How to setup and use FTP User Isolation with Active Directory

This post is targeted at helping IIS Administrators understand how to setup FTP User Isolation and Active Directory together.   There has been forum posts @ regarding user isolation and Active Directory.  It is pretty straight forward, there are some initial configuration steps and a couple concepts to understand.

Here is the article link

Steve Schofield
Microsoft MVP – IIS

PS: There is a lot of good information on how to setup and use the FTP 7.0 service here

New site theme on, lessons learned from deployment.

For several years, I try to do something ‘geeky’ during the holidays.  This year I wanted to update the theme (and a few other things) on  It took a couple months off / on working through tweaks.  I was able to get the new site implemented between Christmas and New Years.  Thanks to God and Steve Smith ( fame) for publishing Aspalliance SimpleCMS   I’ve wanted for several years to have a website that controls the layout in a single file and database driven.   SimpleCMS uses a HTTP module architecture where all content is stored in a database, the HTTP module retrieves the webpage from a database.  Besides the CSS file, MasterPage, web.config and some programming files in ‘/bin’ folder.  There are no other required files on disk.

If I want to update content, there is a simple web-based interface using FreeTextBox.  You may ask, why didn’t I use Community Server, Dotnetnuke or Graffiti CMS?  They are all great packages I’ve used in separate websites.  For my needs, SimpleCMS makes it easy to implement and maintain.  I didn’t need a RSS feed, post comments on articles for example.  Probably the main reason was having my own theme. I probably could skin them real easy, but a master file was easy to adjust.

Here are a few lessons learned when I was implementing the updated site.

1) Have a backup of the original site
2) Test on a local box before publishing to production
3) Add 404 / 500 error trapping to catch later obvious errors
4) Turn on error coding <customErrors> or whatever you use to log errors.
5) If you are using a urlrewrite module, urlscan make sure the module is installed on your dev / test systems.
6) Verify if your host supports remote delegation in IIS 7 with IIS manager
7) Don’t have absolute image links to external images.  Causes suspious activity in IE

Regarding point #7, we use PayPal to process orders.  On our purchase page, there were several links to external images hosted by PayPal.  When I would browse the page, the following error would be displayed.

To correct the issue, I copied the images local and update the links so they were relative.  I didn’t want someone to suspect an issue with our site, including our purchase webpage.  I didn’t get this error in FireFox 3.0.  The error was isolated to IE 7, I didn’t test in IE 6.

Some additional information about my implementation. 

1) The site is hosted by ORCS Web using Windows Server 2008 / IIS 7.0

2) IISLogs application pool uses Integrated mode, the new application pool introduced in IIS 7.0

3) I added an additional folder called AdminMySite, disabled Anonymous Authentication module and updated the web.config so the SimpleCMS administration section was secure.  I also needed to update the web.config to support AdminMySite folder.

4) Here is an article I published on getting SimpleCMS published on IIS 7

I’ve not had a chance to do a website change since running, it was nice to implement things like Master Pages, HTTP modules using Integrated pipeline.  This architecture allows me to expand in the future.   The real goal of IISLogs is to market the component I wrote in 2004 (currently on version 2.0).  It’s always fun to share some tips / tricks learned.  I looked at using the MVC framework.  It seemed a little too much for my requirements.  I’ve always tried to use the latest technology so I could keep up-to-date. 

I hope you find this article useful.   And remember, if you are tired of messing with log files, misc files left over from 3rd party applications, you can use IISLogs to help manage the files.  🙂

Take care,

Steve Schofield
Microsoft MVP – IIS

Use AppCMD to change Request Filtering extensions

Go to Inetmgr > ServerName > Request Filtering > Filename extensions.  You can see all blocked extensions.

Open a command prompt and type

‘To allow
c:\windows\system32\inetsrv\appcmd set config
/section:system.webServer/security/requestFiltering -fileExtensions.[fileExtension=’.csproj’].allowed:true

‘To deny
c:\windows\system32\inetsrv\appcmd set config
/section:system.webServer/security/requestFiltering -fileExtensions.[fileExtension=’.csproj’].allowed:false

‘List all properties.
appcmd set config /section:system.webServer/security/requestFiltering -?
ERROR ( message:-allowDoubleEscaping

Use Appcmd to set IIS compression level

Here are a few commands to set properties on IIS compression.   

