Quantcast
Channel: Web Farms
Viewing all 292 articles
Browse latest View live

How to "URL rewrite/reverse proxy" 2 IP addresses to the same site (IIS Newbie)

December 13, 2016, 11:31 pm
$
0
0

Hello all,

Currently I am having issues trying to reverse proxy/URL rewrite two IP addresses for one website in IIS. The scenario is that:

At first for our application, we only had one app server hosting it and I was able to very smoothly reverse proxy the URL for this application using URL rewrite and ARR. 

However, now we are creating a clustered environment for our application (so the app is installed on two different app servers) and the original URL rewrite/proxy now has to have both IP addresses mapped behind the website. 

I tried to follow the steps in the following link:

https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/http-load-balancing-using-application-request-routing

but after I created the server farm, all of our IIS sites (including those for a different application) would become unaccessible with 502 errors. For the server farm I had added only the two IP address's that were hosting the application as the server entries but yet it still affected all of our sites. I noted that there is an option to use URL rewrite in the server farm as well but the reverse proxy option was not available as it was when I used to it reverse proxy our first site with only one IP address hosting the app. Any help or guidance would be greatly appreciated and please let me know if I can provide any additional information as I am sure I might have left out some key info (hence the reason I had to put IIS newbie in the subject header :) ) 

Search

anti-forgery token

January 10, 2017, 6:25 pm
$
0
0

Hello

Not sure what is causing the issue but I was hoping to rule out of things.

one site running asp/mvc gets an error “the provided anti-forgery token was meant for a different claims-based user” could that be from not having a machine key behind a F5 setup?

I thought you would an error MAC validation errors  https://support.microsoft.com/en-us/kb/2915218.

also under the IIS manager for the site if I want to test creating for keys for one site only - sha1 is old do I pick AES with the encryption level as auto?

and then do I leave the four check boxes enabled for just one site / application?

i see a yellow box in the upper right "if your server is part of a web farm specify validation  and decryption keys.

machine.config andmachine keys

January 18, 2017, 7:03 pm
$
0
0

If I generate a machine keys for the entire IIS server it should write it to the machine config file. Does this keys need to be regenerated periodically?

is there any security concerns about having the keys shared between sites?

instead of using a powershell script to generate the keys I would use the GUI on one server and then copy the keys to its cluster to the following locations?

%SYSTEMROOT%\Microsoft.NET\Framework\v4.0.30319\CONFIG\machine.config
%SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\CONFIG\machine.config
 

should I not use AES or MD5 for the  validation method  but use something like HMACSHA256?

test machine keys

January 20, 2017, 12:31 am
$
0
0

is there a way to verify that the machine keys are working ? I cant disable the load balancers, would disabling cookies under the browser be a valid test?

Web.config problem with rootDirectory

January 26, 2017, 10:00 am
$
0
0

Hello,

I was editing the web.config to a website and I uploaded it to the server with the rootDirevtory with the local host since then I can't access to the DB server and FTP to overwrite the wrong one.

HTTP Error 502.3 - Bad Gateway - The connection with the server was terminated abnormally

January 27, 2017, 11:56 pm
$
0
0

Hi All,

When we configure ARR rule for incoming requests and route to Server Farm with HTTPS port(scheme), We are getting following error 

HTTP Error 502.3 - Bad Gateway
The connection with the server was terminated abnormally

Example. Scenario is incoming HTTPS request with port 443 and route to https port 444 internally ,using ARR.

Please help .

Routing to Farm Fails but rewrite to Single IIS server works?

February 7, 2017, 12:25 pm
$
0
0

I am hoping that someone can help me with this.

I need to scale up a web application that is only accessible internally on the intranet and have decided to use Application Routing to do the load balancing.  

My current set up is a server load balancing server 2k12r2ARR with IIS and ARR 3.0 installed, this is to forward all requests on to either 2k12r2web1 or 2k12r2web2.

I have a webfarm set up on 2k12r2ARR called 2k12r2ARR (I have called it arrFarm but I read in a post that someone managed to solve the same problem I am having by renaming their farm to the same name as their server)

Bindings are set on the default website of this server to: 2k12r2ARR to all ip address on port 80.

Web1 bindings: 2k12r2web1 to all ip address on port 80

Web2 bindings: 2k12r2web2 to all ip address on port 80

When I set up a URL rule to rewrite directly to either web1 or web2 everyting works as expected.  I can go to http://2k12r2ARR/Application and access the pages.

