I try to map a network share to an application in IIS8 but when i try to retrieve a test file i get this error in plain black text:
The page was not displayed because the Request URI is too long.
The url i test (on the server) is a short simple one:
http://localhost/server/test.jpg
I tested from another computer with IP but got the same error.
This is the information I get from the IIS log
2017-09-13 07:56:23 ::1 GET /server/test.jpg - 80 - ::1 Mozilla/5.0+(Windows+NT+6.3;+WOW64;+Trident/7.0;+rv:11.0)+like+Gecko - 414 0 87 0
Why does it complain about the request URI? Is this a generic error?
It was a permission problem. The IIS user did not have read-rights to the folder. Changed to use application pool identity instead and now its working.
The issue here was using a virtual directory and the double hop issue with authentication where the folder didn't have the credentials tied to it. Needed to manually set it on the folder.
https://weblogs.asp.net/owscott/iis-windows-authentication-and-the-double-hop-issue
Related
I haven't been here for some time.. This time I think I have one of those "Rocket Science" problems, so shall I start?
alright, tl;dr - I started to work in a company as a Sysadmin and the last guy that I replaced really messed some stuff around and I'm spinning around trying to fix them..
I'm going to try to sum up everything in one post to avoid being asked the same questions over and over again.
The Problem:
I cannot access ECP/OWA, no matter which credentials I give it (and they are validated as correct vs Outlook itself) - Outlook works, ECP/OWA does not.
The error I get, no matter where I access it from (Internally / Locally) -
"The user name or password you entered isn't correct. Try entering it again."
- I think the problem relies within owa (Exchange Back End) / ecp (Exchange Back End), as I tried various solution suggestions I may have deleted the back end Virtual Directory to recreate them.
Some Info:
OS and Exchange: Windows Server 2016, Exchange 2016
Exchange CU Version: CU6
Logs & Debugging:
Event Viewer:
The Outlook Web App configuration settings couldn't be read and updated. Virtual directory: "owa". Web site: "Exchange Back End".
Error message:
"The Active Directory configuration settings couldn't be accessed for virtual directory "owa" under Web site "Exchange Back End"."
-> Source: MSExchangeOWA
-> Event ID: 64
--> Qualifiers: 49152
Image -
IIS:
W3SVC1 (Default Web Site?) + W3SVC2 (Exchange Back End?) log files don't say much actually , no indication of errors when I try to login. Here's a few lines I found (but its about health mail boxes);
2018-07-19 00:28:34 ::1 POST /owa/proxylogon.owa &ClientId=Some_Content_Here&ClientRequestId=&ActID=Some_Content_Here&CorrelationID=<empty>&userContextLogonIdentityName=DOMAIN_NAME\HealthMailboxc66d8b0&userContextLogonIdentitySid=Some_Content_Here&userContextMbGuid=Some_Content_Here&redir=lang 444 DOMAIN_NAME\HealthMailboxc66d8b0 ::1 Mozilla/4.0+(compatible;+MSIE+11.0;+Trident/7.0;+rv:11.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+EACBACKENDLOGON) - 302 0 0 3768
2018-07-19 00:28:34 ::1 GET /ecp/About.aspx ActID=Some_Content_Here 444 - ::1 Mozilla/4.0+(compatible;+MSIE+11.0;+Trident/7.0;+rv:11.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+EACBACKENDLOGON) - 401 1 2148074254 3
2018-07-19 00:28:34 ::1 GET /ecp/About.aspx ActID=Some_Content_Here 444 DOMAIN_NAME\HealthMailboxc66d8b0 ::1 Mozilla/4.0+(compatible;+MSIE+11.0;+Trident/7.0;+rv:11.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+EACBACKENDLOGON) - 302 0 0 82
2018-07-19 00:28:34 ::1 GET /owa/languageselection.aspx url=%2fecp%2fAbout.aspx&ClientId=Some_Content_Here&ClientRequestId=&ActID=Some_Content_Here&CorrelationID=<empty> 444 - ::1 Mozilla/4.0+(compatible;+MSIE+11.0;+Trident/7.0;+rv:11.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+EACBACKENDLOGON) - 401 1 2148074254 2
2018-07-19 00:28:34 ::1 GET /owa/auth/error.aspx url=%2fecp%2fAbout.aspx&ClientId=Some_Content_Here&ClientRequestId=&ActID=Some_Content_Here&CorrelationID=<empty> 444 DOMAIN_NAME\HealthMailboxc66d8b0 ::1 Mozilla/4.0+(compatible;+MSIE+11.0;+Trident/7.0;+rv:11.0;+Windows+NT+6.1;+MSEXCHMON;+ACTIVEMONITORING;+EACBACKENDLOGON) - 200 0 0 17
ADSI vs IIS:
You can see that there is no "owa (Exchange Back End) / ecp (Exchange Back End)", that might be the problem.. didn't have time to compare these vs my local hosted mail server to confirm.
