IIS Hosting

Website Documentation for your KeePass client and Pleasant Password Server

(Versions 7.9.0+)

Hosting with IIS (Internet Information Services) provides a full management interface to configure the network traffic to your website.

Have Questions?  Contact Us

Related Topics:

Benefits of IIS Hosting

IIS provides more features, scalability, & robustness than the lightweight IIS Express. IIS Express is a smaller, self-contained version, which is installed by default and starts as a task with the Pleasant Password Server service.

  • Allows more configuration
  • Allows for more authentication options, such as:
  • Additional logging options
  • etc.

Below are the migration steps, which in the future, will be replaced with a more automated solution.


Migration Steps From IIS Express to IIS

Step 1: Copy your Application files to the IIS Machine

Do this step if you are migrating to a different machine running IIS. (Otherwise, skip to Step 2).

  • Copy the Registry entries:
    • On the IIS Express machine, open the Windows registry and expand the HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions, right click on it, and click Export.
    • On the IIS machine locate the same same branch, right-click on it, and click Import.


  • Copy application folders from the IIS Express machine to the IIS machine:
    • C:\Program Files (x86)\Pleasant Solutions
    • C:\ProgramData\Pleasant Solutions\Password Server folders


Step 2: Install your Application on IIS

  • Install the Application on the IIS Machine (if it is not installed already):
    • Install Pleasant Password Server
    • Stop the "Pleasant Password Server" service
    • Disable the "Pleasant Password Server" service
      • Stopping/Disabling this service is stopping the IIS Express service which we will be replacing with the IIS site.


Step 3: Run Web Platform Installer

  • Install IIS feature if it's not already.
    • Open control panel > Server manager and enable IIS feature.
  • For an IIS server:
  • After Web Platform Installer is running

    • Add the following features (found under Application Development):
      • IIS: Application Initialization  
      • IIS: ASP.NET 4.5 or 4.6
      • URL Rewrite 
        • Download URL Rewrite if you cannot find it:
          • e.g. rewrite_amd64_en-US.msi

servers and roles


Step 4: Create a New IIS Site

  • In the IIS Manager, create the new site and set the Physical path to:
    • C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\www
  • Bind the site to type HTTPS
  • May choose to use a non-standard port such as 10001 (443 is also acceptable but be sure to match it in your service config), to limit traffic flowing to Password Server
  • Choose a SSL Certificate
  • Ensure "start website immediately" is unchecked

Add Site

  • NOTE: For situations where we are re-purposing our IIS Express server to be our new IIS server if we use the same hostname as we are for IIS Express it  will bring down the IIS Express site. So we can set a new hostname and then change it back when we are ready to make the switch.

Add Website Warning


Step 5: Configure the IIS Site

  • For the IIS site:
    • Right-click on the IIS website
      • Advanced Settings > (General) > Preload Enabled = True
    • Select the homepage on the left of the IIS console
    • IIS Authentication icon > ASP.NET Impersonation = Disabled
      • * however, for earlier Versions previous to 7.9.0, set to True


Step 6: Configure the IIS Application Pool User

IIS Manager

  • Select Application Pools under the homepage on the left of IIS console
  • Configure the account used for Password Server's "Application Pool"
    • Right-click on the Application Pool > Select "Advanced Settings" > Click Identity
      • Choose one of the following options:
        • Option A: LocalSystem (easiest)
        • Option B: Service Account (recommended)
        • Option C: ApplicationPoolIdentity (advanced)
  • Stay in the App Pool window and continue to step 7


Option A - LocalSystem (Easiest)

  • Uses the account which is the most powerful on the machine, with access privileges across the network

Option B - Service Account (Recommended)

  • A service account with Local Admin access (a local account or AD/LDAP account).


Option C - ApplicationPoolIdentity (Very Difficult Setup Steps)

Choosing this route will likely entail more challenging setup steps of account permissions.

