<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>rss.livelink.threads-in-node</title>
    <link>https://techcommunity.microsoft.com/t5/microsoft-iis/ct-p/Microsoft-IIS</link>
    <description>rss.livelink.threads-in-node</description>
    <pubDate>Thu, 02 Jul 2026 14:11:02 GMT</pubDate>
    <dc:creator>Microsoft-IIS</dc:creator>
    <dc:date>2026-07-02T14:11:02Z</dc:date>
    <item>
      <title>Understanding IIS Website Limits: Connection Timeout, Bandwidth, and Connection Limits</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/understanding-iis-website-limits-connection-timeout-bandwidth/ba-p/4516193</link>
      <description>&lt;P data-start="167" data-end="469"&gt;In this blog, I am sharing learnings from multiple real-world issues I have worked on where the root cause came down to just&amp;nbsp;&lt;STRONG data-start="288" data-end="324"&gt;three IIS Website Limit settings&lt;/STRONG&gt;. On the surface, these options feel pretty straightforward in the UI but in practice, they can quietly become the reason behind major incidents.&lt;/P&gt;
&lt;P data-start="471" data-end="753"&gt;I have seen these settings trigger &lt;STRONG data-start="504" data-end="569"&gt;timeouts, dropped connections, and strange performance issues &lt;/STRONG&gt;sometimes even before the request makes it to your application. That’s what makes them tricky everything looks fine at the app level, but the problem is already happening underneath.&lt;/P&gt;
&lt;P data-start="755" data-end="948"&gt;The idea here is simple, I want to help you recognize these patterns early. If you understand how these limits behave, you can&amp;nbsp;&lt;STRONG data-start="871" data-end="947"&gt;pinpoint the issue faster and avoid hours of unnecessary troubleshooting&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P data-start="950" data-end="970" data-is-last-node="" data-is-only-node=""&gt;Let’s break it down.&lt;/P&gt;
&lt;H2&gt;Introduction&lt;/H2&gt;
&lt;P&gt;When troubleshooting performance issues or unexpected disconnections in IIS-hosted applications, one commonly overlooked area is &lt;STRONG&gt;Website Limits configuration&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;These settings are available under:&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;IIS Manager → Site → Actions → Configure → Limits&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;This play a crucial role in controlling how the server handles connections and network usage.&lt;/P&gt;
&lt;P&gt;In this article, we focus on the three most commonly used settings :&lt;/P&gt;
&lt;img /&gt;
&lt;P class="lia-clear-both"&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Connection Timeout&lt;/LI&gt;
&lt;LI&gt;Limit Bandwidth Usage&lt;/LI&gt;
&lt;LI&gt;Limit Number of Connections&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;&lt;STRONG&gt;1. Connection Time-out (in seconds)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;What It Does&lt;/H3&gt;
&lt;P&gt;This setting defines how long IIS keeps a connection open &lt;STRONG&gt;before terminating it if inactive or incomplete&lt;/STRONG&gt;.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Default: &lt;STRONG&gt;120 seconds (2 minutes)&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Applies to:
&lt;UL&gt;
&lt;LI&gt;Idle connections&lt;/LI&gt;
&lt;LI&gt;Slow uploads&lt;/LI&gt;
&lt;LI&gt;Requests waiting too long&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;When It Becomes Important&lt;/H3&gt;
&lt;P&gt;You will notice impact in scenarios like:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Long-running API calls&lt;/LI&gt;
&lt;LI&gt;Large file uploads&lt;/LI&gt;
&lt;LI&gt;Slow client networks&lt;/LI&gt;
&lt;LI&gt;High queue wait times under load&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Common Issues When Misconfigured&lt;/H3&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th&gt;Scenario&lt;/th&gt;&lt;th&gt;Observed Issue&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Too Low&lt;/td&gt;&lt;td&gt;Requests fail prematurely&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Too High&lt;/td&gt;&lt;td&gt;Connections stay open unnecessarily&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Under Load&lt;/td&gt;&lt;td&gt;Intermittent failures, timeouts&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;Typical errors:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Client: &lt;EM&gt;Connection reset / cannot reach site&lt;/EM&gt;&lt;/LI&gt;
&lt;LI&gt;Proxy: &lt;STRONG&gt;502 / 504 errors&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Uploads: Partial uploads fail&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Practical Tuning Guidance&lt;/H3&gt;
&lt;P&gt;Increase when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;APIs take longer to execute&lt;/LI&gt;
&lt;LI&gt;Users upload large files&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Decrease when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;You see many idle connections&lt;/LI&gt;
&lt;LI&gt;Facing slow-client attacks or connection hoarding&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Critical Insight:&lt;/STRONG&gt;&lt;BR /&gt;This works at &lt;STRONG&gt;HTTP.sys level&lt;/STRONG&gt;, meaning requests may fail &lt;STRONG&gt;before reaching your application&lt;/STRONG&gt;.&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;2. Limit Bandwidth Usage (in bytes)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;What It Does&lt;/H3&gt;
&lt;P&gt;This setting restricts the &lt;STRONG&gt;maximum outbound bandwidth&lt;/STRONG&gt; for the website.&lt;/P&gt;
&lt;P&gt;If the checkbox is enabled, IIS throttles the response speed.&lt;/P&gt;
&lt;H3&gt;When It Is Useful&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Multi-tenant servers&lt;/LI&gt;
&lt;LI&gt;Shared infrastructure environments&lt;/LI&gt;
&lt;LI&gt;Preventing a single application from saturating the network&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Happens When Misconfigured&lt;/H3&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th&gt;Condition&lt;/th&gt;&lt;th&gt;Impact&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Too Low&lt;/td&gt;&lt;td&gt;Slow page loads&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Too Restrictive&lt;/td&gt;&lt;td&gt;Downloads take very long&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Misaligned with workload&lt;/td&gt;&lt;td&gt;User complaints despite healthy CPU/memory&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;Typical symptoms:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Pages load slowly&lt;/LI&gt;
&lt;LI&gt;File downloads stall&lt;/LI&gt;
&lt;LI&gt;Streaming buffers frequently&lt;/LI&gt;
&lt;LI&gt;Upstream gateway timeouts (504)&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Practical Tuning Guidance&lt;/H3&gt;
&lt;P&gt;Use it when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;You need &lt;STRONG&gt;fair usage across applications&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Running in &lt;STRONG&gt;shared hosting environments&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Avoid when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Dedicated production environments&lt;/LI&gt;
&lt;LI&gt;Performance is a priority&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Important Note:&lt;/STRONG&gt;&lt;BR /&gt;This does not reduce server load — it only slows down responses.&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;3. Limit Number of Connections&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;What It Does&lt;/H3&gt;
&lt;P&gt;Controls the &lt;STRONG&gt;maximum number of concurrent connections&lt;/STRONG&gt; allowed to the website.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Enabled via checkbox&lt;/LI&gt;
&lt;LI&gt;When limit is reached → IIS rejects new connections&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Why You Would Use This&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;To prevent &lt;STRONG&gt;resource exhaustion&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;To isolate noisy applications&lt;/LI&gt;
&lt;LI&gt;To enforce traffic control in shared environments&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Common Issues When Too Low&lt;/H3&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th&gt;Scenario&lt;/th&gt;&lt;th&gt;Observed Issue&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Traffic spike&lt;/td&gt;&lt;td&gt;Requests rejected&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;High concurrency&lt;/td&gt;&lt;td&gt;API failures&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Behind proxy&lt;/td&gt;&lt;td&gt;502 / 503 responses&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;Typical error patterns:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;HTTP 503 (Service Unavailable)&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Connection failures before app processing&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;&lt;STRONG&gt;Critical Insight (Very Important for Production)&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P&gt;Even if this is set to &lt;STRONG&gt;unlimited&lt;/STRONG&gt;:&lt;/P&gt;
&lt;P&gt;Your system is still limited by CPU, memory, threads, and backend dependencies.&lt;/P&gt;
&lt;P&gt;Increasing this value:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Does NOT solve performance issues&lt;/LI&gt;
&lt;LI&gt;Can actually amplify failures under load&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Practical Tuning Guidance&lt;/H3&gt;
&lt;P&gt;Set limits when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;You want controlled back-pressure&lt;/LI&gt;
&lt;LI&gt;Protecting shared systems&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Avoid blindly increasing limits during incidents&lt;/P&gt;
&lt;P&gt;Always investigate:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;CPU utilization&lt;/LI&gt;
&lt;LI&gt;App pool queue&lt;/LI&gt;
&lt;LI&gt;Thread starvation&lt;/LI&gt;
&lt;LI&gt;Dependency slowness&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;&lt;STRONG&gt;Troubleshooting TIPS&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;When users report:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Random 502 / 504&lt;/LI&gt;
&lt;LI&gt;Upload failures&lt;/LI&gt;
&lt;LI&gt;Intermittent disconnections&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Always check:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Connection Timeout&lt;/LI&gt;
&lt;LI&gt;Bandwidth limit&lt;/LI&gt;
&lt;LI&gt;Connection cap&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Because:&lt;/P&gt;
&lt;P&gt;These settings can reject or terminate requests &lt;STRONG&gt;before your code runs&lt;/STRONG&gt;&lt;/P&gt;
&lt;H2&gt;Quick Summary&lt;/H2&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th&gt;Setting&lt;/th&gt;&lt;th&gt;Controls&lt;/th&gt;&lt;th&gt;Common Issue&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Connection Timeout&lt;/td&gt;&lt;td&gt;Idle request duration&lt;/td&gt;&lt;td&gt;Timeouts, disconnects&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Bandwidth Limit&lt;/td&gt;&lt;td&gt;Response speed&lt;/td&gt;&lt;td&gt;Slowness&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Connection Limit&lt;/td&gt;&lt;td&gt;Concurrent requests&lt;/td&gt;&lt;td&gt;503 errors&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1&gt;Let me take you via some Real-World Scenarios: When IIS Website Limits Cause Production Issues&lt;/H1&gt;
&lt;P&gt;Understanding configuration is important but&amp;nbsp;&lt;STRONG&gt;real value comes from recognizing patterns during incidents&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;Below are real-world scenarios where these IIS Website Limits directly impact production systems.&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Scenario 1: Intermittent 502 / 504 Errors (Connection Timeout Misalignment)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;Situation&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Application hosted behind:
&lt;UL&gt;
&lt;LI&gt;Azure Application Gateway / Nginx / ARR&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;Users report:
&lt;UL&gt;
&lt;LI&gt;Random failures&lt;/LI&gt;
&lt;LI&gt;API calls failing intermittently&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Was Observed&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;IIS logs show:
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;sc-status = 200 (success)&lt;/STRONG&gt; for some requests&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;But users still getting:
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;502 / 504 from gateway&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Root Cause&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Connection Timeout in IIS = 120 seconds&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Upstream proxy timeout = 60 seconds&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Result:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Proxy times out first → returns 504&lt;/LI&gt;
&lt;LI&gt;IIS continues processing → client never receives response&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Fix&lt;/H3&gt;
&lt;P&gt;Align timeouts across layers:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;App Gateway / Proxy timeout ≥ IIS Connection Timeout&lt;/LI&gt;
&lt;LI&gt;IIS timeout aligned with actual request processing time&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Key Learning&lt;/H3&gt;
&lt;P&gt;Always treat timeouts as a &lt;STRONG&gt;chain&lt;/STRONG&gt;, not in isolation.&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Scenario 2: Large File Upload Failures (Connection Timeout Too Low)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;Situation&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Users uploading large files (100MB+)&lt;/LI&gt;
&lt;LI&gt;Upload fails randomly (especially from slower networks)&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Was Observed&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Upload stops mid-way&lt;/LI&gt;
&lt;LI&gt;No clear application exception&lt;/LI&gt;
&lt;LI&gt;Connection closed abruptly&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Root Cause&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;IIS Connection Timeout reached while:
&lt;UL&gt;
&lt;LI&gt;Client still sending request body slowly&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;HTTP.sys terminated connection before upload completed&lt;/P&gt;
&lt;H3&gt;Fix&lt;/H3&gt;
&lt;P&gt;Increase connection timeout&lt;BR /&gt;Validate with slow network simulation&lt;/P&gt;
&lt;H3&gt;Key Learning&lt;/H3&gt;
&lt;P&gt;Connection timeout applies not just to idle connections but also to&amp;nbsp;&lt;STRONG&gt;slow request body transmission&lt;/STRONG&gt;&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Scenario 3: HTTP 503 During Traffic Spike (Connection Limit Too Low)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;Situation&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Sudden spike in traffic (deployment / marketing event)&lt;/LI&gt;
&lt;LI&gt;APIs start failing&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Was Observed&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;IIS logs:
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;503 Service Unavailable&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;Users:
&lt;UL&gt;
&lt;LI&gt;Random failures&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;CPU &amp;lt; 50% (system not overloaded)&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Root Cause&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;"Limit number of connections" was enabled&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Configured value too low&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;IIS started rejecting new connections once threshold hit&lt;/P&gt;
&lt;H3&gt;Fix&lt;/H3&gt;
&lt;P&gt;Increase connection limit&lt;BR /&gt;OR remove limit if not required&lt;BR /&gt;Validate actual concurrency vs configured cap&lt;/P&gt;
&lt;H3&gt;Key Learning&lt;/H3&gt;
&lt;P&gt;503 does not always mean server overload it can be &lt;STRONG&gt;intentional rejection due to limits&lt;/STRONG&gt;&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Scenario 4: Site is Slow but No Resource Bottleneck (Bandwidth Limit Enabled)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;Situation&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Users report:
