IIS/VBScript – GetObject – Error – 2147221020

Background

Stole some code and now I can’t get it to work.

Error

Error Image

error.2147221020.20190207.0152PM

Error Text

>cscript getWebService.vbs
Microsoft (R) Windows Script Host Version 5.812
Copyright (C) Microsoft Corporation. All rights reserved.

Enumerating websites on localhost

GetObject IIS://localhost/W3SVC
Error Number :- -2147221020
Error Source :-
Error Description :-

Code


OPTION EXPLICIT

ON ERROR RESUME Next

DIM CRLF, TAB
DIM strServer
DIM objWebService
Dim strPathName

TAB  = CHR( 9 )
CRLF = CHR( 13 ) & CHR( 10 )

IF WScript.Arguments.Length = 1 THEN
    strServer = WScript.Arguments( 0 )
ELSE
    strServer = "localhost"
END IF

WScript.Echo "Enumerating websites on " & strServer & CRLF

strPathName =  "IIS://" & strServer & "/W3SVC" 

WScript.Echo "GetObject " & strPathName

Err.Clear

rem SET objWebService = GetObject( "IIS://" & strServer & "/W3SVC" )

SET objWebService = GetObject( strPathName  )

If ( Err.Number  0 ) Then 

	Wscript.Echo "Error Number :- " + CSTR(Err.Number)

	Wscript.Echo "Error Source :- " + Err.Source

	Wscript.Echo "Error Description :- " + Err.Description

END IF

Remediation

 

Outline

  1. Please enable IIS 6 Metabase
    • Access Control Panel
    • Access Programs and Features
      • Within Programs and Features, choose Windows
    • Add Roles and Features Wizard
      • Web Server ( IIS )
        • Management Tools
          • IIS 6 Management Compatibility

 

ScreenShot

Add Roles and Features Wizard

Add Roles and Features Wizard – Server Roles

Add Roles and Features Wizard – Server Roles – Web Server

Management Tools – IIS 6 Management Compatibility – Adding Role – Management Service

iis.addRoles.after.20190207.0110PM.PNG

Management Tools – IIS 6 Management Compatibility – Confirm Installation Selections

iis.confirm.20190207.0110PM.PNG

Management Tools – IIS 6 Management Compatibility – Installation Progress

iis.installationCompleted.20190207.0115PM.PNG

Management Tools – IIS 6 Management Compatibility – Installation Completed

iis.installationCompleted.20190207.0115PM.PNG

Credit

David Wang

Link

David.Wang.20190207.0159PM

 

Letsencrypt – Certify the Web – TroubleShooting – acme-challenge ( HTTP) and iis mimetypes

Background

Post Let’s Encrypt installation received errors, let us troubleshoot one of them.

Legend

Here are earlier post(s) :-

  1. LetsEncrypt – Certify the Web ( v 4.012 )
    Link

Errors

Error – [INF] Validation of the required challenges did not complete successfully. Fetching http://%5Bfqdn%5D/.well-known/acme-challenge/: Timeout during connect (likely firewall problem)

Error – Image

TimeoutDuringConnect.20190120.0900PM.PNG

Error – Textual

2019-01-20 20:48:42.925 -08:00 [INF] Validation of the required challenges did not complete successfully. Fetching http://%5Bfqdn%5D/.well-known/acme-challenge/: Timeout during connect (likely firewall problem)

TroubleShoot

Internet Information Server ( IIS)

Log Files

Log Files – Image

sc-status.20190120.0908pm

Log Files – Text


#Software: Microsoft Internet Information Services 10.0
#Version: 1.0
#Date: 2019-01-21 04:48:16
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2019-01-21 04:48:16 127.0.0.1 GET /.well-known/acme-challenge/configcheck - 80 - 127.0.0.1 - - 404 3 64 15700
2019-01-21 04:48:23 127.0.0.1 GET /.well-known/acme-challenge/configcheck - 80 - 127.0.0.1 - - 404 3 50 2
2019-01-21 04:48:23 127.0.0.1 GET /.well-known/acme-challenge/configcheck - 80 - 127.0.0.1 - - 404 3 50 0 

Explanation

  1. An HTTP Get Request is issued against /.well-known/acme-challenge/configcheck
  2. The HTTP Server is responding with a 404.3 Error
  3. What is 404.3
    • Based on MSFT’s docs ( here )
      • This problem occurs if the following conditions are true:
        • The handler mapping for the requested file name extension is not configured.
        • The appropriate MIME type is not configured for the Web site or for the application.