This is in:
CN=HTTP,CN=Protocols,CN=Mail_Server,CN=Servers,CN=Exchange Administrative Group (GUID_HERE),CN=Administrative Groups,CN=DOMAIN_NAME,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN_NAME,DC=local
IIS:
Default Web Site
Exchange Back End
I think it'll be important to mind that I've had a lot of problems before that and they have been fixed and that one popped up (probably my mistake) recently after solving a lot of errors that came before that about OWA.
Believe me I dug every hole in the internet to find a solution without success, I have a final solution planned (as a Plan B at the moment) which is upgrading Exchange from CU6 to CU10 (planned to happen soon) but I can't really do that at the moment, keeping in mind that those are production servers and I cannot do whatever I want.
Tried solutions:
Recreating virtual directories (including webApplications) & Recycling AppPools (OWA & ECP)
Changing authentication methods and SSL settings back to default (https://learn.microsoft.com/en-us/exchange/clients/default-virtual-directory-settings) + comparing to a local mail server hosted at home.
Checking permissions (permissions are fine)
Checking Bindings and SSL cert attached to https bindings
Comparing IIS config files found at C:\Windows\System32\inetsrv\config\ vs My local hosted Mail Server (didn't really find much difference)
Restarting IIS ofcourse (tons of times) and Rebooting
Analyzing with Exchange Analyzer (https://gallery.technet.microsoft.com/office/Exchange-Analyzer-6e20132e) - no critical errors or anything noticeable relating ECP / OWA / Webservices
Updating CAS (C:\Program Files\Microsoft\Exchange Server\V15\Bin\UpdateCas.ps1)
Testing Exchange connectivity (https://testconnectivity.microsoft.com/) - No errors whatsoever
More (can't remember anymore.. too much)
I hope all of this helps analyzing the problem and fixing it , hope we can find a fix for this without having to upgrading exchange / reinstalling and thanks for reading
I have finally fixed the problem!
Here's what I did for reference to people having the same or familiar problem:
NOTE: You are going to need to have an Exchange 2016 server with a working ECP/OWA to make a comparison between the broken Machine's files and fix the problem (I have installed a local Virtual Machine at my home's PC, you can do so too)
Fixing EventID 64 # Event Viewer:
This is for people getting this error # Event Viewer
The Outlook Web App configuration settings couldn't be read and updated. Virtual directory: "XXX". Web site: "XXX".
Error message:
"The Active Directory configuration settings couldn't be accessed for virtual directory "XXX" under Web site "XXX"."
-> Source: MSExchangeOWA
-> Event ID: 64
--> Qualifiers: 49152
I was suspecting that this was the problem and after some research I have found this article (follow the article): https://dirteam.com/dave/2010/12/23/fixing-a-broken-owa-2010-virtual-directory/
In my situation, after doing the steps in the article the errors went away but I still Couldn't log-in!
I have had no errors anymore, not in the Event Viewer or IIS logs so, I have been thinking to myself that maybe the same way I have been doing in https://dirteam.com/dave/2010/12/23/fixing-a-broken-owa-2010-virtual-directory/ to fix the ADSI Object of ECP and OWA That I would do the same concept but instead of comparing between ADSI's, this time maybe Comparing between an example machine's working ECP/OWA config files and a broken ECP/OWA config files may reveal the problem to me!