&lt;UL&gt;
&lt;LI&gt;Slow page loads&lt;/LI&gt;
&lt;LI&gt;Slow downloads&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Was Observed&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;CPU: Normal&lt;/LI&gt;
&lt;LI&gt;Memory: Normal&lt;/LI&gt;
&lt;LI&gt;No thread contention&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;But:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Response times extremely high&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Root Cause&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;"Limit bandwidth usage" enabled in IIS&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI&gt;Value set very low&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;IIS throttling response speed intentionally&lt;/P&gt;
&lt;H3&gt;Fix&lt;/H3&gt;
&lt;P&gt;Disable bandwidth limit&lt;BR /&gt;OR increase to realistic throughput&lt;/P&gt;
&lt;H3&gt;Key Learning&lt;/H3&gt;
&lt;P&gt;Bandwidth limit causes &lt;STRONG&gt;artificial slowness&lt;/STRONG&gt;, not system bottleneck&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Scenario 5: Random Disconnects Under Load (Connection Timeout + Queue Wait)&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;Situation&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;High traffic&lt;/LI&gt;
&lt;LI&gt;Some requests succeed, some fail&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;What Was Observed&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Requests spend time in:
&lt;UL&gt;
&lt;LI&gt;App pool queue&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;Then fail before execution&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Root Cause&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;Requests waiting too long in queue&lt;/LI&gt;
&lt;LI&gt;Connection timeout reached before execution started&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Fix&lt;/H3&gt;
&lt;P&gt;Increase timeout (short-term)&lt;BR /&gt;Fix root cause:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Thread starvation&lt;/LI&gt;
&lt;LI&gt;Slow backend dependencies&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;Key Learning&lt;/H3&gt;
&lt;P&gt;Timeouts can occur &lt;STRONG&gt;even before request execution begins&lt;/STRONG&gt;&lt;/P&gt;
&lt;H1&gt;Troubleshooting Patterns to Remember&lt;/H1&gt;
&lt;P&gt;When analyzing IIS issues, map symptoms quickly:&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;tbody&gt;&lt;tr&gt;&lt;th&gt;Symptom&lt;/th&gt;&lt;th&gt;Likely Setting&lt;/th&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;502 / 504 (intermittent)&lt;/td&gt;&lt;td&gt;Connection Timeout mismatch&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Upload failures&lt;/td&gt;&lt;td&gt;Connection Timeout&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;503 under load&lt;/td&gt;&lt;td&gt;Connection Limit&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Everything slow but CPU fine&lt;/td&gt;&lt;td&gt;Bandwidth Limit&lt;/td&gt;&lt;/tr&gt;&lt;tr&gt;&lt;td&gt;Random disconnects&lt;/td&gt;&lt;td&gt;Timeout or queue delay&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;H1&gt;Some useful Insight&lt;/H1&gt;
&lt;P&gt;In real production environments, IIS limits rarely act alone, they amplify existing system behaviors.&lt;/P&gt;
&lt;P&gt;A well-performing system:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Aligns timeouts across layers&lt;/LI&gt;
&lt;LI&gt;Avoids unnecessary limits&lt;/LI&gt;
&lt;LI&gt;Uses limits for &lt;STRONG&gt;protection, not masking&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Fri, 12 Jun 2026 17:37:52 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/understanding-iis-website-limits-connection-timeout-bandwidth/ba-p/4516193</guid>
      <dc:creator>meenakshiBalekar</dc:creator>
      <dc:date>2026-06-12T17:37:52Z</dc:date>
    </item>
    <item>
      <title>IIS and CVE-2026-49975</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-and-cve-2026-49975/m-p/4526248#M338</link>
      <description>&lt;P&gt;Hello IIS Team,&lt;/P&gt;&lt;P&gt;our SOC Team informed us about the CVE-2026-49975 vulnerability in MS IIS.&lt;/P&gt;&lt;P&gt;I could'nt found any patch for this. So my question is - are there any plans for for a patch / hotfix or what can we do to fix this?&lt;/P&gt;&lt;P&gt;Greetings Rene&lt;/P&gt;&lt;P&gt;Source:&amp;nbsp;&lt;/P&gt;&lt;P&gt;https://blog.calif.io/p/codex-discovered-a-hidden-http2-bomb&lt;/P&gt;</description>
      <pubDate>Mon, 08 Jun 2026 08:01:40 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-and-cve-2026-49975/m-p/4526248#M338</guid>
      <dc:creator>Rene_Gross</dc:creator>
      <dc:date>2026-06-08T08:01:40Z</dc:date>
    </item>
    <item>
      <title>UPDATE: IIS no longer serving up one of my websites</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/update-iis-no-longer-serving-up-one-of-my-websites/m-p/4518872#M337</link>
      <description>&lt;P&gt;I have two websites on my windows 10 desktop:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&lt;STRONG&gt;&lt;A class="lia-external-url" href="http://www.gregsnativelandscapes.com.au:" target="_blank"&gt;https://www.gregsnativelandscapes.com.au:&lt;/A&gt;&lt;/STRONG&gt; This one is working fine.&lt;/LI&gt;&lt;LI&gt;&lt;STRONG&gt;&lt;A class="lia-external-url" href="https://www.gjb.au" target="_blank"&gt;https://www.gjb.au&lt;/A&gt;&amp;nbsp;&lt;/STRONG&gt;This one is not working - all I get is&amp;nbsp;&lt;H1&gt;This site can’t be reached&lt;/H1&gt;&lt;P&gt;The connection was reset.&lt;/P&gt;&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;What the hell?&lt;BR /&gt;&lt;BR /&gt;I have checked:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&amp;nbsp;The bindings - https, correct domain name&lt;/LI&gt;&lt;LI&gt;Both web sites are started.&lt;/LI&gt;&lt;LI&gt;I have done ISSRESET.&lt;/LI&gt;&lt;LI&gt;Checked my A records in Webcentral account.&lt;/LI&gt;&lt;LI&gt;I have gone through the IIS settings of each website and checked that they are all the same - they are.&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;So what else do I need to check?&lt;/P&gt;&lt;P&gt;Is there a specific IIS troubleshooter available that I can download and run?&lt;/P&gt;</description>
      <pubDate>Tue, 12 May 2026 11:55:56 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/update-iis-no-longer-serving-up-one-of-my-websites/m-p/4518872#M337</guid>
      <dc:creator>gregaryb</dc:creator>
      <dc:date>2026-05-12T11:55:56Z</dc:date>
    </item>
    <item>
      <title>IIS on Windows 10 no longer serving my websites</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-on-windows-10-no-longer-serving-my-websites/m-p/4517260#M336</link>
      <description>&lt;P&gt;My websites were working, i.e. I could access them on my mobile phone.&lt;BR /&gt;&lt;BR /&gt;But something has happened abd they are not longer accessible - "NOT FOUND"&lt;BR /&gt;&lt;BR /&gt;I have checked:&lt;/P&gt;&lt;UL&gt;&lt;LI&gt;&amp;nbsp;The bindings - https, correct domain name&lt;/LI&gt;&lt;LI&gt;Both web sites are started.&lt;/LI&gt;&lt;LI&gt;I have done ISSRESET.&lt;/LI&gt;&lt;LI&gt;Checked my A records in Webcentral account.&lt;/LI&gt;&lt;/UL&gt;&lt;P&gt;So what else do I need to check?&lt;/P&gt;&lt;P&gt;Is there a specific IIS troubleshooter available that I can download and run?&lt;/P&gt;</description>
      <pubDate>Wed, 06 May 2026 12:45:24 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-on-windows-10-no-longer-serving-my-websites/m-p/4517260#M336</guid>
      <dc:creator>gregaryb</dc:creator>
      <dc:date>2026-05-06T12:45:24Z</dc:date>
    </item>
    <item>
      <title>How to Add an Adaptive Card in Microsoft 365 Agent SDK</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/how-to-add-an-adaptive-card-in-microsoft-365-agent-sdk/ba-p/4472022</link>
      <description>&lt;P data-start="816" data-end="983"&gt;One of the most important UI capabilities is &lt;STRONG data-start="861" data-end="879"&gt;Adaptive Cards&lt;/STRONG&gt;, which let your agent send structured, interactive content such as forms, inputs, buttons, and layouts.&lt;/P&gt;
&lt;P data-start="1017" data-end="1060"&gt;In this guide, you’ll learn exactly how to:&lt;/P&gt;
&lt;UL data-start="1062" data-end="1232"&gt;
&lt;LI data-start="1062" data-end="1089"&gt;Create an Agent SDK bot&lt;/LI&gt;
&lt;LI data-start="1090" data-end="1133"&gt;Send an Adaptive Card when a user joins&lt;/LI&gt;
&lt;LI data-start="1134" data-end="1175"&gt;Handle Action.Execute submit events&lt;/LI&gt;
&lt;LI data-start="1176" data-end="1210"&gt;Parse user input from the card&lt;/LI&gt;
&lt;LI data-start="1211" data-end="1232"&gt;Respond with text&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-start="1234" data-end="1297"&gt;I will walk through the&lt;STRONG&gt; &lt;/STRONG&gt;full working code from my project.&lt;BR /&gt;&lt;BR /&gt;You can download complete sample from : &lt;A class="lia-external-url" href="https://github.com/MeenakshiBalekar/M365AgentSDK" target="_blank"&gt;M365AgentSDKAdaptiveCard&lt;/A&gt;&lt;/P&gt;
&lt;H1 data-start="1304" data-end="1371"&gt;&lt;STRONG data-start="1306" data-end="1371"&gt;Step 1: Understanding How Adaptive Cards Work in Agent SDK&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="1373" data-end="1420"&gt;Adaptive Cards are sent in the Agent SDK using:&lt;/P&gt;
&lt;LI-CODE lang="csharp"&gt;var attachment = new Attachment {
    ContentType = "application/vnd.microsoft.card.adaptive",
    Content = &amp;lt;JSON&amp;gt;
};
&lt;/LI-CODE&gt;
&lt;P data-start="1556" data-end="1585"&gt;You then send them like this:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;await turnContext.SendActivityAsync(MessageFactory.Attachment(attachment));&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="1678" data-end="1750"&gt;And to handle submit actions (Action.Execute), the Agent SDK triggers:&lt;/P&gt;
&lt;LI-CODE lang="csharp"&gt;ActivityTypes.Invoke  
Name = "adaptiveCard/action"&lt;/LI-CODE&gt;
&lt;H1 data-start="1858" data-end="1905"&gt;&lt;STRONG data-start="1860" data-end="1905"&gt;Step 2: Use the Adaptive Card Designer&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="1907" data-end="1987"&gt;Create or test your card on our new designer here: &lt;A href="https://adaptivecards.microsoft.com/designer" target="_blank" rel="noopener" data-start="1943" data-end="1987"&gt;https://adaptivecards.microsoft.com/designer&lt;/A&gt;&lt;/P&gt;
&lt;P data-start="1989" data-end="2006"&gt;Your sample card:&lt;/P&gt;
&lt;UL data-start="2008" data-end="2082"&gt;
&lt;LI data-start="2008" data-end="2031"&gt;Collects name &amp;amp; age&lt;/LI&gt;
&lt;LI data-start="2032" data-end="2082"&gt;Uses Action.Execute with verb "personalInfo"&lt;/LI&gt;
&lt;/UL&gt;
&lt;H1 data-start="2089" data-end="2137"&gt;&lt;STRONG data-start="2091" data-end="2137"&gt;Step 3: The Full Working Agent SDK Code&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="2139" data-end="2192"&gt;Below is the complete working implementation showing:&lt;/P&gt;
&lt;P data-start="2194" data-end="2298"&gt;✔ Welcome card using Adaptive Card&lt;BR data-start="2228" data-end="2231" /&gt;✔ Parsing Action.Execute values&lt;BR data-start="2264" data-end="2267" /&gt;✔ Responding back to the user&lt;/P&gt;
&lt;P data-start="2300" data-end="2388"&gt;This is based entirely on your code, cleaned up and rewritten for clarity &amp;amp; correctness.&lt;/P&gt;
&lt;H2 data-start="2395" data-end="2445"&gt;&lt;STRONG data-start="2400" data-end="2445"&gt;Complete Agent SDK Bot with Adaptive Card&lt;/STRONG&gt;&lt;/H2&gt;
&lt;LI-CODE lang="csharp"&gt;using Microsoft.Agents.Builder;
using Microsoft.Agents.Builder.App;
using Microsoft.Agents.Builder.State;
using Microsoft.Agents.Core.Models;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;

using System.Text.Json;
using System.Text.Json.Nodes;
using System.Threading;
using System.Threading.Tasks;

namespace MyFirstAgentSDK.Bot;

public class EchoBot : AgentApplication
{
    public EchoBot(AgentApplicationOptions options, IHostEnvironment env, ILoggerFactory loggerFactory) : base(options)
    {
        OnConversationUpdate(ConversationUpdateEvents.MembersAdded, WelcomeMessageAsync);
        OnActivity(ActivityTypes.Message, OnMessageAsync, rank: RouteRank.Last);
        OnActivity(ActivityTypes.Invoke, OnInvokeAsync);
    }

    private async Task WelcomeMessageAsync(ITurnContext turnContext, ITurnState turnState, CancellationToken cancellationToken)
    {
        foreach (ChannelAccount member in turnContext.Activity.MembersAdded)
        {
            if (member.Id != turnContext.Activity.Recipient.Id)
            {
                var attachment = new Attachment
                {
                    ContentType = "application/vnd.microsoft.card.adaptive",
                    Content = """
{
  "type": "AdaptiveCard",
  "version": "1.4",
  "schema": "http://adaptivecards.io/schemas/adaptive-card.json",
  "body": [
    {
      "type": "Container",
      "items": [
        {
          "type": "TextBlock",
          "text": "Please enter your personal information",
          "weight": "Bolder",
          "size": "Medium",
          "color": "Accent"
        },
        {
          "type": "Input.Text",
          "id": "Name",
          "label": "What's your name?",
          "placeholder": "Enter your full name",
          "maxLength": 50,
          "isRequired": true,
          "errorMessage": "Name is required"
        },
        {
          "type": "Input.Number",
          "id": "Age",
          "label": "How old are you?",
          "placeholder": "Enter your age",
          "min": 1,
          "max": 150,
          "isRequired": true,
          "errorMessage": "Please enter a valid age between 1 and 150"
        }
      ],
      "style": "emphasis",
      "spacing": "Medium"
    }
  ],
  "actions": [
    {
      "type": "Action.Execute",
      "title": "Submit",
      "verb": "personalInfo",
      "style": "positive"
    }
  ]
}
"""
                };
                await turnContext.SendActivityAsync(MessageFactory.Attachment(attachment), cancellationToken);
            }
            else
            {
                await turnContext.SendActivityAsync(MessageFactory.Text("Hello and Welcome!"), cancellationToken);
            }
        }
    }

    private async Task OnMessageAsync(ITurnContext turnContext, ITurnState turnState, CancellationToken cancellationToken)
    {
        await turnContext.SendActivityAsync($"You said: {turnContext.Activity.Text}", cancellationToken: cancellationToken);
    }

    private async Task OnInvokeAsync(ITurnContext turnContext, ITurnState turnState, CancellationToken cancellationToken)
    {
        if (turnContext.Activity.Name == "adaptiveCard/action")
        {
            JsonElement root;
            if (turnContext.Activity.Value is JsonElement element)
            {
                root = element;
            }
            else
            {
                var json = JsonSerializer.Serialize(turnContext.Activity.Value);
                root = JsonDocument.Parse(json).RootElement;
            }

            if (root.TryGetProperty("action", out var action))
            {
                if (action.TryGetProperty("verb", out var verbElement) &amp;amp;&amp;amp; verbElement.GetString() == "personalInfo")
                {
                    if (action.TryGetProperty("data", out var data))
                    {
                        var name = data.GetProperty("Name").GetString();
                        var age = data.GetProperty("Age").ToString();

                        await turnContext.SendActivityAsync(MessageFactory.Text($"Hello {name}, you are {age} years old!"), cancellationToken);

                        var invokeResponse = new Activity
                        {
                            Type = ActivityTypes.InvokeResponse,
                            Value = new InvokeResponse { Status = 200 }
                        };
                        await turnContext.SendActivityAsync(invokeResponse, cancellationToken);
                    }
                }
            }
        }
    }
}
&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1 data-start="7632" data-end="7668"&gt;&lt;STRONG data-start="7634" data-end="7668"&gt;Step 4: What This Code Does&lt;/STRONG&gt;&lt;/H1&gt;
