Configuring IIS (Windows 2008 Server) |
  
|
Configuring IIS (Windows 2008 Server) |
|
NOTE: The following steps are still under development. In Windows 2008 Server, Microsoft radically changed the way that IIS is configured, adding more security and other features. As of this writing, we still recommend that Windows 2003 Server be used for the OS for application servers used in ChartNet.
The Application Server uses Microsoft's Internet Information Service (IIS) as it's web server. All incoming requests from remote users pass through IIS to ChartNet via MTWEBSVR.DLL and MTREQSVR.EXE. The following describes the steps to configure IIS to allow ChartNet request to be processed.
Prerequisites:
1.IIS must be installed on the server with specific sub-options.
2.If not installed, go to "My Computer", "Manage", then "Roles". Select "Web Server (IIS)" to install.
3.Make sure the following sub-options are selected before installing the Web Server:
4."WebDAV Publishing"
5."ISAPI Extensions"
6."Basic Authentication"
Configuration:
1.Go to "Administrator Tools"
2.Select "Information Information Services"
3.Click on the "[server name]" line.
4.Click on "ISAPI and CGI Restrictions"
5.Add \\[server]\[share]\system\web\MTWEBSVR.DLL
6.Add \\[server]\[share]\system\web\MTIWEBDLL.DLL
7.Add \\[server]\[share]\system\web\MTPORTAL.DLL
8.Click on "Application Pools"
9.Add two application pools, "chartnet" and "WebPortal".
10.Under Advanced Settings, set the "Identity" to "chartnet_apps" for each pool
11.Under Advanced Settings, set "Enable 32-bit Application" to TRUE
12.Under Basic Settings, set the ".Net Framework Version" to "No Managed Code" for each pool
13.Under Basic Settings, set the "Managed Pipeline Mode" to "Classic"
14.Click on "Default Web Site"
15.Click on "Authentication".
16.Set the "Anonymous Authentication" to "Application Pool Identity"
17.Enable "Basic Authentication"
18.Click on "Handler Mapping". Make sure "ISAPI-dll" is listed and enabled. If not enabled, then right-click and select "Edit Feature Permissions". Make sure "Execute" is checked.
19.Click on "Mime Types". Add a new Mime type. Set "File Extension" to ".*" Set the "MIME Type" to "application/octet-stream"
20.Click on "WebDAV Authoring Rules". Click on "Enable WebDAV". (Failure to do this will result in "Method not Allowed" errors)
21.Right click on "Default Web Site" and select "Add Application".
22.Add the "chartnet" application.
23.Click on "Advanced Settings"
24.Set the "Application Pool" to "chartnet"
25.Set the "Physical Path" to "[root]\system\web".
26.Set the "Physical Path Credentials" to "Application user"
27.Click on "Handler Mappings"
28.Check the settings for the "ISAPI-DLL"
29.Request Path = *.dll
30.Module = IsapiModule
31.Name = Isapi-dll
32.Request Restrictions
33.Mapping = File
34.Verbs = All Verbs
35.Access = Execute
36.Check the settings for "WebDAV"
37.Request Path = *
38.Module = WebDavModule
39.Executable = [null]
40.Request Restrictions
41.Mapping = File or Folder
42.Verbs = PUT
43.Access = Write
44.Click on "WebDAV Authoring Rules"
45.Right-click and select "Add Authoring Rule"
46.Set to "All Content", "All Users", "Read, Source, Write"
47.Failure to do the above will result in "Forbidden" errors.
48.Right click on "Default Web Site" and select "Add Application"
49.Add the "Webportal" application.
50.Click on "Advanced Settings"
51.Set the "Application Pool" to "webportal"
52.Set the "Physical Path" to "[root]\system\web".
53.Set the "Physical Path Credentials" to "Application user"
54.Set the "Handler Mappings" the same as the 'Chartnet' virtual directory. (e.g. "Isapi-dll" and "WebDAV")
55.Add a "WebDAV Authoring Rule" like you did above.
56.Right click on "Default Web Site" and select "Add Virtual Directory"
57.Add the "Voice" virtual directory.
58.Set the "Physical path" to "[root]\system\voice
Common Errors:
"Method not Allowed" - make sure WebDAV is "enabled" on the Default Web Server. Go to WebDAV Authoring Rules and enable WebDAV.
"Forbidden" - Make sure there is a WebDAV Authoring rule added.
"Unauthorlized" - Indicates that a PUT request is coming in and it requires authentication, either "Basic" or "Windows".
"Not Found" - Make sure the WebDAV handler has the "PUT" verb specified. Can also indicate that no "handler" was found in the handler list to handle the request. Can also indicate that client is using basic authentication, but the IIS does not require it.
"10102" - If this happens while trying to connect, see if the server has Windows Firewall turned on. If so, disable it.
"File or Directory not found" - Make sure the ISAPI-DLL handler has "Execute" in the "Edit Feature Permissions"
"Password does not meet criteria" (or something like that) - Go to Local Security Policy, then Acount Policies, then Password Polity, then disable "Password must meed complexity requirements"
"Internal Server Error" - (see notes below).
Other Notes:
IIS 7.0 apparently does not allow the PUT command without using WebDAV. You will get "Method not allowed".
WebDAV does not allow the PUT command without the client using authentication. Basic authentication is allowed. The uHttpClientLib.SendFileToHost was modified to set the User and Password properties to the 'chartnet_apps" account.
If the server that is running IIS is not the DB server (i.e. apps server), then when uploading a file to a virtual directory that is physically located on another server, it will get an "Internal Server Error" every other time. The IIS log shows error code of 500 and a Win32 error code of 32, meaning "sharing violation". I believe this is a bug in IIS 7.0, but did not have the time to verity. The solution for now was to modify the uHttpClientLib.SendFileToHost and have it trap the "Internal server error" and retry the PUT of the file.