So, I fired up my local Exchange 2016 server back at home and compared 3 Files using https://www.diffchecker.com/ to check what is wrong.
I have gone ahead and compared between those 3 web.config files located at:
Text
[Exchange_Install_Drive]\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\ecp
[Exchange_Install_Drive]\Program Files\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa
C:\inetpub\wwwroot
To my surprise I have found some wrong and empty parameters in those files , so I went ahead and made a backup for those files and carefully removed those parameters, saved those files and restarted the IIS service (iisreset)
ECP and OWA are now fully working for me!
Hope this helps anyone!
I'm using IIS 8 on Windows 2012 server. I have a site set up to serve as an API for HTTPS traffic on a custom port (4443). I have installed a wildcard SSL certificate, which is functioning properly. Our network firewall is routing all public inbound traffic on port 4443 to this server internally, which is then being handled by IIS.
From the server itself, everything works fine. I am not using localhost, and do not have a hosts file entry looping the traffic back internally. Going to https://api.blahblahblah.com:4443 returns what I want.
However, from external to the network, I am getting a 403 Forbidden error. I know the traffic is making it to the server because I get the correct custom "X-Powered-By" response header that I have set on that server.
I have tried setting the permissions on the folder that contains the site files to allow Full Control to "Everyone", but no luck. The site has Anonymous Authentication enabled for the user "IUSR". Directory browsing is disabled.
What's going on? I'm assuming it's a permissions error with the file system, but I figured having the Everyone permission would eliminate that. Also, there is nothing special about the internal traffic (from the server itself) in terms of an authenticated session or anything. It's just a plain request with no bells or whistles.
Please help! Thanks.
=======UPDATE=======
Here is a sample log entry showing the substatus code of 16:
2018-02-08 17:56:58 10.1.10.11 GET /favicon.ico - 4443 - 184.4.143.229 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/63.0.3239.132+Safari/537.36 https://api.blahblahblah.com:4443/data/countyList 403 16 2148204809 97
Apparently this is a client certificate trust issue? Upon further testing, I am able to access the site without issue on another device, just not my primary development PC.
I just set the site to Ignore Client Certificates in the SSL Settings, and it is working as expected again.
A 403 error could occur due to multiple reasons. Could you please share the substatus code. You can find it in IIS logs. Default location - C:\inetpub\logs\logfiles\w3svc_websiteID.
Once you have the substatus code, please share it here.
You can also capture FREB logs by following this article - https://learn.microsoft.com/en-us/iis/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis
Just modify step #10 in this article and don't uncheck anything in your case (leave everything to default). This will clearly tell you what's going on in the IIS pipeline.
If its 403.14, just add a default document in IIS and you should be good to go.
I have a Classic ASP website that I need to run locally. My OS is Windows 7 and using Visual Studio 2010.
In the IIS under the Default Web Site, I added the application in the folder, classic_asp_website. I created a Classic ASP application pool to connect to the website. I can successfully test the connection by going into the 'Basic Settings' and 'Test Settings'. The user credentials are valid.
The tree in IIS looks like this:
Application Pools
Sites
Default Web Sites
classic_asp_website (folder)
Paging (folder)
Paging
I want to step thru the web site by 'Attaching to a Process' but I can't get the website to display.
When I type into the browser the url http://localhost/classic_asp_net/Paging/Paging, the header displays with our logo but on the rest of the web page it says;
Server Error 'Default Web Site'" Error: 404.
The URL is correct. When I expand the Paging folder in the IIS, the folders are all there. The webpage is default.asp. Even when I add this to the URL, I get the same error.
I don't understand why it wouldn't display the webpage.
In addition, I made sure that ASP was enabled under the Window Feature within the Application Development folder.
Any ideas or suggestions would be appreciated.
UPDATE
Checking the log files from the IIS, the default page seems to load
Here is the text:
/classic_asp_website/Paging/Paging/default.asp - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) 200 0 0 35
I am taking the '200' number to mean there were not errors.
Then there are 3 - '404 errors and 1 '500 error.