&lt;H3 data-start="7670" data-end="7727"&gt;&lt;STRONG data-start="7676" data-end="7727"&gt;1. Sends an Adaptive Card when a new user joins or as per your criteria&amp;nbsp;&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P data-start="7729" data-end="7747"&gt;The card that I have used includes:&lt;/P&gt;
&lt;UL data-start="7749" data-end="7853"&gt;
&lt;LI data-start="7749" data-end="7757"&gt;Text&lt;/LI&gt;
&lt;LI data-start="7758" data-end="7783"&gt;Name input (required)&lt;/LI&gt;
&lt;LI data-start="7784" data-end="7808"&gt;Age input (required)&lt;/LI&gt;
&lt;LI data-start="7809" data-end="7853"&gt;A submit button with verb "personalInfo"&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3 data-start="7860" data-end="7900"&gt;&lt;STRONG data-start="7866" data-end="7900"&gt;2. When the user clicks Submit&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P data-start="7902" data-end="7934"&gt;Teams / Message Extension sends:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;invoke name = adaptiveCard/action&lt;/P&gt;
&lt;P data-start="7979" data-end="8006"&gt;OnInvokeAsync() receives:&lt;/P&gt;
&lt;P&gt;{ "action": { "verb": "personalInfo", "data": { "Name": "...", "Age": "..." } } }&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H3 data-start="8136" data-end="8185"&gt;&lt;STRONG data-start="8142" data-end="8185"&gt;3. Bot parses and sends a text response&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P data-start="8187" data-end="8202"&gt;Example output:&lt;/P&gt;
&lt;P&gt;Hello Meenakshi, you are 30 years old! ( P.S I am older than this )&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;Locally when you run the project on playground it looks like :&lt;BR /&gt;&lt;BR /&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;This is how it looks on test in webchat&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;And this how it looks on teams :&lt;/P&gt;
&lt;img /&gt;
&lt;H3 data-start="8257" data-end="8294"&gt;&lt;STRONG data-start="8263" data-end="8294"&gt;4. Responds with 200 status&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P data-start="8296" data-end="8330"&gt;This is required for Teams &amp;amp; M365:&lt;/P&gt;
&lt;LI-CODE lang="csharp"&gt; var invokeResponse = new Activity
 {
     Type = ActivityTypes.InvokeResponse,
     Value = new InvokeResponse { Status = 200 }
 };
 await turnContext.SendActivityAsync(invokeResponse, cancellationToken);&lt;/LI-CODE&gt;
&lt;H1 data-start="8458" data-end="8474"&gt;&lt;STRONG data-start="8460" data-end="8474"&gt;Conclusion&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="8476" data-end="8509"&gt;With the Microsoft 365 Agent SDK:&lt;/P&gt;
&lt;UL data-start="8511" data-end="8800"&gt;
&lt;LI data-start="8603" data-end="8667"&gt;Action.Execute events are handled inside &lt;STRONG data-start="8648" data-end="8667"&gt;OnInvokeAsync&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI data-start="8668" data-end="8731"&gt;Inputs are parsed through the &lt;STRONG data-start="8700" data-end="8718"&gt;Activity.Value&lt;/STRONG&gt; JSON payload&lt;/LI&gt;
&lt;LI data-start="8732" data-end="8800"&gt;The SDK is lightweight and much simpler than the old Azure Bot SDK&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-start="8802" data-end="8889"&gt;Your bot is now fully capable of collecting structured user input using Adaptive Cards.&lt;/P&gt;
&lt;P data-start="8802" data-end="8889"&gt;Drop in any queries or samples that you would like me to explain.&lt;/P&gt;
&lt;P data-start="8802" data-end="8889"&gt;Happy Learning!&lt;/P&gt;</description>
      <pubDate>Wed, 01 Apr 2026 01:12:58 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/how-to-add-an-adaptive-card-in-microsoft-365-agent-sdk/ba-p/4472022</guid>
      <dc:creator>meenakshiBalekar</dc:creator>
      <dc:date>2026-04-01T01:12:58Z</dc:date>
    </item>
    <item>
      <title>Let's Create Our First Microsoft 365 Agent SDK using Python - For Single Tenant</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/let-s-create-our-first-microsoft-365-agent-sdk-using-python-for/ba-p/4472256</link>
      <description>&lt;H1 data-start="678" data-end="729"&gt;&lt;STRONG data-start="682" data-end="729"&gt;Step 1: Set Up Your Development Environment&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="731" data-end="881"&gt;I am using&amp;nbsp;&lt;STRONG data-start="743" data-end="754"&gt;VS Code&lt;/STRONG&gt;, so you don’t need to manually install Python on your system (unless you want to).&lt;BR data-start="837" data-end="840" /&gt;VS Code can handle Python via extensions which makes it super easy and everything at once place.&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;You can download complete sample : &lt;A class="lia-external-url" href="https://github.com/MeenakshiBalekar/M365AgentSDKPython" target="_blank"&gt;here&lt;/A&gt;&lt;/P&gt;
&lt;H3 data-start="883" data-end="926"&gt;Install These Extensions in VS Code&lt;/H3&gt;
&lt;P data-start="927" data-end="963"&gt;Open VS Code → Extensions → install:&lt;/P&gt;
&lt;OL data-start="965" data-end="1105"&gt;
&lt;LI data-start="965" data-end="990"&gt;Python (Microsoft)&lt;/LI&gt;
&lt;LI data-start="1008" data-end="1053"&gt;Dev Tunnels (optional but helpful)&lt;/LI&gt;
&lt;LI data-start="1008" data-end="1053"&gt;GitHub Pull Requests &amp;amp; Issues ( Saves a lot of Download time)&lt;EM data-start="1027" data-end="1051"&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;/EM&gt;&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;/LI&gt;
&lt;/OL&gt;
&lt;P data-start="1107" data-end="1120"&gt;These ensure:&lt;/P&gt;
&lt;UL data-start="1121" data-end="1262"&gt;
&lt;LI data-start="1121" data-end="1173"&gt;You can run Python files directly inside VS Code&lt;/LI&gt;
&lt;LI data-start="1174" data-end="1206"&gt;IntelliSense / linting works&lt;/LI&gt;
&lt;LI data-start="1207" data-end="1262"&gt;Dev tunnel commands work in the integrated terminal&lt;/LI&gt;
&lt;/UL&gt;
&lt;H1 data-start="1269" data-end="1310"&gt;&lt;STRONG data-start="1273" data-end="1310"&gt;Step 2: Download/Clone the Official Sample&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="1312" data-end="1414"&gt;I am using this exact sample: &lt;A class="lia-external-url" href="https://github.com/microsoft/Agents/tree/main/samples/python/cards" target="_blank" rel="noopener" data-start="1348" data-end="1414"&gt;Agent SDK Python Cards&lt;/A&gt;&lt;/P&gt;
&lt;P data-start="1416" data-end="1459"&gt;Run these commands inside VS Code Terminal:&lt;/P&gt;
&lt;LI-CODE lang="git"&gt;git clone https://github.com/microsoft/Agents.git cd Agents/samples/python/cards&lt;/LI-CODE&gt;
&lt;P data-start="1555" data-end="1609"&gt;You now have the complete working Python Agent sample.&lt;/P&gt;
&lt;H1 data-start="1616" data-end="1661"&gt;&lt;STRONG data-start="1620" data-end="1661"&gt;Step 3: Install All Required Packages&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="1663" data-end="1696"&gt;Inside the &lt;STRONG data-start="1674" data-end="1683"&gt;cards&lt;/STRONG&gt; folder, run:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;pip install -r requirements.txt&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="1743" data-end="1757"&gt;This installs:&lt;/P&gt;
&lt;UL data-start="1758" data-end="1814"&gt;
&lt;LI data-start="1758" data-end="1769"&gt;FastAPI&lt;/LI&gt;
&lt;LI data-start="1770" data-end="1781"&gt;Uvicorn&lt;/LI&gt;
&lt;LI data-start="1782" data-end="1796"&gt;Agents SDK&lt;/LI&gt;
&lt;LI data-start="1797" data-end="1807"&gt;dotenv&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-start="1818" data-end="1898"&gt;VS Code will automatically detect and configure a Python interpreter for you. Once done, your requirements.txt file will look like :&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1 data-start="1905" data-end="1949"&gt;&lt;STRONG data-start="1909" data-end="1949"&gt;Step 4: Add Your M365 Agent Configuration&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="1951" data-end="1981"&gt;Inside the folder, you’ll see:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;.env.TEMPLATE&lt;/P&gt;
&lt;P data-start="2006" data-end="2019"&gt;Rename it to:&lt;/P&gt;
&lt;P&gt;.env&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="2035" data-end="2066"&gt;Then open the file and fill in:&lt;/P&gt;
&lt;LI-CODE lang="json"&gt;CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTID=
CONNECTIONS__SERVICE_CONNECTION__SETTINGS__CLIENTSECRET=
CONNECTIONS__SERVICE_CONNECTION__SETTINGS__TENANTID=
&lt;/LI-CODE&gt;
&lt;P&gt;Here I am creating a single tenant bot, hence I am suing these settings for MSI it will be different&lt;BR /&gt;You can refer the different type of available authentication types &lt;A class="lia-external-url" href="https://learn.microsoft.com/en-us/microsoft-365/agents-sdk/microsoft-authentication-library-configuration-options" target="_blank"&gt;here&lt;/A&gt;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;PRE class="line-numbers language-json" tabindex="0" contenteditable="false" data-lia-code-value="Python -m src.main"&gt;&lt;CODE&gt;Python -m src.main&lt;/CODE&gt;&lt;/PRE&gt;
&lt;P data-start="2157" data-end="2266"&gt;&lt;BR /&gt;Where do these values come from?&lt;BR data-start="2189" data-end="2192" /&gt;Your Azure portal -&amp;gt; App Registration/ Managed Identity ( Depending on what type of application is created)&lt;/P&gt;
&lt;H1 data-start="2343" data-end="2380"&gt;&lt;STRONG data-start="2347" data-end="2380"&gt;Step 5: Run the M365 Agent Locally&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="2382" data-end="2399"&gt;Start your Agent:&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;LI-CODE lang="json"&gt;Python -m src.main&lt;/LI-CODE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;img /&gt;
&lt;P data-start="2587" data-end="2622"&gt;You will see :&lt;/P&gt;
&lt;img /&gt;
&lt;P data-start="2624" data-end="2669"&gt;But you will not be able to test the bot here locally, so we would need additional tools to help us test locally.&lt;/P&gt;
&lt;H1 data-start="2676" data-end="2711"&gt;&lt;STRONG data-start="2680" data-end="2711"&gt;Step 6: Create a Dev Tunnel&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="2713" data-end="2788"&gt;You must expose your local bot over HTTPS.&lt;BR data-start="2755" data-end="2758" /&gt;For that we use &lt;A class="lia-external-url" href="https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/get-started" target="_blank" rel="noopener"&gt;&lt;STRONG data-start="2774" data-end="2787"&gt;devtunnel&lt;/STRONG&gt;&lt;/A&gt;.&amp;nbsp;&lt;/P&gt;
&lt;H3 data-start="2790" data-end="2829"&gt;Step 6.1 — Authenticate devtunnel&lt;/H3&gt;
&lt;P data-start="2831" data-end="2875"&gt;You must&amp;nbsp;authenticate first or you’ll get:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P data-start="2877" data-end="2914"&gt;Unauthorized tunnel creation access&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="2916" data-end="2923"&gt;So run:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;devtunnel user login&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="2959" data-end="3039"&gt;A browser pops up&amp;nbsp; -&amp;gt; Sign in with the same Microsoft account used for your M365 Agent.&lt;/P&gt;
&lt;H3 data-start="3041" data-end="3075"&gt;Step 6.2 — Create the Tunnel&lt;/H3&gt;
&lt;P data-start="3077" data-end="3085"&gt;Now run:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;devtunnel host -p 3978 --allow-anonymous&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P data-start="3141" data-end="3178"&gt;You will get a public HTTPS URL like:&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;img /&gt;
&lt;P data-start="3319" data-end="3333"&gt;Copy this URL and we can test the bot in Azure bot service&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1 data-start="3340" data-end="3391"&gt;&lt;STRONG data-start="3344" data-end="3391"&gt;Step 7: Update the M365 Agent Endpoint in Portal&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="3393" data-end="3444"&gt;Go to your Azure portal → ABS Agent → Settings → Endpoint URL&lt;BR data-start="3435" data-end="3438" /&gt;Paste: &amp;lt;tunnel-url&amp;gt;/api/messages&lt;/P&gt;
&lt;P data-start="3481" data-end="3496"&gt;Click &lt;STRONG data-start="3487" data-end="3495"&gt;Save&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P data-start="3498" data-end="3512"&gt;At this point:&lt;/P&gt;
&lt;UL data-start="3513" data-end="3626"&gt;
&lt;LI data-start="3513" data-end="3546"&gt;Your Agent is running locally&lt;/LI&gt;
&lt;LI data-start="3547" data-end="3579"&gt;Your tunnel is publishing it&lt;/LI&gt;
&lt;LI data-start="3580" data-end="3626"&gt;You will be able to can talk to your Agent&lt;/LI&gt;
&lt;/UL&gt;
&lt;H1 data-start="3643" data-end="3688"&gt;&lt;STRONG data-start="3647" data-end="3688"&gt;Step 8: Test the Agent (The Fun Part)&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="3690" data-end="3735"&gt;Go to your Azure bot service → &lt;STRONG data-start="3714" data-end="3734"&gt;Test in Web Chat&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P data-start="3737" data-end="3742"&gt;Type:&lt;/P&gt;
&lt;P&gt;hello&lt;/P&gt;
&lt;P data-start="3759" data-end="3814"&gt;You should get back the card responses from the sample.&lt;/P&gt;
&lt;P data-start="3816" data-end="3916"&gt;If the sample sends Adaptive Cards or text messages, you will see them appear here exactly as coded.&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1 data-start="4317" data-end="4369"&gt;&lt;STRONG data-start="4321" data-end="4369"&gt;That's It! You Built Your First Python M365 Agent&lt;/STRONG&gt;&lt;/H1&gt;
&lt;P data-start="4371" data-end="4572"&gt;This guide took you from:&lt;BR /&gt;✔ VS Code setup&lt;BR data-start="4412" data-end="4415" /&gt;✔ Python environment extensions&lt;BR data-start="4446" data-end="4449" /&gt;✔ Cloning the sample&lt;BR data-start="4469" data-end="4472" /&gt;✔ Adding env configuration&lt;BR data-start="4498" data-end="4501" /&gt;✔ Running the Agent&lt;BR data-start="4520" data-end="4523" /&gt;✔ Creating a dev tunnel&lt;BR data-start="4546" data-end="4549" /&gt;✔ Testing in Web Chat&lt;/P&gt;
&lt;H1 data-start="4739" data-end="4752"&gt;Happy Learning!&lt;/H1&gt;</description>
      <pubDate>Wed, 01 Apr 2026 01:12:42 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/let-s-create-our-first-microsoft-365-agent-sdk-using-python-for/ba-p/4472256</guid>
      <dc:creator>meenakshiBalekar</dc:creator>
      <dc:date>2026-04-01T01:12:42Z</dc:date>
    </item>
    <item>
      <title>Resolving Weak SSL Ciphers in .NET Framework 4.5</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/resolving-weak-ssl-ciphers-in-net-framework-4-5/ba-p/4500709</link>
      <description>&lt;H3&gt;Symptom&lt;/H3&gt;
&lt;P&gt;Applications built on the .NET Framework 4.5 may fail to establish secure HTTPS connections or may default to outdated and insecure protocols. This can result in connection failures, browser security warnings, or rejection by modern APIs and services that require stronger encryption standards like TLS 1.2 or higher.&lt;/P&gt;
&lt;H3&gt;Cause&lt;/H3&gt;
&lt;P&gt;&lt;SPAN data-teams="true"&gt;.NET framework 4.5 is out of support and hence it does not use the latest cryptography mechanisms, we strongly recommend building apps in supported frameworks. Add the support lifecycle article there&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN data-teams="true"&gt;&lt;A href="https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-framework" target="_blank"&gt;.NET Framework official support policy | .NET&lt;/A&gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H3&gt;Resolution&lt;/H3&gt;
&lt;P&gt;The most robust fix is to upgrade your application to .NET Framework 4.6, 4.7 or later, where TLS 1.2 is enabled by default. This ensures your application uses stronger cipher suites and secure protocols automatically, without requiring additional configuration.&lt;/P&gt;
&lt;P&gt;After installing the newer .NET Framework on your development or production environment, update your project’s target framework and recompile. For ASP.NET applications, update your &lt;SPAN class="lia-text-color-15"&gt;Web.config&lt;/SPAN&gt; file to reflect the new framework version. For example, if upgrading to .NET 4.6:&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-8"&gt;&amp;nbsp; &amp;lt;system.web&amp;gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-8"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;compilation targetFramework="4.6" /&amp;gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-8"&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;httpRuntime targetFramework="4.6" /&amp;gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-8"&gt;&amp;nbsp; &amp;lt;/system.web&amp;gt;&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;This change, along with rebuilding your application under the updated framework, ensures that IIS and the .NET runtime use the latest libraries. Once deployed, your application will negotiate HTTPS connections using TLS 1.2 by default, resolving issues related to weak or unsupported cipher protocols.&lt;/P&gt;</description>