The problem is when I change the rule to route to the farm 2k12r2ARR I am getting a 404 error 'page not found'.  Looking at the Monitoring and Management of the Farm it is counting the requests made to the servers and showing that there are zero failed requests.

When I check 2k12r2web1 and 2k12r2web2 logs they are not showing any requests made.

I have the failed requests log turned on for 2k12r2ARR and I can see that the URL rewrite tool is working but not routing the traffic:

 ARR_SERVER_ROUTED RoutingReason="LoadBalancing", Server="2K12R2WEB2", State="Active", TotalRequests="45", FailedRequests="0", CurrentRequests="1", BytesSent="23616", BytesReceived="21648", ResponseTime="0" 

18. GENERAL_SET_REQUEST_HEADER HeaderName="Max-Forwards", HeaderValue="10", Replace="true" 12:00:38.441
19. GENERAL_SET_REQUEST_HEADER HeaderName="X-Forwarded-For", HeaderValue="111.123.143.38:59775", Replace="true" 12:00:38.441
20. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-SSL", HeaderValue="", Replace="true" 12:00:38.441
21. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-ClientCert", HeaderValue="", Replace="true" 12:00:38.441
22. GENERAL_SET_REQUEST_HEADER HeaderName="X-ARR-LOG-ID", HeaderValue="c72BB340-edae-5ab6-b75f-8a1aa98f0ed9", Replace="true" 12:00:38.441
23. GENERAL_SET_REQUEST_HEADER HeaderName="Connection", HeaderValue="", Replace="true" 12:00:38.441
24. URL_CHANGED OldUrl="http://2k12r2ARR/", NewUrl="/"

37. GENERAL_RESPONSE_HEADERS Headers="Content-Length: 315
Content-Type: text/html; charset=us-ascii
Server: Microsoft-IIS/8.5
X-Powered-By: ARR/3.0
X-Powered-By: ASP.NET
" 12:00:38.441


38. GENERAL_RESPONSE_ENTITY_BUFFER Buffer="<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML

4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Not Found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Not Found</h2>
<hr><p>HTTP Error 404. The requested resource is not found.</p>
</BODY></HTML>
" 12:00:38.441


39. GENERAL_FLUSH_RESPONSE_END BytesSent="515", ErrorCode="The operation completed successfully.
(0x0)" 12:00:38.441


40. GENERAL_REQUEST_END BytesSent="515", BytesReceived="451", HttpStatus="404", HttpSubStatus="0"

Any suggestions on why this isn't working?  I have tried adjusting timeout settings, turning off the cache, binding the websites with different names, removing iis and arr form the loadbalancing server and reinstalling everything again.

Many thanks

IIS 8 Web Farm is returning 403 when redirected to Glassfish 4

February 19, 2017, 11:46 am
$
0
0

I have looked through other threads on this sight and through Google without luck in finding the solution. I am getting a 403 when the call is being made to the domain that IIS will redirect to the Glassfish server using a reverse proxy.

My environment:

  • Windows Server 2012 R2 (with URL Rewrite, Web Server Farm)
  • IIS 8
  • Glassfish 4

I am attempting to configure the IIS to redirect to the Glassfish server using the server web farm as described in https://jstoup.wordpress.com/2012/04/25/how-to-integrate-glassfish-with-iis/.

I have modified the Glassfish server to listen on ports 10080 and 10443 since I have tomcat already listening on 8080 to support Jira.

I can access the default Glassfish page using http://localhost:10080/ and https://localhost:10443/.

Here are the steps that I performed. Maybe you can see something I missed.

My current steps/actions

  • Created the server farm with the name express
  • Added a server called express.<domain>.com
  • Modified server's advanced settings setting the http port to 10080 and the https port to 10443.
  • Left everything else in the advanced settings to the default values
  • Back on the server farm selected the Routing Rules
  • Clicked the advanced routing from the actions menu on the right
  • Selected the current inbound rule (there is only 1) and clicked Edit form the right side
  • Left everything default except in the action box
  • Changed action type to rewrite
  • Rewrite URL to http://express.<domain>.com:10080/{R:1}
  • Applied changes to the URL Rewrite rule

If you have had success with configuring your IIS 8 to redirect to Glassfish 4, will you send me what you did so I can correct this issue.