‘This was run from cmd.exe
c:\windows\system32\inetsrv\appcmd set config -section:urlCompression /doDynamicCompression:true
c:\windows\system32\inetsrv\appcmd set config -section:system.webServer/httpCompression -[name=’gzip’].dynamicCompressionLevel:9
c:\windows\system32\inetsrv\appcmd set config /section:httpCompression -directory:E:\Data\IISTemporaryCompressedFiles -maxDiskSpaceUsage:100 -minFileSizeForComp:256
icacls E:\Data\IISTemporaryCompressedFiles /grant “NT Authority\Authenticated Users:(OI)(CI)(M)”

This was run from Powershell.  Note the slight syntax difference.
c:\windows\system32\inetsrv\appcmd set config /section:urlCompression /doDynamicCompression:true
c:\windows\system32\inetsrv\appcmd set config /section:system.webServer/httpCompression -[name=”‘gzip'”].dynamicCompressionLevel:9
c:\windows\system32\inetsrv\appcmd set config /section:httpCompression /directory:E:\Data\IISTemporaryCompressedFiles /maxDiskSpaceUsage:100 /minFileSizeForComp:256
icacls E:\Data\IISTemporaryCompressedFiles /grant “NT Authority\Authenticated Users:(OI)(CI)(M)”

Properties on the httpCompression section
ERROR ( message:-sendCacheHeaders

Side note.  I ran into some ‘slight’ syntax issues when running appcmd in Powershell 1.0.  I needed to change the dashes “-” to slashes “/”.   I suppose we’ll look at using the Powershell provider one day,

Logging levels in Sharepoint and STSADM

While I was working on the last post.  I wondered how to set the logging via command line back to the defaults.   Here is an article I found on how to do logging via of stsadm –

‘This gives you the current settings
stsadm.exe -o listlogginglevels

Run this before doing any changes on a machine.  It’s always good to know the original settings before making changes.

‘This set the logging to Medium / Error.  
stsadm -o setlogginglevel -tracelevel Medium -windowslogginglevel Error

//full path
“C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\bin\stsadm” -o setlogginglevel -tracelevel Medium -windowslogginglevel Error

The two services listed below are in a Monitorable / Error State.  I’ll see if I can figure out the syntax for just these two.  The output listed below was from another box that the logging hasn’t been adjusted.
A) MS Search Advanced Tracing                Monitorable Error                  
B) MS Search Query Processor                 Monitorable Error       