      <pubDate>Wed, 01 Apr 2026 01:12:12 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/resolving-weak-ssl-ciphers-in-net-framework-4-5/ba-p/4500709</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2026-04-01T01:12:12Z</dc:date>
    </item>
    <item>
      <title>IIS setup a web site to be accessed without a domain name....how?</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-setup-a-web-site-to-be-accessed-without-a-domain-name-how/m-p/4484061#M333</link>
      <description>&lt;P&gt;I want to setup a web site for testing without a domain name.&lt;BR /&gt;I have 3 web sites with domain name that are working fine.&lt;BR /&gt;I am working on a web site for Millhouse and they already have an existing web site with the domain name millhouse.org.au&lt;/P&gt;&lt;P&gt;I want to setup their new web site on my web server for testing purposes and so member of the organisation can view it (as http) to assess it.&lt;BR /&gt;I want to be able access it like this: &amp;nbsp;&lt;STRONG&gt;58.168.225.214:8080&lt;BR /&gt;&lt;/STRONG&gt;But what I have done so far isn't working:&lt;/P&gt;&lt;img /&gt;&lt;P&gt;I have setup port fording in my modem with WAN and LAN ports of 8080.&lt;/P&gt;&lt;P&gt;And 8080 as the port in the web site settings in IIS.&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;img /&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Thu, 08 Jan 2026 10:51:25 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-setup-a-web-site-to-be-accessed-without-a-domain-name-how/m-p/4484061#M333</guid>
      <dc:creator>Gregary</dc:creator>
      <dc:date>2026-01-08T10:51:25Z</dc:date>
    </item>
    <item>
      <title>IIS Site Randomly Returns 404 While App Pool Remains Started</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-site-randomly-returns-404-while-app-pool-remains-started/m-p/4481341#M332</link>
      <description>&lt;P&gt;Hello,&lt;/P&gt;&lt;P&gt;We have an IIS site running behind Azure Front Door that becomes unavailable every few days.&lt;/P&gt;&lt;P&gt;Symptoms:&lt;/P&gt;&lt;P&gt;Application Pool remains started&lt;/P&gt;&lt;P&gt;Users see the blue "Not Found" page from Azure Front Door&lt;/P&gt;&lt;P&gt;When accessing the site directly on the server during the failure, we get a 404 from IIS, not Front Door&lt;/P&gt;&lt;P&gt;The site does not recover on its own&lt;/P&gt;&lt;P&gt;Recovery requires an App Pool recycle or IIS restart, and sometimes a full server reboot because recycle or IIS restart does not help&lt;/P&gt;&lt;P&gt;What it is NOT:&lt;/P&gt;&lt;P&gt;No CPU, memory, disk, or network pressure&lt;/P&gt;&lt;P&gt;Event logs do not correlate with the outage&lt;/P&gt;&lt;P&gt;When it happens:&lt;/P&gt;&lt;P&gt;Random and unpredictable&lt;/P&gt;&lt;P&gt;Any insights would be appreciated.&lt;/P&gt;&lt;img /&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;&lt;img /&gt;&lt;img /&gt;&lt;img /&gt;&lt;P&gt;From the server itself:&lt;/P&gt;&lt;img /&gt;&lt;img /&gt;&lt;img /&gt;&lt;img /&gt;&lt;P&gt;Please your support.&lt;/P&gt;</description>
      <pubDate>Fri, 26 Dec 2025 21:17:14 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-site-randomly-returns-404-while-app-pool-remains-started/m-p/4481341#M332</guid>
      <dc:creator>captainit</dc:creator>
      <dc:date>2025-12-26T21:17:14Z</dc:date>
    </item>
    <item>
      <title>Azure Bot Identity | Application with identifier 'x' was not found in the directory 'Bot Framework'</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/azure-bot-identity-application-with-identifier-x-was-not-found/ba-p/4475227</link>
      <description>&lt;P&gt;TL;DR&lt;/P&gt;
&lt;UL&gt;
&lt;LI data-start="11" data-end="167"&gt;Every Azure Bot has a &lt;STRONG data-start="35" data-end="70"&gt;fixed identity (MicrosoftAppId)&lt;/STRONG&gt; tied to either an &lt;STRONG data-start="89" data-end="109"&gt;App Registration&lt;/STRONG&gt; or a &lt;STRONG data-start="115" data-end="135"&gt;Managed Identity&lt;/STRONG&gt;—it cannot be changed or reused.&lt;/LI&gt;
&lt;LI data-start="168" data-end="377"&gt;Azure Bot supports three identity types:
&lt;UL data-start="213" data-end="377"&gt;
&lt;LI data-start="213" data-end="249"&gt;&lt;STRONG data-start="215" data-end="249"&gt;User-Assigned Managed Identity&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI data-start="252" data-end="302"&gt;&lt;STRONG data-start="254" data-end="288"&gt;Single-Tenant App Registration&lt;/STRONG&gt;&lt;/LI&gt;
&lt;LI data-start="305" data-end="377"&gt;&lt;STRONG data-start="307" data-end="340"&gt;Multi-Tenant App Registration&lt;/STRONG&gt; (&lt;STRONG data-start="342" data-end="376" data-is-only-node=""&gt;deprecated after July 31, 2025&lt;/STRONG&gt;)&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI data-start="378" data-end="581"&gt;Bots involve &lt;STRONG data-start="393" data-end="413"&gt;three auth flows&lt;/STRONG&gt;:
&lt;OL data-start="417" data-end="581"&gt;
&lt;LI data-start="417" data-end="458"&gt;Client → Channel (platform-specific)&lt;/LI&gt;
&lt;LI data-start="461" data-end="522"&gt;Channel ↔ Bot (core system auth using OAuth2 + Entra ID)&lt;/LI&gt;
&lt;LI data-start="525" data-end="581"&gt;User sign-in (optional; uses Authorization Code Flow)&lt;/LI&gt;
&lt;/OL&gt;
&lt;/LI&gt;
&lt;LI data-start="582" data-end="832"&gt;The error &lt;STRONG data-start="598" data-end="698"&gt;“AADSTS700016: Application with identifier 'xxx' was not found in the directory 'Bot Framework'” &lt;/STRONG&gt;happens when the Bot application tries to request tokens from the&amp;nbsp;&lt;STRONG data-start="773" data-end="800"&gt;botframework.com tenant&lt;/STRONG&gt; instead of its &lt;STRONG data-start="816" data-end="831"&gt;home tenant &lt;/STRONG&gt;while the App registration is set as SingleTenant.&lt;/LI&gt;
&lt;LI data-start="900" data-end="1031"&gt;&lt;A href="https://learn.microsoft.com/en-us/dotnet/api/microsoft.bot.builder.botframeworkadapter?view=botbuilder-dotnet-stable" target="_blank" rel="noopener"&gt;BotFrameworkAdapter Class (Microsoft.Bot.Builder) | Microsoft Learn&lt;/A&gt; is hardcoded to the Bot Framework tenant and &lt;STRONG data-start="969" data-end="986" data-is-only-node=""&gt;does not work&lt;/STRONG&gt; with Single-Tenant or Managed Identity bots. In Bot-Builder SDK (retires after Dec 2025), &lt;A href="https://learn.microsoft.com/en-us/dotnet/api/microsoft.bot.builder.integration.aspnet.core.cloudadapter?view=botbuilder-dotnet-stable" target="_blank" rel="noopener"&gt;CloudAdapter Class (Microsoft.Bot.Builder.Integration.AspNet.Core) | Microsoft Learn&lt;/A&gt; supports SingleTenant and UserAssigned-MSI bots and MicrosoftAppType needs to be configured to reflect the correct Bot Identity.&amp;nbsp;&lt;/LI&gt;
&lt;LI&gt;With announcement of the &lt;A class="lia-external-url" href="https://github.com/microsoft/botframework-sdk/tree/main" target="_blank" rel="noopener"&gt;Bot-Builder SDK deprecation&lt;/A&gt;, we recommend moving to The M365 &lt;A class="lia-external-url" href="https://learn.microsoft.com/en-us/microsoft-365/agents-sdk/agents-sdk-overview?tabs=csharp" target="_blank" rel="noopener"&gt;Agents SDK&lt;/A&gt; which retains many Bot Builder concepts with ability to create next generation Agents with orchestration, observability and more secure options authentication.&amp;nbsp; This also offers flexible and more secure options for token aquisition.&amp;nbsp;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN data-teams="true"&gt;Skip directly to the "Channel (2) ↔ Bot (3) Authorization" section if you want to understand why the error occurs.&amp;nbsp;&lt;/SPAN&gt;&lt;/P&gt;
&lt;H2&gt;Azure Bot Identity&lt;/H2&gt;
&lt;P&gt;Every Azure Bot Service has a unique Id (also known as MSAAppId or MicrosoftAppId) which you can find in Azure Portal -&amp;gt; Azure Bot Resource -&amp;gt; Configuration if the Bot is created:&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;This MSAAppId corresponds to either the &lt;STRONG data-start="139" data-end="197"&gt;Client ID of&lt;/STRONG&gt;&amp;nbsp;&lt;A class="lia-external-url" href="https://learn.microsoft.com/en-us/entra/identity-platform/developer-glossary#application-registration" target="_blank" rel="noopener"&gt;Application Registration in Microsoft Entra ID&lt;/A&gt; or &lt;A class="lia-external-url" href="https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview" target="_blank" rel="noopener"&gt;Managed Identity in Azure&lt;/A&gt; . This is Id is tied to the respective Bot Service from creation until deletion, cannot be modified or reused for a different Bot resource. Closely related to this is the concept of the &lt;STRONG data-start="472" data-end="499"&gt;Azure Bot Identity Type &lt;/STRONG&gt;and can be one of the following:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;User-assigned managed identity - identity tied to a &lt;A href="https://learn.microsoft.com/en-us/entra/identity/managed-identities-azure-resources/overview" target="_blank" rel="noopener"&gt;Managed Identity in Azure&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;Single-tenant - identity tied to an&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/developer-glossary#application-registration" target="_blank" rel="noopener"&gt;Application Registration in Microsoft Entra ID&lt;/A&gt; with Supported account types = Accounts in this organizational directory only
&lt;UL&gt;
&lt;LI&gt;Reference -&lt;STRONG&gt;&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/quickstart-register-app#register-an-application" target="_blank" rel="noopener"&gt;How to register an app in Microsoft Entra ID - Microsoft identity platform | Microsoft Learn&lt;/A&gt;&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;Multi-Tenant&amp;nbsp;&lt;EM&gt;(Deprecated – ends July 31, 2025) - &lt;/EM&gt;identity tied to an&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/developer-glossary#application-registration" target="_blank" rel="noopener"&gt;Application Registration in Microsoft Entra ID&lt;/A&gt; with Supported account types = Accounts in any organizational directory
&lt;UL&gt;
&lt;LI&gt;Reference - &lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/developer-glossary#multitenant-application" target="_blank" rel="noopener"&gt;Microsoft Identity Platform Glossary - Microsoft identity platform | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;References:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/azure/bot-service/abs-quickstart?view=azure-bot-service-4.0&amp;amp;tabs=userassigned#bot-identity-information" target="_blank" rel="noopener"&gt;Create an Azure Bot resource in the Azure portal - Bot Service | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Identity and Authorization&lt;/H2&gt;
&lt;P&gt;As described in &lt;A href="https://techcommunity.microsoft.com/blog/iis-support-blog/navigating-azure-bot-networking-key-considerations-for-privatization/4284592?previewMessage=true" target="_blank" rel="noopener"&gt;Navigating Azure Bot Networking: Key Considerations for Privatization, &lt;/A&gt;an Azure Bot Solution consists of below components:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Clients (1)&lt;/STRONG&gt;: User-facing application used to consume/converse with Bot solutions. Examples include&amp;nbsp;&lt;A href="https://github.com/microsoft/BotFramework-WebChat/tree/main" target="_blank" rel="noopener"&gt;Web Chat Widget&lt;/A&gt;, Teams, Slack etc.&amp;nbsp;&amp;nbsp;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;The Bot Service&lt;/STRONG&gt;: This managed SaaS umbrella includes configuration management, channel services and token services. Services are made available with the&amp;nbsp;&amp;lt;service&amp;gt;.botframework.com&amp;nbsp;endpoints.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;The Bot Application (2)&lt;/STRONG&gt;: Using the Bot/Agents SDK or Composer, you create an HTTP-based application that encapsulates your functional and conversational logic, including recognition, processing, and storage. The Bot application operates using the&amp;nbsp;&lt;A href="https://github.com/microsoft/botframework-sdk/blob/main/specs/botframework-activity/botframework-activity.md" target="_blank" rel="noopener"&gt;Bot Framework Activity Specification&lt;/A&gt;. The Bot application exposes a public messaging endpoint for receiving activities (messaging endpoint).&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Channel Connectors (3): &lt;/STRONG&gt;While Azure Bot Service provides two native channels—Direct Line and Web Chat—it is designed to be highly extensible and supports integration with additional clients and communication platforms through external channels. These channels are implemented and operated by their respective providers and run within their own managed data centers. The bot’s messaging endpoint is not exposed directly to end users; instead, users interact with the bot via channel connectors, which handle session management, activity routing, and authentication on behalf of the client. Different clients, such as Teams and Slack, represent messages and activities uniquely. Since Bot applications understands and responds with activities as defined in the&amp;nbsp;&lt;A href="https://github.com/microsoft/botframework-sdk/blob/main/specs/botframework-activity/botframework-activity.md" target="_blank" rel="noopener"&gt;Bot Framework Activity Specification&lt;/A&gt;, channels are responsible for transforming activities and forwarding them to the application.&lt;/LI&gt;
&lt;/UL&gt;
&lt;img /&gt;
&lt;P&gt;There are 3 Authentication/Authorization flows in a Bot solution.&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Client (1) to Channel (2) Authentication&lt;/STRONG&gt; - This flow is &lt;STRONG data-start="416" data-end="437"&gt;platform-specific&lt;/STRONG&gt; and is implemented by the channel owner. It governs how an end-user or client application authenticates with the channel before any interaction reaches the bot. For example, the&amp;nbsp;&lt;STRONG data-start="618" data-end="633"&gt;Direct Line&lt;/STRONG&gt; channel requires a token or secret to establish trust, as described in &lt;A href="https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-direct-line-3-0-authentication?view=azure-bot-service-4.0" target="_blank" rel="noopener"&gt;Direct Line Authentication in Azure AI Bot Service - Bot Service | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Channel (2) &amp;lt;-&amp;gt; Bot&amp;nbsp;(3) Authorization&lt;/STRONG&gt;&amp;nbsp;- This flow is&amp;nbsp;&lt;STRONG style="color: rgb(30, 30, 30);" data-start="951" data-end="974"&gt;channel-independent&lt;/STRONG&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt; and is consistent across all Azure Bot channels. Communication between the channel and the bot occurs via bi-directional HTTPS calls secured using &lt;/SPAN&gt;&lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/developer-glossary#access-token" target="_blank" rel="noopener"&gt;OAuth2 JWT Access Tokens&lt;/A&gt; &lt;STRONG style="color: rgb(30, 30, 30);" data-start="1122" data-end="1182"&gt;issued by Microsoft Entra ID&lt;/STRONG&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt;. &lt;/SPAN&gt;Both the channel and the bot validate each other by exchanging these tokens. This mechanism is what directly relies on the&amp;nbsp;&lt;STRONG style="color: rgb(30, 30, 30);" data-start="1460" data-end="1487"&gt;Azure Bot Identity type&lt;/STRONG&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt; (Managed Identity, Single-Tenant App, or legacy Multi-Tenant App) and is the primary focus of this blog.&lt;/SPAN&gt;&lt;/LI&gt;
&lt;LI&gt;