Remediation

.well-known/acme-challenge

Mime Type

We have IIS configured to only deliver specific file types.

As part of the acme challenge, extension less files are created and the certificate authority sends a request to the FQDN hosts and request the file.

We have to configure IIS to expose this specific file type.

Web.config

Here is a sample web.config file that allows iis to expose extension-less (.) files.





    
        
            
        

    



Let’s Encrypt – Certify the Web ( v 4.012 )

Background

It is time to prepare a new web site for SSL Encryption.  It is a personal machine and will go with “Let’s Encrypt“, as it is free.

 

Prerequisite

Outline

  1. Operating System
    • Firewall
  2. Internet Information Server ( IIS )
    • Web Site
      • Bindings
      • Advanced Settings

Operating System ( OS )

Configuration

Outline

  1. Windows
    • Firewall
      • Allowed Apps
        • World Wide Web Services ( HTTP )
      • Rule Wizard
        • Inbound Rule Wizard
          • Protocol and Ports
            • TCP
              • 80
              • 443
          • Profile
            • Domain
            • Private
            • Public
          • Name
            • (given name)

Images

Windows Defender Firewall

Windows Defender Firewall – Allowed apps

windows.firewall.http.20190119.1207PM.PNG

Windows Defender Firewall – Inbound Rule Wizard

Protocol and Ports

rules.inbound.20190119.1211PM.PNG

Allow the connection

rules.inbound.Action.20190119.1212PM.PNG

Profile

rules.inbound.Profile.20190119.1213PM.PNG

Name

rules.inbound.Name.20190119.1214PM.PNG

 

Internet Information Server ( IIS )

Configuration

Outline

  1. Web Site
    • Bindings
    • Advanced Settings

Processing

Web Site

Bindings

Please access the web site and confirm that a web site exists and that it is listening on port 80.

If it is anchored to a specific Host Name, please make sure it matches the certificate’s Host name.

Advanced Settings

It is prudent to access the Advanced Settings offering and confirm your selections.

  1. Bindings
    • http:*:80:
  2. Physical Path
    • %SystemDrive%\inetpub\wwwroot

 

Images

Web Site

Bindings

iis.bindings.http.20190120.0438pm

Advanced Settings

iis.advancedSettings.20190119.1230PM.PNG

 

Certify The Web

Certify the Web is one of the easiest to manage on MS Windows.

Artifacts

The installation artifacts are available here.

Image

artifacts.v4.012

Explanation

  1. OS Requirements
    • Platform
      • MS Windows 2008 R2 SP1 ( x64 )

 

Installation

Outline

  1. License Agreement
  2. Select Destination Location
    • Folders
      • Initial Folder :- C:\Program Files\Certify The Web
      • Revised Folder :- E:\Program Files\Certify The Web
    • Size
      • Size is 36 MB
  3. Select Start Menu Folder
  4. Ready to Install
  5. Installing
  6. Completing the “Certify The Web” Setup Wizard

Images

License Agreement

LicenseAgreement.20190119.1140AM.PNG

 

Select Destination Location

Select Destination Location – Initial

SelectDestinationLocation.20190119.1141AM.PNG

Select Destination Location – Post Change

 

 

selectdestinationlocation.02.20190119.1142am

 

Select Start Menu Folder

SelectStartMenuFolder.20190119.1142AM.PNG

 

