Setup: ASP.NET 4.0 website on IIS 6.0 on Win 2003 64 bit, 8xCPUs, 16GB memory, separate SQL 2005 DB server.
Had a serious slowdown today with any otherwise fairly well performing ASP.NET site. For a period of a couple of hours all page requests were taking a very long time to be served - e.g. 30-60s compared to usual 2s. The w3wp.exe's CPU and memory usage on the webserver was not much higher than normal. The application pool was not in the middle of recycling (and it hadn't recycled for several hours). Bottlenecks in the database were ruled out - no blocks occurring and query results were being returned quickly. I couldn't make any sense of it and set up the following Perfmon counters:
Current Anonymous Users (for site in question)
Get requests/sec (ditto)
Requests/sec for the ASP.NET application running the site
Get requests/sec was averaging 100-150. Requests/sec for ASP.NET was averaging 5-10. However Current Anonymous Users was around 200. And then as I was watching, the Current Anonymous Users began to climb steeply going up to about 500 within a few minutes. All this time Get requests/sec & Requests/sec for ASP.NET was if anything going down.
I did a whole load of things (in a panic!) to try to get the site working, like shutting it down, recycling the app pool, and adding another worker process to the pool. I also extended the expiration time for content (in IIS under HTTP Headers) in an attempt to lower the number of requests for static files (there are a lot of images on the site).
The site is now back to normal, and the counters are fairly steady and reading (added Current Connections counter):
Current Anonymous Users : average 30
Get requests/sec : average 100
Requests/sec for ASP.NET : 5
Current Connections : average 300
I have also observed an inverse relationship between Get requests/sec & Current Anonymous Users. Usually both are fairly steady but there will be short periods when Get requests/sec will go down dramatically and Current Anonymous Users will go up in a perfect mirror image. Then they will flip back to their usual levels.
So, my questions are:
Thinking of the original performance issue - if w3wp.exe CPU, memory usage were normal and there was no DB bottleneck, what could explain page requests taking 20 times longer to be served than usual? What other counters should I be looking at if this happens again?
What explains the inverse relationship between Get requests/sec & Current Anonymous Users?
What could explain Current Anonymous Users going from 200 to 500 within a few minutes?
Many thanks for any insight into this.
Why isn't my Jakarta connector setup for Tomcat working?
It seems like almost every time we are to install Jakarta Connector to run with IIS, there are unexplained troubles. Im posting this question just to get answers to different problems collected at one place.
Hello.
I have a website running on IIS and using Windows Authentication. All users that are configured to get access to the site are form a AD domain (not local users). In the properties of a Website, I have set to use the AD domain as the realm.
Now, when using Firefox, Safari or Chrome - Everything is fine. When the user tries to open the site, he get's the login box. he enters simply "username" and "password" (let's pretend that it's an actual login and password :P) and he get's into the site.
When using IE, however, things get nasty. When the user tries to open the site - he get's the login box. User enters the "username" and "password" again, but those get rejected! And when the second time login box pops up - it has the username filled in as "web-server-domain-name\username" which is wrong, because web-server-domain-name is not the domain where all users reside (it's "ad-domain"). I've spent days trying to figure out what's going on...
Note, that if I manually enter "ad-domain\username" - I get accepted into the site without problems. So, my guess is that IE sends wrong username if domain is not specified.
Anyway, IE is the only browser that triggers this behavior!
Is it possible to do a server-side fix? Maybe it's possible to somehow auto-map the users to AD users?
If it's not solvable server-side - is there a client-side fix for this?
Thank you.
PS: I'm more of a programmer than a sys-admin, so configuring servers isn't the strong side of mine... :P
UPDATE:
@Evan: Yes, "Digest authentication for Windows domain servers" is also enabled.
@Eric: IIS version is 6.0. The authentication methods enabled are: Integrated and digest - all other methods are disabled.