&lt;P data-start="1414" data-end="1592"&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt;&lt;STRONG&gt;User Authentication&lt;/STRONG&gt; - &lt;/SPAN&gt;This is an optional flow enables end users to authenticate within the chat experience so the bot can i&lt;SPAN style="color: rgb(30, 30, 30);"&gt;dentify the user, a&lt;/SPAN&gt;ccess protected user data or perform actions on the user’s behalf (e.g., schedule meetings, access emails). User authentication is implemented using the &lt;SPAN style="color: rgb(30, 30, 30);"&gt;"&lt;/SPAN&gt;&lt;A class="lia-external-url" style="background-color: rgb(255, 255, 255); font-style: normal; font-weight: 400;" href="https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-auth-code-flow" target="_blank" rel="noopener"&gt;Authorization Code Flow&lt;/A&gt;&lt;SPAN style="color: rgb(30, 30, 30);"&gt;" and supports multiple identity providers, including &lt;STRONG data-start="1993" data-end="2015"&gt;Microsoft Entra ID&lt;/STRONG&gt;. When Entra ID is used, the bot can authenticate users using the &lt;STRONG data-start="2086" data-end="2111"&gt;same App Registration&lt;/STRONG&gt; as the bot identity, or a &lt;STRONG data-start="2142" data-end="2171"&gt;separate App Registration&lt;/STRONG&gt;, depending on security and design requirements. This user sign-in process is &lt;STRONG data-start="2249" data-end="2264"&gt;independent&lt;/STRONG&gt; of the Channel-to-Bot authorization flow and is not affected by the bot’s identity type.&lt;/SPAN&gt;&lt;/P&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;UL&gt;
&lt;LI style="list-style-type: none;"&gt;
&lt;UL&gt;
&lt;LI&gt;References:
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/azure/bot-service/bot-builder-authentication?view=azure-bot-service-4.0&amp;amp;tabs=userassigned%2Caadv2%2Ccsharp" target="_blank" rel="noopener"&gt;Add authentication to a bot in Bot Framework SDK - Bot Service | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A class="lia-external-url" style="font-style: normal; font-weight: 400; background-color: rgb(255, 255, 255);" href="https://github.com/microsoft/botframework-sdk/tree/main/docs/umlDiagrams/Authentication#detailed-view" target="_blank" rel="noopener"&gt;Flow Diagram - botframework-sdk&lt;/A&gt; - In a brief:
&lt;UL&gt;
&lt;LI&gt;The Bot application checks whether a user access token already exists in the &lt;STRONG data-start="244" data-end="269"&gt;Azure Bot Token Store&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;If no token is found, the bot challenges the user to sign in within the chat interface. Some channels, such as &lt;STRONG data-start="387" data-end="406"&gt;Microsoft Teams&lt;/STRONG&gt;, also support SSO - &lt;A href="https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/bot-sso-overview?tabs=personal" target="_blank" rel="noopener"&gt;Enable SSO with Microsoft Entra ID - Teams | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;The issued token is then securely stored in the &lt;STRONG data-start="634" data-end="659"&gt;Azure Bot Token Store&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;The user is redirected to the configured &lt;STRONG data-start="493" data-end="514"&gt;Identity Provider&lt;/STRONG&gt; (for example, Microsoft Entra ID) and authenticates successfully.&lt;/LI&gt;
&lt;LI&gt;The Bot application retrieves the token from the Token Store and uses it to access protected resources or perform actions on the user’s behalf.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Channel (2) &amp;lt;-&amp;gt; Bot (3) Authorization&lt;/H2&gt;
&lt;img /&gt;
&lt;P&gt;As we see in the "Outbound Flow: Bot to Channel", the Bot Application typically uses &lt;A href="https://learn.microsoft.com/en-us/entra/identity-platform/v2-oauth2-client-creds-grant-flow" target="_blank" rel="noopener"&gt;OAuth 2.0 client credentials flow on the Microsoft identity platform - Microsoft identity platform | Microsoft Learn&lt;/A&gt;. The &lt;STRONG data-start="385" data-end="415"&gt;token authority (endpoint)&lt;/STRONG&gt; used for this flow depends on the &lt;STRONG data-start="450" data-end="471"&gt;Bot Identity Type&lt;/STRONG&gt;, as documented in&lt;A href="https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-authentication?view=azure-bot-service-4.0&amp;amp;tabs=multitenant#step-1-request-an-access-token-from-the-microsoft-entra-id-account-login-service" target="_blank" rel="noopener"&gt; Authenticate requests with the Bot Connector API - Bot Service | Microsoft Learn&lt;/A&gt;.&lt;/P&gt;
&lt;P&gt;The error "Application with identifier 'xxx' was not found in the directory 'Bot Framework'" happens when:&lt;/P&gt;
&lt;UL&gt;
&lt;LI data-start="722" data-end="876"&gt;The Bot’s Application Registration is configured as &lt;STRONG data-start="776" data-end="793"&gt;Single-Tenant&lt;/STRONG&gt;&lt;BR data-start="793" data-end="796" /&gt;&lt;EM data-start="798" data-end="874"&gt;(Supported account types = Accounts in this organizational directory only)&lt;/EM&gt;&lt;/LI&gt;
&lt;LI data-start="877" data-end="1035"&gt;The Bot application requests a token from the &lt;STRONG data-start="925" data-end="949"&gt;Bot Framework tenant&lt;/STRONG&gt;:
&lt;UL&gt;
&lt;LI&gt;https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI data-start="1036" data-end="1125"&gt;Since the App Registration is &lt;STRONG data-start="1068" data-end="1085"&gt;Single-Tenant&lt;/STRONG&gt;, only the home tenant can issue tokens.&lt;/LI&gt;
&lt;LI data-start="1126" data-end="1199"&gt;The Bot Framework tenant is not the home tenant → token issuance fails.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;All the operations shown in diagram except business logic is automatically handled by the SDK (BotSDK or AgentsSDK) but the Developer gets control correct token endpoint.&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Bot SDK automatically infers the token endpoint/Authority based on the configuration:
&lt;UL&gt;
&lt;LI&gt;If you are using&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/dotnet/api/microsoft.bot.builder.botframeworkadapter?view=botbuilder-dotnet-stable" target="_blank" rel="noopener"&gt;BotFrameworkAdapter Class (Microsoft.Bot.Builder) | Microsoft Learn&lt;/A&gt; - it will always make calls to "https://login.microsoftonline.com/&lt;STRONG&gt;botframework.com&lt;/STRONG&gt;/oauth2/v2.0/token". Thus, it cannot work with SingleTenant or UserAssigned MSI Bot.&amp;nbsp;&lt;/LI&gt;
&lt;LI&gt;If you are using &lt;A href="https://learn.microsoft.com/en-us/dotnet/api/microsoft.bot.builder.integration.aspnet.core.cloudadapter?view=botbuilder-dotnet-stable" target="_blank" rel="noopener"&gt;CloudAdapter Class (Microsoft.Bot.Builder.Integration.AspNet.Core) | Microsoft Learn&lt;/A&gt;, it supports configuring the Bot Identity using the MicrosoftAppType. Review samples to understand how this is configured for different runtimes:
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://github.com/microsoft/BotBuilder-Samples/tree/main/samples" target="_blank" rel="noopener"&gt;BotBuilder-Samples/samples at main · microsoft/BotBuilder-Samples · GitHub&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://github.com/microsoft/BotBuilder-Samples/blob/main/samples/csharp_dotnetcore/02.echo-bot/appsettings.json" target="_blank" rel="noopener"&gt;BotBuilder-Samples/samples/csharp_dotnetcore/02.echo-bot/appsettings.json at main · microsoft/BotBuilder-Samples · GitHub&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;M365 Agents SDK - This is a successor of Bot SDK and will be the only supported SDK after December 2025:
&lt;UL&gt;
&lt;LI&gt;The Identity configuration is flexible and simplified in Agents SDK. The concepts remain same, appropriate token endpoint/authority needs to be used.
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/microsoft-365/agents-sdk/microsoft-authentication-library-configuration-options" target="_blank" rel="noopener"&gt;Configure authentication in a .NET agent | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://github.com/microsoft/Agents/tree/main/samples" target="_blank" rel="noopener"&gt;Agents/samples at main · microsoft/Agents · GitHub&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Migration from&lt;SPAN style="color: rgb(30, 30, 30);"&gt;MultiTenant &lt;/SPAN&gt;SingleTenant to in the Bot code:&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;With announcement of the Bot-Builder SDK deprecation, we recommend moving to Agents SDK which retains many Bot Builder concepts with ability to create next generation Agents with orchestration, observability and more secure options authentication.&amp;nbsp; &amp;nbsp;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://github.com/microsoft/botframework-sdk/tree/main" target="_blank" rel="noopener"&gt;GitHub - microsoft/botframework-sdk: Bot Framework provides the most comprehensive experience for building conversation applications.&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/microsoft-365/agents-sdk/bf-migration-guidance" target="_blank" rel="noopener"&gt;Azure Bot Framework SDK to Microsoft 365 Agents SDK migration guidance | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;For Bot SDK to work with SingleTenant, you must use &lt;A href="https://learn.microsoft.com/en-us/dotnet/api/microsoft.bot.builder.integration.aspnet.core.cloudadapter?view=botbuilder-dotnet-stable" target="_blank" rel="noopener"&gt;CloudAdapter Class (Microsoft.Bot.Builder.Integration.AspNet.Core) | Microsoft Learn&lt;/A&gt; and configure correct MicrosoftAppType.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;I hope it helps.&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 05 Dec 2025 14:42:50 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/azure-bot-identity-application-with-identifier-x-was-not-found/ba-p/4475227</guid>
      <dc:creator>manojdixit</dc:creator>
      <dc:date>2025-12-05T14:42:50Z</dc:date>
    </item>
    <item>
      <title>Addressing .Net EOL installations for Windows Admins</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/addressing-net-eol-installations-for-windows-admins/ba-p/4473750</link>
      <description>&lt;BLOCKQUOTE&gt;
&lt;P&gt;TL; DR:&lt;/P&gt;
&lt;P data-start="125" data-end="500"&gt;Installing the latest .NET runtime on a server &lt;STRONG data-start="172" data-end="214"&gt;does not upgrade existing applications&lt;/STRONG&gt; that are built on unsupported versions (for example, anything older than .NET 8 as of Nov 2025). Applications must be explicitly upgraded through a full development lifecycle—retargeting the project to a supported framework, updating dependencies, rebuilding, testing, and redeploying.&lt;/P&gt;
&lt;P data-start="502" data-end="757"&gt;This is not something a Windows administrator can safely perform alone. However, admins &lt;EM data-start="590" data-end="606"&gt;can and should&lt;/EM&gt; identify which applications are running on EOL .NET versions and coordinate with development teams to ensure they are upgraded to a supported release.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;H3 data-start="183" data-end="239"&gt;.NET vs .NET Framework: Understanding the Difference&lt;/H3&gt;
&lt;P data-start="241" data-end="557"&gt;Unlike the classic &lt;STRONG data-start="260" data-end="278"&gt;.NET Framework&lt;/STRONG&gt;, modern &lt;STRONG data-start="287" data-end="316"&gt;.NET (formerly .NET Core)&lt;/STRONG&gt; is &lt;EM data-start="320" data-end="325"&gt;not&lt;/EM&gt; an integral part of the Windows operating system. It is typically installed &lt;STRONG data-start="402" data-end="415"&gt;on-demand&lt;/STRONG&gt; when an application requires it. This means multiple .NET versions can coexist on the same system without automatically affecting each other.&lt;/P&gt;
&lt;P data-start="559" data-end="574"&gt;Modern .NET is:&lt;/P&gt;
&lt;UL data-start="575" data-end="695"&gt;
&lt;LI data-start="575" data-end="617"&gt;Cross-platform (Windows, Linux, macOS)&lt;/LI&gt;
&lt;LI data-start="618" data-end="633"&gt;Open source&lt;/LI&gt;
&lt;LI data-start="634" data-end="695"&gt;Designed for rapid evolution and cloud-native development&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-start="697" data-end="814"&gt;Because of these design goals, modern .NET follows a &lt;STRONG data-start="750" data-end="782"&gt;fixed annual release cadence&lt;/STRONG&gt; with defined support timelines.&lt;/P&gt;
&lt;P data-start="697" data-end="814"&gt;Official documentation:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core" target="_blank"&gt;.NET and .NET Core official support policy | .NET&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-framework" target="_blank"&gt;.NET Framework official support policy | .NET&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;A href="https://dotnet.microsoft.com/en-us/download" target="_blank"&gt;Download .NET (Linux, macOS, and Windows) | .NET&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3 data-start="1521" data-end="1542"&gt;End of Life (EOL)&lt;/H3&gt;
&lt;P data-start="1544" data-end="1705"&gt;As a .NET version approaches End of Life (EOL), Microsoft recommends upgrading to a supported version and reducing dependency on the expiring runtime. After EOL:&lt;/P&gt;
&lt;UL data-start="1707" data-end="1820"&gt;
&lt;LI data-start="1707" data-end="1730"&gt;Security updates stop&lt;/LI&gt;
&lt;LI data-start="1731" data-end="1747"&gt;Bug fixes stop&lt;/LI&gt;
&lt;LI data-start="1748" data-end="1782"&gt;Microsoft technical support ends&lt;/LI&gt;
&lt;LI data-start="1783" data-end="1820"&gt;Compliance and audit risks increase&lt;/LI&gt;
&lt;/UL&gt;
&lt;P data-start="1822" data-end="1891"&gt;Microsoft strongly discourages continued use of unsupported runtimes:&lt;/P&gt;
&lt;P data-start="1895" data-end="2035"&gt;Using out-of-support .NET versions may expose your applications, data, and environment to security vulnerabilities and operational failures.&lt;/P&gt;
&lt;P data-start="2037" data-end="2089"&gt;EOL is also referred to as &lt;STRONG data-start="2064" data-end="2088"&gt;End of Support (EOS)&lt;/STRONG&gt;.&lt;/P&gt;
&lt;H3 data-start="2096" data-end="2146"&gt;Why Security Tools Flag EOL .NET Installations&lt;/H3&gt;
&lt;P data-start="2148" data-end="2387"&gt;Once a .NET runtime reaches EOL, vulnerability scanners and endpoint security software often flag it as a risk and recommend removal. Even if your tools do not explicitly report it, &lt;STRONG data-start="2330" data-end="2386"&gt;proactive removal and upgrade is still best practice&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P data-start="2389" data-end="2448"&gt;Before uninstalling, however, administrators typically ask:&lt;/P&gt;
&lt;UL data-start="2450" data-end="2666"&gt;
&lt;LI data-start="2450" data-end="2497"&gt;&lt;EM data-start="2452" data-end="2495"&gt;What will break if I remove this version?&lt;/EM&gt;&lt;/LI&gt;
&lt;LI data-start="2498" data-end="2553"&gt;&lt;EM data-start="2500" data-end="2551"&gt;Can I just install the latest .NET to replace it?&lt;/EM&gt;&lt;/LI&gt;
&lt;LI data-start="2554" data-end="2609"&gt;&lt;EM data-start="2556" data-end="2607"&gt;Which applications are dependent on this runtime?&lt;/EM&gt;&lt;/LI&gt;
&lt;LI data-start="2610" data-end="2666"&gt;&lt;EM data-start="2612" data-end="2666"&gt;Can I safely remove it if nothing appears to use it?&lt;/EM&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;Here is a general workflow that can be used to address the above questions:&lt;/P&gt;
&lt;H3&gt;Step 1 – Identify Applications Using EOL ASP.NET / .NET Runtimes&lt;/H3&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;&lt;STRONG data-start="235" data-end="249"&gt;Important:&lt;/STRONG&gt; The steps below identify only the applications &lt;EM data-start="297" data-end="340"&gt;actively running at the time of execution&lt;/EM&gt;. Any dormant services, scheduled tasks, or rarely used applications may still depend on EOL .NET but will not appear until they are executed.&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;UL&gt;
&lt;LI&gt;
&lt;P data-start="484" data-end="613"&gt;To identify currently running applications that are using the .NET runtime, you can use &lt;STRONG data-start="572" data-end="597"&gt;Sysinternals ListDLLs&lt;/STRONG&gt; from Microsoft.&lt;/P&gt;
&lt;/LI&gt;
&lt;LI&gt;
&lt;P data-start="484" data-end="613"&gt;Download&amp;nbsp;&lt;A href="https://learn.microsoft.com/en-us/sysinternals/downloads/listdlls" target="_blank"&gt;ListDLLs - Sysinternals | Microsoft Learn&lt;/A&gt; and run the following command from an elevated (Administrator) CMD prompt:&lt;/P&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI-CODE lang="powershell"&gt;listdlls.exe -d coreclr.dll -accepteula -v&lt;/LI-CODE&gt;&lt;img&gt;Sample output of listdll command&lt;/img&gt;