Ready to Install

ReadyToInstall.20190119.1143AM.PNG

Installing

Installing -01

installing.20190119.1144am

Installing -02

Installing.20190120.0307PM.PNG

Completing the “Certify The Web” Setup Wizard

Completing.20190119.1145AM.PNG

 

Configuration

Outline

  1. Contact
    • Contact Registration
      • Supply email address
      • Consent by checking the “Yes, I Agree” button
  2. Certificate
    • Managed Certificates
      • New Managed Certificate
        • Initiate
          • Click the New Certificate button
        • Configure
          • Certificate Domains
            • Managed Certificates
              • Please enter targeted web site
              • And, Fully Qualified Domain Name
          • Advanced Options
            • Authorized
            • Deployment
            • Scripting
            • Other Options
            • Preview

Processing

Contact

New Contact
  1. Enter email Address
  2. Consent by checking the “Yes, I Agree” button

Certificate

Certificate – Certificate Domains
Outline
  1. In the “Certificate Domains” Screen
    • New Managed Certificate
      • Select Website
        • Choices
          • (No IIS Website Selected )
          • Default Web Site
        • Choice
          • We chose Default Web Site
      • Domains to Certificate
        • Please specify the full domain name
        • In our case, rptsvc.mylab.org

Note

  1. If you have not entered a Fully Qualified domain name and added it by clicking the Add button, you will get the message listed below:
    • A primary domain must be included
  2. Please per-use the Domains group-box to review and confirm

Please click the save button to confirm your changes.

 

Screen Shot
Screen Shot – Add domains to certificate

certificateDomains.20190120.0330PM.PNG

Screen Shot – Certificate Domains – Domains and Certificates

Here is the screen upon entering a fully qualified domain and clicking the “Add Domains” button.

certificateDomains.DomainsAndSubdomainsToInclude.20190120.0422PM.PNG

 

Certificate – Advanced Options
Certificate – Advanced Options – Authorization
  1. Challenged Type
    • Options
      • http-01
        • for HTTP validation the app will automatically create the validation file required.  Your website must answer http requests on port 80 ( redirection permitted ) and be able to serve randomly named extensionless text files from the .well-known/acme-challenge/ path.
      • dns-01
        • for DNS validation the app will need to create a ‘TXT‘ record in the DNS zone of your domains as an answer to the authorization challenge.
    • Chose
      • http-01
        • http-01 as choosing dns-01 will mean
          • will mean we have to make entries to our dns
          • Another group manages our dns server
  2. Web Site Directory
    • Leave empty
  3. Options
    • Perform challenge response config checks ( Checked )
    • Perform web application auto config ( Checked )

 

Certificate – Advanced Options – Deployment
  1. Deployment Mode
    • Auto
    • Single Site ( selected in Domains tab )
    • All Sites
    • Certificate Store Only
      • Certificate will be imported into the Certificate Store on the Local machine.
      • No auto deployment
    • No Deployment
      • Certificate will be saved to disk but will not be imported automatically into the Certificate Store.
Certificate – Advanced Options – Scripting

Outline :-

  1. Powershell Scripts
    • Pre-request PS Script
    • Post-request PS Script
  2. Web Hooks
    • Web-Hook Trigger

We have no need for pre or post scripts.

 

Certificate – Advanced Options – General Options
  1. Enable Auto Renewal
    • Checked
  2. Notify Primary Contact On Renewal Failure
    • Checked
  3. CSR Signing Algorithm

Images

Contact

Contact Registration
Get Started by registering a new contact

register.contact.newContact.20190120.0310AM.PNG

Prompted to register a new Contact

register.contact.20190119.1146AM.PNG

 

New Contact

register.contact.newcontact.20190119.1147am

 

Certificate

Initial Screen

certificate.new.20190119.1148AM.PNG

Managed Certificate
New Managed Certificate

certificate.domains.20190119.1149AM.PNG

Advanced Options – Authorization
advancedOptions.authorization.20190119.1155AM.PNG
Advanced Options – Deployment

advancedOptions.Deployment.20190119.1156AM.PNG

Advanced Options – Scripting

advancedOptions.Scripting.20190119.1157AM.PNG

Advanced Options – Other Options

advancedOptions.OtherOptions.20190119.1158AM.PNG

Advanced Options – Preview

advancedOptions.Preview.20190119.1234AM.PNG

Test

Outline

  1. Save Settings
  2. Click the Test button

Images

Default Web Site – Success

testProgress.20190120.0435PM.PNG

 

Request Certificate

Outline

  1. Certificate
    • Click

Processing

If everything is good, you will get your certificate.

