<rakkimk runat="server" />

ADSUTIL.vbs – Copying a website

Copying a website (to another exact copy)

Here is the command to copy a website(run from a cmd prompt – c:\inetpub\adminscripts):

> cscript.exe adsutil.vbs copy <source> <destination>

> cscript.exe adsutil.vbs copy w3svc/1 w3svc/556

The numbers mentioned there are nothing but the website identifiers. After copying, you might see the other (new) website stopped – just because the old one still runs on the same port and IP address combination. Taking an exact copy of website sometime comes handy where you just do not want to restart IIS for restoring a backup, but can restore the copy you took after playing with the original one.

Copying only the ISAPI Filters (to another website)

This is pretty simple – you can use this example to just copy *any* node in the Metabase to another website.

> cscript adsutil.vbs copy w3svc/1/Filters w3svc/2/Filters

Hope this helps!

LogParser – Useful Logparser scripts

Logparser is a powerful utility which comes handy for me whenever I’m helping my customers facing a problem with slow running pages, frequently hit pages, post mortem analysis to find what went wrong on IIS, et al. You can use Logparser to parse your IIS logs to health check the state of your server, and the requests it had served. Below are few LogParser scripts, and their corresponding output in chart format – you can choose your own format, but isn’t a picture worth a 1000 words?

Note : change the GIF file location, and chartType to get more awesome images.

Finding Top 20 hit URLs

> logparser "select top 20 cs-uri-stem, count(*) as Hits into c:\mychart.gif from c:\inetpub\logs\logfiles\w3svc1\*.log group by cs-uri-stem order by Hits DESC" -i:w3c -chartType:barstacked -view:on

 

Finding Error codes
 

> logparser "select sc-status, count(*) as Hits into mychart.gif from c:\inetpub\logs\logfiles\w3svc1\*.log group by sc-status" -i:w3c -chartType:pieexploded3d -view:on

Finding the top 10 client IPs

> logparser "select top 10 c-ip, count(*) as Hits into mychart.gif from c:\inetpub\logs\logfiles\w3svc1\*.log group by c-ip order by Hits DESC" -i:w3c -chartType:bar3d -view:on

Slow running pages

> logparser "select top 10 cs-uri-stem, time-taken from c:\inetpub\logs\logfiles\w3svc1\*.log order by time-taken DESC" -i:w3c

cs-uri-stem                                                           time-taken
------------------------------------------                        ----------
/IRTcalculator/default.aspx                                  101262
/TestingWebsite/WebsiteThumbnailImage.aspx 42495
/IRTcalculator/default.aspx                                  33711
/Qod/ScoreCard.aspx                                          28672
/IRTcalculator/default.aspx                                  24802
/IRTcalculator/default.aspx                                  24169
/IRTcalculator/default.aspx                                  22732
/QoD/                                                                   20967
/IRTcalculator/default.aspx                                  20358
/IRTcalculator/default.aspx                                  19281

 

This above query will list you the top 10 URL’s which are taking more time – be informed that this time-taken field in IIS 6/7 will contain the network time to, this is just not only the IIS processing time.

More to come! Hope this helps.

IIS7 – ASP.NET on Windows Server 2008 Server Core R2

If you are a Server Core fan, and wished you could host ASP.NET websites in Server Core, then feel better, you wish had come true. Windows Server 2008 R2’s Server Core will have .NET Framework which means, ASP.NET too. This is a big news for all those wanted to deploy Server Core, but stopped because .NET Fx wasn’t there in the RTM release.

Windows Server 2008 R2’s blog details this:

“Added the following as optional features:

• Subset of .NET Framework 2.0
• Subset of .NET Framework 3.0 and 3.5 – WCF, WF, and LINQ
• Windows PowerShell
• ASP.NET and additional IIS support – the only IIS feature not available in Server Core is the management GUI
• FSRM"

You can read this here too. You can also view the PDC announcement, and few more interesting things here. But, you have to live with appcmd for all IIS configuration changes as there is no GUI IIS manager would be available – after all Server Core fans don’t expect that to be available.

Happy Server Core deployments, wait for the R2 release!

Live Mesh – Syncing your Windows Live Writer Drafts

The title explains all, I’m going to run you through a few simple steps which will make your life much easier if you are into professional, or personal blogging on multiple machines – say workplace PC, your personal laptop, work laptop, et al.