&lt;P&gt;This will show all the dotnet processes (with versions 6/7 or 8 or previous) along with version of .Net runtime loaded (coreclr). Make a note of processes that are loading EOL .Net versions - &lt;A href="https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core" target="_blank"&gt;.NET and .NET Core official support policy.&amp;nbsp;&lt;/A&gt;&lt;/P&gt;
&lt;P&gt;Note - coreclr is the Dotnet runtime dll which will be loaded in a .Net process. The listdll shows a specific version loaded by respective process, that would help identify processes using EOL .Net runtime.&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Reference - &lt;A href="https://devblogs.microsoft.com/dotnet/coreclr-is-now-open-source/" target="_blank"&gt;CoreCLR is now Open Source - .NET Blog&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;Step 2 - Reach to the developers to upgrade the Application to supported version:&amp;nbsp;&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;
&lt;P data-start="183" data-end="414"&gt;Applications&amp;nbsp;&lt;STRONG data-start="196" data-end="228"&gt;do not automatically upgrade&lt;/STRONG&gt; to a newer .NET version simply because a supported runtime is installed on the server. Each application must be &lt;STRONG data-start="341" data-end="367"&gt;rebuilt and retargeted&lt;/STRONG&gt; to explicitly use the newer framework version.&lt;/P&gt;
&lt;/LI&gt;
&lt;LI&gt;
&lt;P data-start="183" data-end="414"&gt;The upgrade process typically follows a full software development lifecycle (SDLC), including:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Retargeting the project to the latest supported .NET version&lt;/LI&gt;
&lt;LI&gt;
&lt;P data-start="183" data-end="414"&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Updating NuGet packages and dependencies&lt;/P&gt;
&lt;/LI&gt;
&lt;LI data-start="621" data-end="648"&gt;Fixing breaking changes&lt;/LI&gt;
&lt;LI data-start="649" data-end="679"&gt;Rebuilding the application&lt;/LI&gt;
&lt;LI data-start="680" data-end="717"&gt;Functional and regression testing&lt;/LI&gt;
&lt;LI data-start="718" data-end="746"&gt;Deployment to production&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P data-start="748" data-end="1064"&gt;This process is &lt;STRONG data-start="764" data-end="830"&gt;not something a Windows administrator can safely perform alone&lt;/STRONG&gt;. It requires access to the application source code and ownership from the development or product team. Administrators should focus on identifying incompatible or EOL runtimes and coordinating with application owners to plan upgrades.&lt;/P&gt;
&lt;/LI&gt;
&lt;LI&gt;Reference:
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/dotnet/core/install/upgrade" target="_blank"&gt;Upgrade to a new .NET version - .NET | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2 data-start="92" data-end="155"&gt;Step 3 – Confirm No Applications Are Using EOL .NET Runtimes&lt;/H2&gt;
&lt;P data-start="157" data-end="308"&gt;After application owners have upgraded and deployments are completed, you must verify that no processes are still running on unsupported .NET runtimes.&lt;/P&gt;
&lt;P data-start="310" data-end="372"&gt;Repeat the same process from &lt;STRONG data-start="339" data-end="349"&gt;Step 1&lt;/STRONG&gt; to re-scan the system:&lt;/P&gt;
&lt;H2 data-start="152" data-end="200"&gt;Step 4 – Uninstall / Remove EOL .NET Runtimes&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;Once you confirmed no dependency on the EOL products you can proceed with uninstall.&lt;/LI&gt;
&lt;LI&gt;Note that .Net apps can be &lt;STRONG&gt;self-contained or&amp;nbsp;framework-dependent:&lt;/STRONG&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/dotnet/core/deploying/?pivots=visualstudio#publishing-modes" target="_blank"&gt;.NET application publishing overview - .NET | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Publish self-contained&lt;/STRONG&gt;&lt;BR /&gt;This mode produces a publishing folder that includes a platform-specific executable used to start the app, a compiled binary containing app code, any app dependencies, and the .NET runtime required to run the app. The environment that runs the app doesn't need to have the .NET runtime preinstalled.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Publish framework-dependent&lt;/STRONG&gt;&lt;BR /&gt;This mode produces a publishing folder that includes an optional platform-specific executable used to start the app, a compiled binary containing app code, and any app dependencies. The environment that runs the app must have a version of the .NET runtime installed that the app can use.
&lt;UL&gt;
&lt;LI&gt;Framework dependant apps will use the shared runtimes that you may have installed from &lt;A href="https://dotnet.microsoft.com/en-us/download" target="_blank"&gt;Download .NET (Linux, macOS, and Windows) | .NET&lt;/A&gt;.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;&amp;nbsp;For self-contained apps, the developer must provide a latest package with supported runtimes.&amp;nbsp;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;LI&gt;Of course, to anticipate failure, please have back up/recovery plans and execute the actions during a downtime as per your company policies.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;I hope this helps.&amp;nbsp;&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;</description>
      <pubDate>Fri, 28 Nov 2025 13:53:53 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/addressing-net-eol-installations-for-windows-admins/ba-p/4473750</guid>
      <dc:creator>manojdixit</dc:creator>
      <dc:date>2025-11-28T13:53:53Z</dc:date>
    </item>
    <item>
      <title>HTTPS Reverse Proxy on IIS 10 – External Access Fails (Timeout) Although Local Requests Work</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/https-reverse-proxy-on-iis-10-external-access-fails-timeout/m-p/4472305#M331</link>
      <description>&lt;P&gt;Hello everyone,&lt;/P&gt;&lt;P&gt;I’m currently facing an issue with an IIS 10 reverse proxy configuration on Windows Server, and I would really appreciate your guidance.&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;Environment&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;Windows Server&lt;/P&gt;&lt;P&gt;IIS 10&lt;/P&gt;&lt;P&gt;Application Request Routing (ARR) + URL Rewrite enabled&lt;/P&gt;&lt;P&gt;Backend application running on:&lt;/P&gt;&lt;P&gt;http://localhost:8080/ http://localhost:8080/login&lt;/P&gt;&lt;P&gt;Public domain:&lt;/P&gt;&lt;P&gt;https://lojistik.abc.com.tr&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;What I want to achieve&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;I want users to access the backend web application through the following URL:&lt;/P&gt;&lt;P&gt;https://lojistik.abc.com.tr/LMYS/login&lt;/P&gt;&lt;P&gt;Internally, IIS should proxy this to:&lt;/P&gt;&lt;P&gt;http://localhost:8080/login&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;What works&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;The backend application is accessible without issues:&lt;/P&gt;&lt;P&gt;http://localhost:8080/login&lt;/P&gt;&lt;P&gt;From the server itself, reverse proxy works:&lt;/P&gt;&lt;P&gt;Invoke-WebRequest "https://lojistik.abc.com.tr/LMYS/login"&lt;/P&gt;&lt;P&gt;→ &lt;STRONG&gt;StatusCode: 200&lt;/STRONG&gt; (success)&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;What does NOT work&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;From any client machine, the following request results in a &lt;STRONG&gt;timeout&lt;/STRONG&gt;:&lt;/P&gt;&lt;P&gt;https://lojistik.abc.com.tr/LMYS/login&lt;/P&gt;&lt;P&gt;Browser shows connection timeout.&lt;/P&gt;&lt;P&gt;No entry appears in IIS logs for external requests to /LMYS/....&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;Tests performed&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;▪ netstat -ano | findstr :443 on the server → &lt;STRONG&gt;Port 443 is listening&lt;/STRONG&gt; ▪ DNS resolves correctly:&lt;/P&gt;&lt;P&gt;lojistik.abc.com.tr → 10.6.130.90&lt;/P&gt;&lt;P&gt;▪ Reverse proxy rule on IIS is correctly configured under the HTTPS binding site:&lt;/P&gt;&lt;P&gt;Pattern: ^LMYS(/.*)?$ Rewrite to: http://localhost:8080{R:1}&lt;/P&gt;&lt;P&gt;▪ ARR Server Proxy is enabled.&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;Key observation&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;Requests from the server itself succeed (reverse proxy returns 200), but &lt;STRONG&gt;external clients always time out&lt;/STRONG&gt;, which suggests that the HTTPS traffic is not reaching IIS at all (likely blocked or not NAT-forwarded on the network path).&lt;/P&gt;&lt;H3&gt;&lt;STRONG&gt;Question&lt;/STRONG&gt;&lt;/H3&gt;&lt;P&gt;What could cause HTTPS (port 443) traffic to reach IIS locally, but external requests to the same port to hang indefinitely?&lt;/P&gt;&lt;P&gt;Any guidance would be greatly appreciated.&lt;/P&gt;&lt;P&gt;Thank you in advance.&lt;/P&gt;&lt;P&gt;Best regards,&lt;/P&gt;</description>
      <pubDate>Sat, 22 Nov 2025 20:03:22 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/https-reverse-proxy-on-iis-10-external-access-fails-timeout/m-p/4472305#M331</guid>
      <dc:creator>raysefo</dc:creator>
      <dc:date>2025-11-22T20:03:22Z</dc:date>
    </item>
    <item>
      <title>Why Does an Old Certificate Reappear After Reboot in Azure VMs?</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/why-does-an-old-certificate-reappear-after-reboot-in-azure-vms/ba-p/4465209</link>
      <description>&lt;H2&gt;&lt;STRONG&gt;Issue Observed&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;A customer removed an expired SSL certificate from their Azure VM after installing a renewed one. However, after every reboot, the old certificate reappeared, and IIS site bindings automatically started picking it up.&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Investigation Steps&lt;/STRONG&gt;&lt;/H2&gt;
&lt;H3&gt;&lt;STRONG&gt;1. Identify the Process Bringing Back the Certificate&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P&gt;To trace the root cause, we configured &lt;STRONG&gt;Sysmon&lt;/STRONG&gt; following this guide:&lt;BR /&gt;&lt;EM&gt;&lt;A href="https://techcommunity.microsoft.com/blog/iis-support-blog/auditing-scenarios-for-web-application-hosted-in-iis---part-1---ssl-binding-modi/3730761" target="_blank" rel="noopener"&gt;Auditing Scenarios for Web Application Hosted in IIS - Part 1 - SSL Binding Modified | Microsoft Community Hub&lt;/A&gt;&lt;/EM&gt;&lt;/P&gt;
&lt;P&gt;We asked the customer to remove the certificate and reboot the server to reproduce the issue.&lt;BR /&gt;After rebooting, the certificate was reinstalled. Event logs revealed a process named &lt;STRONG&gt;akvvm_service.exe&lt;/STRONG&gt; was responsible for bringing the certificate back.&lt;/P&gt;
&lt;P&gt;Following is the screenshot from the event log:&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;I then checked the task manager to check about the process (7964) and see following:&lt;/P&gt;
&lt;img /&gt;
&lt;H3&gt;&lt;STRONG&gt;2. What is akvvm_service.exe?&lt;/STRONG&gt;&lt;/H3&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;akvvm_service.exe&lt;/STRONG&gt; is the service executable for the &lt;STRONG&gt;Azure Key Vault VM extension&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Purpose of this service:&lt;/STRONG&gt;
&lt;UL&gt;
&lt;LI&gt;Monitors certificates stored in &lt;STRONG&gt;Azure Key Vault&lt;/STRONG&gt; that the VM is configured to observe.&lt;/LI&gt;
&lt;LI&gt;Automatically downloads, installs, and refreshes those certificates into the Windows certificate store (e.g., LocalMachine\My) at a defined polling interval:
&lt;UL&gt;
&lt;LI&gt;&lt;A href="https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/key-vault-windows" target="_blank" rel="noopener"&gt;Azure Key Vault VM extension for Windows - Azure Virtual Machines | Microsoft Learn&lt;/A&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;
&lt;H3&gt;&lt;STRONG&gt;3. Why Was This Happening?&lt;/STRONG&gt;&lt;/H3&gt;
&lt;P&gt;The customer had multiple certificates in their Key Vault. The VM extension KeyVaultForWindows was pulling all configured certificates back into the server during every reboot.&lt;/P&gt;
&lt;P&gt;To check the extensions:&lt;BR /&gt;Go to Azure VM -&amp;gt; Search for Extensions -&amp;gt; Select Extensions + applications:&lt;/P&gt;
&lt;P&gt;We see all the Extensions + applications configured with the VM and here we see this extension KeyVaultForWindows configured:&lt;/P&gt;
&lt;img /&gt;
&lt;P&gt;Further checks revealed:&lt;/P&gt;
&lt;P&gt;Issue was only happening in DEV, TEST and STG environment and not in PROD&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;DEV, TEST, and STG environments&lt;/STRONG&gt; had the &lt;STRONG&gt;KeyVaultForWindows&lt;/STRONG&gt; extension installed.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;PROD environment&lt;/STRONG&gt; did &lt;STRONG&gt;not&lt;/STRONG&gt; have this extension, which explained why the issue was isolated to non-PROD environments.&lt;/LI&gt;
&lt;/UL&gt;
&lt;H2&gt;&lt;STRONG&gt;Resolution&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;We shared the following action plan:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Option 1:&lt;/STRONG&gt; Uninstall the Key Vault VM extension to match the PROD setup.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Option 2:&lt;/STRONG&gt; Delete or disable certificates that are no longer required in Key Vault.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;The customer chose &lt;STRONG&gt;Option 2&lt;/STRONG&gt; and confirmed:&lt;/P&gt;
&lt;P&gt;“Disabling expired certificates within Key Vault fixed the issue.”&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;Key Takeaways&lt;/STRONG&gt;&lt;/H2&gt;
&lt;UL&gt;
&lt;LI&gt;If old certificates reappear after reboot, check for &lt;STRONG&gt;Azure Key Vault VM extension&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;This extension automatically syncs certificates from Key Vault to your VM.&lt;/LI&gt;
&lt;LI&gt;To prevent unwanted certificates:
&lt;UL&gt;
&lt;LI&gt;Remove the extension if not needed.&lt;/LI&gt;
&lt;LI&gt;Or disable/delete unnecessary certificates in Key Vault.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Wed, 29 Oct 2025 16:02:22 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/why-does-an-old-certificate-reappear-after-reboot-in-azure-vms/ba-p/4465209</guid>
      <dc:creator>Shekhar</dc:creator>
      <dc:date>2025-10-29T16:02:22Z</dc:date>
    </item>
    <item>
      <title>IIS app pool in-memory cache miss</title>
      <link>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-app-pool-in-memory-cache-miss/m-p/4458868#M327</link>
      <description>&lt;P&gt;Hi,&lt;/P&gt;&lt;P&gt;Our IIS server runs on windows 2016 servers, recently we are experiencing frequent miss from in-memory cache, and instead of connecting to NCache which is our cache solution, it is sending request to database. After lots of debug we still could not identify the issue here. But as a best practice we are going to change some setting. But, one suggestion is to change max worker count from 4 to 1. Will that impact our performance? How much will it be effective to bring that value to 1 from 4, in terms of single worker cache miss issue occurrences?&lt;/P&gt;&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Fri, 03 Oct 2025 16:56:02 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/microsoft-iis/iis-app-pool-in-memory-cache-miss/m-p/4458868#M327</guid>
      <dc:creator>indrajit</dc:creator>
      <dc:date>2025-10-03T16:56:02Z</dc:date>
    </item>
    <item>
