IIS Archives – sysinfo i/o

September 30, 2016 12:33 pm by Travis Leave a Comment

Using Let’s Encrypt with IIS on Windows

Let's Encrypt is a new open source certificate authority that promises to provide free SSL certificates in a standardized, API accessible and non-commercial way. If you've installed SSL certificates in the past, you're probably familiar with the process of signing up for a certificate with some paid for provider and then going through the manual process of swapping certificate requests and completed requests. Let's Encrypt is based on set of open service APIs that can be implemented on any platform and create certificates for Web servers including IIS. This seems like a fabulous idea, given that securing your site if you have any sort of authenticated access is an absolute requirement. It's not so much the money that's a problem since basic SSL certificates these days even from paid … [Read more...]

January 23, 2015 9:48 am by Travis Leave a Comment

Disable SSL 3.0 in Windows Server

Vulnerability in SSL 3.0 Could Allow Information Disclosure The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. The vulnerability, which is more formally known as CVE-2014-0160, allows an attacker to read up to 64 kilobytes of memory per attack on any connected client or server. Heartbleed got its name because it is a flaw in OpenSSL's implementation of the Heartbeat Extension for the TLS and DTLS protocols (RFC 6520). The vulnerability, which is caused by poorly-written code, was discovered on the same day by Google and Codenomicon security researchers. The researchers quickly realized that an … [Read more...]

January 21, 2015 1:55 pm by Travis 2 Comments

Report IIS Server Traffic

After spending significant time Googling for an easy way to report IIS traffic on a per server basis and coming up empty handed I have decided to write my own Powershell script that will report web traffic server-wide, site-wide, chart images and automatically email it. The real magic behind it is Microsoft's Log Parser. The query I have configured for mine is to count all the hits on aspx pages to give me the most accurate report. If you use anything else, you can add in an OR clause or replace aspx with whatever you need in the Log Parser lines: WHERE (cs-uri-stem LIKE '%aspx%'). This script was designed to search two IIS hosts, but you could modify it with a little Powershell knowledge. *9/9/2016 update* After revisiting this page much later after posting, I realize how rudimentary the … [Read more...]

November 14, 2012 5:10 pm by Travis Leave a Comment

EC2 AMI Sysprep IIS 7.5 SSL Certificate Error 0x80070520

Today I ran into IIS 7.5 SSL certificate binding error 0x80070520 after running sysprep to create a new bundled EC2 AMI. First I launched a Windows 2008 R2 instance from an official Amazon AMI, installed IIS and imported our wildcard SSL certificate to be used on future websites. Launched the ec2Config service and ran sysprep. Created a new AMI (image) of this instance, then launched a new instance based off this AMI. In IIS Manager, tried to edit the https binding of a site and got the error: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520) This actually has nothing to do with Amazon and is caused by sysprep changing the machine SID which I believe affects the private key of the certificate rendering it … [Read more...]