I have three mvc 3 web applications in a single web role on Azure Cloud Services. All of a sudden this morning both the single instance in production and in staging give "HTTP Error 503. The service is unavailable." when navigated to in a browser.
I rebooted the production instance but nothing changed. Then I deployed a remote desktop enabled version to the staging instance and logged in. However, strangely when I navigate to the web applications in a browser inside the remoted staging instance everything works.
Looking at IIS server logs it seems there are some issues starting the roles (warning level about the appPoolId being incorrect) but obviously the roles are starting as they are accessible from inside the staging server.
The World Wide Web Publishing service is also running and even after restarting this service the web application is not accessible externally.
Does anyone have an explaination for why the sites are accessible locally but not remotely that would help me debug this issue?
I found out where the issue came from, the bindings that were configured in IIS7 did not include bindings for the actual [abc].cloudapp.net host headers.
I assume that for some reason since some time last night or this weekend the requests seem to come with those headers instead of the original headers for the website. This is really strange but adding these bindings fixed both the staging and production instances and they were available again after this change.
Related
I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.
Web API has GlobalConfiguration.Configuration.IncludeErrorDetailPolicy
= IncludeErrorDetailPolicy.Always; to turn on remote errors. (Allowing them to see them in a browser even if you are not browsing on the local machine.
But, near as I can tell, Service Fabric, running Web Api, does not support GlobalConfiguration.
Is there a way to configure things so I don't have to log into one of my Service Fabric server machines each time I want to see what a services error message is?
I recommend you don't show error details to everyone.
It's a security risk.
Consider moving your error logs out of your cluster. For instance, by using OMS, ELK or Application Insights.
I have a WebApi project that wraps the Dynamics CRM Online web service and provides a REST api. I have a simple controller that gets some contacts from CRM and returns them to the caller.
Everything works fine when I run it in the local emulator. However, when I deploy the project to Azure, I can reach the home page, but the controllers all return http 500 errors. Why would this happen? And how can I troubleshoot to get more details?
UPDATE
The issue is with the absence of Microsoft.IdentityModel.dll on the Server 2012 instance running the web role in Azure. I found this by opening web role instance in RDP, installing Fiddler, and making the request from Fiddler to the local IIS server. It responded with the detailed error.
Now my issue is figuring out how to enable IdentityModel on a Windows Azure Web Role. You're supposed to be able to add it via the Server 2012 Add Roles and Features wizard, but it's totally locked down on the Web Role. You can't check any boxes that aren't already checked. Is this even possible?
The issue is giving the Web Role access to Windows Identity Foundation when it's inherently not there. Marc Schweigert provides clear steps to do this here:
http://blogs.msdn.com/b/devkeydet/archive/2013/01/27/crm-online-amp-windows-azure-configuring-single-sign-on-sso.aspx
Go to the 23:00 mark of the video and you'll see the 4 necessary steps:
Reference Microsoft.IdentityModel.dll (need WIF SDK installed)
a. Set copy local = true
Create RegisterWIFGAC.cmd in your web role project
Create Startup Task in ServiceDefinition.csdef that invokes RegisterWIFGAC.cmd
Add GacUtil to the project (used in the startup task) to put Microsoft.IdentityModel.dll in the GAC every time the web role starts).
Is there a way to get the IIS logs for a website hosted on AppHarbor? I have one site hosted on it and I am getting run time exception. Currently I get a suggestion that I should enable custom errors to view the exception. I don't want to do this since it is a deployed instance which is being used by users.
The IIS logs are not currently available but you can access unhandled exceptions in the error interface on AppHarbor.
You can also use something like Elmah (appropriately locked down) to record and inspect errors.
We're working on making HTTP access logs available too.
Odd one this. I've got a servlet application running under Tomcat with Axis2. The application also exposes a web service (via Axis2).
Now then, Tomcat handles session management no problem, as per usual, however, when the web service is invoked, randomly, all sessions appear to be invalidated. Plus, afaik, this only happens in Chrome! The next time the Chrome client makes a request, it is handed a new session by Tomcat.
This happens after every time the web service is invoked, but doesn't affect sessions in Firefox or Safari.
Any ideas? This is extremely baffling for me.
Thanks in advance
Fixed it. Very strange result but the Axis2/web service part was a complete red herring. The problem here was that I was using another instance of Chrome to invoke the web service (using a different web app).
This second app was running on the same URL but on a different port (8080 instead of the default 80). It would seem that browsers (not just Chrome) manage sessions based on A. the domain (such as www.stackoverflow.com or localhost in my case) and B. the path (ie the name of the web app in Tomcat).
It does NOT make any distinction between domains running on different ports, hence Chrome got itself all confused when I had two windows open, one pointed to localhost/webapp and the other pointing to localhost:8080/webapp. As far as Chrome was concerned it was the same site and therefore each one kept overwriting the other's session ID.
What a mess!