  Category Name                             Trace Level Event Level           
  Administration                            Medium      Error                 
  Backward Compatible Administration        Medium      Error                 
  Backward Compatible Site Object Model     Medium      Error                 
  Business Data                             Medium      Error                 
  Content Deployment                        Medium      Error                 
  Document Management                       Medium      Error                 
  Excel Calculation Services                Medium      Error                 
  Excel Services Administration             Medium      Error                 
  Excel Services Cache                      Medium      Error                 
  Excel Services External Data              Medium      Error                 
  Excel Services Session                    Medium      Error                 
  Excel Services Web Front End              Medium      Error                 
  Excel Web Access                          Medium      Error                 
  Excel Web Services                        Medium      Error                 
  Forms Services Administration             Medium      Error                 
  Forms Services Conversion and Deployment  Medium      Error                 
  Forms Services Data Binding               Medium      Error                 
  Forms Services Data Objects               Medium      Error                 
  Forms Services Deployment                 Medium      Error                 
  Forms Services File Open                  Medium      Error                 
  Forms Services Object Model               Medium      Error                 
  Forms Services Rendering                  Medium      Error                 
  Forms Services Runtime                    Medium      Error                 
  Forms Services Runtime                    Medium      Error                 
  Forms Services Runtime – Business Logic   Medium      Error                 
  Forms Services Runtime – Data Connections Medium      Error                 
  Forms Services Runtime – Session State    Medium      Error                 
  Forms Services Validation                 Medium      Error                 
  Group Approval Enhanced Group Management Library Medium      Error                 
  Group Approval Enhanced Group Management Pages Medium      Error                 
  Group Approval Library                    Medium      Error                 
  Group Approval Pages                      Medium      Error                 
  Group Approval Schedules                  Medium      Error                 
  Group Approval SOAP                       Medium      Error                 
  Information Policy Management             Medium      Error                 
  Knowledge Network Server                  Medium      Error                 
  Launcher Service                          Medium      Error                 
  Load Balancer Service                     Medium      Error                 
  Long running operation infrastructure     Medium      Error                 
  MCMS 2002 Migration                       Medium      Error                 
  MS Search Propagation                     Monitorable Error                 
  Office Server General                     Medium      Error                 
  Office Server Shared Services             Medium      Error                 
  Project Server – General                  Medium      Error                 
  Project Server Active Cache Enterprise Resource Load Medium      Error                 
  Project Server Active Cache Load          Medium      Error                 
  Project Server Active Cache operations    Medium      Error                 
  Project Server Active Cache Save          Medium      Error                 
  Project Server Active Directory Synchronization Medium      Error                 
  Project Server Analysis Cube Building     Medium      Error                 
  Project Server Archive, Restore           Medium      Error                 
  Project Server Calendars                  Medium      Error                 
  Project Server Global                     Medium      Error                 
  Project Server Notifications              Medium      Error                 
  Project Server Portfolio Management       Medium      Error                 
  Project Server Provisioning               Medium      Error                 
  Project Server Queue                      Medium      Error                 
  Project Server Reporting                  Medium      Error                 
  Project Server Resource                   Medium      Error                 
  Project Server Security                   Medium      Error                 
  Project Server Server-Side Events         Medium      Error                 
  Project Server Sharepoint Integration     Medium      Error                 
  Project Server Status Reports             Medium      Error                 
  Project Server Summary Resource Assignments Medium      Error                 
  Project Server Task Statusing and Updates Medium      Error                 
  Project Server Timesheet                  Medium      Error                 
  Project Server-side Project Operations    Medium      Error                 
  Project Web Access                        Medium      Error                 
  Publishing                                Medium      Error                 
  Publishing Cache                          Medium      Error                 
  Publishing Provisioning                   Medium      Error                 
  Records Center                            Medium      Error                 
  Runtime                                   Medium      Error                 
  Session State Service                     Medium      Error                 
  Setup and Upgrade                         Medium      Error                 
  SharePoint Services                       Medium      Error                 
  Site Directory                            Medium      Error                 
  Site Management                           Medium      Error                 
  SSO                                       Medium      Error                 
  User Profiles                             Medium      Error                 
  WebParts                                  Medium      Error                 
  Workflow Features                         Medium      Error                 

  Category Name                             Trace Level Event Level           
  Backup and Restore                        Medium      Error                 
  Communication                             Medium      Error                 
  Database                                  Medium      Error                 
  E-Mail                                    Medium      Error                 
  Feature Infrastructure                    Medium      Error                 
  Fields                                    Medium      Error                 
  General                                   Medium      Error                 
  IRM                                       Medium      Error                 
  MS Search Administration                  Medium      Error                 
  MS Search Advanced Tracing                Monitorable Error                 
  MS Search Indexing                        Medium      Error                 
  MS Search Query                           Medium      Error                 
  MS Search Query Processor                 Monitorable Error                 
  Runtime                                   Medium      Error                 
  Server Help                               Medium      Error                 
  Timer                                     Medium      Error                 
  Timer Job                                 Medium      Error                 
  Topology                                  Medium      Error                 
  Unified Logging Service                   Medium      Error                 
  Upgrade                                   Medium      Error                 
  Web Controls                              Medium      Error                 
  Web Parts                                 Medium      Error                 
  Workflow Infrastructure                   Medium      Error                 

Operation completed successfully. gives me a 404 on Sharepoint….How to use logging to find the error.