Thank you

Search

Can't change IIS settings when shared configuration enable

February 23, 2017, 5:51 am
$
0
0

Hi,

I am trying to build an IIS Web Farm. I performed all tasks on this topic Build a Web Farm with IIS Server . I choose shared content and shared configuration infrastructure. Web Site's contents and IIS configuration files storing on a Back-End file server. Web farm working properly. I can reach the web sites on web farm. But when trying to reconfigure iis (addding/removing website or changing a web site settings) getting this error: "\\?\UNC\{Server}\IISConfig\applicationHost.config Error: Cannot write configuration file."

I used a domain user, it is accessing shared configuration . Also this user has required rights on shared folders and the user member of administrator group on back-end file server.

IIS 10 with Web Farm or NLB Cluster

March 7, 2017, 2:00 pm
$
0
0

Hi,

i want to offer an web application with IIS 10. It is better to build an NLB Cluster or build an Web Farm?

I'am new on this area.

Greetings Heike

[IIS 10] Shared Configuration

March 20, 2017, 8:22 pm
$
0
0
Hi All,

I mounted one webfarm with two servers, with Windows Server 2016 CORE... YEAH!

But, the password's in application.config is encrypt with CNG, and keys iisCngWasKey or iisCngConfigurationKey can't export/import. 

And i can start one pool, where i set user and password, but other pool can't because they can't decrypt password.

Why?

Syncing two servers using webdeploy cmdlets in powershell results in 'skipping source cert' warning and then error?

March 31, 2017, 9:42 am
$
0
0

Hello,

We have two windows 2012 servers running iis 8, they are setup to sync using the appropriate webdeploy powershell cmdlet as shown on this page in the sync section:

https://www.iis.net/learn/publish/using-web-deploy/web-deploy-powershell-cmdlets 

Unfortunately when the syncing takes place there appears to be the following error multiple times:

WARNNING: skipping source cert ("sequence of letters and numbers appear here") because of rule skipinvalidsource. No certificate found in store My with has "same sequence of letters and numbers"

followed by:

Sync-WDServer: An error occurred when the request was processed on the remote computer. A specified logon session does not exist. It may already have been terminated (Exception from HRESULT: 0x80070520)

We have two other servers hosted elsewhere which have the same setup and it runs perfectly.  Recently there were SSL certificates installed and removed for certain sites on the two servers with the problem, possibly that has caused some sort of issue with another certificate that is required for the syncing to work?

I personally have no experience of this and don't understand it at all.  It seems like a certificate that existed and allowed the two servers to sync in this manner has now gone, does anyone know how we can fix this issue and allow the servers to sync again?

Migrating IIS8.5 cluster to IIS10

April 4, 2017, 9:19 am
$
0
0

Hi,

We have a 3 node IIS8.5 environment (shared configuration).
We would like to upgrade our farm without downtime.
I already setup a Windows 2016 IIS10 machine, and it works with shared configuration with the others.
However, the IIS management console isn't showing any icons, I think this is because a version mismatch, between the servers.
How can I fix this?

Help for ARR web farm misconfiguration with SSL

April 5, 2017, 11:45 am
$
0
0

Hi everyone,

I'm strictly new to IIS world and I have some trouble to configure correctly the rewrite rules.

That's my scenario:

1 ARR server for route all requests to the farm (ARR 2.5)

2 content servers that are hosting our web application.

The default ARR site is binding the SSL certificate for the application.

SSL-offloading and rewrite rules are enabled and the rule is created when I have provisioned the farm.

The problem is that I can reach the app and I can login via https but after that I get the dashboard page loaded without images and layout (I can see only text and links).
If I proceed selecting "load unsafe scripts" I get the loading partially correct but on the next click I get redirect to http.
How can I prevent this behaviour ?
Is not a certificate issue because the same certificate exported to one of the content servers work right without problems.


My Goal is to make the navigation always under https.

Thanks in advance and sorry for my English!

Multiple Apache Server Farms and SSL Issues

April 10, 2017, 7:32 pm
$
0
0

I apologize if this has been addressed elsewhere - I searched but couldn't find a match. I am also a newbie with IIS. I am running IIS 8 on a Server 2012 platform. I have five server farms identified; all but one is running Apache on Linux. Using port 80 everything works fine, but I can't get 443 to work properly.

Three of the five servers are using a wildcard certificate (let's say domain.com); one server is not using SSL, and the remaining one is a different domain entirely (let's use another.com), using its own certificate.

