IIS: If the page is a script, add a handler. If the file should be downloaded, add a MIME map.

HTTP Error 404.3 – Not Found The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.

 

Solution:

Changing the Application Pool–>Managed pipeline mode from integrated to classic has solved the problem.

 

I was getting this error because IIS – ASP.NET extensions was not installed.

m1

Even after installing the extensions aspx mime type was not appearing on the IIS-MIME Types but it was appearing in the Handler Mappings.

m2

 

 

 

 

Install: IIS 8.0 Using ASP.NET 3.5 and ASP.NET 4.5

IIS must have the following features enabled for the ASP.NET web application:

  • .NET Extensibility (on Windows 7 and Windows Server 2008), .NET Extensibility 4.5 (on Windows 8 and Windows Server 2012), .NET Extensibility 4.6 (on Windows 10)
  • ASP.NET (on Windows 7 and Windows Server 2008), ASP.NET 4.5 (on Windows 8 and Windows Server 2012), or ASP.NET 4.6 (on Windows 10)
  • ISAPI Extensions
  • ISAPI Filters
  • Request Filtering
  • Windows Authentication
  • Static Content
  • HTTP Activation

http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-using-aspnet-35-and-aspnet-45 

iis-80-using-aspnet-35-and-aspnet-45-1097-smasp4.5

 

For the SVC web service add:

wcf

IIS error 401: Unauthorized access is denied due to invalid credentials

Solution 1

This weekend while I was creating a publishing rule for an IIS webpage on our TMG server I noticed a strange behaivour on the IIS server.  When you try and open the page through a web browser you get an http authentication window and after you enter your credentials the same http authentication window popups again. After the third iteration the server reports 401 Unauthorized: Access is denied due to invalid credentials.

The problem was solved by changing the order for the authentication mechanisms. We had Negotiate above NTLM and the server had trouble authenticating the users.

To change the order you have to do the following:

  • Open IIS and select the website (or directory) that is causing the 401
  • Open the “Authentication” property under the IIS header
  • Click the “Windows Authentication” item and click Providers
  • Change the order and put NTLM on top.

After the change open Command Prompt and do a iisreset /noforce.

The error should be gone and credentials should be working again.

Soution 2

After migrating a web application to a new server, we encountered this server error:

401 – Unauthorized: Access is denied due to invalid credentials. You do not have permision to view this directory or page using the credentials that you supplied.

Server Error 401

This happened despite the fact the user is already authenticated via Active Directory.

There can be many causes to Access Denied error, but if you think you’ve already configured everything correctly from your ASP.NET application, there might be a little detail that’s forgotten. Make sure you give the proper permission to Authenticated Users to access your web application directory.

Right-click on the directory where the web application is stored and select Properties and click on Securitytab.
Folder Properties - Security Tab

Click on Edit…, then Add… button. Type in Authenticated Users in the Enter the object names to select.

Adding Authenticated Users

Click OK and you should see Authenticated Users as one of the user names. Give proper permissions on thePermissions for Authenticated Users box on the lower end if they’re not checked already.

Security Permissions for Users

Click OK twice to close the dialog box. It should take effect immediately, but if you want to be sure, you can restart IIS for your web application.

Refresh your browser and it should display the web page now.

 

Solution 3:

An IIS Administrator can fix this issue by re-configuring the IIS authentication settings. To do the administrative changes (i.e. to solve this error) just follow below mentioned steps.

1. Open the IIS Manager.

2. Expand listed sites to open required Sage CRM site and select Authentication Feature.

screen1

3. Open Anonymous Authentication to edit credentials.

screen2

4. Change Anonymous user identity from Specific User to Application pool identity.

screen4

screen3

5. Run IISRESET.

It would do the changes in Security Credential of the IIS for that site. After that you can do any administrative changes in Sage CRM in the administrative mode.

