Retrieving status of IIS in real time - windows

I want to build a service that will keep polling and will let me know if IIS service on a machine has been reset, and instantly send the status to a client (client could be anything).
I want this to work in a scenario where the target IIS is going to be reset by a lot of people remotely in a network. I came across the command iisreset /status which gives me the following output:
Status for Windows Process Activation Service ( WAS ) : Running
Status for World Wide Web Publishing Service ( W3SVC ) : Stopped
But somehow this approach seems inefficient to me, considering that IIS might get reset very fast and the polling might happen just after IIS resets and no status would get sent to the client.
As an alternative, I am trying to see if there is a log that is maintained for all these activities performed on IIS? Can someone suggest any other way to achieve this?

The IIS WMI Provider springs to mind:
http://msdn.microsoft.com/en-us/library/aa347459(v=vs.90).aspx
The Windows Management Instrumentation is a very powerful native tool.
iis.net has pratical examples for the WMI providers, including solutions for your problem.

Related

When should we host WCF service in IIS and when should we host in a windows service?

I need to host my WCF service but I am unable to decide whether I should host it in IIS or a windows service?
What are the advantages, drawbacks, benefits of one over the other please?
Thank you
IIS under version 7 is out of the question for any serious hosting anyway....
As for IIS7+/WAS vs. self-hosting in a NT service:
the IIS7/WAS setup will "load on demand", e.g. when your first request comes in, a ServiceHost will be created, then that service host creates the service class to handle the request. This is beneficial from a memory point of view (uses no memory for the ServiceHost if no requests come in), but it's a bit of an additional overhead on the first call when IIS first needs to spin up the service host
NT Service allows you to pre-create the ServiceHost and open it so it's ready to handle requests right away; a bit more memory usage, but a bit more responsive, at least on "first calls"
Another benefit of self-hosting: you're 100% in charge of when the service host starts, pauses, stops, and so on. With IIS/WAS, you're at times at the mercy of IIS with its potential to recycle app pools at the worst possible moment......
The main advantages of IIS is that it handles the lifetime of your service for you: activation, recycling...
Its main drawback if you don't have v7 is that without WAS it can only host http based web services
The services need more care in case of fatal error... and then need to be installed whereas a web site can be copied to its web folder once it has been created
If your version of iis is >= 7, then I don't see a lot of interest in not using WAS as it supports all the wcf transports, others might have a different view though...

Deploy using IIS Web Deploy (WMSv)c with basic auth fails but NTLM works?

I'm trying to setup Web Deploy on IIS 7, so that 1-click publishing in Visual Studio works.
Every time i try and publish the app i get a 401 error, which seems to be failing to auth against WMSvc. I have set the build output verbosity to detailed and can see the web deploy command being used. When i try and run it from the command prompt i get the same 401 error (ERROR_USER_UNAUTHORIZED), however when i change the the authType parameter in the command from basic to NTLM it works fine and publishes correctly...
As far as i was aware WMSvc only worked with basic auth and not NTLM. As far as my server config goes i have tried setting the management service to accept only windows users and to allow Windows users and management service users, neither setting seems to make any odds.
I can connect fine using IIS manager locally to the remote server, but as soon as i try and use any of the export functionality on the remote server i get permission issues from the remote connection. This all seems most odd, can any one shed some light on this behaviour?
Just providing the answer that worked for me, after searching in vain I stumbled upon an article by Phil Haack (whilst looking for something else entirely):
It turned out I had a URL-ACL defined which was stopping everything from working.
Followed the instructions in that post and it all just worked like it should :-)
I personally wish web deploy was a bit less fragile when it comes to setting it up, works great once you've gone through the pain.

Debugging Topshelf service that won't run under restrictive account

I have a Windows service written using Topshelf. I'm trying to configure it to run using a Windows account with restricted privileges rather than using LocalSystem. That's also necessary as I'd like to connect to a database using integrated authentication.
The service works when run as LocalSystem (albeit with a database connection string containing credentials) and running the console application as my limited account (using runas) also works.
However, when I try to start the service the service control manager times out waiting for a response:
The service did not respond to the start or control request in a timely fashion.
I also get the following in the Application Popup event log:
Application Error : The exception unknown software exception (0xc06d007e) occurred in the application at location 0x77e4bef7.
The first thing that the application does is writes to a log file but it doesn't reach that when I start the service. The logging works if I run via the console.
Any suggestions what I might be missing or what I might try next?
This problem seems to be related to the server (a domain controller) rather than TopShelf. A service built with the .NET service component also exhibits the same behaviour.
The service runs successfully on a different machine (in the same domain).
Unfortunately this doesn't help diagnose the problem but gives me an acceptable workaround.
Check the MSDN article Debugging windows services which describes how you debug windows services.
I've just started seeing this on a few of my services written in .net 2.0. They'll start fine when the server boots, but if I were to restart them throughout the day, they would not start, and give this error message.
They currently ran under a domain account which has admin rights on the box, but for kicks, I switched it to Local System, and the service started normally. I stopped it, changed it back to the domain account (reentering the password), and it started normally again as expected.
Don't know if this counts as a 'fix' so much, but that's what worked for me.