As for the security log. I looked at it, when doing "username" and "password" login in Chrome/Firefox and when doing "ad-domain\username" and "password" login from IE - the generated log messages are the same (I see no difference, anyway). When entering "username" and "password" I don't see any errors in the security (or any other) log, so can't tell what method it's trying to use.
UPDATE 2:
As suggested by Eric in the comments - I played around with Fiddler... While playing with it, I noticed, that when "username" and "password" is entered in FF and IE - the "Authorization" header value (encrypted) sent by IE is longer (almost two times) than one sent by FF.
I tried to disable Windows Integrated authentication and only leave the Digest enabled - that fixed the problem (meaning, IE used the right realm just like other browsers), but that caused bazillion other problems with my site, because with Digest - user impersonation on the server doesn't work (that causes problems, when connecting to database etc).
Any ideas?
Hello, I don't see ASP.NET "area". In Add Remove programs I see .net framework 3.5 and WSE installed. May be I need particulary install the ASP.NET, but I don't know where I do this.
In Windows 7 I have this area (abowe IIS and Management areas).
Thank you for ahead.
i have winXp sp2 on my machine. i have installed IIS. when i am trying to open my localhost as http://localhost/ it asks for login and password. when i am using my windows authentication to login creates an error message http 500 internal server error
and error detail is
error '8002801c'
Error accessing the OLE registry.
/iisHelp/common/500-100.asp, line 17
how can i resolve this problem?
I've got an environment with several IIS 6 web servers hosting hundreds of apps (dozens of sites, hundreds of virtual directories) all with a myriad of different configurations belonging to dozens of different developers (all deploying apps willy nilly).
Is there some sort of managed software solution that will
centralize management of all my IIS6 environments
provide some inventory functionality
allow for reporting or querying of said application inventory
enforce and automate some sort of deployment process?
I keep getting this error in my event viewer on IIS 6. I'm trying to figure out if my error resets my connection (maybe recycles the worker processes?).
The error is:
An attempt was made to load filter 'C:\Program Files\Software Artisans\FileUp
\FileUpIsapi.dll' but it requires the SF_NOTIFY_READ_RAW_DATA filter notification and
this notification is not supported in Worker Process Isolation Mode.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink
/events.asp.
Hi,
how can I configure IIS SMTP sever to not attach the original mail to the Delivery Status Notification messages? The problem is that when sending newsletters with fairly large attchemnts all these attachments are again attached to the DSN messages which results in a full administrator's mailbox.
Thank you
I have a website running on IIS and using Windows Authentication. All users that are configured to get access to the site are form a AD domain (not local users). In the properties of a Website, I have set to use the AD domain as the realm.
Now, when using Firefox, Safari or Chrome - Everything is fine. When the user tries to open the site, he get's the login box. he enters simply "username" and "password" (let's pretend that it's an actual login and password :P) and he get's into the site.
When using IE, however, things get nasty. When the user tries to open the site - he get's the login box. User enters the "username" and "password" again, but those get rejected! And when the second time login box pops up - it has the username filled in as "web-server-domain-name\username" which is wrong, because web-server-domain-name is not the domain where all users reside (it's "ad-domain"). I've spent days trying to figure out what's going on...
Note, that if I manually enter "ad-domain\username" - I get accepted into the site without problems. So, my guess is that IE sends wrong username if domain is not specified.
Anyway, IE is the only browser that triggers this behavior!
Is it possible to do a server-side fix? Maybe it's possible to somehow auto-map the users to AD users?
If it's not solvable server-side - is there a client-side fix for this?
Thank you.
PS: I'm more of a programmer than a sys-admin, so configuring servers isn't the strong side of mine... :P
UPDATE:
@Evan: Yes, "Digest authentication for Windows domain servers" is also enabled.
@Eric: IIS version is 6.0. The authentication methods enabled are: Integrated and digest - all other methods are disabled.
As for the security log. I looked at it, when doing "username" and "password" login in Chrome/Firefox and when doing "ad-domain\username" and "password" login from IE - the generated log messages are the same (I see no difference, anyway). When entering "username" and "password" I don't see any errors in the security (or any other) log, so can't tell what method it's trying to use.