IIS: Can’t access webpage using Internet explorer

Scenario

I have a problem accessing an intranet website with IE8. I can access the site through Firefox or any other browser, except IE. IE will prompt for a username and password but never accepts the credentials and just shows a 401 message, “You are not authorized to view this page”

The website is configured as follows:

Windows Server 2003

IIS Directory Security > Authentication Methods > “Integrated Windows authentication” only

 

Solution

Sounds like an IE security setting. I’d check two things in options:

  1. In the Advanced tab–> in the security section–> is Enable Integrated Windows Authentication checked?
  2. In the Security tab–> does the site come up under the Local Intranet zone? If not, add it.
  3. In the Security tab–> custom level–> also, make sure the User Authentication item is set to one of the Automatic Logon options (checking Automatic Logon with current user name and password should make the browser automatically log into the site).
  4. Turning off ‘Protected Mode’ in the Internet Zone Security settings allows the pages to work normally but obviously removes the protection provided by protected mode.
  5. Removed the Host Header Value and it worked

Note: Basically from the Server IE11 browser I could not access the intranet website. I could access the website from my pc IE11 browser. The only difference I have been able to find is the different version of IE11 on my pc and the server

IIS: Two websites hosted by a single windows server machine

Scenario

I need to host two web applications on IIS and both on port 80 hosted by only one Windows Server 2012 machine. Normally, any network machine will already have an IP-Address and a hostname. (Remember this hostname and IP-Address is found as a DNS record in Active Directory.) With these settings, we will be able to host only a single web application on port 80. We can host multiple web applications on the same machine but it has to be on different ports.

 

In order to host multiple web applications on port 80 on the same machine:

  • We need two IP-Address and two hostnames for the same machine. In order to add one extra IP-Address and one extra hostname for the same machine
    1. Contact IT and explain your requirement and ask them to create a DNS record with the hostname provided by you (normally your second web applications name) and IP-Address (any available IP-Address to be used by a server). Make a note of the IP-Address. Say for example the extra IP-Address is 172.16.0.41.
    2. Now on your host server machine open Control Panel–>Network and Sharing Center–>Click change adapter settings–>Select the Network card–>Right click–>Properties–>Internet protcol version IPv4–>Properties–>Advanced button–>IP Settings tab–>Click add–>Enter new IP-Address and subnet mask

      n1

    3. Open IIS manager–>Browse to Sites–>Right click and select Add Website–> In the hostname box, type the new hostname.domainname.org.uk
      1. Sites Authentication: Enable Windows Authentication only and disable all others type of authentication.
      2. Application pool: Use the .NET CLR version v2.0

IIS 7: SSL certificates on Sites with Host Headers

My Website could not listen to port 443. I could not bind the https port 443 using GUI, then the command worked for me:

  1. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
  2. appcmd set site /site.name:”MySite V2″ /+bindings.[protocol=’https’,bindingInformation=’*:443:sitev2.mysite.com’]

 

SSL certificates on Sites with Host Headers

Today I got the following question:

“I have two sites (siteV1.mysite.com and sitev2.mysite.com). They listen on the same IP address and port. We generated a certificate for siteV1.mysite.com and SSL is working properly. The problem is that some of our customers use siteV2.mysite.com and they are getting certificate errors. What’s the problem?”

Here is the issue:

There are three pieces of data to uniquely identify an IIS site:

  • The IP address
  • The Port
  • The Host name which HTTP 1.1 clients send as an HTTP request header.

This IP:Port:Hostname triplet is called a binding. The binding “192.168.1.192:80:myserver” for example represents a site that listens on IP address 192.168.1.192, port 80, host-header myserver.

The very first things IIS (HTTP.SYS to be more precise) does when a request comes in is to read the site’s configuration. Connection limits and timeouts are examples of site configuration. The site binding is used to find the right site configuration. The SSL certificate seems to be another great example of site configuration – the SSL certificate is needed to decrypt the encrypted SSL data coming from the client.

And the IIS User Interface certainly makes it appear as if the SSL certificate would be site configuration, too – doesn’t it? In reality however you can’t bind a SSL certificate to a site. The IIS UI is fooling you. But why?

It’s a chicken and egg problem: The host name is encrypted in the SSL blob that the client sends. Because the host name is part of the binding IIS needs the host name to lookup the right certificate. Without the host name IIS can’t lookup the right site because the binding is incomplete. Without the certificate IIS can’t decrypt the SSL blob that contains the host name. Game over – we are turning in circles.