If error, we will address in follow-up posts.

Apache–jMeter – Test Plan – ASP.Net – Forms Authentication–Troubleshooting

Background

In a previous post we spoke about the steps we undertook to design a test plan for authenticating users connecting to an ASP.Net web site.

In this post, we will shield light on the headwinds that batted us along the way.

 

Headwinds

Outline

  1. Workflow
  2. Thread Group
    • Thread Group Configuration
      • More threads than necessary
  3. HTML Page
    • Hidden fields
    • Entry fields
    • Action or Push button
  4. Component – Cookies Manager
  5. Component – View Results Tree
  6. Component – View Results Table
  7. Web Server
    • HTTP Logs
    • Failed Request Tracing

 

Workflow

This is a very crude drawing …

Workflow_20171026_0533PM

But, it hopefully shows workflow  ..

  1. First HTTP Request Default
  2. Second HTTP Request
    • Use Get Method to request session page
    • Returns to us the session date ( viewstate, eventValidation, viewStateGenerator )
  3. Parse returned Page
    • Using CSS /JQuery parse data and retrieve session data mentioned above
  4. Third HTTP Request
      • Use Post Method to submit user credentials
      • Make sure that session data we parsed earlier is packaged, as well

 

Thread Group

Thread Group Configuration

More threads than Necessary

Images
Thread Group – Configuration @ 7:11 PM

At 7:11 PM, we were hopeful and set up for fifty users, a ramp time of 10 seconds.

And, 2 repetitions.

ThreadGroup_20171024_0714PM

 

Thread Group – Configuration @ 1:03 AM

At 1 AM of the next day, we were humbled to 1 user and a single iteration.

ThreadGroup_20171025_1158AM

 

Explanation

Once we could not successfully authenticate and started adding ViewResultsTree and viewResultsInTable, we started seeing double and some of it was due to the fact that we had more workers than was necessary.

 

HTML Page

Hidden Fields

Images

Explanation

  1. Make a note of all hidden fields
  2. Determine how they are populated
    • Static versus Dynamic
    • Vetted against replay
  3. Encoded ( Yes or No )

 

Cookies Manager

For state management, you will need cookies, server and client side, so please save yourself the headache by enabling them.

Image

Image – Before

HTTPCookieManager_20171025_1152AM

Image – After

HTTPCookieManager_20171026_0459PM

Explanation

  1. Once things are good
    • Clear cookies each iteration
      • Please mark “Clear cookies each iteration” once you are comfortable with your design

 

View Results Tree

Get

View Results Tree – Request

Image

ViewResultsTree_Request_20171025_1204PM

 

Explanation

Take a good look at the Post data

  1. Post data
    • Do you have that the user field populate
    • What about the hidden fields
      • Are the hidden fields supplied by the system and are they varied as a counter measure against replay

 

View Results Tree – Response data

Image

ViewResultsTree_ResponseData_20171025_1204PM

 

Explanation

Our response data looks perfect.

Post

View Results Tree – Request

Image

ViewResultsTree_Request_20171025_0127PM

 

Explanation
  1. Get data
    • Because our request type is not a Get, but a Post, the Get data is left vacant
  2. Cookies Data
    • We are authenticated and we have our cookies

 

Web Server

Please check IIS Logs and enable Failed Request Tracing

  • HTTP Logs
  • Failed Request Tracing

Failed Request Tracing

IIS Failed Request Tracking module offers superlative debugging tooling.

