I have inherited an ASP.net web application running on Windows server 2012 and IIS. The application works fine but there was no Test instance. When attempting to set one up I tried browsing both Live and Test instances within IIS on the server but both continually prompt for credentials as set to Windows Authentication. While a Client connection to the Live instance works fine with Windows Authentication. I checked Windows Authentication was setup within the Web Server's security role on the server manager. I have tried moving NTLM up above negotiate for these sites' Windows Authentication Providers. The only thing i found that worked was setting up a registry key for "DisableLoopbackCheck" by doing the following,
In Regedit go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
Right-click Lsa >> New >> DWORD Value.
Name this DisableLoopbackCheck, and then press ENTER.
Right-click DisableLoopbackCheck, and then click Modify.
In the Value data box, type 1, and then click OK.
Quit Registry Editor, and then restart the website in IIS
However, I wish to ask the following to clarify,
a) Is this the only way to achieve this? Is there a better way?
b) Will this registry amendment affect the client users on their own machines?
Maybe you can try this way:
Open the internet properties on the task bar and select security.
Choose Internet click custom level. You’ll find user authentication at the bottom of list.
Change the policy to automatic logon with current username and password.
Related
I am trying to serve static files from a file server running Windows Server 2016. I would like to use a group managed service account for the connection.
I have attempted configuring IIS on Windows Server 2012 to use the gmsa. The Test-ADServiceAccount cmdlet returns True for the gmsa I am attempting to use on the IIS host. I have gone under the basic settings option of the IIS site configuration and used the "connect as" button and set it to the gmsa account with no password. The prompt then says "Connect as 'gmsa-foo$'". However, when I attempt to press "ok", I get an error that the specified password is invalid.
Can I use a gmsa to allow access to the remotely hosted static files that I want to serve? Do I need to use a particular version of Windows Server to do so?
Make sure you added the gMSA account in the application pool identity.
It should be noted that this account may show unexpected behavior in IIS manager. For example, if you click on “Basic Settings” for an application that uses this account for its application pool, “Test Settings” may give you an error indicating “the user name or password is incorrect”. Usually, this can be ignored. Browsing any page in the application would be a better test – as long as you don’t receive a 503 response, the application pool username/password is fine.
You could get more information from the below document:
Windows Server 2012: Group Managed Service Accounts
I am a student and for my dissertation I need to configure a Windows Server to be a file server which uses FTP over SSL for file sharing so a user can download a file from the server.
What do I need to do that in terms of setting up the service and calling it from another machine later on?
Thanks in advance.
Step 1. Install an SSL certificate on the server.
You can buy the SSL certificate from your webhost
Your webhost should also have instructions for installing the certificate
If you can't find instructions, try this: GoDaddy SSL Instructions
Step 2. Set up an FTP server on your Windows server
You can set up an FTP server using IIS (Internet Information Services) which is installed by default on every Windows Server.
Once you open IIS, right click on the Server name and select add FTP Site.
Give it a name and a location where you want to save the files that you'll be uploading
You can leave the IP on All Unassigned and port on 21
Select Require SSL and use the Select button to navigate to your certificate
Enable basic authentication, leave anonymous disabled
Step 3. Grant user permissions
Open Computer Management and navigate to "Users" under System Tools / Local Users and Groups.
If there is no user called ftpuser, create one.
In File Explorer, right click on the folder where you'll be storing your files, select Properties and go to the Security tab.
Click the Edit button, then Add
Enter in the name of your ftp user, click Check Names, then OK.
Your ftp user should now be listed in the security tab. Select this user and then grant Modify, Read & execute, List folder contents, Read, Write. Click OK.
In IIS, select your ftp site and then double click "FTP Authorization Rules". Add a new rule for a specific user (ftpuser) and select Read and Write.
Step 4. Connect to your FTP server from your local machine
There are many ways to connect to your ftp server including a browser or file explorer, but arguably the best way to do this is to use an FTP client.
A good free FTP client is Cute FTP. I recommend it, but there are many others.
After you've installed an ftp client, enter in your host name (domain or server ip), user (ftp user you created), password and port number (should be 21).
Now you can drag and drop from and to your server.
Bob's your uncle.
I have a VPS with Windows Server 2016 Datacenter, which I access through Remote Desktop. I would like to access it through VPN, so I tried to repeat the working configuration I have in another VPS with Windows Server 2008 Standard.
