on a Windows 7 Pro machine (32 bit version).  I read the posts and unchecked the IIS version 6 backward compatibility on my IIS configuration, and ran the upgrade to Version 9.0.1, but that didnt fix the problem.  Any suggestions as to what I should do next?

  Hi fschneider,
  Can you let us know, the version of ColdFusion you are using and the IIS version (seems like IIS7, from your post)
  fschneider wrote:
  Thanks again!  So, I ran that netstat -an command and realized that I had the VPN running...so I shut that off as well as the firewall and re-installed CF.   Still no success, although at least now when I run the webconfig tool (as administrator as Anit has said) it actually shows up with the jrun host: as local host...and shows IIS as the web server, but the OK button doesn't appear - instead a command prompt winto shows up and says "Enabling IIS7 optional packages...it will take 2 to 5 minutes..."  but sits there and doesn't do anything for way more than 5 minutes.
  And also, the error points to some configuration miss at IIS end.
  Regards,
  Anit Kumar

• Missing applications for the SharePoint Web Services site in IIS

  We have SharePoint 2013 server farm and in one of the server missing service applications/virtual directories.
  Under IIS, “SharePoint Web Services" site including an Application Pool and SharePoint Web Services Root is available, but no applications for the SharePoint Service Applications, all applications (security token service, topology ..) virtual directories
  are missing/removed/deleted.
  Can we re-provision only service applications on local SharePoint server, local server only not in any other servers in the server farm?
  Thank You.
  -RK

  Hi RK,
  Please check if services has been started on this server via CA > System Settings 
  > Manager services on server > change server to the current one.
  Is there other application server in your farm? Please test the issue on other servers.
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Win2k12 IIS custom Redirect on missing folder

  Can anyone help. I'm trying to set up and custom page on my IIS server where it will display when someone type in a invalid directory.
  IE:  http://www.MyDomain.com/NameOfFolderthatDontExist/
  Would like to show a custom error page.  I can set up the missing file, but not the folder/directory.
  Thanks in advance.
  Jimmy

  As this is a forum for general technical on Windows Server, you will find more IIS experts in a forum that handles questions about IIS - iis.net/forums.
  . : | : . : | : . tim

• Documentation Issue? Missing IIS Websites

  Hi,
  Curious if this is a documentation issue or I'm actually missing some web sites. This implementation is CM integrated.
  According to this page (Link) for MBAM 2.5, I'm supposed to have the MBAMAdministrationService,MBAMComplianceService and MBAMRecoveryAndHardwareService IIS sites. This information is
  listed under the Stand-Alone implementation of MBAM though (not ConfigMgr Integrated). Currently I have the following -
  HelpDesk
  MBAMAdministrativeService
  MBAMRecoveryAndHardwareService
  MBAMUserSupportService
  SelfService
  Notice that I'm missing MBAMComplianceService.
  Under the ConfigMgr section, there is nothing about validating the web services in IIS. I know that the compliance portion is technically covered by ConfigMgr, but verification that I have the rest covered would be nice in the documentation.
  Any thoughts? Am I covered?
  Thanks!
  -Michael

  In the CMIntegration topology, the compliance reporting will be handled by SCCM itself. You can see two new configuration baseline gets created after the installation along with a collection dedicated to MBAM.
  There will not be any IIS Site for the compliance reporting. You can view compliance reporting for machines using SCCM reporting. There will a separate section for all MBAM Reports.
  Also don't define the endpoints for the Compliance Reporting in the MBAM GPOs (Client management) in CM Integration topology.
  Regards, "Gaurav Ranjan" =========== NOTE: Mark as Answer and Vote as Helpful if it helps =======

• BOE R3 and VS2008 IIS Web Site Open Error Front Page Extensions Missing

  Hi,
  Can some please advise.
  We have BOE R3 deployed with TomCat.
  We have IIS for applications Development with VS 2008.
  I have added a the HowToScheduleCustom_VB to the IIS.
  When I Open the Web Site is VS 2008 I get an error Front Page Extensions Required.
  Are the Front Page Estensions required.?
  Or should we be using the Java Eclipse.?

  Are you trying to open the website on your development box (the one that has VS 2008 installed on it) or another server?  If it's on another server, you might want to check out this thread:
  http://forums.asp.net/t/1284716.aspx
  and the mskb article that it links to.
  -Eric