Recent DiscussionsMost RecentNewest TopicsMost LikesSolutionsTagged:TagRe: create customized user group for IIS similar to IUSR and IIS_IUSRSIUSR is an account only used for anonymous authentication - it's not used anywhere else. This is because every request must have some user context, so IIS uses IUSR by default when the inbound request doesn't have anything. IIS_IUSRS is a group only used for application pool accounts - WAS dynamically retrieves the token for this when a worker process is starting and assigns it to the app pool account, so anything that group has access to, the worker processes can also access. That being said, you can use whatever accounts or principals you want, as long as they have appropriate permissions. You can change the anonymous account to something else besides IUSR, and the app pool account/identity just needs permission to the folder being hosted so the worker process can actually access content.Re: After Windows 2019 CU KB5012647, enabling IIS automatic rebind of renewed certificates gets an error The fix for this issue for WS2019 was released in the November 2022 patch Tuesday release (EDIT: and the fix for WS2022 was released in the October 2022 cycle - the same KIR stuff that follows has to be applied on both as of this writing); however, the fix is behind KIR (Known Issue Rollback) and has to be enabled via Group Policy. In a few months the KIR will be removed and the fix will be enabled by default afterwards. To enable the fix, you will need to download and install a Group Policy from https://download.microsoft.com/download/0/4/1/0413f07f-a428-4316-9673-2327c328dc34/Windows%2010%201809%20and%20Windows%20Server%202019%20KB5019966%20221129_22351%20Feature%20Preview.msi. The below article has information on enabling the GP after it's installed: https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback Re: After Windows 2019 CU KB5012647, enabling IIS automatic rebind of renewed certificates gets an errorI've not heard of any others experiencing the issue after applying the KIR post-patch. Make sure you go through the process again to ensure it's applied correctly. Also, I'm not sure when, but I'm sure it will be auto-applied soon.Re: Configure GMSA Account for One to One Client Cert Mapping in IISHello Abish, This is not possible still, and likely won't ever be. It's also not a bug because that functionality has to be specifically integrated/added to IIS for it to work that way, which it wasn't. So really it's by-design that it does not work.Re: IIS 8.5 and invalid hostnamesHi Dazzer, This does not occur on my IIS setup. How did you determine that w3wp.exe was the one sending the DNS request? IIS itself doesn't make DNS requests that I'm aware of, so my first thought is if it actually is coming from w3wp.exe, then it's most likely the application being hosted that is making the call.
Recent Blog ArticlesNewest TopicsMost LikesTagged:TagAddressing TLS 1.3 Compatibility Issues in IIS Express on Windows 11 As Windows 10 approaches its end-of-support, these issues are becoming more prevalent as this problem has always existed on Win11. This guide will help you identify the symptoms, understand the cause...Memory leak from improper usage of Microsoft.Extensions.Configuration APIs in .NET on Windows This particular problem is one I have come across several times here in support. Since my focus is on the web side of things I've only seen it in ASP.NET Core apps; however, the problem is not specif...PerfView: ASP.NET Core Stats View In PerfView v3.1.10, released 02-May-2024, if a trace containing the needed events is opened, there is a new ASP.NET Core Stats view available that shows individual request information along with ove...ASP.NET Core: 503 Server has been shutdown What does 503 Server has been shutdown mean and what is the most likely cause and solution? Azure App Service & ASP.NET Core 3.1 500.30 - One odd cause Just a scenario of one kind of problem that cropped up with a customer targeting .NET Core 3.1 on Azure App Services and encountering confusing errors. This will likely not be a common occurrence, so...ConfigurationErrorsException due to targetFramework mismatch Seeing the below exception in an ASP.NET application? If so then you can use this guide to figure out what's going on. Exception type: ConfigurationErrorsException Exception message: The 'targetFr...401 1 2148074248 in IIS logs behind a load balancer with multiple servers If you're receiving an unexpected 401 and IIS logs show this: 401 1 2148074248, this blog could be useful if you have this setup: Windows Authentication enabled in IIS (specifically if NTLM is be...ASP.NET ActiveDirectoryMembershipProvider and port 445 (SMB) While AD Membership is no longer recommended for use (use ADFS or something more modern instead), and is no longer being actively developed, we still see it from time-to-time here in support. One iss...WMSVC (Web Management Service) Failing to start with "Access Denied" or error code '5' on WS2019 If WMSVC/Web Management Service on Windows Server 2019 only is failing to start, and you receive an "access denied" or '5' error code, check if the "Block Untrusted Fonts" group policy has been appli...WAS Event ID 5082 This post is if you want to reverse the behavior identified in Event ID 5082 from WAS: A worker process with pid '###' that serves application pool ‘xyz' has been determined to be unhealthy (see pr...
MicrosoftMicrosoftMicrosoftMicrosoft