What IIS does under the covers is to ignore the host name. IIS binds the certificate to IP:Port and warns you when you try to bind a certificate to the same IP:Port combo with different host names.

But there is a way if you need two different sites on the same IP:Port. You can accomplish this by getting a certificate that contains both common names, i.e. sitev1.mysite.com and sitev2.mysitem.com. Cert Authorities usually allow more than one so called “common names” in a certificate. By binding the certificate to one of the two sites you won’t not get certificate errors anymore. The client is happy if one of the names in the certificate matches.

But there is another caveat: you can’t use the IIS7 User Interface to add a host header to an SSL site binding. You have to use command-line tools, do it programmatically or edit applicationhost.config directly. Here is an example and a link how you can it via command-line:

appcmd set site /site.name:”MySite V2″ /+bindings.[protocol=’https’,bindingInformation=’*:443:sitev2.mysite.com’]

And last but not least: with IIS7 you can use the following command to figure out what certificate is bound to a particular IP:Port combination:
netsh http show sslcert

This command will show the IP:Port binding but also some other SSL settings.

 

SSL Host Headers in IIS 7

SSL Host Headers in IIS 7 allow you to use one SSL certificate for multiple IIS websites on the same IP address. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.

What Type of SSL Certificate Do You Need?

Because you can only use one certificate, that certificate needs to work with all the hostnames of the websites that you use it with (otherwise you will receive a name mismatch error). For example, if each of your IIS 7 websites uses a subdomain of a single common domain name (like in the example below), you can get a Wildcard Certificate for *.mydomain.com and it will secure site1.mydomain.com, site2.mydomain.com, etc.

If, on the other hand, your IIS 7 sites all use different domain names (mail.mydomain1.com, mail.mydomain2.com, etc.), you will need to get a Unified Communications Certificate (also called a SAN certificate).

Setting up SSL Host Headers on IIS 7

  1. Obtain an SSL certificate and install it into IIS 7. For step-by-step instructions on how to do this, see Installing an SSL Certificate in Windows Server 2008 (IIS 7.0).Install SSL Certificate into IIS 7
  2. Once the certificate is installed into IIS, bind it to the first site on the IP address.Bind the SSL Certificate to the first site on the IP address
  3. Open the command prompt by clicking the start menu and typing “cmd” and hitting enter.
  4. Navigate to C:\Windows\System32\Inetsrv\ by typing “cd C:\Windows\System32\Inetsrv\” on the command line.
  5. In the Inetsrv folder, run the following command for each of the other websites on the IP address that need to use the certificate (copy both lines):appcmd set site /site.name:"<IISSiteName>" /+bindings.[protocol='https',bindingInformation='*:443:<hostHeaderValue>']Replace <IISSiteName>  with the name of the IIS site and <hostHeaderValue> with the host header for that site (site1.mydomain.com)Run AppCmd to bind the other sites to port 443 using the same certificate
  6. Test each website in a browser. It should bring up the correct page and show the lock icon without any errors. If it brings up the web page of the first IIS site, then SSL Host Headers haven’t been set up correctly.

If you need to set up multiple site to use a single SSL certificate on IIS 6 or Apache, see How To Configure SSL Host Headers in IIS 6. For more information about SSL Host Headers in IIS 7 see IIS 7.0: Add a Binding to a Site and SSL certificates on Sites with Host Headers.

ASP.NET: Install and Configure IIS for ASP.NET

In short:
  1. Install IIS 7.0 and webdav server
  2. Using Turn windows features on or off – Install IIS feature
  3. Copy the Website folder to C:\inetpub\wwwroot\
  4. IIS Convert to application
  5. IIS Application pool settings
  6. IIS Authentication to website
  7. Firewall configuration
  8. Website folder permission
  9. Install the SQLExpress 2008 with the Visual Studio even if you have SQL Server R2 professional.
In broad:
1.     Download & Install IIS 7.0
2.     Using Turn windows features on or off – Install IIS feature
3.     Copy the GymReg folder from \DBA home folder\Website to c:\inetpub\wwwroot\
4.     Open IIS & Convert to application
 
