403.16 on IIS 8
Hello, I'm trying to use a client certificate issued by a self-signed CA. I have the CA in trusted root on both the client and server. I've disabled CRL checking in the registry. Basically, I've done...
View ArticleIIS8 / SCCM2012: Error 403.16 - again...
Hi everyone,banging my head against this one for literally weeks so hoping for some insight form the community. Here goes:Enterprise Root CA (Windows Server 2008R2), CA cert is valid until 2024...
View ArticleIIS Client Certificate Mapping "One-to-One"
Windows 2008R2. I am using the following article to enable/config the certificate mapping...
View ArticleBeing Hammered from outside of country
I currently have a IIS6 server running PHP & FastCGI 1.5 handler.Previously my php-cgi.exe was being overwhelmed to the point my server was running at 100% CPU usage.After troubleshooting this...
View ArticlePermissions on specific folder to write to
Hi All,We are running an application on IIS 7 which has to output data to a specific (local) folder. The application is running anonymous auth. and the application pool is running with a service...
View ArticleIIS 7.5 Windows Authentication not working, AUTH_USER coming back as empty...
We are running IIS 7 and Coldfusion 10. I have installed the Windows Authentication feature and have both Windows auth and Anonymous auth enabled at the server level. At site level I have Anonymous...
View ArticleIIS 7.5: useAppPoolCredentials="true" being ignored on one server
Hello gurus.I have 3 Windows 2008 R2 web servers behind a load balancer that run a PHP application which accesses files on a DFS share. DFS share and web servers are in the same domain, the sites run...
View ArticleError: ASN1 bad tag value met. 0x8009310b(ASN: 267) when installing a...
Hello... Is anyone seen this error when attempting to install a VeriSign chain certificate using IIS 7 server? CertEnroll:CX509Enrolment:p_InstallResponse: ASN1 bad tag value met. 0x8009310b(ASN: 267)...
View ArticlePass-Through Authentication Breaks after Network Connectivity is Lost
Everytime our Web Server loses network connectivity, our pass-through authentication breaks. Our only work around we have found is to move our asp.net files to a temporary location, create a generic...
View ArticleApplication Pool Identity password shown in clear text
Hi, We are facing following issue with encrypted passwords stored in the applicationHost.config file. It seems that when we use "appcmd.exe" or PowerShell query to get information about IIS application...
View ArticleWindows authentication - Prompted for credentials - SSO
Hello,I've the following problem: I have an intranet .net website on IIS, configured to useonly Windows Authentication and when I try to access my website using IE (8 to 10),it prompts me for my...
View ArticleIISWASOnlyRsaProvider encryption provider
As per this Microsoft Technet article, there are three encryption providers supported by IIS configuration. I would like to know that if I secure the passwords using IISWASOnlyRsaprovider for my...
View ArticleIIS 7.5 and client certificate authentication
I'm trying to get client certificate authentication working with a user cert from a third party CA (DST ACES). My test IIS box has 'client certificate mapping authentication' installed. On the server,...
View ArticleWeb site will not work when using SSL
hey everyone! I have had to rebuild a web server. I used Appcmd to migrate over all of the sites and server settings. I obtained and installed a certificate on the new webserver. This is a cold...
View ArticlePCI Scanning
Hi All While scanning one of our internal servers, the security scanning software gave me this error:Title: Banner Based Vulnerabilities for Microsoft IIS httpd 7.5 Impact: One or...
View ArticleWebsites with certificates are very slow to access on Windows Server 2008 R2 STD
Hello,I wonder if somebody can help me clarifying this issue.I have migrated an installed server from Windows Server 2003 R2 STD to Windows Server 2008 R2 Standard with SP1 (8GB RAM and 1.5TB RAID 5...
View ArticleHire someone for helping with security
Hi, everyoneIve been through quite a few things securing our hosting server (Win 2008/IIS 7.5), securing openbase in php, aspnet trust level, urlscan, FSO, etc. But I still feel a bit unsecure. Does...
View ArticleIIS Manager Authentication on Windows 8 Pro IIS Server
I'm running Windows 8 Pro on a workgroup and was hoping to be able to use IISManagerAuth. It shows up as a custom provider option that can be checked in the IIS Manager Feature's GUI. However, I've...
View Articleappcmd list apppool /config -- passwords in clear text?
Hello,I needed to export app pools config from IIS 7.5 today and found all password are visible in a clear text in a result of 'appcmd list apppool /config'is it possible to encrypt app pools passwords...
View Articlecannot setup an IIS 8.0 Server Name Indication (SNI)
i've followed the instructions at this link to configure a sni, but it doesn't work for me, please can you give me an...
View Article