IIS7 – post #59 – IIS 7.0 WebDAV module impressions

Posted on December 31, 2022 by steveschofield

I don’t usually do too many reviews in my blog. But, there is a cool module that Microsoft released that supports WebDAV in IIS 7.0. I’ve never implemented WebDAV, I was curious how this differed from FrontPage (yeah ok!), FTP etc. Microsoft has a great publishing story, or options at this point to securely publish content. I was impressed how easily it was to get up and going. There was a bit of a learning curve, but not too bad.

Here are a few highlights I’ve ran across in my testing.

1) When you try to use net use * http://IPAddress inside Windows XP or 2003, you get an System 67 error. If you use the “Add Network Place” feature inside ‘My Network Places’. You can use WebDAV to copy content. You need to make sure you install the Desktop Experience feature on the Server. Using net use * http://IPAddressOrDomainName works from an Vista box.

2) There is a great how-to article provided by MS. Here is the link.
http://go.microsoft.com/fwlink/?LinkId=105146

3) Here is the posting on forums.iis.net that another user was working along side and passed on some good info.
http://forums.iis.net/t/1147386.aspx

4) There is a WebDAV schema file located in %windir%system32inetsrvconfigschemawebdav_schema.xml

5) Inside the applicationHost.config, there is a section inside ‘requestFiltering’ that appears to block copying certain files and folders using WebDAV. I’ve not tried to comment these out and see if that was the issue, but this is what I found.

In conclusion, the WebDAV module is worth checking out, here is an article by Robert McMurray.
http://blogs.iis.net/robert_mcmurray/archive/2007/12/22/webdav-module-for-windows-server-2008-golive-beta-is-released.aspx

Cheers,

Steve Schofield
Microsoft MVP – IIS

IIS7 – post #58 – FTP 7.0 information

Posted on December 29, 2022 by steveschofield

I was recently helping in the forums regarding the FTP 7.0 publishing service. Here is the post. http://forums.iis.net/t/1147315.aspx The FTP 7.0 publishing service is one of the real gems available in IIS 7.0. It is an ‘out of band’ release to replace the IIS 6 FTP service (actually this service has been around awhile, IIS 3.0 maybe!) Anyway, there is a lot of great information posted on IIS.net. I was able reproduce and resolve an 534 TLS error that had been posted. The thread covers what I did to work around it. In my research, I found some great articles that cover installation, troubleshooting, how to setup ‘FTP’ host-headered sites. I listed below three clients I tested that were able to connect to IIS 7.0 while SSL was enabled. Talk about a straight forward, secure solution!

Windows Firewall setup for Microsoft FTP Publishing Service for IIS 7.0
http://blogs.iis.net/jaroslad/archive/2007/09/29/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0.aspx

Install and Configure Secure FTP on IIS7
http://blog.caneja.com/archive/2007/10/26/install-and-configure-secure-ftp-on-iis7.aspx

Installing and Troubleshooting FTP7
http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Installing-and-Troubleshooting-FTP7

Using virtual host names (aka host headers)
http://www.iis.net/articles/view.aspx/IIS7/Managing-IIS7/Using-FTP-Server-in-IIS7/Using-virtual-host-names

FTP clients that support SSL

CoreFTP
www.coreftp.com

SmartFTP
www.smartftp.com

FileZilla
http://filezilla-project.org/

Moveit Freely (ftps command line tool)
http://www.standardnetworks.com/moveitfreely/

Hope this helps,

Steve Schofield
Microsoft MVP – IIS

My MCP tests

Posted on December 24, 2022 by steveschofield

Exam ID Description
218 Managing a Windows 2000 Network Environment
215 Installing, Configuring, and Administering Microsoft® Windows® 2000 Server
210 Installing, Configuring, and Administering Microsoft® Windows® 2000 Professional

Certification information for Windows Server 2008

Posted on December 24, 2022 by steveschofield

Two beta tests for Windows Server 2008.

http://blogs.technet.com/seanearp/archie/2007/12/21/windows-server-2008-certified-it-professional-beta-exam-codes.aspx

More info.

http://blogs.technet.com/james/archive/2008/01/21/windows-server-2008-certifications.aspx

IIS7 – post #57 – How to setup ODBC Logging in IIS 7.0/7.5

Posted on December 21, 2022 by steveschofield

This example shows how-to setup ODBC logging on IIS 7.0. A big thanks goes to Thomas Deml and Anil Ruia for pointing me in the right direction. There wasn’t an article on how-to setup this feature I could find, so I wanted to share my experience. I couldn’t get IIS Manager to enable the ‘Custom’ the Logfile format, I receive this error.

