ASP 500 Error with Code 0x800700aa While browsing a .asp page

Problem :

Some times you try to browse a simple ASP page (Legacy ASP) hosted on IIS 7.5 or IIS 8.5 and you run in to following Error : 

Detailed Error Information 
Module IsapiModule 
Notification ExecuteRequestHandler 
Handler ASPClassic 
Error Code 0x800700aa 
Requested URL http://localhost/New_Site/Default.asp 
Physical Path C:\inetpub\wwwroot\New_Site\Default.asp 
Logon Method Anonymous 
Logon User Anonymous

You try all the other options like Enabling 32 Bit, Changing AppPool Pipeline mode to Classic, installing .net framework 1.1 or 2.0 but it doesn't help. 

Diagnose the Problem : 

 To find the main reason of this problem you will need to run Process Monitor and filter the logs to see only ProcMon Logs related to w3Wp.exe. 

While digging the logs, you may find some logs similar to following : 

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND 

 

                                                                        OR

12:31:49.0797868 PM    w3wp.exe    8264    CreateFile    C:\Program Files\McAfee\VirusScan\scriptsn.dll    PATH NOT FOUND  

Now the question is, why an asp file request is calling a .dll file which is related to to McAfee AntiVirus program.

Some times , when McAfee is installed on your server or Updated , it add this DLL as part of there ScriptScan feature  to intercept the script calls before they are executed on following Regresty Key : 

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 
    (Default)    REG_SZ    C:\Program Files\McAfee\VirusScan\scriptsn.dll

In normal Conditions, this Registry Key (CLSID - HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32 ) points to VBScript.dll but here it is pointing to C:\Program Files\McAfee\VirusScan\scriptsn.dll. And this is the reason, ASP files are not being processed when requested.

Resolution : 

To Resolve this issue you need to perform following tasks : 

•  Open Registry Editor 
• Navigate to :   HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8} 
• Right Click and Select Permissions 
• Click Advanced 
• Click on the owner Tab 
•  In the “Change owner to ”  Administrators 
• Click Apply can click OK 
• The Select Administrators in the list of accounts under ” Groups or User names” 
• Click the “FULL Control” 
• Click Apply and OK 
• Now Double click on InprocServer32 and Modify its value as "C:Windows\system32\vbscript.dll".
• Click OK and come out or Registry settings.
• Recycle the application Pool serving your application or Reset IIS if necessary.

VOILAAAAAAA !!!!! It Works !!!!!!

Cheers!!!

Installing and Configuring .Net Framework 1.1 on Windows Server 2008 R2

Problem : 

Some times we need to install .Net Framework 1.1 on Windows Server 2008 R2 to run legacy applications on IIS 7.5 ( Such as ASP application). Microsoft does not provide .net framework v1.1 by default on Windows server 2008 R2. You need to install and configure it Manually.

Solution : 

Here are the steps to Successfully Install and Configure .Net Framework v1.1 on Windows Server 2008 R2.

Step 1: Install "IIS METABASE COMPATIBILITY" From Server Manager 

Click Start, and click Server Manager. Expand the treeview in Server Manager and click Manage Roles, and then Web Server (IIS). In the right-hand pane look for an option that says Add Role Services. This takes you to wizard where you can install "IIS Metabase Compatibility".

Step 2: Install .Net 1.1

• .Net Framework 1.1.
• .Net Framework 1.1 Service Pack 1
• ASP.Net Security Update for .Net Framework 1.1 Service Pack 1

You will get a Compatibility warning You can Easily Ignore that Warning and RUN the setup.

Step 3: Enable ASP.Net v1.1 ISAPI Extension

Now go to IIS Manager under Administrator Tools, and in the features view click on ISAPI and CGI Restrictions feature. In the actions pane click add.