Imagine a situation where you are writing a blog from your workplace computer, and you are about to finish it, but want to leave office, and continue at home. You just lock your PC at work, take your car, come home, and open your personal laptop, and how awesome it would be if you are able to continue the same post from your laptop? It will be super duper cool, right?

Live Mesh will make this happen – drafts are saved to a folder called “My Weblog Posts\Drafts” under your Documents folder (eg: C:\Users\<USERNAME>\Documents\My Weblog Posts\Drafts). Just add that folder to your Mesh from your work computer. And from your personal laptop, click on the “My Weblog Posts” folder from your local Live Mesh application from your task bar which will give you options to sync a folder on the current machine – sync it to the same folder - C:\Users\<USERNAME>\Documents\My Weblog Posts.

 

That’s it. From your office machine, just click on “Save Draft” and before you reach home from office, your drafts folder is now synced between your office machine, and the personal machine at home. Now, you can safely start working on the blog post again from the place you left from your home.

As this Live Mesh community grows, you will see more and more useful scenarios which will make our tasks much simpler, and easier.

.rm

PDC2008 – day 2 – Awesome Office, Windows 7, Live Services, etc

Office 14 will have an online version – which can work seamlessly with the desktop version

This is the most important announcement which impressed me very much – Office Web Applications. Check more about this here. Embedded Video below:

 

Windows 7 – an inside look

Mark Russinovich talks about Windows 7, Original link here, video below:

 

Inside Live Services – David Treadwell

When Windows Azure has already made news, it is interesting to watch this video where David talks more about the Live Services.

You should also check this post from the Live Mesh team which talks more specifically on Live Mesh.

 

Windows Server 2008 R2

As Oliver outlines about this on the team blog, Windows Server 2008 showed its face at the PDC2008. Check the below links for more:

http://blogs.technet.com/windowsserver/archive/2008/10/28/announcing-windows-server-2008-r2.aspx

http://www.microsoft.com/windowsserver2008r2

Hope this helps!

.rm

Windows Azure – useful links

The world is excited about Windows Azure, and here are few useful links for the same. I’ll add more as they appear in the cloud.

Windows Azure MSDN

http://msdn.microsoft.com/en-us/azure/cc994380.aspx

Azure Services Platform

http://www.microsoft.com/azure/windowsazure.mspx

Windows Azure Tools for Microsoft Visual Studio October 2008 CTP

http://www.microsoft.com/downloads/details.aspx?FamilyId=63D0D248-1B08-4F7D-ABDE-62EB75CB1E69&displaylang=en

Windows® Azure™ Software Development Kit (October 2008 CTP)

http://www.microsoft.com/downloads/details.aspx?FamilyId=BB893FB0-AD04-4FE8-BB04-0C5E4278D3E9&displaylang=en

Hope this helps!

.rm

IIS7 – How to set up logging to a remote UNC share?

First of all, let me tell you that there isn’t much changes to the logging done to IIS 7.0 compared to IIS 6.0. Logging still happens through Http.Sys, and you can configure the logging directory (of FREB log directory) to be a UNC share. There are a few MSDN/Technet articles available for the same(for IIS 6.0), but here I’ve tried to keep the steps simple, together at one place, and few steps specific to IIS 7.0.

Configure UNC path for Logging using IIS manager

1. Start IIS7 manager, select the website
2. Select Logging from the Features View
3. Enter the UNC path in the Directory

  

 Configure Permissions on the remote UNC share

Since this is Http.SYS which is doing the logging, it is required to give the Computer Server account proper sharing permissions and NTFS permissions on the shared folder. If your server is in domain MyDomain, and the server name is MyServer, you can just type MyDomain\MyServer$.

   

Also make sure you select the “Computers” in the “Object Types…”.

Cross Domain Logging

Now comes another common problem – where the web server is in another domain, and the UNC share is in another domain. You can still configure it by setting up the remote share as a Null Session share. You can set up a Null Session by following the steps in this Technet article.

AFAIK, this article which talks about various events which may occur in IIS 6.0 would still apply for IIS 7.0. If you face any other problem other than listed in that article, drop a note here.

Hope this helps!

.rm

ASP.NET 2.0 x64 – You may get HTTP 400 Bad Request or Error as mentioned in KB 932552 or 826437

I’m sure you already know about this fix for ASP.NET which fixes an issue of “not a valid path” exception, and this fix for ASP.NET 1.1 for the same reason. If you receive this error now on your application, you might not need to apply the hotfix because your ASP.NET version might be higher than the one available with this hotfix, so verify the DLL versions before even requesting the hotfix from Microsoft.