One of the things Microsoft recommends is not use ODBCLogging on a busy web server. What is a busy web server? That can vary, I’ll leave that up to you to determine. When in doubt, load-test your site. That might be another blog how to load-test your ODBCLogging. When using ODBCLogging, keep in mind the not all the values that the W3C extending logging are captured with ODBC Logging. Here is a list of values that ODBC Logging captures. This has not changed since IIS6. Here is an article that contains more information. http://tinyurl.com/3bd2np

Assumptions.

You are running Windows Server 2008 Web, Standard, Enterprise. I’ve not tested Server Core.

SQL Server 2005 is installed either locally or have access to a remote system.

A SQL database called IISLogs and Table called InternetLog + an SQL user account that has appropriate permissions.

IIS is installed and one website is configured.

Here are the steps.
1) Installed SQL Server 2005 on the web server. (I used express and put SQL Server Management Studio Express). If you have a remote database, you can use that also
http://www.microsoft.com/sql/editions/express/default.mspx

2) Created a database called “IISLogs”. You can use SQL Server Management Studio or the ‘create database’ code

USE [master]
GO
/****** Object: Database [IISLogs] Script Date: 12/20/2007 19:05:13 ******/
CREATE DATABASE [IISLogs] ON PRIMARY
( NAME = N’IISLogs’, FILENAME = N’c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLDATAIISLogs.mdf’ , SIZE = 2048KB , MAXSIZE = UNLIMITED, FILEGROWTH = 1024KB )
LOG ON
( NAME = N’IISLogs_log’, FILENAME = N’c:Program FilesMicrosoft SQL ServerMSSQL.1MSSQLDATAIISLogs_log.ldf’ , SIZE = 1024KB , MAXSIZE = 2048GB , FILEGROWTH = 10%)
GO
EXEC dbo.sp_dbcmptlevel @dbname=N’IISLogs’, @new_cmptlevel=90
GO
IF (1 = FULLTEXTSERVICEPROPERTY(‘IsFullTextInstalled’))
begin
EXEC [IISLogs].[dbo].[sp_fulltext_database] @action = ‘enable’
end
GO
ALTER DATABASE [IISLogs] SET ANSI_NULL_DEFAULT OFF
GO
ALTER DATABASE [IISLogs] SET ANSI_NULLS OFF
GO
ALTER DATABASE [IISLogs] SET ANSI_PADDING OFF
GO
ALTER DATABASE [IISLogs] SET ANSI_WARNINGS OFF
GO
ALTER DATABASE [IISLogs] SET ARITHABORT OFF
GO
ALTER DATABASE [IISLogs] SET AUTO_CLOSE OFF
GO
ALTER DATABASE [IISLogs] SET AUTO_CREATE_STATISTICS ON
GO
ALTER DATABASE [IISLogs] SET AUTO_SHRINK OFF
GO
ALTER DATABASE [IISLogs] SET AUTO_UPDATE_STATISTICS ON
GO
ALTER DATABASE [IISLogs] SET CURSOR_CLOSE_ON_COMMIT OFF
GO
ALTER DATABASE [IISLogs] SET CURSOR_DEFAULT GLOBAL
GO
ALTER DATABASE [IISLogs] SET CONCAT_NULL_YIELDS_NULL OFF
GO
ALTER DATABASE [IISLogs] SET NUMERIC_ROUNDABORT OFF
GO
ALTER DATABASE [IISLogs] SET QUOTED_IDENTIFIER OFF
GO
ALTER DATABASE [IISLogs] SET RECURSIVE_TRIGGERS OFF
GO
ALTER DATABASE [IISLogs] SET ENABLE_BROKER
GO
ALTER DATABASE [IISLogs] SET AUTO_UPDATE_STATISTICS_ASYNC OFF
GO
ALTER DATABASE [IISLogs] SET DATE_CORRELATION_OPTIMIZATION OFF
GO
ALTER DATABASE [IISLogs] SET TRUSTWORTHY OFF
GO
ALTER DATABASE [IISLogs] SET ALLOW_SNAPSHOT_ISOLATION OFF
GO
ALTER DATABASE [IISLogs] SET PARAMETERIZATION SIMPLE
GO
ALTER DATABASE [IISLogs] SET READ_WRITE
GO
ALTER DATABASE [IISLogs] SET RECOVERY SIMPLE
GO
ALTER DATABASE [IISLogs] SET MULTI_USER
GO
ALTER DATABASE [IISLogs] SET PAGE_VERIFY CHECKSUM
GO
ALTER DATABASE [IISLogs] SET DB_CHAINING OFF

3) Create a table called InternetLog in your IISLogs database. This is the default table name outlined in the schema. You can also use the ‘logtemp.sql’ located in %SystemRoot%system32inetsrv.

