Windows 2016

Redirection Module in IIS

SmarterMail Force HTTPS

Setting up an HTTP/HTTPS redirect in IIS

Once the SSL certificate is installed, your site still remains accessible via a regular insecure HTTP connection. To connect securely, visitors must specify the https:// prefix manually when entering your site’s address in their browsers.

In order to force a secure connection on your website, it is necessary to set up a certain HTTP/HTTPS redirection rule. This way, anyone who enters your site using a link like “yourdomain.com” will be redirected to “https://yourdomain.com” or “https://www.yourdomain.com” (depending on your choice) making the traffic encrypted between the server and the client side. 

Below are steps to setup a IIS HTTPS redirect:

  1. Download and install the “URL Rewrite” module.
  2. Open the “IIS Manager” console and select the website you would like to apply the redirection to in the left-side menu:
  3. Double-click on the “URL Rewrite” icon.
  4. Click “Add Rule(s)” in the right-side menu.
  5. Select “Blank Rule” in the “Inbound” section, then press “OK”:
  6. Enter any rule name you wish.
  7. In the “Match URL” section:- Select “Matches the Pattern” in the “Requested URL” drop-down menu 
    - Select “Regular Expressions” in the “Using” drop-down menu 
    - Enter the following pattern in the “Match URL” section: “(.*)” 
    - Check the “Ignore case” box
  8. In the “Conditions” section, select “Match all” under the “Logical Grouping” drop-down menu and press “Add”. 
  9. In the prompted window:
    - Enter “{HTTPS}” as a condition input 
    - Select “Matches the Pattern” from the drop-down menu 
    - Enter “^OFF$” as a pattern 
    - Press “OK”
  10. In the “Action” section, select “Redirect” as the action type and specify the following for “Redirect URL”:https://{HTTP_HOST}{REQUEST_URI}
  11. Check the “Append query string” box.
  12. Select the Redirection Type of your choice. The whole “Action” section should look like this: 
  13. Click on “Apply” on the right side of the “Actions” menu.

The IIS redirect can be checked by accessing your site via http:// specified in the URL. To make sure that your browser displays not the cached version of your site, you can use anonymous mode of the browser. 

The rule is created in IIS, but the site is still not redirected to https://

Normally, the redirection rule gets written into the web.config file located in the document root directory of your website. If the redirection does not work for some reason, make sure that web.config exists and check if it contains the appropriate rule.

To do this, follow these steps: 

  1. In the sites list of IIS, right-click on your site. Choose the “Explore” option:
  2. “Explore” will open the document root directory of the site. Check if the web.config file is there.
  3. The web.config file must have the following code block: <configuration>
    <system.webServer>
    <rewrite>
    <rules>
    <rule name="HTTPS force" enabled="true" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
    <add input="{HTTPS}" pattern="^OFF$" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" />
    </rule>
    </rules>
    </rewrite>
    </system.webServer>
    </configuration>
  4. If the web.config file is missing, you can create a new .txt file, put the aforementioned code there, save and then rename the file to web.config.

DNN Event ID 1310 after moving website to new server Exception message: Unsecured Passwords Format Detected

IIS throwing Event ID 1310 Exception message: Unsecured Passwords Format Detected

1310

The Error Message

Exception information: Exception type: ConfigurationErrorsException Exception message: Unsecured Passwords Format Detected. The Membership Provider that contains the unsecure passwords format is: AspNetSqlMembershipProvider. The obsoleted password format is: Encrypted. For more information, see https://go.microsoft.com/fwlink/?linkid=834784.

Request information: Request URL: Request path: User host address: User: Is authenticated: False Authentication Type: Thread account name: IIS APPPOOL\DefaultAppPool

The Problem was actually simple and a “user error"

We tried to connect the website up to the wrong database. i.e. When we copied the database and moved it, we inadvertently copied the wrong database. This caused the above error due to the fact that the machinekey data in the web.config file was wrong for the database.

This caused the error 1310 to be thrown and the Application Pool associated with the new incorrectly setup site to stop.

The fix. 

Connect to the correct database!

Update

Further to this we encountered a really weird set of errors after this. Initially the error appears to be a connection issue. But then we started getting failings that would come an go.

Error logs showing plenty of Event ID 1310 but also in the DNN logs:

DotNetNuke.Services.Log.EventLog.DBLoggingProvider - System.Data.SqlClient.SqlException (0x80131904): Could not allocate space for object 'dbo.EventLog'.'PK_EventLogMaster' in database ‘bla' because the 'PRIMARY' filegroup is full. Create disk space by deleting unneeded files, dropping objects in the filegroup, adding additional files to the filegroup, or setting autogrowth on for existing files in the filegroup.