So, after installing the hotfix, you should do the below registry changes (not sure if the hotfix does this automatically – I haven’t tested this):

DWORD        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\VerificationCompatibility = 1

as mentioned in the KB article 932552. But, you might see that this doesn’t work if you run the application pool under 32-bit mode on a x64 Windows Server 2003 or 2008. That’s just because, the ASP.NET reads this key from a different location as below:

DWORD        HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ASP.NET\VerificationCompatibility = 1

I’m sure you doesn’t want me to explain why ASP.NET reads from this location instead of above. If you want, please drop a note.

In IIS 7.0, you would get the below error message while running under Integrated mode:

“HTTP Error 400.0 - Bad Request
ASP.NET detected invalid characters in the URL”

Hope this helps!

.rm

Touchless – you gotta believe this!

This is an interesting piece of technology that amazed me first when I read about its release, and freaked me out when I ran the demo application. Below is the demo as available from Office Labs.

<a href="http://video.msn.com/video.aspx?vid=a89a217b-fc38-4a6c-87f8-ab59a2028391" target="_new" title="Touchless">Video: Touchless</a>

It needs a webcam, and know more about this here.

Nice works folks!

.rm

Microsoft Web Platform Installer Beta

If you are a web deployment guru, and looking to reduce your burden of downloading lot of software, configuring them and if you didn’t check Bills’ blog earlier, you better do check it right now.

The new ‘Microsoft Web Platform Installer Beta’ gives you an easy way of configuring the ASP.NET/IIS stack along with tools needed for development all in one go.

1. Select the IIS components you need to install 

 

2. Select the tools, .NET SP

3. Download and Installation

 

You can get it from here. Happy Deployment (with less hassles)!

.rm

IIS7 – Enabling Custom Error Pages

As the title sounds, here I’m going to discuss a very simple feature of IIS7 which has one additional step to keep in mind compared to that you do in the previous versions of IIS (5, 5.1, 6). Let’s take an example of configuring a redirect for a page to HTTPS if it is browsed on HTTP. There are a lot of ways doing this HTTP to HTTPS redirection, where using custom error pages is one of them.

If you force HTTPS to be used in your website, error 403.4 would be returned to the browser. By default detailed error message (403.4) won’t be sent to the browser, but just 403. However, you can enable detailed error messages. Now, we need to configure our error page so that it redirects the requests to HTTPS. You can do it by following this KB article which was written for IIS 5, and 6, but holds good for IIS 7.0 as well.

Just adding an entry would enable this rule functioning, but if you try to test from your local server itself which most of the people would do after configuring this, you would see it doesn’t redirect you to the URL mentioned, and it gives you the same 403.4 error page.

That’s because of IIS 7.0 by default doesn’t send the custom error pages to a local request, but the detailed errors. So, you need to configure IIS to do a custom error message even if it is browsed from the server. But, you can ignore following below if you doesn’t care if the site redirects from the server (which is true for any customer facing website). Click on “Edit Feature Settings, and then choose “Custom error pages”, and click on OK.

   

So, take away from this post is “don’t try to test the custom error pages from the server itself after configuring it, since they are by default disabled for any local request”.

.rm

How to uninstall IE8 Beta1 from Windows Server 2008?

I’m using IE8 Beta1 on my Windows Server 2008 (and still have IE7 on my Vista box which is my primary “work”station). Since IE8 Beta2 is released today, I thought of installing in my WS2008.

When I tried to run the installer, I got the below:

 

I was trying to find a way to uninstall IE8, and in XP it showed in the Add/Remove Programs, but not in WS2008. It is actually installed as an update. So, you need to go to Control Panel –> Programs and Features –> Installed Updates, and select “Windows Internet Explorer 8” and hit Uninstall, and proceed with the wizard.

Hope this helps someone who tries to uninstall IE8 Beta 1 from WS2008 like how I did.