UPDATE 2:
As suggested by Eric in the comments - I played around with Fiddler... While playing with it, I noticed, that when "username" and "password" is entered in FF and IE - the "Authorization" header value (encrypted) sent by IE is longer (almost two times) than one sent by FF.
I tried to disable Windows Integrated authentication and only leave the Digest enabled - that fixed the problem (meaning, IE used the right realm just like other browsers), but that caused bazillion other problems with my site, because with Digest - user impersonation on the server doesn't work (that causes problems, when connecting to database etc).
Any ideas?
I have installed IIS and .NET 4.0 on Windows Server 2003.
I have a web ready website that that targets .NET 4.0 and have updated the default website home directory to map to the website's directory.
When I visit the website in a web browser (localhost, localhost:80), I get a 404 error (File or directory not found).
Here is the IP address so you can see for yourself. http://72.45.244.92/
How do I get my ASP.NET 4.0 website to run?
I just generated a certificate with a CN and two subject alternative names (3 differents fqdn) and i always get a handshake failure, whatever the ssl version i use:
14177:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:
14176:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
I'm now asking myself if IIS 5 on win2000 does really support those certificates, any ideas ?
Thanks in advance.
I try to force encoding with IIS 7.
When I add in the http response headers the key :
Content-Type and value charset=utf-8 i got this key content-type : text/html,content-type=utf-8
it's there a way to remove the comma ?
I have an existing site that I would like to add a staging subdomain to. I created a new web site for it in IIS, added a host header for subdomain.mysite.com but when I try to get to the subdomain it is not found.
Do I need to create an A Record in my DNS to point subdomain.mysite.com to the server's IP or will the existing entry for mysite.com work? If not, can anyone see what I am doing wrong here?
I have two computers on a home network. One is a development machine, testing sites on IIS (http:// myclientsite/). My other computer (Laptop) is connected through a wireless – it can access shared folders just fine.
How do I allow Laptop to access the site (http:// myclientsite/) located on the development machine?
Had a thing at work today on a Windows Server 2003 box. In IIS Manager I'm trying to create an application for a directory. So I've brought up the properties dialog and clicked the "Create" button and it did absolutely nothing - no error, the application name box stays greyed out and there's no gear icon on the folder. Also there was no event log message.
Has anyone seen this happen or know of a solution?
Andrew, M facing the same problem.IIS Management console is not present under web management tool.Two options are there
1IIS 6 management compatibility 2IIS Management Scripts & Tools.
checked both. But come in no use.Please help.
[email protected]
Is it possible to have IIS (6 or 7.5) return a 404 Not Found (instead of 403 Forbidden) when a disallowed directory listing is requested?
A security scanning service I use thinks the 403 is revealing something "potentially sensitive", when in fact it's just not a valid URL. My workaround is to drop a default.aspx into each directory that returns an empty 404 page, but there has to be a better way...
We're building a web service that will be deployed on an IIS 7.5 farm, and secured through SSL, and also requiring client certs that will be mapped to Active Directory accounts.
My understanding is that the server cert needs to be generated for a specific server. If that is the case then we will need a server cert for each server in the farm. Because the farm will be load balanced, how do we generate client certs that will work with any of the servers in the farm?
Some file from my inetsrv directory (c:\windows\system32\inetsrv) were accidentally removed. Is there a way to get them back? Reinstalling IIS server role doesn't help, because Windows doesn't remove inetsrv directory when removing the role. Copying files from another Server 2008 machine doesn't help neither.
i need help with IIS redirect...
My website is on the internet and i want to redirect requests based on the following rule:
if URL = http :// contoso.com (public address) - Redirect to http :// contoso.com/portal
if URL = http :// myserver (internal address) - Dont do anything
if URL = http :// 192.168.0.1 (internal address) - Dont do anything
is it possible? how can i do it?!?
i managed to get the first one... but i cant get the second and third one to work...