I was trying to bring up a new Sharepoint site, when I tried to browse the site ( ),   Sharepoint gave me a generic ‘file not found’ error.   The message wasn’t real helpful.   

Step 1 – I set the two values in the web.config to True.  (PS-This is a test / sandbox machine)

‘This is in the web.config located
    <SafeMode MaxControls=”200″ CallStack=”True” DirectFileDependencies=”10″ TotalFileDependencies=”50″ AllowPageLevelTrace=”True“>

When I browsed the site locally after making the web.config changes.  I got a 404 error.  The IIS logs showed a 404. 

Step 2 – When I cranked up the Sharepoint logging, I found this error in the logs.  The bolded part showed a ASCX file not found.  I copied from another server and was able to browse the site.  🙂

w3wp.exe (0x0E80)                        0x0F9C Windows SharePoint Services    General                        8nca Verbose  Application error when access /Pages/default.aspx, Error=The file /_controltemplates/PublishingActionMenu.ascx does not exist.   at Microsoft.SharePoint.ApplicationRuntime.SPRequestModuleData.GetWebPartPageData(HttpContext context, String path, Boolean throwIfFileNotFound)     at Microsoft.SharePoint.ApplicationRuntime.SPVirtualFile.CalculateFileDependencies(HttpContext context, SPRequestModuleData basicRequestData, ICollection& directDependencies, ICollection& childDependencies)     at Microsoft.SharePoint.ApplicationRuntime.SPDatabaseFile.EnsureDependencies(HttpContext context, SPRequestModuleData requestData)     at Microsoft.SharePoint.ApplicationRuntime.SPDatabaseFile.GetDirectDependencies(HttpContext context, SPRequestModuleData requestData)     at Microsoft.SharePoint.ApplicationRun… 

Here is the procedure I followed to enable Diagnostic logging. 

Hope this helps,

Steve Schofield
Microsoft MVP – IIS

Custom Errors (error pages), 500-100.asp, Classic ASP and IIS 7.0

Custom Errors on IIS 7.0 and Classic ASP.

In previous versions of IIS, there was a built-in error page called 500-100.asp.  In IIS 7.0, this custom error page is not automatically listed.  Here is a quick demo how I setup a couple ways to capture errors with custom errors.  I tried this both with a Classic and Integrated application pools.  Here is an article I wrote that I used in previous versions of IIS capturing errors.

Option 1)
Sample ASP page that has an divide by zero error.  Lets call this webpage MyASPError.asp.  It has On Error Resume Next, it’ll force the webpage execution to our error trapping.

On Error Resume Next

If err.number > 0 Then
     Response.Redirect “/500.asp?errDesc=” & err.description & “&errNum=” & err.number
End If



2)  The 500.asp error page that


response.write “<b>Error Description:</b>” & Request.Querystring(“errDesc”) & ” “
response.write “<b>Error Number:</b>” & Request.Querystring(“errNum”)

        <TD><B>Server Variable</B></TD><TD><B>Value</B></TD>
<% For Each strKey In Request.ServerVariables %>
        <TD> <%= strKey %> </TD><TD> <%= Request.ServerVariables(strKey) %> </TD>
<% Next %>


Option 2:
Create a webpage called 500-100.asp and add 500.100.asp custom error page setting.   You would create this in IIS Manager.  (Start > run > inetmgr > site name > IIS section > Error Pages > Add action.

This seemed to work with some limiting factors.  It wasn’t as flexible option1 .  My 500-100.asp is the same as 500.asp, it writes out the server variables.  The 500-100.asp displays the error, but does not change the URL, which is handy.   I wasn’t able to capture the error like I did in option 1.    If I find an alternative method, I’ll update the post. 