Both servers have a single Network Interface with a public address and a second internal address (10.1.0.1/255.255.255.248). As I said, VPN works perfectly on 2008.
The procedure I followed is described perfectly with screenshots in an article by Thomas Mauer
http://www.thomasmaurer.ch/2016/10/how-to-install-vpn-on-windows-server-2016/
So, briefly, I added the Remote Access role with the Remote Access and Routing features. The role and features get installed without any problem and then I am directed to a wizard, though which I try to initialize the VPN-only feature with a custom configuration. When I finally get into the "old" Routing and Remote Access Management console and try to right-click on the server node to "Configure and Enable Routing and Remote Access" this procedure never ends. A rotating clock icon stays there forever, so I have to kill the management console from the task manager.
When I reopen the management console, either with or without restarting the server, the server looks like running. Then I right-click on the server and select "Properties" in order to define the tunneling protocol for VPN as well as the internal address range that will be provided to the connected clients. The problem here is that this properties popup never gets saved. The "Apply" button does nothing, the "OK" button does not close the form and only the "Cancel" button closes the form without changing anything.
Has anybody seen this behaviour? Am I missing something?
Best regards,
Alex
I don't know why, but for this service to work the user "Network Service" needs to have "Logon as Service" permission, other services do not seam to require that...
You can grant this permission either by using secpol.msc or by just switching the service to run as e. g. "Local System" and back to "Network Service" (empty password fields).
To answer my question, it turned out that, for reasons I don't know, when the routing and remote access was being installed, the "Remote Access Management Service" was not starting. And after the server's restart it was always at "Starting" status.
This service is installed to run under the "Network Service" credentials with an Automatic (Delayed start) start type. When I changed to "Local Service" and manual, I was able to install the Role and initialize it without any problem. And then when I went back to Network Service and Automatic it runs without any more problems.
Strange ...
Alex
Using the new interface for Windows Azure, how do I enable RDP? I am using a cloud service and my site is mysite.cloudapp.net. In my publish settings, I enabled RDP. Where do I find my RDP credentials? How do I enable FTP, if possible? Here are the instructions that I followed:
https://www.windowsazure.com/en-us/develop/net/common-tasks/remote-desktop/
I see no hosted services tab in the new layout.
When I try to RDP, I receive an instant failure message that I cannot connect. I am using Windows 8 and I tried Windows 7.
For RDP, assuming you've followed all the steps and the configuration is right, you need to use the management portal, click on cloud services on the left and select the service whose instance you want to RDP into, select instances in the menu at the top and then pick the instance you want to RDP into.
The bottom toolbar should include a connect option, clicking on it should download an RDP file you can open to RDP into the machine, this will prompt you for the credentials you need to provide (as provided in your project configuration).
You can actually save this RDP file and re-use it for the deployment, but it may become invalid if you re-deploy as port numbers change.
As for FTP, much has been written about it, for example this, but you really need to consider the note in this article, for example - files you upload to the role instance will disappear if the role needs to be recycled for whatever reason.
I use windows xp and IIS 5 for web development. For database connection the credentials are set up as Integrated Security. It works fine our our DEV server (IIS 6) where they have configured the App Pool to run under the context of a domain account which has dbo access on the database. I myself also have dbo access in the database.
But when I run from my localhost the database connection failed (under Integrated Security=true) saying user '' has no previleged. So its passing a blank string as user instead of my logged in domain accountj ("domainname\myname"). How do I configure my localhost IIS so that it passed my logged in domain account as a user to the sql server? Basically I'm trying to silumate the apppool on IIS-5in my local machine.
I tried changing the "Log on as" on World wide web services & IIS Admin on my local machine services console, restarted it and did an IISRESET. Nothing seems to fix the problem.
Also I tried putting my domain user name (domainname\username) and password in the connection string by removing integreated security=true. Still that also not works
I am an administrator on my local machine. I tried different things like making aspnet user an administrator,log as as service etc etc with no luck
Please advice me how to configure IIS5 to run under a different account. thanks in advance
You need to set the user for anonymous login to be the domain account. I forget what tab it is on but it is there somewhere.
I think this link will point you in the correct direction
http://support.microsoft.com/kb/310344
Use IIS Express -- it is IIS7 for XP.