October 2005 - Posts
If you having problem with IIS after installing the recent MS05-051 patches, you need to restore the default permission of the COM+ catalog. I should have cover this earlier, I mean COM+ is closely related to the overall functionality of IIS, without it - IIS will not start. Here's couple of symptoms that you may see after deploying the fixes:
- The Windows Installer service may not start.
- The Windows Firewall Service may not start.
- The Network Connections folder is empty.
- The Windows Update Web site may incorrectly recommend that you change the Userdata persistence setting in Microsoft Internet Explorer.
- Active Server Pages (ASP) pages that are running on Microsoft Internet Information Services (IIS) return an “HTTP 500 – Internal Server Error” error message.
- The Microsoft COM+ EventSystem service will not start.
- COM+ applications will not start.
- The computers node in the Microsoft Component Services Microsoft Management Console (MMC) tree will not expand.
- Authenticated users cannot log on, and a blank screen appears after the users apply the October Security Updates.
More detail can be found in this kb:
909444 Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC.
Just added this Channel 9 new link under the 'IIS Related' section... This tag direct link to IIS related video as well as the first IIS Podcast by Brett Hill over at channel9.msdn.com
A nice complete classification documentation about Web Security Threat from the Web Application Security Consortium.
What's new with this kernel mode driver in Longhorn? Read this post from the Windows Network Developer Platform team, I got the chance to meet with Ari Pernick when I was in Redmond two weeks ago :)
There are just too many email notifications and blog postings in relate to monthly security bulletins, so I'm not going to do it here. Instead, I will try to highlight details that are related to IIS. So as usual, if you are not subscribing to Microsoft security bulletins alert, you can read the bulletins posting from Jerry's blog. A tough month, huh? 3 Critical, 4 Important + 2 Moderate bulletins.
Now, we have got MS05-044 and MS05-048 for October, 044 is not really IIS but rather it is related Internet Explorer FTP client component :) This attack is using the active mode when 'Enable folder view for ftp sites', by default - this optioned is not enabled. More info regarding Ftp transfer mode, refer KB323446.
Moving on to 048, the vulnerability resides in the SMTP component (both IIS and Exchange SMTP) and once exploited attacker could easy take control over the machine. The affected components are cdoex.dll and cdosys.dll :) the com objects that commonly use in web application to send smtp mail (e.g. KB286431). Hence, if you implement the workaround (unregister those components), your application will breaks if it depends on it. So, please test the patch fixes the soonest and deploy it at production box asap.
Btw, do you know that this month - October is the National Cyber Security Awareness month ? So let's promote the security awareness to your family, friends and local community :)
Here's the preliminary documentation from Microsoft about IIS 7 :) Take note, this is subjected to change, but heck this will give you more insider information about the new IIS 7. From what I have seen so far, be prepare to be amazed!!! Something that Microsoft take a big step in the web server space.....
Update: 13th October
I just came across that Brett has blogged about this month ago :( LOL! I'm blur from time to time.
905422 A client computer cannot receive new updates from a Windows Server 2003 Service Pack 1-based WSUS server
899301 One or more IIS services may unexpectedly close, and you may receive an "Event ID 7031" error message in the System log when you start a Web site that is hosted on IIS 5.0
907733 Microsoft does not support the use of FAT file systems or FAT32 file systems with Internet Information Services
906474 You may receive an "HTTP Error 401.5" error message when you open an ASP page that is hosted on Internet Information Services 6.0
905423 You may notice multiple instances of Inetinfo.exe on the computer or you may receive an error message when you try to start an IIS service
906977 BUG: You experience slow performance when CGI applications that are hosted on Internet Information Services 6.0 send responses
Question:
Sender: Jarod Smith
IP Address: 69.63.xx.xx
=====================================
Hello there,
I saw yuor KB articale on this topic but could not see how to actually configure the port range in IIS 5. I understand that I need to have SP4 installed (which I do) and that I need to create a value in the registry (which I did) but what then? How do I actually specify which ports are to be used in passive mode?
Any help would be greatly appreciated.
Jarod Smith
Answer:
Ok. I assuming you refer to this KB - How To Configure PassivePortRange In IIS, After you have created the "PassivePortRange" in the following regkey HKLM\System\CurrentControlSet\Services \Msftpsvc\Parameters\
All you need to do is specify the valid range value, which is from 5001 to 65535, Example, you would specify 8000-9000. Then after you close the registry editor and restart IIS service, IIS FTP server will only use the defined port range (between 8000 to 9000) for passive mode connections, hence by doing which, you can then customize your firewall for allowing such port range traffic request.
got it?
Question:
Sender: Simon Bell
IP Address: 141.165.xx.xx
=====================================
I'd like to user logparser to search recursively from a starting directory for all files greater than 200k. Then save the file name, path and date to an html file. I've see where users have used the Top 10 command which I can replicate, but I'm having difficulty doing a search that lists the files if file > 200k.