      <title>Troubleshooting File Upload Error: 413 Request Body Too Large in .NET Core</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-file-upload-error-413-request-body-too-large-in/ba-p/4420818</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Troubleshooting File Upload Error: 413 Request Body Too Large in .NET Core&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;When working with file uploads in .NET Core, you might encounter the 413 "Request Body Too Large" error even if the maxAllowedContentLength value in your web.config file is correctly set. This issue can be perplexing, especially when all configurations seem to be in place. In this blog, we will explore a common cause of this error related to the ASPNETCORE_TEMP environment variable and how to resolve it.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Understanding the Issue&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The 413 error indicates that the request body size exceeds the server's configured limit. Typically, this is controlled by the maxAllowedContentLength setting in the web.config file. However, if the ASPNETCORE_TEMP environment variable is incorrectly set, it can lead to this error despite having the correct maxAllowedContentLength value.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Scenario&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Let's consider a scenario where the maxAllowedContentLength in the web.config file is set to 50 MB, but the application still throws a 413 error for files larger than 10 MB. Upon investigation, it is found that the ASPNETCORE_TEMP environment variable is incorrectly configured in the launchSettings.json file.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Steps to Resolve the Issue&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Verify maxAllowedContentLength in web.config&lt;/STRONG&gt;: Ensure that the maxAllowedContentLength value in your web.config file is correctly set according to your requirements. For example:&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp; &amp;lt;system.webServer&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;security&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;requestFiltering&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;requestLimits maxAllowedContentLength="52428800" /&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/requestFiltering&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;lt;/security&amp;gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp; &amp;lt;/system.webServer&amp;gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Check ASPNETCORE_TEMP Environment Variable&lt;/STRONG&gt;: The ASPNETCORE_TEMP environment variable specifies the location where ASP.NET Core stores temporary files, such as those used for buffering large request bodies. If this variable is incorrectly set, it can cause the 413 error.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Update launchSettings.json&lt;/STRONG&gt;: Ensure that the ASPNETCORE_TEMP environment variable is correctly configured in the launchSettings.json file. Here is an example of how to set it:&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp; {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "profiles": {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "IIS Express": {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "commandName": "IISExpress",&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "launchBrowser": true,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "environmentVariables": {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "ASPNETCORE_ENVIRONMENT": "Development",&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; &amp;nbsp;"ASPNETCORE_TEMP": "C:\\Temp\\ASPNETCORE"&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; },&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "YourProjectName": {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "commandName": "Project",&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "dotnetRunMessages": true,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "launchBrowser": true,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "applicationUrl": "&lt;A href="https://localhost:5001;http:/localhost:5000" target="_blank"&gt;https://localhost:5001;http://localhost:5000&lt;/A&gt;",&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "environmentVariables": {&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "ASPNETCORE_ENVIRONMENT": "Development",&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; "ASPNETCORE_TEMP": "C:\\Temp\\ASPNETCORE"&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&amp;nbsp; }&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Verify the Temporary Directory&lt;/STRONG&gt;: Ensure that the directory specified in the ASPNETCORE_TEMP environment variable exists and has the necessary permissions for the application to write temporary files.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Example Case&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;In a recent support case, the maxAllowedContentLength was set to 50 MB in the web.config file, but the application was still throwing a 413 error for files larger than 10 MB. Upon checking, it was found that the ASPNETCORE_TEMP environment variable was set to an incorrect path in the launchSettings.json file. Correcting the path resolved the issue.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Conclusion&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;By ensuring that the ASPNETCORE_TEMP environment variable is correctly set and the maxAllowedContentLength value in the web.config file is appropriate, you can resolve the 413 "Request Body Too Large" error in your .NET Core application. Proper configuration of these settings ensures smooth handling of large file uploads without encountering size-related errors.&lt;/P&gt;
&lt;P&gt;If you have any further questions or need additional assistance, feel free to reach out!&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:25:30 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-file-upload-error-413-request-body-too-large-in/ba-p/4420818</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2025-09-02T16:25:30Z</dc:date>
    </item>
    <item>
      <title>Enabling Client Certificate Authentication for an Application Inside Default Web Site</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/enabling-client-certificate-authentication-for-an-application/ba-p/4420820</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Enabling Client Certificate Authentication for an Application Inside Default Web Site&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;In this blog, we will explore how to enable client certificate authentication for a specific application hosted inside the Web Site in IIS, while keeping client certificate authentication disabled at the Web Site level. This configuration is useful when you want to secure only a particular application with client certificates, without affecting the entire site.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Understanding the Scenario&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Imagine you have a Web Site in IIS that hosts multiple applications. You want to enable client certificate authentication for one specific application, but not for the entire Web Site. This setup ensures that only the designated application requires client certificates for access, while the rest of the site remains accessible without this additional layer of security.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Step-by-Step Configuration&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Install IIS Client Certificate Mapping Authentication&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Open &lt;STRONG&gt;Server Manager&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Click on &lt;STRONG&gt;Manage&lt;/STRONG&gt; and then &lt;STRONG&gt;Add Roles and Features&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;In the &lt;STRONG&gt;Add Roles and Features Wizard&lt;/STRONG&gt;, click &lt;STRONG&gt;Next&lt;/STRONG&gt; until you reach the &lt;STRONG&gt;Server Roles&lt;/STRONG&gt; page.&lt;/LI&gt;
&lt;LI&gt;Expand &lt;STRONG&gt;Web Server (IIS)&lt;/STRONG&gt;, then &lt;STRONG&gt;Web Server&lt;/STRONG&gt;, then &lt;STRONG&gt;Security&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Select &lt;STRONG&gt;IIS Client Certificate Mapping Authentication&lt;/STRONG&gt; and click &lt;STRONG&gt;Next&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Complete the wizard and click &lt;STRONG&gt;Install&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Configure SSL Settings at the Application Level&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Launch &lt;STRONG&gt;IIS Manager&lt;/STRONG&gt; and navigate to your Default Web Site.&lt;/LI&gt;
&lt;LI&gt;Select the specific application for which you want to enable client certificate authentication.&lt;/LI&gt;
&lt;LI&gt;In the &lt;STRONG&gt;Features View&lt;/STRONG&gt;, double-click on &lt;STRONG&gt;SSL Settings&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Check &lt;STRONG&gt;Require SSL&lt;/STRONG&gt; and &lt;STRONG&gt;Require&lt;/STRONG&gt; under &lt;STRONG&gt;Client Certificates&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Disable Client Certificate Authentication at the Web Site Level&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;In &lt;STRONG&gt;IIS Manager&lt;/STRONG&gt;, select the Default Web Site.&lt;/LI&gt;
&lt;LI&gt;Go to &lt;STRONG&gt;SSL Settings&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Ensure that &lt;STRONG&gt;Require SSL&lt;/STRONG&gt; and &lt;STRONG&gt;Client Certificates&lt;/STRONG&gt; are not checked&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Configure Client Certificate Mapping Authentication&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Select the specific application in &lt;STRONG&gt;IIS Manager&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;In the &lt;STRONG&gt;Features View&lt;/STRONG&gt;, select &lt;STRONG&gt;Configuration Editor&lt;/STRONG&gt; under the &lt;STRONG&gt;Management&lt;/STRONG&gt; section.&lt;/LI&gt;
&lt;LI&gt;Navigate to system.webServer/security/authentication/iisClientCertificateMappingAuthentication.&lt;/LI&gt;
&lt;LI&gt;Set the &lt;STRONG&gt;enabled&lt;/STRONG&gt; field to true.&lt;/LI&gt;
&lt;LI&gt;Set the &lt;STRONG&gt;oneToOneCertificateMappingsEnabled&lt;/STRONG&gt; property to true.&lt;/LI&gt;
&lt;LI&gt;Click on &lt;STRONG&gt;Edit Items&lt;/STRONG&gt; under the &lt;STRONG&gt;oneToOneMappings&lt;/STRONG&gt; property.&lt;/LI&gt;
&lt;LI&gt;Add a new mapping by providing the BLOB of the client certificate&lt;/LI&gt;
&lt;/UL&gt;
&lt;/OL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Common Mistakes and Solutions&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Configuring at the Sub-Application Level&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;A common mistake is configuring client certificate authentication at the sub-application level. This approach does not work as expected and should be avoided. Instead, configure it at the server and site level to ensure proper authentication&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;&lt;STRONG&gt;Fallback Mechanism Issue&lt;/STRONG&gt;:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Ensure that all other authentication methods are disabled for the application that requires client certificate authentication. This prevents fallback mechanisms from allowing access without the correct certificate.&lt;/LI&gt;
&lt;/UL&gt;
&lt;/OL&gt;
&lt;P&gt;&lt;STRONG&gt;Conclusion&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;By following these steps, you can successfully enable client certificate authentication for a specific application within the Default Web Site in IIS. This configuration ensures that only the designated application requires client certificates for access, while the rest of the site remains accessible without this additional layer of security. If you encounter any issues or need further assistance, feel free to reach out.&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:25:14 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/enabling-client-certificate-authentication-for-an-application/ba-p/4420820</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2025-09-02T16:25:14Z</dc:date>
    </item>
    <item>
      <title>Identifying and Blocking Python-httpx Requests</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/identifying-and-blocking-python-httpx-requests/ba-p/4420827</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Introduction&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;In today’s API-driven world, automated scripts—especially those using Python libraries like httpx—can pose a risk if left unchecked. While many of these scripts are legitimate, some are used for scraping, brute-force attacks, or unauthorised data access. This blog explores how to detect and block such requests using IIS features like the &lt;STRONG&gt;URL Rewrite Module&lt;/STRONG&gt; and &lt;STRONG&gt;Request Filtering&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Identifying Python-httpx Requests&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The first step is detection. We identified Python scripts accessing APIs by analysing &lt;STRONG&gt;IIS logs&lt;/STRONG&gt;, particularly the &lt;STRONG&gt;User-Agent&lt;/STRONG&gt; field. Suspicious entries like "&lt;STRONG&gt;Python httpx&lt;/STRONG&gt;" indicated automated access attempts.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Blocking with URL Rewrite Module&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;The &lt;STRONG&gt;URL Rewrite Module&lt;/STRONG&gt; in IIS allows you to create inbound rules based on request headers. Here's how to block requests from httpx:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;Open IIS Manager and navigate to your site.&lt;/LI&gt;
&lt;LI&gt;Open the &lt;STRONG&gt;URL Rewrite&lt;/STRONG&gt; module.&lt;/LI&gt;
&lt;LI&gt;Add a new &lt;STRONG&gt;Inbound Rule&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Set the condition:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI&gt;Input: {HTTP_USER_AGENT}&lt;/LI&gt;
&lt;LI&gt;Check if it &lt;STRONG&gt;Matches the Pattern&lt;/STRONG&gt;: .*httpx.*&lt;/LI&gt;
&lt;/UL&gt;
&lt;LI&gt;Set the action to &lt;STRONG&gt;Abort Request&lt;/STRONG&gt; or return a &lt;STRONG&gt;custom status code&lt;/STRONG&gt; like 404.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;This method is flexible—you can customise the response code or redirect the request.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Blocking with Request Filtering&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;As an alternative, &lt;STRONG&gt;Request Filtering&lt;/STRONG&gt; offers a simpler but less flexible approach:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;Open &lt;STRONG&gt;Request Filtering&lt;/STRONG&gt; in IIS.&lt;/LI&gt;
&lt;LI&gt;Go to the &lt;STRONG&gt;HTTP Verbs&lt;/STRONG&gt; or &lt;STRONG&gt;Headers&lt;/STRONG&gt; tab.&lt;/LI&gt;
&lt;LI&gt;Add a rule to &lt;STRONG&gt;deny requests&lt;/STRONG&gt; where the User-Agent contains httpx.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;When tested, this method returned a 400 status code, effectively blocking the script.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Testing the Block&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Here’s a simple Python script using httpx to test your rules:&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;U&gt;Testing Script&lt;/U&gt;&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Create a new Python file and give it any name (for example, &lt;STRONG&gt;TestPython.py&lt;/STRONG&gt;).&lt;/LI&gt;
&lt;LI&gt;Copy and paste the following content into that file.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-13"&gt;import httpx&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-13"&gt;response = httpx.get('http://localhost/test.htm')&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&lt;SPAN class="lia-text-color-13"&gt;print(response.status_code)&lt;/SPAN&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&lt;U&gt;Testing Method&lt;/U&gt;&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Open the Command Prompt.&lt;/LI&gt;
&lt;LI&gt;Navigate to the directory where the test Python script is located.&lt;/LI&gt;
&lt;LI&gt;Run the following command:&lt;/LI&gt;
&lt;UL&gt;
&lt;LI style="font-weight: bold;"&gt;&lt;STRONG&gt;&lt;SPAN class="lia-text-color-13"&gt;python TestPython.py&lt;/SPAN&gt;&lt;/STRONG&gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;When accessed ('&lt;SPAN class="lia-text-color-13"&gt;http://localhost/test.htm&lt;/SPAN&gt;') via a browser: 200 OK&lt;/LI&gt;
&lt;LI&gt;When accessed via script: 403, 404, or 400 depending on your configuration&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Choosing Between Methods&lt;/STRONG&gt;&lt;/P&gt;