Extension: C:\Windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
note: change drive if your system drive is not C:\
Description: ASP.NET v1.1

Alternatively the Same can be achieved by running following command 

running%windir%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis-enable

Step 4: Edit machine.config

.Net v1.1 will throw runtime exceptions if you have IIS configurations in the web.config files that are read by your .net v1.1 applications. To make it ignore IIS configuration sections  edit the machine.config in %windir%\Microsoft.NET\Framework\v1.1.4322\config\machine.config by adding the following section just above the bottom tag for the <configSections> element:

<section name="system.webServer" type="System.Configuration.IgnoreSectionHandler,
    System, Version=1.0.5000.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</configSections>

Step 5: Configure the site to use v1.1 Application Pool

In IIS Manager, select the site that you want to run on .Net Framework 1.1,  Advanced Settings. Adjust the application pool to use ASP.NET 1.1 which will use .Net Framework 1.1.

NOTE :  You can also create your own Application pool with the name of your choice. Steps to create application pool in IIS 7.5 is given in my previous blog.

Step 6 (Very Important) : Now you Need Fix 64bit bug otherwise you will not be able to open the settings of your websites configured to use .net framework V1.1 in IIS 7.5. It will throw an exception.

The config for .net v1.1 does not exist for 64bit  operating systems so you need to copy it from the 32bit folder by doing the following.

• Create \Windows\Microsoft.net\Framework64\v1.1.4322\config
• Copy machine.config from \Windows\Microsoft.net\Framework\v1.1.4322\Config\

Now you are all set to use .net framework v1.1 in IIS 7.5

Cheers !!!!

Courtesy : https://community.rackspace.com/products/f/25/t/820 

How to add Application pool with .Net Framework 1.1 in IIS 7.5

Problem: 

IIS 7.5 on Windows Server 2008 R2 does not install .Net Framework 1.1 by default. You need to install it manually and register it.

When you open IIS Manager and go to Application pool , you see only one Application Pool named ASP.NET 1.1 configured with .Net Framework 1.1 available in Application pools List.

When you add a new Application pool and try to bind it with .Net Framework 1.1 , you dont find the version 1.1 in the Drop Down list in Basic Settings of that Application pool.

Solution : 

Method 1: 

To Add a new Application pool in IIS 7.5 with .Net Framework 1.1 you need to take Following steps 

1. Open Command Prompt with Administrator privilige (Run As Administrator)
2. Change the directory to C:\Windows\System32\Inetsrv :
3  Run following APPCMD command to create new Application pool with .Net Framework 1.1

appcmd add apppool /name:"NewPool" /managedRuntimeVersion:"v1.1"

After placing this command you will see a new Application pool in Application pool list
which will show .Net Framework 1.1 bound to it. Rest of the settings can be made via GUI.

Method 2 :

Run Following commands from C:\Windows\System32\Inetsrv :

appcmd add apppool /name:"NewPool" /managedRuntimeVersion:"v1.1"

appcmd set apppool /apppool.name:"NewPool" /enable32BitAppOnWin64:true

appcmd set apppool /apppool.name:"NewPool"/managedPipelineMode:"Classic"

appcmd set apppool /apppool.name:"NewPool" /autoStart:true

Cheers!!!!

How to enable Powershell 2.0 on Windows Server 2008 32 bit

Problem : 

If you are trying to search Powershell 2.0 on Windows Server 2008 32 bit , you will not be able to find it as it is not installed by default.

Solution : 

1. You need to install Powershell 2.0 on your machine from following MS link. Its basically an           update from Microsoft which installs and enables Powershell on Windows server 2008 (32 Bit).

https://www.microsoft.com/en-us/download/details.aspx?id=11829

Windows PowerShell 2.0 and WinRM 2.0 for Windows Server 2008 (KB968930)

 
   

2. Restart the computer.


Cheers!!!!

Unable to install .Net Framework 3.5 on Windows server 2012 R2

Problem : 

When you try to install .Net Framework 3.5 on Windows Server 2012 R2 , it fails with following error :  

Error Code 0x800F0906 or “the source files could not be downloaded”, 

Reason : 

Microsoft released a security update in August 2014 that updates .Net components. The security updates are as follows: 

KB2966827

KB2966828

If either of these updates are installed, you will run into the above issue if your server does not have access to the Internet to pull the updated components.

