We have successfully deployed a LightSwitch app in a web server IIS 7. The app works perfectly when accessed via the internal IP (http://servername), but when it is done via the external IP (https://www.example.com), the queries don't work. It does fetch ALL data but if something is entered in search fields the query fails, it shows data
fields with a red X.
Fiddler shows the following info:
<LI id=L_defaultr_12>Error Code: 500 Internal Server Error. The request was rejected by the HTTP filter. Contact the server administrator. (12217)
And the screen looks like this:
Any suggestion on how to trace this problem would be greatly appreciated.
I found the problem was caused by the ISA server blocking high-bit characters. When you configure HTTP filtering to block high-bit characters, URLs that contain characters from a double-byte character set (DBCS) or URLs that contain Latin 1 characters are blocked
The solution:
Configure the Web publishing rule so that it does not block high-bit characters. To do this, follow these steps:
1. Start the ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition Management tool.
2. Expand ServerName, where ServerName is the name of your ISA Server or Microsoft Forefront Threat Management Gateway, Medium Business Edition computer.
3. Click Firewall Policy, click the Web publishing rule that you created to publish the Exchange Server computer for access by OWA users, and then click Edit Selected Rule.
4. Click the Traffic tab, click Filtering, and then click Configure HTTP.
5. Click to clear the Block high-bit characters check box, and then click OK two times.
6. Click Apply to update the firewall policy, and then click OK.
Related
I am running two Windows server 2016s with IIS 10.0.14393. One server for staging purposes, and one for production.
The application has one "front-end app" and one "back-end REST api" running on the same IIS server. The front end communicates with the backend (suprise!). The difficulty I am facing is that the staging server works as expected, i.e no "Sign in" box appears when entering the front-end web page (React). However, on the production server this box pops-up.
When the page is loaded, there is javascript that fetches some information from the API, and it seems that this async fetch is causing the pop-up to occur (the request is in pending mode until login).
I have studied the configuration of IIS on the two servers but can't seem to find any obvious differences.
Both instances have both windows authentication and anonymous authentication turned on for both front-end and backe-end. I need this as the API has different types of authentication for the endpoints.
Anyone that has solved a similar issue?
Thanks
If someone experiences a similar issue the following link may help: https://support.microsoft.com/en-us/help/258063/internet-explorer-may-prompt-you-for-a-password
In my case I was sending the request to the api with the full domain url. The problem was fixed by just using the machine name (and port in my case) when sending the request. If the whole domain with punctuation is used, the system believes that the request is meant for the Internet and not the intranet, and will not include any credentials.
Another, and probably more robust solution, is to add the site in question to: Internet properties -> security -> Local intranet -> sites -> advanced.
I built a web service and connected it to Windows Federated Search successfully.
Windows Search displays the results just fine when the URL returned by the web service for each result has an URI scheme of http or https but the results are blocked otherwise.
For example, URLs like "file:///C:/Users/Public/Pictures/Sample%20Pictures/Chrysanthemum.jpg", "mailto:someone#example.com", "onenote://note/", etc., all fail. I am particularly interested in opening items with custom URI schemes.
Internet security settings blocking search results with file scheme
Internet security settings blocking search results with mailto scheme
I spent several hours reading about Protected Mode, doing changes to the security zones, changing "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults", "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy", "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ProtocolExecute", running explorer.exe elevated (to check the integrity level was the problem) and even disabling Protected Mode and UAC but the result is the same so I wonder if this way of extending Windows Search was designed to support non-HTTP schemes.
I am using Windows 7 Professional Service Pack 1 64-bit and Internet Explorer 11.
"I wonder if this way of extending Windows Search was designed to
support non-HTTP schemes."
My guess is "No" it wasn't, and that the lockdown there is present for security reasons. You could probably return a HTTPS URL to a web server that itself redirects to the target protocol or attempts to invoke it.
I have an AWS server (MS SQL SERVER EXPRESS 2008 R2 with IIS), with an elastic IP of 54.214.8.111, security groups configured with HTTP, MS SQL and FTP, and I can connect to the remote virtual machine using the rdp file that amazon gives you in the console.