If I configure the wildcard cert under Default Website --> Bindings as a default cert (*.domain.com), all three servers are happy but the one in a different domain throws an error. I have defined the another.com cert under the bindings, too.

When all of this failed I setup centralized certificates and placed both the wildcard and the single-site cert there, and I re-bound everything to that. I don't know if wildcards work with the centralized certificates, but nothing worked after I made this change.

I have tried using SSL offloading and not using SSL offloading with no impact. None of the server farms currently have "Use URL Rewrite Rules to Inspect Incoming Requests," but I do have URL re-write rules generated and they seem to work (If I click the checkbox to enable the URL rewrite rules, the system immediately adds new rules which I don't want.)

The bottom line is that I don't know how to get this scenario to work. I have poured over a lot of sites but nothing I've tried seems to help.

Any help you could provide would be appreciated.

Thanks

Mike

Search

ARR farm And Server Variable

April 28, 2017, 6:52 am
$
0
0

Hello IIS guru!

I need help with an ARR Farm and a server variable . 

I added the server variable (for example called it LB_X_COOKIE) on the server layer and wanted to see a value of this variable in the log file. For testing purpose I set the value of the server variable to particularly value equal to ‘Hello’ and called this field as ‘LB_X_COOKIE’. It’s showed on the screen 1 (all these images are clickable).

sedo_iisarr02

Screen 1.

I added the custom field to the logging settings on the server layer and called it “LB_X_COOKIE” also. It’s showed on the screen 2.  

sedo_iisarr02

Screen 2.

But there isn’t this field in the log file. I show it on the screen 3.

sedo_iisarr02

Screen 3.

And only when I added this field on the site layer this field appeared in the log file. But there isn’t any value of the server variable (You can see it at screen 4).

sedo_iisarr02

Screen 4.

I ‘ll be appreciated for any suggestion.

using a Read-Only domain controller with validate user method

June 1, 2017, 9:13 pm
$
0
0

We use an IIS 8 web farm, located in a separate AD site along with a read only domain controller.   When specifying the read only domain controller in theActiveDirectoryMembershipProvider connection string, the getuser method works but the validateuser method fails with

"Event code: 4006  Event message: Membership credential verification failed."

 Is this a limitation of the RODC?  I would assume the validateuser method does not need to write AD attributes but I could be wrong.

Health Check - Strange Behavior

June 5, 2017, 6:05 pm
$
0
0

Hello,

I have an ARR Farm setup to serve a couple of sites and am having issues when trying to do a health test on the sites through HTTPS. I believe I've exported and imported the certificates identically across both servers, but when I do a health check on the HTTPS versions of the sites, I get this status code of 0 along with the error code 80072EFE. The health test works fine through normal HTTP though. I am on Windows Server 2012.

Normal HTTP:

Health Test OK

Through HTTPS:

Health Test Not OK

Any thoughts on what I could check to get past this issue?

Domain service account on workgroup server

June 12, 2017, 6:09 pm
$
0
0

My server is in a workgroup and I've created a virtual directory to a network share. The virtual directory would not accept the domain credentials provided so I've added it to the app pool identity instead. This setup is working on one of our servers, but the app pool randomly stops. I can't get the identity to work on our 2nd server. When I try to view the content in the virtual directory I receive an error stating the username and password is incorrect. 

I must use a workgroup server and a domain identity. Any help is appreciated!

Web deploy - sync web servers - how to exclude folder?

June 13, 2017, 8:22 am
$
0
0

I use the following script to sync webservers:

add-pssnapin wdeploysnapin3.0

New-WDPublishSettings -ComputerName SERVER01 -AgentType MSDepSvc -FileName C:\Powershell\WebDeploy\Settings\SERVER01.publishsettings

New-WDPublishSettings -ComputerName SERVER02 -AgentType MSDepSvc -FileName C:\Powershell\WebDeploy\Settings\SERVER02.publishsettings -UserID USERAA0 -Password XXYYY

Sync-WDServer -SourcePublishSettings C:\Powershell\WebDeploy\Settings\SERVER01.publishSettings -DestinationPublishSettings C:\Powershell\WebDeploy\Settings\SERVER02.publishSettings

Now i want to exclude 1 Folder for sync. What is the best way to do this?

The Folder should be available/exist everywhere, but the content of this folder should not be sync.

Thanks for your help!

Viewing all 292 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>