Solution : 

There are 2 solutions for this problem :

1. Uninstall Security Updates KB2966828 and KB2966827 and then try to install .Net Framework 3.5 again. It should not give any error now.

2. Install the Update Fix for .net Framework 3.5 for Windows server 2012 R2 from following link . This update resolves an issue that prevents the optional Microsoft .NET Framework 3.5 feature from being enabled after you install security update 2966827 or 2966828 for the Microsoft .NET Framework 3.5. 

https://support.microsoft.com/en-us/kb/3005628

You will not get the error after applying any of these 2 solutions.

Cheers !!!!

Redirect webpage to other website without changing the URL in Browser - IIS

Problem :

 I was asked to redirect a Webpage , say www.x.com to another website www.y.com but client wanted to retain the first URL in the browser. Simple Redirection can be done via IIS redirection module but if we use simple redirection then the URL shown in the browser will be of the redirected page (in this case www.y.com). To over come this problem I applied following solution..


Solution : 

1. Create an index.html file in the root folder of first website (which you want to redirect to other URL).. in this case www.x.com.
2. Paste the following code in that index.html file

<html>
<frameset cols="100%">
<frameset rows="100%">
<frame src="www.y.com" />
</frameset>
</frameset>
</html>

3. Save the file.

4. In the IIS settings of the first website, make index.html as default document.

5. Restart the first website  (www.x.com) (though it is not needed).


You will now be able to redirect your page www.x.com to www.y.com but it will not change the URL in your browser.


Cheers !!!!!!!!!!!!!!

How to Renew Server Certificate on a TMG Forefront Stand Alone Array in Workgroup Environment.

Steps to follow to Renew Server Certificate on TMG Configuration Storage server.

Creating Server Certificate for TMG Configuration Storage server via CA :

Prerequisite

1. As a Prerequisite , you must have a local Certification authority which could issue certificates for the TMG servers.
2. You must have access to any IIS server which will be used to create certificate request.

Creating Certificate Request from IIS : 

1. Open the IIS Manager, click on server name node from the left pane and click on "Server Certificates" from the middle pane.
2. Click on the "Create Certificate Request" from the right pane
3. In the "Common name" field type the Fully Qualified Domain Name (FQDN) of the TMG server that will act as an Array Manager. If your Array Manager server name is TMG01 and workgroup name is workgroup.local then we will use "TMG01.workgroup.local". Fill the remaining fields as per your organizational details like OU, Location, county etc.
4. Choose "Microsoft RSA SChannell Cryptographic Provider" for the "Cryptographic service provider" and  2048 as "Bit lenght".
5. Save the certificate request as C:\tmg01.req.

Creating Certificate based on Request file created in above section

1. Logon to the CA computer and  browse to: http://localhost/certsrv.
2. Click Request a certificate.
3. Select Advanced Certificate Request.
4. Click on "Submit a certificate request by using  a base-64-encoded CMC or PKCS #10 file, or submit a renewall request  by using a base-64-encoded PKCMS #7 file".
5. Paste the contents of the tmg01.req file that we had created earlier from IIS to the "Base-64-encoded certificate request" field. In case you have a drop-box with Certificate Templates list, select "Web Server" template.
6. Your certificate request is now submitted to the CA. In case the "Request Handling" property of your CA is set to automatically issue certificates you will be presented with the following page where you have the possibility to download your issued "cer" file. Click on "Download certificate" and save the file as C:\tmg01.cer.
7. In case the "Request Handling" is set to manually issue the certificates by the administrator then you will have to perform the following steps.
8. Open the "Certification Authority" console on your Issuing CA server and click on "Pending Requests". You should see your request in the right pane.
9. Right click on the request and select All Tasks > Issue.
10. Browse to the CA web site again (https://yourservername/certsrv) and click "View the status of the pending certificate request". There should be your "Saved-Certificate Request" listed.
11. Download the "cer" file as we did in Step 6.
12. Now return to the IIS Manager console from which you have created the certificate request and now select "Complete Certificate Request".
13. In the "Specify Certificate Authority Response" screen browse to the "cer" file you  have downloaded from the CA and enter a friendly name for the certificate. I usually type the same name as common name.
14. You have now completed the procedure of issuing the "Server Authentication" certificate. If you open the "Local Computer" Certificates store on the server where you have requested the certificate you should see the certificate in the Personal > Certificates folder. The certificate icon should have a little yellow key pictured which means that you have both private and public key. We must export the certificate with private and public keys so that we can import it on our TMG server.