However when I try to connect via visual studio to test if the database is working, it gives me a "Login failed for user 'dbuser' error. I have a user called dbuser on my SQL Server (on the server side of course) with full access permissions etc. I also cannot connect to an ftp on the server, despite all guides and help doc. Something seems to be simply blocking my connection. I have tried the same thing on multiple computers.
Everything seems to be configured correctly except I suspect the server instance.
Can anyone help? PS I'm fairly new to web development, this is my first AWS EC2 server.
[UPDATE] I just tried to create a new instance in a different location, same error, maybe I don't know how to configure the SQL Server on the EC2?
I recently had the same connectivity issue to AWS/SQL Server, I finally have it resolved.
Connecting to SQL Server remotely on AWS involves 3 main factors:
AWS --> Windows Security --> SQL Server Settings/Security.
Connections can easily fail because each area has specific requirements. I'll go through the check-list:
AWS:
In AWS management console, go to Security Groups, click on the group that applies to your windows server, make sure MS SQL TCP port 1433 is open to your specific client IP. If not, you'll need to add it.
*UPDATE 5/10/22: In the inbound-security in AWS, if you enter 0.0.0.0 for source IP it will open that port publicly, you should not open the port to everyone. Only open this port to specific IP addresses and take additional security measures to protect it, allowing only authenticated users to access. Read up on security and how to configure to protect your SQL server.
Note the Public IP of your server
WINDOWS:
RDP to the Amazon Windows server, Start > Administrative Tools > Local Security Policy
Click Windows Firewall with Advanced Security, Windows Firewall Properties, Click the "Public Profile" tab, set Firewall State to "ON", Inbound to Block, Outbound to Allow (or block depending on your application). OK.
Expand the Windows Firewall (on the left Pane), R-Click the Inbound Rule, Click New Rule.
Click Port option, Next > , for TCP, enter 1433 Next >, Allow the connection, Next >, Next > , give it a name (SQL-PORT-ACCESS)
SQL-SERVER:
Login to SQL Server with SSMS (SQL Server Management Studio) using the default windows authentication.
On the left-pane, R-click the top server listing (with the database icon, the very first listing), and select "Properties"
Properties window, click Security on the left pane, choose the "SQL Server and Windows Auth"
Click Connections, check the "Allow Remote Connections" option ... Click OK.
Open the SQL Configuration Manager, Start > Programs > Microsoft SQL Server > Configuration Tools > SQL Server Configuration Manager
SQL Server Network Configuration (Expand), select Protocols for MSSQL, R-Click TCP , select Properties (TCP should be enabled)
Click IP Addresses tab, check that IP1 is enabled, Dynamic Ports is 0, TCP port is 1433
Scroll all the way down to IPAll section, Enter 0 in TCP Dynamic Ports, and 1433 in TCP Port. OK...
Back on the left pane, click, SQL Server Services, R-Click the SQL Server option, and select "Restart".
(NOTE: SQL Browser server does not impact connectivity, browser service only lists available servers, with your specific connection parms, no need to start or worry about the browser)
TESTING:
You don't have go to your remote client to test, start by trying to connect from the same SSMS window on the server. This reduces all the other things that can go wrong at first, if you can connect here, you have some confirmation that it works. If it doesn't work from your own server, the issues are related to Windows security and SQL security and setup.
Under the Object Explorer (SQL server Management Studio), click "Connect" > Database Engine...
In the Server name:, enter your PUBLIC IP, a comma, then 1433. Example, if your public IP is 54.4.4.4 , enter 54.4.4.4,1433,
Select the authentication as "SQL Server", enter the login user and password.
If you're using "sa", remember to change the password.
If your connection works locally, then you can try your remote client connection.
At this point you know your SQL server and user settings are correct.
Next, try using SSMS on another computer. If that fails, probably the firewall needs a 2nd look...