‘Code to Create the IISLogs database that will house the log entries.
USE [IISLogs]
GO
/****** Object: Table [dbo].[InternetLog] Script Date: 12/20/2007 19:05:59 ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
SET ANSI_PADDING ON
GO
CREATE TABLE [dbo].[InternetLog](
[ClientHost] [varchar](255) NULL,
[username] [varchar](255) NULL,
[LogTime] [datetime] NULL,
[service] [varchar](255) NULL,
[machine] [varchar](255) NULL,
[serverip] [varchar](50) NULL,
[processingtime] [int] NULL,
[bytesrecvd] [int] NULL,
[bytessent] [int] NULL,
[servicestatus] [int] NULL,
[win32status] [int] NULL,
[operation] [varchar](255) NULL,
[target] [varchar](255) NULL,
[parameters] [varchar](255) NULL
) ON [PRIMARY]

GO
SET ANSI_PADDING OFF

3) Create a user called IISLogsUser with a password of P@SSwoRD$.  This can be anything, but this is what used for the example. Grant the user appropriate SQL permissions.

Setup the DSN called InternetDB

Create a System DSN (data source name)
a. On your web server computer, open Control Panel, go to Administrative Tools, double-click the Data Sources (ODBC) data source, click the System DSN tab, and then click Add.
b. When the Create New Data Source window appears, click to select SQL Server, and then click Finish.
c. In the Name box, type InternetDB, type a description, click to select the SQL server that you want to connect to, and then click Next. If the SQL server is on the same computer, select (local).
d. In the creation wizard, make sure that you click to select With Windows NT authentication using the network login ID for the computer that is running SQL Server. Examine the client configuration, and use the default ~~Named Pipe~~ TCP/IP setting. Make sure that the SQL server name is correct, and then click OK.
e. Click Next.
f. Map the default database to the database where InternetLog table resides, and then click Next.
g. If you want to, you can click to select Save long running queries to the log file and Log ODBC driver statistics to the log file in the wizard.
h. Click Finish.
i. At the end of the wizard, click Test Data Source. Make sure that you have successfully connected to the computer that is running SQL Server, and then click OK to exit.

‘The schema file is in %SystemRoot%System32inetsrvconfigschemaIIS_schema.xml
‘Note the password is encrypted. When you display using appcmd, the password is decrypted.
<sectionSchema name=”system.webServer/odbcLogging”>
    <attribute name=”dataSource” type=”string” caseSensitive=”true” defaultValue=”InternetDb” />
    <attribute name=”tableName” type=”string” caseSensitive=”true” defaultValue=”InternetLog” />
    <attribute name=”userName” type=”string” defaultValue=”InternetAdmin” />
    <attribute name=”password” type=”string” caseSensitive=”true” encrypted=”true” defaultValue=”[enc:AesProvider::enc]” />
</sectionSchema>

5) List the ODBCLogging config using AppCMD, the values should be blank

‘Here is the syntax
appcmd list config -section:ODBCLogging

‘Here is the initial result
<system.webServer>
    <odbcLogging />
</system.webServer>

6) Here are the properties you can set on the ODBCLogging section.

‘Here is the syntax
appcmd set config -section:ODBCLogging /?

‘Here is the result
ERROR ( message:-dataSource
-tableName
-userName
-password
)

7) Set your website to use ODBCLogging. You’ll need the DSN, table name, username and password.

‘Here is the syntax
appcmd set config -section:ODBCLogging -datasource:InternetDB -tableName:InternetLog -username:IISLogsUser -password:P@SSwoRD$

‘Here is the result
Applied configuration changes to section “system.webServer/odbcLogging” for “MACHINE/WEBROOT/APPHOST” at configuration commit path “MACHINE/WEBROOT/APPHOST”

8) List the config to ensure the values were set. You can also open IIS 7.0 manager and see ‘Custom’ logFile format has been selected.

‘Here is the syntax
appcmd list config -section:ODBCLogging

‘Here is the result.   If you look in applicationHost.config, the password is encrypted, AppCMD decrypts it.
<system.webServer>
    <odbcLogging dataSource=”InternetDB” tableName=”InternetLog” userName=”IISLogsUser” password=”P@SSwoRD$” />
</system.webServer>

9) Enable your particular website to use ODBCLogging.

