Sitemap

IIS Hosting

(Versions 7.9.0+)

Hosting with IIS (Internet Information Services) provides a full management interface to configure the network traffic to your website.

Have Questions?  Contact Us

Related Topics:

Benefits of IIS Hosting

IIS provides more features, scalability, & robustness than the lightweight IIS Express. IIS Express is a smaller, self-contained version, which is installed by default and starts as a task with the Pleasant Password Server service.

  • Allows more configuration
  • Allows for more authentication options, such as:
  • Additional logging options
  • etc.

Below are the migration steps, which in the future, will be replaced with a more automated solution.

 

Migration Steps From IIS Express to IIS

Step 1: Copy your Application files to the IIS Machine

Do this step if you are migrating to a different machine running IIS. (Otherwise, skip to Step 2).

  • Copy the Registry entries:
    • On the IIS Express machine, open the Windows registry and expand the HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions, right click on it, and click Export.
    • On the IIS machine locate the same same branch, right-click on it, and click Import.

 

  • Copy application folders from the IIS Express machine to the IIS machine:
    • C:\Program Files (x86)\Pleasant Solutions
    • C:\ProgramData\Pleasant Solutions\Password Server folders

Step 2: Install your Application on IIS

  • Install the Application on the IIS Machine (if it is not installed already):
    • Install Pleasant Password Server
    • Stop the "Pleasant Password Server" service
    • Disable the "Pleasant Password Server" service
      • Stopping/Disabling this service is stopping the IIS Expres service which we will be replacing with the IIS site.

Step 3: Run Web Platform Installer

  • Install IIS feature if it's not already. Open control panel > Server manager and enable IIS feature.
  • For an IIS server with internet access, download & install the Web Platform Installer tool
  • After Web Platform Installer is running Select Applications 
    • Configure it to run the following 3 applications:
      • URL Rewrite
      • IIS: Application Initialization
      • IIS: ASP.NET 4.5 or 4.6
        • (found under Application Development)

servers and roles

Step 4: Create a New IIS Site

  • In the IIS Manager, create the new site and set the Physical path to:
    • C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\www
  • Bind the site to type HTTPS
  • May choose to use a non-standard port such as 10001 (443 is also acceptable but be sure to match it in your service config), to limit traffic flowing to Password Server
  • Choose a SSL Certificate
  • Ensure "start website immediately" is unchecked

Add Site

  • NOTE: For situations where we are re-purposing our IIS Express server to be our new IIS server if we use the same hostname as we are for IIS Express it  will bring down the IIS Express site. So we can set a new hostname and then change it back when we are ready to make the switch.

Add Website Warning

Step 5: Configure the IIS Site

  • For the IIS site:
    • Right-click on the IIS website
      • Advanced Settings > (General) > Preload Enabled = True
    • Select the homepage on the left of the IIS console
    • IIS Authentication icon > ASP.NET Impersonation = Disabled
      • * however, for earlier Versions previous to 7.9.0, set to True
    • Set protocol to https.

Step 6: Configure the IIS Application Pool User

IIS Manager

  • Select Application Pools under the hompage on the left of IIS console
  • Configure the account used for Password Server's "Application Pool"
    • Right-click on the Application Pool > Select "Advanced Settings" > Click Identity
      • Choose one of the following options:
        • Option A: LocalSystem (easiest)
        • Option B: Service Account
        • Option C: ApplicationPoolIdentity (advanced)
  • Stay in the App Pool window and continue to step 7

 

Option A - LocalSystem (Easiest)

  • Uses the account which is the most powerful on the machine, with access privileges across the network

Option B - Service Account 

  • A local or LDAP account, with Local Admin access

AppPoolIdentity

Option C - ApplicationPoolIdentity (Very Difficult Setup Steps)

Choosing this route will likely entail more challenging setup steps of account permissions.