Good place to understand issues, is the SQL logs easily accessible from SSMS, on the left pane, expand Management, then SQL Server Logs, current log will list any problems.
So, those are all the parts involved -- miss one and you'll be frustrated, but start by reducing the pieces when testing.
I was able to connect to my database on AWS Windows Server/SQL Express from a Windows device...
Good Luck!
Actually i have following step by step from http://www.windowsazure.com/en-us/manage/services/sql-databases/getting-started-w-sql-databases/ to create database and etc.
But when i try to login using username and password which i have configured,message error appear " Failed to retrieve connection information. Try to login again. "
I have configure firewall before to allowed my public ip to access the database.
How to solve my problem ?
Thanks
Clear your cookies and browsing history and contact Microsoft support if this persists after some time (like an hour)
That is very interesting problem.
What about checking connection with Microsoft SQL Server (can be Express edition).
If you configured firewalls then you should be able to access Azure database via Microsoft SQL Server Management Studio from your system with no problems.
Alternatively you could check Visual Studio. But I am not sure if Visual Studio Express edition can connect to Azure databases (you might need some paid version).
If you still have some connectivity issue using SQL Management Studio then that would indicate some networking problems between your place and Azure data centre. In that case I would recommend spinning up another Azure database (for very short time) in different data centre, set up firewalls and see if that will work.
EDIT
Any way to configure Firewall for Azure ?
Firewall to database cannot be configured at a level of individual databases; it needs to be configured at a level of server.
In Windows Azure Management portal, go to Database tab and then select database server:
Once you in server dashboard, select configuration top tab. You can change DB Server firewall allowed IP addresses under Allowed IP Addresses
In the same section there is Current Client IP Address which tell you the current IP. That very handy when you work with VPN or change your network quite often.
Allow popups. Chrome was blocking this from me.
We host our ASP.NET applications on two web servers (Server 2003, IIS 6) that reside behind a hardware load balancer. When I look at the IIS logs, the c-ip value in the IIS (v6) logs are ALWAYS the IP address of the load balancer. I noticed in the http headers, there is an X-Forwarded-For header that appears to have the requesting IP address. Is there something I can do to make IIS log this header value in the logs?
I don't know how long it's been around, but the Advanced Logging extension for IIS 7 and up (on Windows Server 2008 and up) offers Custom logging functionality which can be used to gather (almost) arbitrary information in IIS log files, including custom HTTP request (and response) headers like X-Forwarded-For.
I've just today set this up on our server and it works beautifully.
One thing to note: instead of editing the default Log Definition by the name of %COMPUTERNAME%-Server, just create a new one on your site or globally on your server to avoid the exception "The request is not supported." when trying to save your changes. This happens when you try to edit that default definition on the site level (thanks to this thread for the answer).
When going through a proxy you the x-forwarded-for is what is most commonly used by load balancers. You can probably write an httpfilter which will swap this around yourself; or IIS Tracer has the ability to play with the standard files; including swapping the c-ip and x-forwarded field.
If this isnt being done for the use of a third party reporting tool; you might want to dump your logs into SQL Server where you can manipulate the columns whenever you want.
Personally i go for the latter so that i can get aggregate data for all the servers; i dump into different tables in the same db and then report from all the web servers in the farm. I also find it easier than managing 500mb or so log files all over the place.
F5 networks offers an ISAPI filter on devcentral.f5.com that will take x-forwarded-for and use it in the logs.
Beyond that, though, there's not much you can do - this is how TCP works. :)
This is a pretty old question, but thought I'd add that IIS 8.5 has the ability to write
custom HTTP headers to the IIS logs. This is a much nicer option than installing an ISAPI filter or HTTP module.
This walk through shows how to set this up through IIS Manager:
http://www.iis.net/learn/get-started/whats-new-in-iis-85/enhanced-logging-for-iis85
This other SO question shows how to do it with PowerShell:
Add IIS 8.5 Custom Logging Fields with Powershell
IIS 8.5 advanced logging will let you log the X-FORWAREDED-FOR header easily.
IIS 8.5 Advanced Logging