Here is the 500-100.asp from XP
<%@ language=”VBScript” %>
  Option Explicit

  Const lngMaxFormBytes = 200

  Dim objASPError, blnErrorWritten, strServername, strServerIP, strRemoteIP
  Dim strMethod, lngPos, datNow, strQueryString, strURL

  If Response.Buffer Then
    Response.Status = “500 Internal Server Error”
    Response.ContentType = “text/html”
    Response.Expires = 0
  End If

  Set objASPError = Server.GetLastError

<html dir=ltr>

a:link   {font:8pt/11pt verdana; color:FF0000}
a:visited  {font:8pt/11pt verdana; color:#4e4e4e}


<title>The page cannot be displayed</title>

<META HTTP-EQUIV=”Content-Type” Content=”text-html; charset=Windows-1252″>

function Homepage(){
// in real bits, urls get returned to our script like this:
// res://shdocvw.dll/http_404.htm#

 //For testing use DocURL = “res://shdocvw.dll/http_404.htm#”
 //this is where the http or https will be, as found by searching for :// but skipping the res://
 //this finds the ending slash for the domain server
 serverIndex=DocURL.indexOf(“/”,protocolIndex + 3);

 //for the href, we need a valid URL to the domain. We search for the # symbol to find the begining
 //of the true URL, and add 1 to skip it – this is the BeginURL value. We use serverIndex as the end marker.
 //urlresult=DocURL.substring(protocolIndex – 4,serverIndex);
 BeginURL=DocURL.indexOf(“#”,1) + 1;
 //for display, we need to skip after http://, and go to the next slash
 displayresult=DocURL.substring(protocolIndex + 3 ,serverIndex);
 InsertElementAnchor(urlresult, displayresult);

function HtmlEncode(text)
    return text.replace(/&/g, ‘&amp’).replace(/’/g, ‘&quot;’).replace(/</g, ‘&lt;’).replace(/>/g, ‘&gt;’);

function TagAttrib(name, value)
    return ‘ ‘+name+’=”‘+HtmlEncode(value)+'”‘;

function PrintTag(tagName, needCloseTag, attrib, inner){
    document.write( ‘<‘ + tagName + attrib + ‘>’ + HtmlEncode(inner) );
    if (needCloseTag) document.write( ‘</’ + tagName +’>’ );

function URI(href)
    IEVer = window.navigator.appVersion;
    IEVer = IEVer.substr( IEVer.indexOf(‘MSIE’) + 5, 3 );

    return (IEVer.charAt(1)==’.’ && IEVer >= ‘5.5’) ?
        encodeURI(href) :
        escape(href).replace(/%3A/g, ‘:’).replace(/%3B/g, ‘;’);

function InsertElementAnchor(href, text)
    PrintTag(‘A’, true, TagAttrib(‘HREF’, URI(href)), text);


<body bgcolor=”FFFFFF”>

<table width=”410″ cellpadding=”3″ cellspacing=”5″>

    <td align=”left” valign=”middle” width=”360″>
 <h1 style=”COLOR:000000; FONT: 13pt/15pt verdana”><!–Problem–>The page cannot be displayed</h1>
    <td width=”400″ colspan=”2″>
 <font style=”COLOR:000000; FONT: 8pt/11pt verdana”>There is a problem with the page you are trying to reach and it

cannot be displayed.</font></td>
    <td width=”400″ colspan=”2″>
 <font style=”COLOR:000000; FONT: 8pt/11pt verdana”>

 <hr color=”#C0C0C0″ noshade>
    <p>Please try the following:</p>

      <li id=”instructionsText1″>Click the
      <a href=”javascript:location.reload()”>
      Refresh</a> button, or try again later.<br>
      <li>Open the
   if (!((window.navigator.userAgent.indexOf(“MSIE”) > 0) && (window.navigator.appVersion.charAt(0) == “2”)))

   home page, and then look for links to the information you want. </li>
    <h2 style=”font:8pt/11pt verdana; color:000000″>HTTP 500.100 – Internal Server
    Error – ASP error<br>
    Internet Information Services</h2>

 <hr color=”#C0C0C0″ noshade>
 <p>Technical Information (for support personnel)</p>

