IWA over IIS AAR using a domain alias?
Hello all, First post here. I'm a software dev, so advanced IIS configuration is a bit outside my wheelhouse. I'm not entirely sure how to word my question, but basically, it's: "can you configure...
View ArticleDisable SSL & Early TLS on Windows Server 2012 R2 Running ARR
Hi All,I wanna get some confirmation. I am in the midst of getting a PCI DSS compliance and one of the requirement is to disable SSL and Early TLS on our servers. I have 2 ARR Servers and want to know...
View ArticleUnauthorized 401 on IIS 7.5
I developed a WebService using WCF Data Services. Debugging it on my localhost using VS2017 (IIS 10) it works fine. Once deployed on the server,GET and POST work fine, PUT/PATCH/DELETE give a 401...
View ArticleConfigure IIS to disallow client-side scripts the capability of reading...
I recently installed SolarWinds NPM on a prehardened Windows 2012r2 server. In the process of installing this application it enables what it believes are the necessary IIS components needed in order...
View ArticleLocalHost denied with IIS_IUSRS set correctly
Using a WIndows Server 2016 VMIf I select Edit Permissions / Security from right mouse click on Default Web Site - I seeIIS_IUSRS (MYVMNAME\IIS_IUSRS ) withthese 3 allow(checked) on Read &...
View ArticleHow to configure IIS to send client certificates to another web server
We have a 3rd party .NET web application providing an application API. One of the web services takes a URL to a file hosted on an Apache web server as a parameter. The web service calls the URL,...
View ArticleSelf signed with extended expiry date on windows 2012
Hi All, Is there any option to create a self signed certificate with extended warranty or never expires ? Am not sure if I can use SelfSSL.exe (is this tool from Microsoft can we trust this ? ) file...
View ArticleEvent code: 4008 Event message: File authorization failed for the request.
Hellowindows authentication is enabled. the webconfig refers to AD group that i am a member of but it does not take my creds.the app pool has read/execute, list and read permissionsRequest information:...
View ArticleGroup Managed Service Accounts and iis Client Certificate Mapping Authentication
Has anyone managed to get this working? I have numerous Group Managed Service Accounts (gMSA) all working well on the server - except when trying to use it as the account for one of my IIS Client...
View ArticleSSL certificate not available in IIS
I need to create a 443 https site with SSL certificate for a piece of software. We have a Certificate Authority (which I have little experience) and I've tested creating various machine certificates....
View ArticleLDAP over SSL connectivity
Hi all,I am trying to connect to AD using LADP over SSL. I have following code, but I am getting exception (The LDAP server is unavailable). I can able to connect using LDAP test application on both...
View ArticleIIS Administration without local admin permissions
We are considering removing local admin rights for all domain users but would like to keep IIS Admin permissions for developers group. Is there a way to provide IIS Admin without local admin using AD...
View ArticleSSL installed but it has affected other sites on the server
Recently I installed an ssl certificate for a customer and after a while noticed that Google has got all other sites on the server mixed up.Site A had the SSL cert applied. Site B started getting...
View ArticleClik here to view.
IIS Client Certificate Mapping/Authentication Does Not Appear to Work...
Hi,Apologies in advance for the length, but I wanted to thoroughly document my analysis of this issue.I have spent an inordinate amount of time (weeks and weeks) Googling/researching/testing/debugging...
View ArticleEnabling httpcookies
I have a web sites in which I need to ssl enable cookies. I looked up how to enable it and it seems straight foward. add the statement <httpcookies httponlycookies="true" requiressl="true" />...
View ArticleIIS 8 SSL Different IP with same ports. Website cannot be started
Hello,We're running into an issue in IIS where we have 1 site started (http), with a binding of * on 10.xx.x.28:8082 (http). We have a second site, but this one is https with a different IP, binding...
View ArticleForce TLS 1.2 for only a single web application
I have a peculiar scenario. We have .net framework 4.6.1 installed with IIS 7.How do we force only one web application to use TLS 1.2 without making registry changes which would affect the whole...
View ArticleClik here to view.
FTP Over SSL
Hi All,Initially, i posted this question to windows general forum but i was told to post here as this is related with IIS/FTP. Have one query on FTP over SSL on windows 2012 R2. Everything is set and...
View ArticleMinBytesPerSecond for Slow HTTP Post Attack
I recently received a Qualsys report which listed - SLOW HTTP POST as a vulnerability with my application.I have checked the various countermeasures, and configuring - MinBytesPerSecond, in the...
View Articleidletimeout vs startMode
What would be the difference between(A) Setting an individual app pool idletimeout = 0 (B) Changing the root application config as mentioned...
View Article