I have 5 web apps host in IIS6, I need to change the timeout from 120 seconds to 500 seconds. May I know any impact on all those web apps host under IIS like performance, security issues?
Related
Setup
I have an Origin Group with 2 web sites: one is the "main" site and one is a "static" site. Front Door caching is disabled. There are no other devices / proxies / caches between Front Door and the web sites.
The origin group is configured as:
Health probe: 10 seconds
Session affinity: not enabled
All other settings as default
The origins are configured as follows:
main: Priority = 1, Weight = 1000
static: Priority = 2, Weight = 1000
NOTE: All testing using an incognito session and using ctrl-shift-r to force a reload in both Edge and Chrome. I have used this site as the refrence for what should happen: https://learn.microsoft.com/en-us/azure/frontdoor/routing-methods#priority
When I load the web site, it correctly goes to "main".
Failover Behavour
When I stop the "main" App Service, I would expect it to "think" for 10 seconds and then load the static site. But it does not. Instead, it does this:
0 to 30 seconds: "The web site is unavailable" (white background black text)
30 seconds to 120 seconds (in another test, it was much longer - it does not seem to be consistent): "Error 403 - This web app is stopped." (or just 403 if I'm oit using friendly errors. Develper Mode shows that I am receiving a 403 which is the main point, not a 200.)
120 seconds onwards: The static page shows
Failback Behaviour
When I restart the "main" App Service, I would expect it to "think" for 10 seconds and then load the main site. But it does not. Instead, it does this:
0 to at least 10 minutes onwards: The static page shows
Conclusions
Azure Door does not failover as per the probe settings. (So, either the probe does not work, or it does but is ignored by Front Door.)
Failback is not supported in Front Door.
How do I:
Get Front Door failover to work faster than 2 minutes after a failure?
Get Front Door to fail-back after the main site is up and running? (Purging the AFD cache does ot fix it. The only way I have found is to delete [not just disable] the "static" origin.)
If regions are deploying origins in two or more locations across the globe, you can improve the responsiveness of your applications by routing traffic to the destination that is "closest" to your end users. Based on my experience, here are my recommendations.
Enable session affinity
Deploy applications from various origins to improve portal performance with Load Balancers [Front Door, Traffic Manager, Load Balancer, Application Gateway].
Disable unused endpoints.
Replicating the same scenario with two apps and the above rules, both applications are loading fine without any issues.
step2:
I disabled EndPoint 1 and tested the FD portal.
Static application is running fine
The same step is repeated by the disabled App Services application.
WebApp Running fine.
I have a Web site deployed on Azure Web App. My web site gets very slow at times. This behavior is random.
On checking IIS Logs during the period of slowness, I found few requests coming in where the Client IP Address is blank (It shows "-").
The response time of these requests runs into minutes and finally they result into HTTP 500 error. This happens only for the requests where c-ip is blank.
All other requests that have a Client-IP address are processed successfully. But because of the bad requests my application becomes very slow. I have to restart my Web App to resolve this issue.
What could be the possible reason behind these requests having a blank Client IP Address ? Could this be a malicious attack on the web site ?
Difficult to say. Could you add Application Insights service to your project? It allows you to see what is going on before and after 5 minutes of "this" request. The second reason can be the mode of your Azure Web App - is it free or shared or standard?
After AI added, you could share some more insights, because it is important to know what is that request about, not just the fact that it was processed.
https://azure.microsoft.com/en-us/documentation/articles/app-insights-start-monitoring-app-health-usage/
Has you may know, Web sites hosted under Microsoft Azure Web Sites service are by default configure to timeout after idling 20 minutes (idleTimeout) and the application pool to restart every 29 hours (periodicRestart). This cause the web site to be slow for the first user accessing it.
I would like to know if the new "Always On" setting available on standard mode will prevent both situation from happening.
I found a few articles mentioning the feature, they are all very clear that the idle timeout will be avoided but none of them explicitly talks about the periodic restart:
One of the other useful Web Site features that we are introducing
today is a feature we call “Always On”. When Always On is enabled on
a site, Windows Azure will automatically ping your Web Site regularly
to ensure that the Web Site is always active and in a warm/running
state. This is useful to ensure that a site is always responsive (and
that the app domain or worker process has not paged out due to lack of
external HTTP requests).
http://weblogs.asp.net/scottgu/archive/2014/01/16/windows-azure-staging-publishing-support-for-web-sites-monitoring-improvements-hyper-v-recovery-manager-ga-and-pci-compliance.aspx
Also the Azure Documentation is not very explicit:
Always On - By default, web sites are unloaded if they have been idle
for some period of time. This lets the system conserve resources. You
can enable the Always On setting for a site in Standard mode if the
site needs to be loaded all the time. Because continuous web jobs may
not run reliably if Always On is disabled, you should enable Always On
when you have continuous web jobs running on the site.
http://www.windowsazure.com/en-us/documentation/articles/web-sites-configure/
Yes both of them will be prevented.