‘Syntax I used, note you have to use the customLogPluginClsid listed in the example with the brackets around it {}
appcmd set sites “Default Web Site” -logFile.logFormat:Custom -logFile.customLogPluginClsid:{FF16065B-DE82-11CF-BC0A-00AA006111E0}

‘Here is the result
SITE object “Default Web Site” changed

‘Here is what should be listed in the applicationHost.config
‘Sites
<sites>
    <site name=”Default Web Site” id=”1″>
          <application path=”/” applicationPool=”Default Web Site”>
                <virtualDirectory path=”/” physicalPath=”c:inetpubwwwroot” />
           </application>
        <bindings>
            <binding protocol=”http” bindingInformation=”*:80:” />
            <binding protocol=”ftp” bindingInformation=”*:21:ftptest.aspdot.net” />
        </bindings>
        <logFile customLogPluginClsid=”{FF16065B-DE82-11CF-BC0A-00AA006111E0}” logFormat=”Custom” />
    </site>

9.2) Set the Application Pool account as Network Service or a Domain Account. In IIS 7.5, the default identity is ApplicationPoolIdentity

9.3) Inside SQL Server, go to the Security / Logins and add either Network Service or custom User (aka a domain account)

9.4) Make sure the Custom Logging and ODBC Logging modules are installed.

10) Test your website. Browse http://localhost and look in the table, you should have results.

In conclusion, hopefully this will help those who want to use ODBC Logging with IIS 7.0. Here is a KB article that discusses other versions. How to configure ODBC logging in IIS Here is more information on the ODBCLogging class on MSDN. IIS 7.0- OdbcLoggingSection Class

Cheers,

Steve Schofield
Windows Server MVP – IIS

IIS7 – post #56 – Remote uploaded content, static user and an Windows Integrated Authentication site.

Posted on December 10, 2022 by steveschofield

I was answering a post in forums.iis.net ( http://forums.iis.net/t/1147184.aspx ) regarding a person who has anonymous access disabled. People use Windows Integrated Authentication to access their site. The one requirement was they wanted to allow people to upload files to a remote UNC share using a static user. Here is one solution that could help resolve this type of issue. This was tested with an IIS 7.0 website and a Windows Server 2003 backend file server. I’m assuming the web and file server reside in an AD (active directory) domain. You could also use an NULL session. I’m sure there is other solutions, if so please pass them along.

1) I created a domain user called UploadSample with some random password.

2) I created a folder on a remote server called UploadSample. I shared the folder and granted the DomainUploadSample user modify permissions to the remote folder. + I also granted Administrators / SYSTEM full control.

3) In IIS Manager, I created a virtual directory called “UploadSample” mapped to the remote UNC path. Since this is a static user, the anonymous login can be set and not protected using Windows Authentication. This is the only vdir set to anonymous. I set the anonymous user to a static domain account (DomainUploadSample).

4) Since you are using ASP, I downloaded http://www.freeaspupload.net/freeaspupload/download.asp and extracted uploadtester.asp and freeASPUpload.asp to the Remote Share I created in step 2. The upload program files are being hosted on the remote share. I fixed the variable used by the program. Here is the line you need to correct. uploadsDirVar = “\DomainFileServerUploadSample“, this variable is in uploadTester.asp.

5) I made sure the rest of the site required Windows Authentication.

6) I hit http://WebServerIPAddress/UploadSample/UploadTester.asp and tested uploading files with no issues.

A few other tricks I did, the UploadSample folder does not have a default document, so when someone goes to http://WebServerIPAddress/UploadSample/, they’ll get a 403 error since no default documents are set. You could even have some logic to redirect them else where. In your application, you link directly to http://WebServerIPAddress/UploadSample/UploadTester.asp For reference, the application pool was set to use Network Service. Hope this is helpful, it was an interesting challenge.

Misc Perfmon / monitoring articles / tips.

Posted on December 10, 2022 by steveschofield

Windows Server 2003 Performance Counters Reference
http://technet2.microsoft.com/windowsserver/en/library/3fb01419-b1ab-4f52-a9f8-09d5ebeb9ef21033.mspx?mfr=true

‘Bottleneck-Detection Counters
http://technet2.microsoft.com/windowsserver/en/library/62474a20-e0f9-4329-8d86-f5f67f6979a71033.mspx?mfr=true

‘Web Service object
http://technet2.microsoft.com/WindowsServer/en/library/b1216835-e952-450f-a3a7-27ffc8d360bd1033.mspx

ASP.NET Performance Monitoring, and When to Alert Administrators
http://msdn2.microsoft.com/en-us/library/ms972959.aspx

To determine the busy sites on a server, there are a few parameters you can monitor. In the System Performance Monitor, select the Web Service object. In select counters from list, select the Total Method Requests item. Then, in select instances from list, select the sites you want to inquire on.

The Total Method Requests item displays how many requests the site has had since IIS was started. From here you can quickly deduce which sites are the busy sites and start planning the log file subsystem accordingly.