<li>Error Type:<br>
  Dim bakCodepage
  on error resume next
   bakCodepage = Session.Codepage
   Session.Codepage = 1252
  on error goto 0
  Response.Write Server.HTMLEncode(objASPError.Category)
  If objASPError.ASPCode > “” Then Response.Write Server.HTMLEncode(“, ” & objASPError.ASPCode)
  Response.Write Server.HTMLEncode(” (0x” & Hex(objASPError.Number) & “)” ) & “<br>”

  If objASPError.ASPDescription > “” Then
  Response.Write Server.HTMLEncode(objASPError.ASPDescription) & “<br>”

  elseIf (objASPError.Description > “”) Then
   Response.Write Server.HTMLEncode(objASPError.Description) & “<br>”
  end if


  blnErrorWritten = False

  ‘ Only show the Source if it is available and the request is from the same machine as IIS
  If objASPError.Source > “” Then
    strServername = LCase(Request.ServerVariables(“SERVER_NAME”))
    strServerIP = Request.ServerVariables(“LOCAL_ADDR”)
    strRemoteIP =  Request.ServerVariables(“REMOTE_ADDR”)
    If (strServername = “localhost” Or strServerIP = strRemoteIP) And objASPError.File <> “?” Then
      Response.Write Server.HTMLEncode(objASPError.File)
      If objASPError.Line > 0 Then Response.Write “, line ” & objASPError.Line
      If objASPError.Column > 0 Then Response.Write “, column ” & objASPError.Column
      Response.Write “<br>”
      Response.Write “<font style=””COLOR:000000; FONT: 8pt/11pt courier new””><b>”
      Response.Write Server.HTMLEncode(objASPError.Source) & “<br>”
      If objASPError.Column > 0 Then Response.Write String((objASPError.Column – 1), “-“) & “^<br>”
      Response.Write “</b></font>”
      blnErrorWritten = True
    End If
  End If

  If Not blnErrorWritten And objASPError.File <> “?” Then
    Response.Write “<b>” & Server.HTMLEncode(  objASPError.File)
    If objASPError.Line > 0 Then Response.Write Server.HTMLEncode(“, line ” & objASPError.Line)
    If objASPError.Column > 0 Then Response.Write “, column ” & objASPError.Column
    Response.Write “</b><br>”
  End If
<li>Browser Type:<br>
<%= Server.HTMLEncode(Request.ServerVariables(“HTTP_USER_AGENT”)) %>
  strMethod = Request.ServerVariables(“REQUEST_METHOD”)

  Response.Write strMethod & ” “

  If strMethod = “POST” Then
    Response.Write Request.TotalBytes & ” bytes to “
  End If

  Response.Write Request.ServerVariables(“SCRIPT_NAME”)

  lngPos = InStr(Request.QueryString, “|”)

  If lngPos > 1 Then
    Response.Write “?” & Server.HTMLEncode(Left(Request.QueryString, (lngPos – 1)))
  End If

  Response.Write “</li>”

  If strMethod = “POST” Then
    Response.Write “<p><li>POST Data:<br>”
    If Request.TotalBytes > lngMaxFormBytes Then
       Response.Write Server.HTMLEncode(Left(Request.Form, lngMaxFormBytes)) & ” . . .”
      Response.Write Server.HTMLEncode(Request.Form)
    End If
    Response.Write “</li>”
  End If

  datNow = Now()

  Response.Write Server.HTMLEncode(FormatDateTime(datNow, 1) & “, ” & FormatDateTime(datNow, 3))
  on error resume next
   Session.Codepage = bakCodepage
  on error goto 0
<li>More information:<br>
 <%  strQueryString = “prd=iis&sbp=&pver=5.0&ID=500;100&cat=” & Server.URLEncode(objASPError.Category) & _
    “&os=&over=&hrd=&Opt1=” & Server.URLEncode(objASPError.ASPCode)  & “&Opt2=” & Server.URLEncode(objASPError.Number) & _
    “&Opt3=” & Server.URLEncode(objASPError.Description)
       strURL = “” & _
<a href=”<%= strURL %>”>Microsoft Support</a>


Before you implement this in a production site.  I would thoroughly test any changes.

Hope this helps.

Steve Schofield
Microsoft MVP – IIS