AppCmd syntax to add FTP IpV4 Address and Domain Restrictions

I just helped one of my customer writing a script which would add FTP IpV4 Address and Domain Restrictions into the applicationHost.config file. “Configuration Editor” came handy to nail this command. I would say, anybody and everybody wanted to play with AppCmd, and stuck, try your hands on this Configuration Editor which is a part of Administration Pack (still CTP2 at the time of writing) which gives you everything you need – Managed code (C#), Scription (JavaScript) and Command Line (Appcmd) syntax. Below are the commands:

appcmd set config "TestFTP" /section:system.ftpServer/security/ipSecurity /+[ipAddress='65.2.3.68',subnetMask='6.1.2.100',allowed=’true’] /commit:appHost

appcmd set config "TestFTP" /section:system.ftpServer/security/ipSecurity /+[ipAddress='65.2.3.68',allowed=’true’] /commit:appHost

Hope this helps!

IIS – Rejecting a request from a specific client type(browser) | ISAPI Filter Example

Recently I’ve come across a discussion where a particular type of client request should be blocked. Say for an example, you need to block requests from a client called “TrustMe”; consider a scenario where you need to serve pages only for Internet Explorer 7 clients, not IE6.0 clients. This kind of requests are not so common, but there would be someone who may need this. Hence, this blog post :-)

So, first of all we need to understand how we can differentiate between client browsers? How does a server identify what is the client browsing the site? It can identify through “User-Agent” request header. Example of an User-Agent sent from my IE6 client is below:

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)

So, if you are able to check if your “TrustMe” client is a part of this header, you’ll be able to reject the response with 404 or whatever you want to do. You should now be remembering about URLScan’s [DenyHeaders] section helping here?

You cannot use that to reject requests with “User-Agent: TrustMe”. AFAIK, that section is used to reject *any* requests coming with the mentioned header. It means, you can only decide on the header name, not the value of the header itself.

Below is an example:

[DenyHeaders]

My-Header:

This will reject *any* requests, that have a request header of “My-Header:” regardless of its value. So, all of your requests will be rejected if you add “User-Agent:” to the [DenyHeaders].

AFAIK, only a custom ISAPI Filter can reject a response (with 404 or whatever) if coming from a specific user agent. Below is an example code to check this:

DWORD WINAPI __stdcall HttpFilterProc(HTTP_FILTER_CONTEXT *pfc, DWORD NotificationType, VOID *pvData) 
{ 
    char buffer[256];
    DWORD buffSize = sizeof(buffer);
    HTTP_FILTER_PREPROC_HEADERS *p;
 
    switch (NotificationType)  {

      case SF_NOTIFY_PREPROC_HEADERS :
      p = (HTTP_FILTER_PREPROC_HEADERS *)pvData;
      BOOL bHeader = p->GetHeader(pfc,"User-Agent:",buffer,&buffSize); 
      CString UserAgent(buffer);
      if(UserAgent.Find("TrustMe") != -1) {
        // Found; so changing the URL to be an unavailable URL, so your request would be 
        // rejected with 404; just as URLSCAN does
        p->SetHeader(pfc, "url", "/Rejected-coz-of-Restricted-UserAgent");
      }
      return SF_STATUS_REQ_HANDLED_NOTIFICATION; 
    }
    return SF_STATUS_REQ_NEXT_NOTIFICATION; 
}

But, this is always less secure, because User-Agent is easily configurable.  So, if you are planning to stop your site being used by some “attacking” user-agent, you can try using this. But, most of the time attackers are little intelligent than what we think them as, so they can easily change the request header. You can also think your own logic to accept only the clients you want to, rejecting the rest.

So, if you want your ISAPI filter to reject requests from any IE6, you just need to check if the User-Agent header has the string “MSIE 6.0”. If you want help in writing an ISAPI filter, check my earlier blog posts here.

Feel free to use the above code, but use at your own risk.

Getting “Unable to get the project file from the Web server” while opening a project in Visual Studio

I recently worked with a customer who was getting “Unable to get the project file from the Web server. Unable to open Web project 'project'. The file path 'c:\inetpub\wwwroot\project' does not correspond to the URL 'http://localhost/project'. The two need to map to the same server location" while opening it from Vistual Studio 2003.

While checking found that there is another EXE listening on port 80 on the server. So, our requests from VS to open the website was going to it, hence the error.

While making sure our website is up, we were now getting "Unable to get the project file from the Web server. Visual Studio .NET has detected that the specified Web server is not running ASP.NET version 1.1. You will be unable to run ASP.NET Web applications or services".

Resolved this one my making sure there is no proxy selected in IE (or if the proxy is there, add the server name to the exceptions list).

Just thought of doing this quick post so that it may help someone running into the same problem searching for answers in the Internet.