Restarting windows service from website

I've a website that puts info into a mySQL database and a windows service (written in VB.Net) that polls the db and actions what's in there.
However, occasionally it stalls and rather than having to RDP into the server, I want superusers to click on a button to restart the service.
I can get the button to say, do a directory listing of c:\ output to a test file so the whole 'getting a command to execute on a remote server' issue works. However, I can't restart services.
I assume this is a security thing (although it has full rights to c:\ I thought I'd sussed that already).
The website runs under the normal IUSR_user so am I doing something really stupid or can someone explain how to get the service to be restarted ?
Many thanks
Adrian
I think a significantly bigger problem is that you have a service that's stalling. Do you have any logs or errors that the service outputs to that you could use to diagnose why it's stalling?
I'd write a service that restarts selected services and call that from my website, just for fun!
It seems that you need to give the user permissions on the specific service. The simplest way to do this (in my view) is to use subinacl.exe from the Windows Resource Kit.
subinacl.exe /service MySQL /Grant=IUSR_user
I'm would be very careful when doing this on a public-facing web server. Have both authentication and rate limiting on the restarting code.
Use the ServiceController class:
http://msdn.microsoft.com/en-us/library/system.serviceprocess.servicecontroller.aspx
This should allow you to connect to the named service and stop/start it.
EDIT:
In addition, you probably need to have your web app impersonate a user with rights to restart the service. This can be accomplished via an identity impersonate in the web.config, or running the web app in a configured application pool in IIS. Keep in mind that the web app will have to run on the same box as the service is running on.

Cannot Access http://<tfs-server>:8080

I've installed TFS 2008, but I can't seem to access the server. When I try to connect to it in Visual Studio, I can't. If I try by browser on a remote PC, I get a generic page cannot be displayed. On the server, I get a 403. Nothing was touched in IIS and the service is running as a Network Service. Any ideas?
try:
http://localhost:8080/Services/V1.0/ServerStatus.asmx. This will tell you if TFS is up and running. If you are getting anything else you need to look into IIS issues.
I wrote a blog post on diagnosing these types of TFS connections.
http://blogs.msdn.com/granth/archive/2008/06/26/troubleshooting-connections-to-tfs.aspx
The very first thing I do is confirm that it works for a known-good configuration – usually my workstation.
Providing that works and the server appears to be functioning, the next thing I do is ask the user to call the CheckAuthentication web service using Internet Explorer.
The URL for this is: http://TFSSERVER:8080/services/v1.0/ServerStatus.asmx?op=CheckAuthentication
By doing this check, I am doing four things:
Eliminating Team Explorer from the picture
Eliminating the .NET networking stack from the picture
Ensuring that Windows Authentication is working correctly (that’s why I say IE)
Ensuring that proxy settings are set correctly
In most cases I’ve seen, the TFS connection issues are because the proxy settings have changed or are incorrect. Because .NET and Visual Studio use the proxy settings from Internet Explorer, it’s important to have them set correctly.
In rare cases it’s beyond this. That’s when I start looking at things like:
Can you resolve the server name?
Can you connect using the IP address?
Are there HOSTS file entries? (see: c:\windows\system32\drivers\etc\hosts)
Can you ping the server?
Can you telnet to port 8080?
Does the user actually have access? Run TfsSecurity.exe /server:servername /im n:DOMAIN\User to check their group memberships
Have you changed your domain password lately? In some cases they’ll need to logoff the workstation and log back on again to get a new security token.
Is the computer's domain certificate valid? update the certificate: gpupdate /force
Hope this helps.
Turns out the time and date on my computer was not "close enough" to the time and date on the tfs server. Changed my system clock setting and problem went away.
What happens if you send a simple HTTP request to the server directly?
ie:
telnet 8080 [enter]
GET / HTTP/1.1[enter]
[enter]
[enter]
That might give a hint about whether IIS is actually serving anything. If you can do that on the server, what about from a different machine? If the results are different a good guess is there are some security/firewall issues somewhere. HTH a little.
I went through everything on a similar problem.
I logged onto my tfs server and connected directly there.
I also used a TFS admin tool I downloaded some time ago from Microsoft, and made sure I was in all the right groups and projects.
I then went back to the client PC with the problem, tried the services/1.0/serverstatus.asmx?op=CheckAuthentication Url again, and it worked this time.
AFter that full service was restored to my PC.
So I don't have the exact answer, but I would go through the checklists presented by Grant Holliday in his answer.
Add this to the cases for future users, as i had this issue on server 2016...
if your firewall allow only Domain and Private Network, it may not work on client. make sure you give public permission, if server network is set to public...
The error you may face:
ERR_CONNECTION_TIMED_OUT
for
http://fserver:8080/tfs

Resources