Same SSL keys (private keys) on both tier using IIS
HI, A new member of this forum, so hope I ask this question in the right category.I am basically an APM/NPM guy, a port-mirroring-based solution would required us to import the private key used by...
View ArticleLocal FTP Server - adding self-certificate SSL problem
I am a newbie and want to set up a local FTP server on my PC to be able to download pictures via WiFi from my Canon camera. I have set up FTP server using IIS (v 7.5 on Windows 7 Pro HP z840)...
View ArticleWindow server2012 R2 standard on windows authentication given...
I have a window server 2012 R2 standard.I have hosted my application in IIS and authentication is windows.I have set the user identity in application pool as a custom identity.I have added the custom...
View ArticleFTP SSL (Certificate)
FTP SSL (Certificate)Hello,I'm setting up a passive SSL Explicit FTP where multiple providers will access the FTP server that is in my company.My question is what is the need for the public certificate...
View ArticleHow does one become a trsited CA?
I have several thousand clients that we will be providing their webhosting for free as part of their move to MSFT services. Is their a way for us to become a Trusted Certificate Authority? This would...
View ArticleCustom Provider for Windows Authentication
Hello,I would like to know how to develop a custom provider for Windows Authentication. I've an ASP.NET web application served with IIS 8.5 that authenticates using Windows Authentication. The problem...
View ArticleWSUS Input Validation
I know that WSUS does not have traditional web pages intended for users, but for audit purposes, what risks/security surround input and the validation of input returned to WSUS's IIS front end?
View ArticleClik here to view.
Visual Studio Passwords NOT encrypted?
Hello,When I publish pages I have tweaked in Visual Studio 2015 Community, I then see this warning dialog:Because my passwords were going out without encryption, I posted to the VS forum where most...
View ArticleIIS 10 & Blocking Client Side Session Cookies
Hello,I'm far from an IIS expert, but I need to document that client side cookies are not accepted on my IIS server, or failing that, a means to configure IIS to not accept client session cookies....
View ArticleIIS8.5 / executable permissions
Hi,We have upgraded a WS server 2008r2 server to WS2012 R2 with the AD and IIS role.The upgrade went well but we have one issue with a website running an executable Winscp. (with a site overlay, so it...
View ArticleIIS Patch Code signing and security
Hello,Is there a mechanism by which an IIS server will verify the code signature of a patch during installation? I've looked at IIS public add-ons and don't see hash values listed. If hashes are...
View ArticleURL parameter manipulation
A recent audit says we need to define default documents in virtual directors to avoidURL parameter manipulation attacks. Browsing the virtual directories now shows only a blank page. Is the auditor...
View ArticleCan this be a Ddos attack
Hi,Site runs extremely slow, more precisely my website is go down and service unavailable.I use logparser WebLog Expert to determine request and visitor.For a period of thirty minutes I have5,983 hits...
View ArticleIIS10 Missing Server Certificates
My end goal is to request a cert from my domain ent. CA. I set up a new Server16 "Core" instance and installed WSUS & therefore IIS. In the IIS MMC, I went to the server level, and under...
View ArticleCreate Domain Certificate Request - Not Using Published Template
Hello,I recently deployed an enterprise CA on server 2016. I then copied the Web Server cert template. I then edited Compatibility to Server2012R2&Win7 CA/recipient, and Algorithm to ECDH_P256...
View ArticleWSUS & Application Pool Settings/Security
Hello,According to the MS article h t t p s : / / technet.microsoft.com/en-us/library/jj635855%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396, the application pool identity should be set to...
View ArticleIP Address Restriction Not Working
I've been trying to get IP Address restrictions working on a website. When I change the feature settings for unspecified clients to deny, on one server it works fine and immediately blocks everyone but...
View ArticleIIS Site Losing Ability to Authenticate With NTLM
We are having a recurring issue with one of our servers that I am not sure how to troubleshoot. The server is used to host an instance of Microsoft TFS and every few weeks Windows Authentication...
View ArticleClik here to view.
Broken counters "Current Anonymous Users" and "Current NonAnonymous Users"
Hi community,Recently we have found strange behavior of IIS performance counters "Current Anonymous Users" and "Current NonAnonymous Users". Both of them are showing maximum allowed value (4 billion +)...
View ArticleSSL Via Lets Encrypt - Auth File not Loading
Hi Guys,I am trying to use lets encrypt to secure our web site. We have an auto service that completes the verification of the site owner ship which creates a file under the following location...
View Article