Thanks in advance,
Simon
Answer:
What particular difficulty you facing? Well, I modified one of my sample script to the following:
--FileSize200.sql
SELECT
EXTRACT_PATH(TO_LOWERCASE(path)) AS ContentPath,
TO_LOWERCASE(name) AS FileName,
DIV(size,1024) AS FileSize(K)
FROM %source%
WHERE TO_INT(FileSize(K)) > 200
--FileSize200.sql
Then run it at command line as:
LogParser.exe file:filesize.sql?="c:\inetpub\*.*" -i:FS
And I got the output of:
ContentPath FileName FileSize(K)
-------------------------------------- ----------- -----------
c:\inetpub\iissamples\sdk\asp\database authors.mdb 332
<shamlessplug>
I contributed two chapters in the one and only Log Parser book :)
</shamelessplug>
Question:
Sender: mark
IP Address: 24.110.xx.xx
=====================================
I seem to be over my head. (nothing New) Retired Air Traffic Controller, so I probably whisked you around some days. I nee help making a FTP site within my server(I am Admin.) then I need help using my WS FTP to log in. I think I'm doing things right, yet I can't log in. I have the Anon. turned off in IIS. Still Not sure what user name and PW is need if one at all. Is this a router thing? If so I'm dead. Thanks.
Answer:
If you have disabled the anonymous access, then you need to create user account in Windows local SAM database or you Active Directory (if AD domain is deployed). Refer the following KB articles:
HOW TO: Set Up an FTP Server in Windows Server 2003
http://support.microsoft.com/?id=323384
HOW TO: Limit Access to a FTP Site in Windows Server 2003
http://support.microsoft.com/?id=816525
If you still having problem - post the error message and the ftp status code here.
I received quite a number of questions from time to time. Rather than replying via email (which I don't normally do it), I will pick a few and blog it here :) So here we go:
Question:
Sent From: ptjoe
Subject: SMTP not sending mail
__________________________________
I saw one of ur replies in the IIS forum about an smtp problem.
It happens taht i have the same problem, i have the smtp installed on IIS 6.0, i set up an account in outlook express with that smtp server. when i send a msg on outlook apparentely it sends the message, but the message never gets to it's destination, and i noticed that the message remains in the queue folder on the mailroot. Can you tell me what may be causing this ?
thank u in advance.
Answer:
Well, for starter, I would suggest you try this blog post - Troubleshooting IIS SMTP, basically, you will check if the smtp component can make connection out via tcp port 25 + the udp/tcp 53 for DNS MX queries. If you pass both yet the message stuck in the queue, then you need to look at the smtp log. Find out the exact error status code, etc. Typically, if you have a fresh smtp box and try to send/relay mail to mail host like hotmail.com, yahoo.com, gmail.com etc. You need to make sure that your smtp server is clean. Not blacklisted, have a valid reverse-lookup DNS name record, etc. Here's a good URL (http://www.dnsreport.com/) to check your DNS records and provide information on how you should deal with each warning or error message.
TechNet Webcast: Automate, Automate, and Automate More: Scripting IIS 6.0 (Level 200)
Are you new to Internet Information Server? Have you been assigned to deploy 200 Web servers in the next year, but you don't want to configure all of those servers individually? Relax: use IIS Manager to create a set of sites and virtual directories and enable security for those Web servers. In this webcast, you find out how to use Windows Management Instrumentation (WMI) scripts to easily and quickly create websites and other key metabase objects. After finishing this webcast, you receive sample scripts that you can use in your environment to automate several typical tasks performed by Web administrators.
TechNet Webcast: Deciphering the Tools of the Trade: A Review of IIS Stress Testing Toolsets (Level 200)
Are you new to Microsoft Internet Information Services (IIS)? Have you been assigned to deploy 200 Web servers in the next year, but you don't want to configure all of those servers individually? You can easily use IIS Manager to create a set of sites and virtual directories, as well as enable security for all of them. In the past, the Microsoft Web Application Stress tool was used to apply load to a Web server to simulate the true usage of Web applications. This webcast outlines how IIS Manager tools work and helps administrators and developers determine the right tool for a given environment.
Well, not really :) currently in Phoenix and been really busy. Well, first time here in Arizona and this place is HOT!!!!! I meant the weather..... super hot + dry. It's like back into my country, take way the humidity then increase few more degrees in the temperature. I'm sweating now, even in the office :(
Anyway, just want to let you guys know that I'm still alive :) and this year MVP summit was the best one so far! and as some of you may know that IIS7 will kick axx!!!!!!! It will be Vista client :) and guess what - no more single site limit for client OSes :) finger crossed ! that's what I heard from Microsoft folks....... hopefully, we will get the same IIS7 for both server and client OS (minus some addon features that coupled with Server OS)
For those that got the Longhorn beta program, get ready to see the beta 2 in November or so... again ! you will be amazed :)