Exporting the server certificate created in Previous section.

To export the server certificate

1. On IIS server, From the Start menu, click Run. Type MMC, and then click OK.
2. In MMC, click File, and then click Add/Remove Snap-in.
3. In Add/Remove Snap-in, click Add to open the Add Standalone Snap-in dialog box. From the list of snap-ins, select Certificates, and then click Add.
4. In Certificates snap-in, select Computer account, and then click Next. In Select Computer, verify that Currect User is selected, and then click Finish. Click Close, and then click OK.
5. In the MMC console, expand Certificates , expand Personal, and click Certificates.
6. In the details pane, right-click the certificate you just created (it will show its fully qualified domain name (FQDN) of the configuration storage server), point to AllTasks, and select Export.
7. On the Welcome page of the Certificate Export Wizard, click Next.
8. On the Export Private Key page, select Yes, export the private key, and then click Next.
9. Personal Information Exchange - PKCS #12 (.PFX)" should be selected. Unmark all the checkboxes and click Next.
10. On the Password page, you may provide and confirm a password, and then click Next.
11. On the File to Export page, click Browse, and browse to a location where you want to store the exported certificate file. Select be any location on that machine from which the file can be easily retrieved by Forefront TMG installation when installing Forefront TMG services which includes the configuration storage server. Click Next.
12. On the summary page, click Finish.
13. Now that we have our certificate ready for import there is still one thing we must do. Since we are creating TMG array in a workgroup mode we must import the root certificate of the CA that issued the certificate to all of the TMG servers that will participate in array. But first we must export the root CA certificate from a computer that has it.
14. Open the "Local Computer" Certificates store on the Issuing CA computer or on some other computer which is a domain member in a domain where CA resides.
15. Navigate to the Trusted Root Certification Authorities > Certificates, right-click on the root certificate from the CA which issued your certificate and select All Tasks > Export.
16. elect "DER encoded binary X.509 (.CER)" and click Next.
17. Save the "cer" file to disk. In our example it is C:\CompanyRootCA.cer.
18. Now we have both the PFX file which contains our public and private keys for the TMG computer certificate and a CER file that contains a public key from our root CA. The next thing we must do is to import the root certificate to each TMG server that will participate in the array and to import the "Server Authentication" certificate.
19. 
    

Installing storage server certificate 

1. Open the "Local Computer" Certificates store on each TMG server and import the root certificate "cer" file to the "Trusted Root Certification Authorities".
2. In the Forefront TMG Management console, in the tree, click the System node, and in the details pane, click the Servers tab.
3. In the Tasks tab, click Install Server Certificate.
4. Browse for the server certificate which you recently imported on the server TMG array manager TMG01. 
5. Make sure that the Automatically create the root CA certificate on this array manager check box is not selected. If it is checked, it has always resulted in error.
6. Now if you open the Certificates store for the Windows service named ISASTGCTRL you should see the imported certificate with the private key in the Personal store.

Testing the connection

1. Now there is only thing left and that is to test the secure LDAP connection to the Array Manager server. We will use ldp.exe for this. You should be able to run it from your TMG servers.
2. Open ldp.exe and click on Connection > Connect. Type FQDN of your TMG server that will act as Array Manager and type 2172 for the port number as this is the port on which ISASTGCTRL service listens. Click on the SSL and click Connect.

           

      

    3. If the connection is successful you will see the screen like the following:

         

Reference :       http://www.itsolutionbraindumps.com/2011/01/how-to-properly-issue-certificate-for.html





Cheers !!!!!!!!!!!!!