5.     Authentication to website
 
6.     Application pool settings: Since the copy of ASP.NET version in your website application may be different to your new application host computer


7. Allow windows FirewallàWorld Wide Web Services HTTP
 
8.     Website folder permission
9. How to register ASP.NET 2.0 to web server(IIS7)?
ASP .NET 2.0:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -ir

ASP .NET 4.0:

C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -ir

Run Command Prompt as Administrator to avoid the ...requested operation requires elevationerror



Troubleshooting:

Problem: Server error in ‘/’ Application

Solution: Step no- 4, 5 & 6

Problem: Authentication error
Solution:
To enable integrated Windows authentication:
 
1.      Log onto the Web server using an administrator account.
2.      On the Start menu, click Administrative Tools Control Panel.
3.      In the Administrative Tools window, double-click Internet Information Services.
4.      In the Internet Information Services window, open the Web server node.
A Web Sites folder opens beneath the server name.
5.      You can configure authentication for all Web sites or for individual Web sites. To configure authentication for all Web sites, right-click the Web Sites folder and click Properties on the shortcut menu. To configure authentication for an individual Web site, open the Web Sites folder, right-click the individual Web site, and on the shortcut menu, click Properties.
6.      In the Properties dialog box, click the Directory Security tab.
7.      In the Anonymous access and authentication control section, click the Edit button.
8.      In the Authentication Methods dialog box, under Authenticated access, select Integrated Windows authentication.
9.      Click OK to close the Authentication Methods dialog box.
10.  Click OK to close the Properties dialog box.
11.  Close the Internet Information Services window.
To enable remote connection on SQL Server 2008 Express, see the step below:
  1. Start SQL Server Browser service if it’s not started yet. SQL Server Browser listens for incoming requests for Microsoft SQL Server resources and provides information about SQL Server instances installed on the computer.
  2. Enable TCP/IP protocol for SQL Server 2008 Express to accept remote connection.
  3. (Optional) Change Server Authentication to SQL Server and Windows Authentication. By default, SQL Server 2008 Express allows only Windows Authentication mode so you can connect to the SQL Server with current user log-on credential. If you want to specify user for connect to the SQL Server, you have to change Server Authentication to SQL Server and Windows Authentication.
Note: In SQL Server 2008 express, there isn’t SQL Server Surface Area Configuration so you have to configure from SQL Server Configuration Manager instead.

Step-by-step

  1. Open SQL Server Configuration Manager. Click Start -> Programs -> Microsoft SQL Server 2008 -> Configuration Tools -> SQL Server Configuration Manager.
  2. On SQL Server Configuration Manager, select SQL Server Services on the left window. If the state on SQL Server Browser is not running, you have to configure and start the service. Otherwise, you can skip to step 6.
  3. Double-click on SQL Server Browser, the Properties window will show up. Set the account for start SQL Server Browser Service. In this example, I set to Local Service account.
  4. On SQL Server Browser Properties, move to Service tab and change Start Mode to Automatic. Therefore, the service will be start automatically when the computer starts. Click OK to apply changes.
  5. Back to SQL Server Configuration Manager, right-click on SQL Server Bowser on the right window and select Start to start the service.
  6. On the left window, expand SQL Server Network Configuration -> Protocols for SQLEXPRESS. You see that TCP/IP protocol status is disabled.
  7. Right-click on TCP/IP and select Enable to enable the protocol.
  8. There is a pop-up shown up that you have to restart the SQL Service to apply changes.
  9. On the left window, select SQL Server Services. Select SQL Server (SQLEXPRESS) on the right window -> click Restart. The SQL Server service will be restarted.
  10. Open Microsoft SQL Server Management Studio and connect to the SQL Server 2008 Express.
  11. Right-click on the SQL Server Instance and select Properties.
  12. On Server Properties, select Security on the left window. Then, select SQL Server and Windows Authentication mode.
  13. Again, there is a pop-up shown up that you have to restart the SQL Service to apply changes.
  14. Right-click on the SQL Server Instance and select Restart.
  15. That’s it. Now you should be able to connect to the SQL Server 2008 Express remotely.
 
Note: When you will have SQL Express & MSSQLServer both installed in the same computer make sure you have created the database in the right instance.