  • Use a separate, unique Application Pool Identity
    • Explanation: This creates a new, virtual account to secure the application and it's communications in IIS an across the network with a custom, least privileged account (such as NetworkService). Rather than creating a new account for each application, this account will allow both: running in it's own space and connection to other network locations (e.g. Backup, and MS-SQL).
  • Set Identity = ApplicationPoolIdentity


    • Your new virtual user account can be referenced by this handle:
      • IIS APPPOOL\<YourApplicationPoolName>
    • This user will not be found by searching in your machine/network users
    • This user is only selected by referencing the "IIS APPPOOL\" location, indexed by the name of your application pool

  • (Note: in the next step 7, be sure to set Load User Profile = True)


Step 7: Configure the IIS Application Pool Settings

  • Application Pool > Select the application pool > Advanced Settings:
    • (General) > Start Mode = AlwaysRunning
      • Keep the website running
    • Process Model > Idle Time-out (minutes) = 0
      • Stop the website's App Pool from shutting down if it has been idle for awhile (after 20 minutes)
    • Process Model > Maximum Worker Processes = 0
      • Allow numerous processes at a time
    • * Process Model > Load User Profile = True
      • * Only needed if you are:
        • Using a Service Account or ApplicationPoolIdentity user, OR,
        • Seeing IsolatedStorage errors in server Logging Details


Step 8: Configure the Application Pool User Permissions

  • Configure Local Machine Access: 
    • If you have chosen a Local Admin account or LocalSystem, your account will have the permissions needed on this machine
    • Otherwise, provide access:
      • If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.
      • File Folders:
        • Give the account "modify" rights on these folders:
          • C:\Program Files (x86)\Pleasant Solutions
          • C:\ProgramData\Pleasant Solutions\Password Server
      • Registry Keys:
        • Give the account "Full Control" rights for the registry settings:
          • Expand the HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions
          • Right-Click the folder > select Permissions... > select the Group or username > Advanced > Permissions tab
            • select the Group or username > Click Add or View button
              • Type: Allow
              • Applies to: This key and subkeys (Replaces all child object permissions)
              • Must remove the permission "Write DAC" - without this the permissions will be reset at restart.
  • Configure Network Access:
    • This account may need access for the following connections:
      • Network Backups: if your automatic Backups are placed on a network share
      • MS SQL Server Database: give this same user (selected in step 6) access to your database instance
    • (Note: If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.)

Step 9: Start the IIS site

  • NOTE: For those using IIS express stop the service
    • If Re-purposing IIS express server we'll need to re-bind per note in step 4.
    • Stop the Pleasant Server Service
      • Enter the properties and set startup type: Disabled.
  • Select Application Pool > select site
  • Recycle the Application Pool
  • The site will now appear under "sites" in the IIS console on the left
    • Start the site
  • If necessary, reboot the server and restart IIS


Please Contact Us!  If you have any questions or any difficulties regarding these steps.


  • If the site does not start or you notice errors:
    • Check for error details in Windows Event Logs, or temporarily increase the IIS webpage error 500 details (see below for more info).

    • Increase the Server Logging Details, and check logging activity.


  • If you see "Requested registry access is not allowed"
    • There is an issue with permissions. Switch to using either: a Service account user with local admin on the server, or to the LocalSystem user.
    • Contact us and let us help resolve the issue.


  • If you see an error accessing Web.config file: 
    • There could be a couple potential problems:

      • 1) The Application Pool user (for this website) may not have the file folder permissions to access the web.config file.
        • - We would encourage using a User Service Account with local admin privileges to this machine, or the LocalSystem user.
        • - You may need to give the process running your web app the permissions explained in Step 6.
        • - Some customers are expressed difficulty using the "ApplicationPoolIdentity" virtual user, which are looking into
      • 2) If one of the necessary IIS Features has not been installed (explained in step 3):

              - URL Rewrite module
              - IIS: ASP.NET


  • If you receive an "IsolatedStorage" error:
    • Consider upgrading to the most recent stable or higher which better handles this.
    • Set "Load User Profile" = True   (step 7)


  • If you receive a "Method Not Allowed" error, when modifying an entry in KeePass for Pleasant client:
    • Remove the WebDAV feature from IIS, and reboot the server
      • Open Control Panel > All Control Panel Items > Programs and Features > Select Turn Windows features on or off
      • Uncheck the WebDAV feature:
        • Internet Information Services > World Wide Web Services > Common HTTP Features
      • Reboot and restart IIS server
      • Double check settings in step 6 as this reboot can sometimes affect this setup


  • If you notice the Application Pool starts and immediately stops:


  • If you see an 500 error in your browser, 
    • View this HTTP Error Codes for IIS page and lookup the 0x800 error code: eg. 0x8007000d 
    • You may have missed installing one of the 3 features listed at the start, in particular IIS: ASP.NET 
    • Check for additional Logging detail errors or the windows Event logs.

Increasing Error 500 details:

If you are receiving an error 500 or 400 you can increase the details by following these steps:

HTTP error 500

Open the error pages:

IIS increase details

Edit the custom error page

IIS edit custom error