The default 29 hours periodicRestart was never on Azure Websites. That feature is an IIS feature that was enforced by WAS and was designed to run on a server level meaning restart all the worker processes on an IIS server. Both these things (WAS and IIS Server) don't apply to Azure Websites as WAS was the process management component of IIS and that was very specific to one box setup. Azure Websites uses a different process management component that doesn't have periodicRestart.
I am attempting to run a SignalR application (.NET 4.5) on an inexpensive shared hosting provider, and I have read that IIS can begin to throttle connections if the server settings are allocated too low. Since I don't have admin control of this server, is there a way I can programmatically check the server settings like the maximum connections per CPU, etc?
I have a problem with timeouts in IIS. In the web.config the session timeout was set to 60 minutes but after 20 minutes the session ends.
This problem only occurs in IIS7 and not in IIS5.
After some investigation, I discovered it was due to the application pool's timeout. If the App Pool is left 20 minutes without doing anything, IIS ends the session.
If the application is using the defaultAppPool this always happens but if I change the App Pool to the classic .NET App Pool, the timeout does not occur.
Both modes have idle timeout but only in the DefaultAppPool this occurs.
Why is this?
What is the difference between be a Classic .NET AppPool and DefaultAppPool?
What is the difference in the pipeline, between Classic and Integrated?
IIS7 has some major changes to better support WCF and one of the key pieces is the new integrated application pool. This session from PDC talks about some of these challenges from the perspective of making WCF services perform better: http://channel9.msdn.com/pdc2008/TL38/
This page has a good overview of IIS7 architecture: http://learn.iis.net/page.aspx/101/introduction-to-iis7-architecture/.
I've included some of the key information from this article on the purpose of the two different kinds of app pools below:
Integrated application pool mode
When an application pool is in
Integrated mode, you can take
advantage of the integrated
request-processing architecture of IIS
and ASP.NET. When a worker process in
an application pool receives a
request, the request passes through an
ordered list of events. Each event
calls the necessary native and managed
modules to process portions of the
request and to generate the response.
There are several benefits to running
application pools in Integrated mode.
First the request-processing models of
IIS and ASP.NET are integrated into a
unified process model. This model
eliminates steps that were previously
duplicated in IIS and ASP.NET, such as
authentication. Additionally,
Integrated mode enables the
availability of managed features to
all content types.
Classic application pool mode
When an application pool is in Classic
mode, IIS 7.0 handles requests as in
IIS 6.0 worker process isolation mode.
ASP.NET requests first go through
native processing steps in IIS and are
then routed to Aspnet_isapi.dll for
processing of managed code in the
managed runtime. Finally, the request
is routed back through IIS to send the
response. This separation of the IIS
and ASP.NET request-processing models
results in duplication of some
processing steps, such as
authentication and authorization.
Additionally, managed code features,
such as forms authentication, are only
available to ASP.NET applications or
applications for which you have script
mapped all requests to be handled by
aspnet_isapi.dll. Be sure to test your
existing applications for
compatibility in Integrated mode
before upgrading a production
environment to IIS 7.0 and assigning
applications to application pools in
Integrated mode. You should only add
an application to an application pool
in Classic mode if the application
fails to work in Integrated mode. For
example, your application might rely
on an authentication token passed from
IIS to the managed runtime, and, due
to the new architecture in IIS 7.0,
the process breaks your application.
The classic pool processes the requests in the app pool by using seperate processing pipelinesfor IIS and ISAPI. integrated uses an integrated pipeline, IIS and ASP.NET a(better performance) takes advantage of the improved features of IIS 7.0 using only the one process.
Good practise is to create a new application pool for each application, then configure sepeerately according to application requirements.
Classic mode follows the steps below :
1.The incoming HTTP request is received through the IIS core.
2.The request is processed through ISAPI.
3.The request is processed through ASP.NET.
4.The request passes back through ISAPI.
5.The request passes back through the IIS core where the HTTP response finally is delivered
Integrated mode uses:
1.The incoming HTTP request is received through the IIS core and ASP.NET.
2.The appropriate handler executes the request and delivers the HTTP response
Increase the session timeout in web.config as per
remember increasing this causes the application to consume more resource, eg memory
I think your question has the answer in it. IIS 6 and 7 have a concept of Application Pool timeout, this is different from session timeout.
What is the difference between modes ... already addressed. I'm uncertain about how your questions regarding pipelines and differences in modes relate to your problem - the timeouts.
Some perspective: Idle timeout won't occur on a web site with any traffic. You've probably got a problem that only occurs in a QA site or your dev box. The idle timeout setting exists to save resources on your dev box and $5/month hosting companies with lots of underused web sites (e.g. my blog). You probably do not want idle timeout on a public site.
Session timeout - set in web config, if a user doesn't hit the server, their session times out.
Idle timeout Noone touches the web server at all for 20 minutes, so shut down to save resources. In IIS 6, this is on the performance tab of the app pool - and is easy to disable. In IIS 7, you can set in in application pool advanced settings or in the processModel element. I don't run as much IIS 7 as IIS 6, but it looks like removing the element from web.config, or setting to 0, gets infinite idle timeout.
The DefaultAppPool ignores settings for session timeout in web.config, but ASPNet App Pool will use the settings in web.config.