  • Use a separate, unique Application Pool Identity
    • Explanation: This creates a new, virtual account to secure the application and it's communications in IIS an across the network with a custom, least privileged account (such as NetworkService). Rather than creating a new account for each application, this account will allow both: running in it's own space and connection to other network locations (e.g. Backup, and MS-SQL).
  • Set Identity = ApplicationPoolIdentity

 

    • Your new virtual user account can be referenced by this handle:
      • IIS APPPOOL\<YourApplicationPoolName>
    • This user will not be found by searching in your machine/network users
    • This user is only selected by referencing the "IIS APPPOOL\" location, indexed by the name of your application pool

  • (Note: in the next step 7, be sure to set Load User Profile = True)

Step 7: Configure the IIS Application Pool Settings

  • Application Pool > Select the application pool > Advanced Settings:
    • (General) > Start Mode = AlwaysRunning
      • Keep the website running
    • Process Model > Idle Time-out (minutes) = 0
      • Stop the website's App Pool from shutting down if it has been idle for awhile (after 20 minutes)
    • Process Model > Maximum Worker Processes = 0
      • Allow numerous processes at a time
    • * Process Model > Load User Profile = True
      • * Only needed if you are:
        • Using the ApplicationPoolIdentity user,
        • Seeing IsolatedStorage errors in server Logging Details

Step 8: Configure the Application Pool User Permissions

  • Configure Local Machine Access: 
    • If you have chosen a Local Admin account or LocalSystem, your account will have the permissions needed on this machine
    • Otherwise, provide access:
      • If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.
      • File Folders:
        • Give the account "modify" rights on these folders:
          • C:\Program Files (x86)\Pleasant Solutions
          • C:\ProgramData\Pleasant Solutions\Password Server
      • Registry Keys:
        • Give the account "Full Control" rights for the registry settings:
          • Expand the HKEY_LOCAL_MACHINESOFTWAREPleasant Solutions
          • Right-Click the folder > select Permissions... > select the Group or username > Advanced > Permissions tab
            • select the Group or username > Click Add or View button
              • Type: Allow
              • Applies to: This key and subkeys (Replaces all child object permissions)
              • Can remove the permission "Write DAC"
  • Configure Network Access:
    • This account may need access for the following connections:
      • Network Backups: if your automatic Backups are placed on a network share
      • MS SQL Server Database: give this same user (selected in step 6) access to your database instance
    • (Note: If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.)

Step 9: Start the IIS site

  • NOTE: For those using IIS express stop the service
    • If Re-purposing IIS express server we'll need to re-bind per note in step 4.
    • Stop the Pleasant Server Service
      • Enter the properties and set startup type: Disabled.
  • Select Application Pool > select site
  • Recycle the Application Pool
  • The site will now appear under "sites" in the IIS console on the left
    • Start the site
  • If necessary, reboot the server and restart IIS

 

Please Contact Us!  If you have any questions or any difficulties regarding these steps.

Troubleshooting

  • If the site does not start or you notice errors:
    • Check for error details in Windows Event Logs, or temporarily increase the IIS webpage error 500 details (see below for more info).

    • Increase the Server Logging Details, and check logging activity.

 

  • If you see "Requested registry access is not allowed"
    • There is an issue with permissions. Switch to using either: a Service account user with local admin on the server, or to the LocalSystem user.
    • Contact us and let us help resolve the issue.

 

  • If you see an error accessing Web.config file: 
    • There could be a couple potential problems:

    •   1) The user that you have defined for in the Application Pool for this IIS website may not have permission to access the web.config file in this file folder. You may need to give the process running your web app those permissions (explained in Step 6).

            - NOTE: At this time, we would encourage using a User Service Account with local admin privileges to this machine, or the LocalSystem user. Some customers are currently having issues using the "ApplicationPoolIdentity" virtual user, which we are looking into.

    •   2) If one of the necessary IIS Features has not been installed (explained in step 3):

            - URL Rewrite module
            - IIS: ASP.NET

       

  • If you receive an "IsolatedStorage" error:
    • Consider upgrading to 7.9.13 which better handles this.
    • Set "Load User Profile" = True   (step 7)
    • You may also need to set ASP.NET Impersonation  (Step 5)

 

  • If you receive a "Method Not Allowed" error, when modifying an entry in KeePass for Pleasant client:
    • Remove the WebDAV feature from IIS, and reboot the server
      • Open Control Panel > All Control Panel Items > Programs and Features > Select Turn Windows features on or off
      • Uncheck the WebDAV feature:
        • Internet Information Services > World Wide Web Services > Common HTTP Features
      • Reboot and restart IIS server

 

  • If you see an 500 error in your browser, 
    • Check for additional Logging detail errors or the windows Event logs.
    • If you do not notice any errors (and the log files are unchanged), you may have missed installing IIS: ASP.NET feature.

Increasing Error 500 details:

If you are receiving an error 500 or 400 you can increase the details by following these steps:

HTTP error 500

Open the error pages:

IIS increase details

Edit the custom error page

IIS edit custom error