 

   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)

 

   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)

 

   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)

 

   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()

 

   at System.Data.SqlClient.SqlDataReader.get_MetaData()

 

   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)

 

   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)

 

   at System.Data.SqlClient.SqlCommand.ExecuteScalar()

 

   at PetaPoco.Database.ExecuteScalar[T](String sql, Object[] args)

 

   at DotNetNuke.Data.PetaPoco.PetaPocoHelper.ExecuteScalar[T](String connectionString, CommandType type, String sql, Object[] args)

 

   at DotNetNuke.Data.SqlDataProvider.ExecuteScalar[T](String procedureName, Object[] commandParameters)

 

   at DotNetNuke.Data.DataProvider.AddLog(String logGUID, String logTypeKey, Int32 logUserID, String logUserName, Int32 logPortalID, String logPortalName, DateTime logCreateDate, String logServerName, String logProperties, Int32 logConfigID, ExceptionInfo exception, Boolean notificationActive)

 

   at DotNetNuke.Services.Log.EventLog.DBLoggingProvider.WriteLog(LogQueueItem logQueueItem)

 

ClientConnectionId:e495809e-60d5-44f2-b883-fe81fbe1126f

 

Error Number:1105,State:2,Class:17

The Problem

The issue turned out to be that the database was a legacy database we received from another host. They had defined a database limit size in the SQL database it’s self. This caused the database to strop responding to DNN in a way we had never seen. After some time, the maintenance would drop the size of the database just below the limit and the DNN site would fire up. Until it reached the SQL database limit again.

Not likely to be a problem for many people, but something to check in the SQL dates settings.

The fix update

Increase or remove the size of the SQL database limit.

Adding Application Pool Identity in IIS to a Folder

 
Skip to end of metadata
 
Go to start of metadata
 

Whenever a new application pool is created, IIS creates a security identifier (SID) that represents the name of the application pool itself. For example, if you create an application pool with the name "Smartcrypt," a security identifier with the name "Smartcrypt" is created in Windows. Resources can be secured by using this identity. However, the identity is not a real user account and will not show up as a user in the Windows User Management Console.

This can be configured by selecting a folder in Windows Explorer and adding the "Smartcrypt" identity to the folder's Access Control List (ACL).

  1. Open Windows Explorer
  2. Select the directory the Smartcrypt Manager is installed under (eg: c:\web\mds)
  3. Right click the directory and select Properties
  4. Select the Security tab
  5. Click the Edit button and then Add button
  6. Click the Locations button and make sure that you select your computer.
  7. Enter IIS AppPool\<myappoolname> (eg: IIS AppPool\smartcrypt) in the Enter the object names to select: text box.
  8. Click the Check Names button and click OK.
  9. Check Modify under the Allow column, and click OK, and OK.

By doing this, the file or directory you selected will now also allow the Smartcrypt identity access.

 

You can do this via the command-line by using the ICACLS tool. The following example gives modify access to the Smartcrypt identity to the folder C:\web\mds and all contents.

ICACLS "C:\web\mds" /grant "IIS AppPool\Smartcrypt":M /t
 

Windows Server 2016 Download Maps Manager Delayed Start

Windows Server 2016 Download Maps Manager Delayed Start Red in Server Manager Dashboard

Its kind of annoying to find that after a fresh install of Windows 2016 Server you have a service that fails to behave correctly. Download Maps Manager Delayed Start When you click on the service, you will see something like this. Screenshot 2017 08 02 22 40 27 Even if you attempt to force a start, it does not resolve this issue. The good news is that this service is really not something you want anyway if you have a windows server doing actual server functions.

The Fix

The simple fix is to disable this service. The easy way to do this is to: Open Windows Powershell Be sure to open this by right clicking on PowerShell and select Execute as Admin. This is necessary even if you are logged in as an admin. Windows 2016 Server Power Shell Windows Powershell Type this command:
Get-Service -Name MapsBroker | Set-Service -StartupType Disabled -Confirm:$false
Enter Disable MapsBroker in Powershell Problem is now fixed, and this annoying service is off and will not bother you again.

How Install Disk Cleanup Tools Windows 2012 or Windows 2016

Install Disk Cleanup Tools Windows 2012 or Windows 2016 Server.

Installing the function to clean your disk, requires that you install the Desktop Experience module from the Windows Feature list. 

Install Disk Cleanup on Windows.png

1. Open a PowerShell with Administrator rights.

2. Exercute:

Import-Module ServerManager

Install-WindowsFeature Desktop-Experience

 

 

That’s it. A Reboot of the Computer is required.