&lt;DIV class="styles_lia-table-wrapper__h6Xo9 styles_table-responsive__MW0lN"&gt;&lt;table&gt;&lt;thead&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Feature&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;URL Rewrite Module&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;&lt;STRONG&gt;Request Filtering&lt;/STRONG&gt;&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/thead&gt;&lt;tbody&gt;&lt;tr&gt;&lt;td&gt;
&lt;P&gt;Custom Status Codes&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;✅ Yes&lt;/P&gt;
&lt;/td&gt;&lt;td&gt;
&lt;P&gt;❌ No&lt;/P&gt;
&lt;/td&gt;&lt;/tr&gt;&lt;/tbody&gt;&lt;/table&gt;&lt;/DIV&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Conclusion&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Blocking automated httpx requests is essential for protecting your APIs from misuse. IIS provides robust tools to help you do this effectively. Whether you prefer the flexibility of URL Rewrite or the simplicity of Request Filtering, both methods can be tailored to your security needs.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:24:57 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/identifying-and-blocking-python-httpx-requests/ba-p/4420827</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2025-09-02T16:24:57Z</dc:date>
    </item>
    <item>
      <title>Troubleshooting SSL Certificate Issues in Reverse Proxy</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-ssl-certificate-issues-in-reverse-proxy/ba-p/4420840</link>
      <description>&lt;P&gt;&lt;STRONG&gt;Introduction&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Reverse proxies are essential in modern web architectures, especially for isolating backend services and enforcing security. However, SSL certificate issues can introduce complex challenges, particularly when dealing with HTTPS-only bindings, self-signed certificates, or organisational constraints. This blog shares practical insights from real-world troubleshooting, lab simulations, and customer scenarios.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Reverse Proxy Configuration: HTTP vs HTTPS Bindings&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;HTTP Binding Setup&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;In one scenario, I configured a reverse proxy for a backend site using HTTP binding on a custom port (e.g., 82). This setup is straightforward and avoids SSL complications. The reverse proxy helps prevent direct public access to the backend server, enhancing security.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;HTTPS Binding Challenges&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;When the backend site is configured with only HTTPS binding (e.g., port 49494), the reverse proxy must validate the SSL certificate. This introduces challenges, especially with self-signed or privately issued certificates. In such cases, clients may encounter 502.3 - Bad Gateway errors due to failed certificate validation.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;&amp;nbsp;&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Certificate Issues and Solutions&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Certificate Warnings&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Accessing the reverse proxy site over HTTPS often led to browser warnings due to untrusted certificates. This is common when the backend uses a self-signed certificate or one issued by a private CA.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Solution 1: Root Certificate Installation&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Installing the backend server’s root certificate on the reverse proxy server resolved the warning. This approach is secure and recommended for production environments.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Solution 2: Registry Change (Temporary)&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;For testing or constrained environments, I used a registry key to bypass certificate validation:&lt;/P&gt;
&lt;P&gt;[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\IIS Extensions\\Application Request Routing\\Parameters]&lt;/P&gt;
&lt;P&gt;"SecureConnectionIgnoreFlags"=dword:00003100&lt;/P&gt;
&lt;P&gt;⚠️ This is a temporary workaround and should not be used in production due to security risks.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Troubleshooting Tips&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Always verify the backend URL directly from the proxy server.&lt;/LI&gt;
&lt;LI&gt;Use freb logs to identify SSL handshake failures.&lt;/LI&gt;
&lt;LI&gt;Monitor for 502.3 errors and correlate with certificate validation logs.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Lab Setup Guide&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Prerequisites&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Reverse Proxy Server (Windows Server)&lt;/LI&gt;
&lt;LI&gt;Backend Server (Windows Server)&lt;/LI&gt;
&lt;LI&gt;Client Machine (Windows 10/11)&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Backend Server&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Create a website with HTTP (e.g. port 82) and HTTPS (e.g. port 49494) bindings.&lt;/LI&gt;
&lt;LI&gt;Use self-signed or test certificates for HTTPS.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Reverse Proxy Server&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Configure URL rewrite rules for both HTTP and HTTPS.&lt;/LI&gt;
&lt;LI&gt;Test access to backend URLs from the proxy server.&lt;/LI&gt;
&lt;LI&gt;Import root certificates or apply registry changes as needed.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;Client Machine&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Access the reverse proxy URL and validate connectivity.&lt;/LI&gt;
&lt;LI&gt;Observe browser behaviour and error messages.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;Conclusion&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;SSL certificate issues in reverse proxy setups can be complex but manageable with the right approach. Whether you're dealing with HTTP/HTTPS bindings, self-signed certificates, or organisational constraints, understanding the root cause and applying targeted solutions is key. Collaboration, testing, and documentation are your best allies.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:24:40 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-ssl-certificate-issues-in-reverse-proxy/ba-p/4420840</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2025-09-02T16:24:40Z</dc:date>
    </item>
    <item>
      <title>Troubleshooting IIS Admin Service Termination: “Invalid Signature” Error</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-iis-admin-service-termination-invalid-signature/ba-p/4422347</link>
      <description>&lt;P&gt;&lt;STRONG&gt;🔍&lt;/STRONG&gt;&lt;STRONG&gt; Overview&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;If you've encountered the following error in your Windows Event Viewer:&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;“The IIS Admin Service service terminated with the following service-specific error: Invalid Signature”&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;you're likely dealing with a cryptographic issue affecting the IIS metabase. This blog post walks you through the root causes, diagnostics, and step-by-step resolutions to restore service functionality.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;🧠&lt;/STRONG&gt;&lt;STRONG&gt; What Causes This Error?&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;This error typically appears as &lt;STRONG&gt;Event ID 7024&lt;/STRONG&gt; and is often triggered by:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Corruption or deletion of the &lt;STRONG&gt;machine key&lt;/STRONG&gt; used by IIS.&lt;/LI&gt;
&lt;LI&gt;Improper SSL certificate updates.&lt;/LI&gt;
&lt;LI&gt;Misconfigured permissions on cryptographic folders.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;The IIS Admin Service relies on a secure machine key (usually a file starting with c23) stored in:&lt;/P&gt;
&lt;P&gt;C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys&lt;/P&gt;
&lt;P&gt;If this key is missing or invalid, IIS cannot decrypt its configuration, resulting in the “Invalid Signature” error.&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;🧪&lt;/STRONG&gt;&lt;STRONG&gt; Diagnostic Steps&lt;/STRONG&gt;&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;&lt;STRONG&gt;Check Event Viewer&lt;/STRONG&gt;&lt;BR /&gt;Look for Event ID 7024 under System logs.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Verify Machine Key Presence&lt;/STRONG&gt;&lt;BR /&gt;Navigate to the MachineKeys folder and check for a file starting with c23.&lt;/LI&gt;
&lt;LI&gt;&lt;STRONG&gt;Audit Permissions&lt;/STRONG&gt;&lt;BR /&gt;Ensure SYSTEM and Administrators have &lt;STRONG&gt;Full Control&lt;/STRONG&gt; on the MachineKeys folder.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&lt;STRONG&gt;🛠️&lt;/STRONG&gt;&lt;STRONG&gt; Resolution Steps&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&lt;STRONG&gt;✅&lt;/STRONG&gt;&lt;STRONG&gt; Option 1: Restore from Backup&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;If you have a backup of the c23* file:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Replace the corrupted file.&lt;/LI&gt;
&lt;LI&gt;Restart the IIS Admin Service.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;🔄&lt;/STRONG&gt;&lt;STRONG&gt; Option 2: Reinstall IIS 6 Metabase Compatibility&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;If no backup is available:&lt;/P&gt;
&lt;OL&gt;
&lt;LI&gt;Delete the corrupted c23* file.&lt;/LI&gt;
&lt;LI&gt;Open &lt;STRONG&gt;Server Manager&lt;/STRONG&gt; → &lt;STRONG&gt;Manage Optional Features&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Uninstall &lt;STRONG&gt;IIS 6 Metabase Compatibility&lt;/STRONG&gt;.&lt;/LI&gt;
&lt;LI&gt;Reboot the server.&lt;/LI&gt;
&lt;LI&gt;Reinstall the feature to regenerate the machine key.&lt;/LI&gt;
&lt;/OL&gt;
&lt;P&gt;&lt;STRONG&gt;🔐&lt;/STRONG&gt;&lt;STRONG&gt; Option 3: Reset Permissions&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;Ensure the following permissions on C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys:&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;SYSTEM: Full Control&lt;/LI&gt;
&lt;LI&gt;Administrators: Full Control&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&lt;STRONG&gt;💡&lt;/STRONG&gt;&lt;STRONG&gt; Pro Tips&lt;/STRONG&gt;&lt;/P&gt;
&lt;UL&gt;
&lt;LI&gt;Always back up the MachineKeys folder before making changes.&lt;/LI&gt;
&lt;LI&gt;Consider enabling &lt;STRONG&gt;IIS Configuration Backup&lt;/STRONG&gt; for future recovery.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:23:56 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/troubleshooting-iis-admin-service-termination-invalid-signature/ba-p/4422347</guid>
      <dc:creator>Goyal_Sandeep</dc:creator>
      <dc:date>2025-09-02T16:23:56Z</dc:date>
    </item>
    <item>
      <title>Capture .NET Memory Dump on Linux</title>
      <link>https://techcommunity.microsoft.com/t5/iis-support-blog/capture-net-memory-dump-on-linux/ba-p/4401935</link>
      <description>&lt;P&gt;Collecting memory dumps is a crucial part of diagnosing and troubleshooting application issues on Linux machines. Microsoft suggests three primary tools for this purpose: dotnet-dump, procdump, and createdump. In this blog post, we will explore these tools, provide the commands needed to use them, and offer a summary to understand their significance better.&lt;/P&gt;
&lt;H1&gt;1. Methods to Collect Memory Dumps on Linux&lt;/H1&gt;
&lt;H2&gt;&lt;STRONG&gt;dotnet-dump&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;The dotnet-dump tool is a part of the .NET SDK and can be used to collect and analyze dumps. It allows you to capture a dump file from a running .NET application without needing to install additional debugging tools.&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://learn.microsoft.com/en-us/dotnet/core/diagnostics/dotnet-dump" target="_blank" rel="noopener"&gt;https://learn.microsoft.com/en-us/dotnet/core/diagnostics/dotnet-dump&lt;/A&gt; &lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;procdump&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;Procdump is a versatile tool provided by Microsoft that captures dumps based on various triggers, such as high CPU usage or unhandled exceptions. Originally built for Windows, it has been ported to Linux, offering similar functionalities.&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://github.com/microsoft/ProcDump-for-Linux" target="_blank" rel="noopener"&gt;https://github.com/microsoft/ProcDump-for-Linux&lt;/A&gt;&lt;/P&gt;
&lt;H2&gt;&lt;STRONG&gt;createdump&lt;/STRONG&gt;&lt;/H2&gt;
&lt;P&gt;The createdump utility is specifically designed for .NET Core applications. It creates core dumps that can be used for post-mortem debugging when an application crashes.&lt;BR /&gt;&lt;BR /&gt;&lt;A href="https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/aspnetcore/practice-troubleshoot-linux/lab-1-3-capture-core-crash-dumps#configure-createdump-to-run-at-process-termination" target="_blank" rel="noopener"&gt;https://learn.microsoft.com/en-us/troubleshoot/developer/webapps/aspnetcore/practice-troubleshoot-linux/lab-1-3-capture-core-crash-dumps#configure-createdump-to-run-at-process-termination&lt;/A&gt;&lt;/P&gt;
&lt;H1&gt;2. Command for dotnet-dump&lt;/H1&gt;
&lt;P&gt;To collect a memory dump using dotnet-dump, you can execute the following command:&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;LI-CODE lang="powershell"&gt;./dotnet-dump collect -p &amp;lt;ProcessID&amp;gt;&lt;/LI-CODE&gt;
&lt;P&gt;&lt;BR /&gt;&lt;BR /&gt;In case you want to collect dump on crash you can use below :&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;LI-CODE lang="powershell"&gt;./dotnet-dump collect -p &amp;lt;ProcessID&amp;gt; -Crashreport &lt;/LI-CODE&gt;
&lt;P&gt;&lt;BR /&gt;&lt;BR /&gt;Here, replace&amp;nbsp;&amp;nbsp; with the ID of the process you want to dump.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;H1&gt;3. Command for procdump&lt;/H1&gt;
&lt;P&gt;To capture a dump with procdump, use the command:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;P&gt;sudo procdump -p &amp;lt;PID&amp;gt; -n 3 - s 10&lt;/P&gt;
&lt;P&gt;sudo procdump -C &amp;lt;CPU_Usage&amp;gt; -M &amp;lt;Memory_Usage&amp;gt; &amp;lt;PID&amp;gt; -n 3 - s 10&lt;/P&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;In this example, the tool will create a dump if the CPU usage exceeds a certain threshold over three consecutive 10-second intervals. Adjust the parameters as needed for your specific scenario.&lt;/P&gt;
&lt;H1&gt;4. Command for createdump&lt;/H1&gt;
&lt;P&gt;To generate a dump using createdump, the command is:&lt;/P&gt;
&lt;LI-CODE lang="powershell"&gt;sudo createdump --full &amp;lt;PID&amp;gt;&lt;/LI-CODE&gt;
&lt;P&gt;Replace&amp;nbsp;&amp;nbsp; with the appropriate process ID.&lt;/P&gt;
&lt;H1&gt;Summary&lt;/H1&gt;
&lt;P&gt;Collecting memory dumps is essential for diagnosing application issues on Linux. Microsoft provides three recommended tools: dotnet-dump, procdump, and createdump. Each of these tools offers unique functionalities to help capture detailed information about your applications' state at the time of issues. By utilizing the respective commands for each tool, you can efficiently collect memory dumps and troubleshoot more effectively.&lt;BR /&gt;&lt;BR /&gt;&lt;/P&gt;
&lt;P&gt;The commands for capturing memory dumps are straightforward:&lt;/P&gt;
&lt;BLOCKQUOTE&gt;
&lt;UL&gt;
&lt;LI&gt;dotnet-dump: dotnet-dump collect -p&lt;/LI&gt;
&lt;LI&gt;procdump: procdump -p -s 10 -n 3&lt;/LI&gt;
&lt;LI&gt;createdump: createdump --full &amp;lt;PID&amp;gt;&lt;/LI&gt;
&lt;/UL&gt;
&lt;/BLOCKQUOTE&gt;
&lt;P&gt;By following these steps, you can ensure that you have the necessary data to analyze and resolve issues efficiently. Memory dump collection is a valuable skill for any Linux system administrator or developer, and mastering these tools will significantly enhance your troubleshooting capabilities.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;</description>
      <pubDate>Tue, 02 Sep 2025 16:23:35 GMT</pubDate>
      <guid>https://techcommunity.microsoft.com/t5/iis-support-blog/capture-net-memory-dump-on-linux/ba-p/4401935</guid>
      <dc:creator>meenakshiBalekar</dc:creator>
      <dc:date>2025-09-02T16:23:35Z</dc:date>
    </item>
  </channel>
</rss>