I don't understand why it can't find the files. I added them to the appropriate folders. Here are the rest of the errors:
2015-01-30 21:11:03 ::1 GET /Common/Images/Background.gif - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) 404 0 2 3
2015-01-30 21:11:03 ::1 GET /classic_asp_website/Paging/Paging/ASP/MainPager.asp UserID=|1|ASP_0131|Disallowed_Parent_Path 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) **500** 0 0 10
2015-01-30 21:11:03 ::1 GET **/Common/toolbar.asp** - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) **404** 0 2 40
2015-01-30 21:11:03 ::1 GET **/Common/Images/Background.gif** - 80 - ::1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+Trident/6.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E) **404** 0 2 2
I don't know what 'Disallowed Parent Path' means.
If I remember correctly, what Disallowed Parent Path means is you can't do something like this:
<!--#INCLUDE VIRTUAL="../../commonLibrary.asp"-->
meaning going up into the parent directory when including files. This is considered a security risk.
If your code does this and you are okay with it, you can allow it, in IIS Manager open the ASP icon and change:
Enable Parent Paths True
I have got this problem recently,its because your site has settings to PREVENT 'Parent Path' for ASP. (I guess relative paths are used in your code)
To Fix it:
1. Open your IIS manager.
click on your site on the left pane. (my one is "Default WebSite")
click 'ASP' icon on your right
change 'Enable Parent Path' to true.
It will fix your problem.
I've been trying in vain to get Umbraco installed on my Windows 7 box under IIS 7. I was able to use the Web Platform Installer to get it up and running via WebMatrix, but I want this running in IIS.
Whether I perform the install manually by setting up a new web site copying binaries, or whether I let the Web Platform Installer do it, I'm always presented with an installation page that's missing all CSS, images, js, etc.
When I attempt to hit those resources directly, I'm always redirected back to the install page.
I'm telling the platform installer to create a brand new web site. No virtual directory/application name is being specified. And I've followed all the online directions I can find.
Logs show 401 unauthorized errors:
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/all.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/reset.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
2012-05-11 02:42:22 127.0.0.1 GET /umbraco_client/installer/css/form.css - 80 - 127.0.0.1 Mozilla/5.0+(compatible;+MSIE+9.0;+Windows+NT+6.1;+WOW64;+Trident/5.0) 401 3 5 10
I tried changing the app pool identity to Network Service and granting full permissions to the web site root path, and while it didn't fix the problem, it turned all the above 401 errors into 302 redirects.
Thougts?
In my case I found that although I had created a custom App Pool running under an identity with permissions for this folder, in the IIS authentication page ( IIS Manager -> Authentication -> Anonymous Authentication ) it was using IUSR as the default user for anonymous authentication. By checking the "Use Application Pool Identity" box instead, it worked correctly.
It appears as though the root cause was that I had my umbraco files under c:\Projects\MySite\Umbraco\WWW. Despite the fact that the WWW folder had the correct permissions, IIS would not grant access to the resources in question.
Once I moved the contents to c:\inetpub\wwwroot\, it started working. I'm still not entirely sure why, as the permissions match exactly, but it is what it is.
I have an S: which is connected via a username that exists both on server1 & server2.
The mapped drive works fine.
I connect this as a virtual directory called config in IIS it connects and works fine. I can see in content view the files in the mapped drive.
When I attempt to browse to one of these files it gets an error 500
http://www.mydomain.com/config/file.html
file.html is there
I've done this before, Im sure its a permission or security issue somehow, but I cant work it out
500 - Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Give up mapped drives please,
http://support.microsoft.com/kb/207671
http://support.microsoft.com/kb/257174
The answer was two part.
Part one I was simply browsing the website, I wasn't using https and thus I was getting a different IIS site that didn't have the virtual directory.
Part two was I was using ColdFusion attempting to run a .cfm from the virtual directory, even with the correct website, it still got an error 404.
The resolution for this was to ensure the ColdFusion service was run as Administrator rather than LocalSystem and all was good.
Just for everyones reference, if you create the same username / password on both servers, share using that username, connect using UNC path and that username and it will work, no special permissions or anything.
Thanks to Karl & Lex for the help.