Failed Request Tracing – 001

Failed Request Tracing – 001 – Image

 

Failed Request Tracing – 001 – Textual

Validation of viewstate MAC failed. 
If this application is hosted by a Web Farm or cluster, ensure that machineKey configuration specifies the same validationKey and validation algorithm. 
AutoGenerate cannot be used in a cluster.
See http://go.microsoft.com/fwlink/?LinkID=314055 for more information.

 

 

Failed Request Tracing – 002

Failed Request Tracing – 002 – Image

 

Failed Request Tracing – 002 – Textual

The state information is invalid for this page and might be corrupted.

 

Dedication

Dedicated to Michael Stover.

Main » jmeter-user » 2003-07 » RE: using the regular expression extractor to obtain a form value
Link

MichaelStoverWorkflow_20171026_0545PM


					

IIS Logs / Log Parser Studio – Aggregated Hits per Server

Background

Our monitoring team has developed and rolled out scripts for monitoring our web farm.

And, we are getting alerts through email.

Quite a lot of emails are coming across and wanted to see if they are coming from same host or a combination of hosts.

 

Emails

Looked at the emails and they happen to be coming from same host.

And, so will have to engage our Network team and see how the Load Balancer is configured.

Is there a prospect that more traffic is being directed at the failing node?

Network Load Balancer

As we prepared to go to the Network Load Balancer team took the opportunity to take gather and query the IIS Logs, as well.

 

TroubleShooting

Log Parser Studio

Query


SELECT 
            To_String(date, 'yyyy-MM-dd') as dated

          , sc-status as status

          , sum (
                    case s-ip
                        when '10.0.4.25' then 1
                        else 0
                   end
               ) as S1

          , sum (
                    case s-ip
                        when '10.0.4.26' then 1
                        else 0
                   end
               ) as S2


          , sum (
                    case s-ip
                        when '10.0.4.27' then 1
                        else 0
                   end
               ) as S3

         , sum (
                    case s-ip
                        when '10.0.4.28' then 1
                        else 0
                   end
               ) as S4

          , min(TO_TIMESTAMP(date, time)) as tsRecordedMin


          , max(TO_TIMESTAMP(date, time)) as tsRecordedMax


FROM '[LOGFILEPATH]' 


where   (


           (

             TO_TIMESTAMP(date, time) 
                     between timestamp('2017/08/02 10:30:00', 'yyyy/MM/dd hh:mm:ss')  
                          and timestamp('2017/08/02 17:20:00', 'yyyy/MM/dd hh:mm:ss')
           )

       )

/*

	and  c-ip not in ('10.0.4.141')
	
*/

group by
         date
       , sc-status


order by
           dated 
         , status



Output

Time Range – 1 ( August 2nd 10:30 AM – 5:20 PM )

Results

Explanation
  1. It is difficult to make case that traffic is exhaustively being waded into a specific host

Time Range – 2 ( August 8th 5:13 PM – 8:40 PM )

Results

Explanation
  1. In our second time slot, 4700 records bearing HTTP 200 is right around average

Summary

At this time it is likely that the sufferance we are seeing with this specific host is not due to outside pressure, but internal to the host itself.

 

Internet Information (IIS) / Log Parser – Queries – String Pattern Matching

Background

Looking for File I/O Exceptions in the Event Viewer.

 

Query

Sample

Sample 001

Code


SELECT TOP 100 
 
         TimeGenerated
       , ComputerName
       , EventCategoryName
       , EventTypeName
       , EventID
       , SourceName
       , Message as Mesg
       , Strings as Strings
       , EXTRACT_TOKEN(Strings,1,'|') AS AppName
       , EXTRACT_TOKEN(Strings,2,'|') AS AppVersion
       , EXTRACT_TOKEN(Strings,3,'|') AS S3
       , EXTRACT_TOKEN(Strings,4,'|') AS Module
       , INDEX_OF(Message, 'System.IO.IOException') as indexOf
       , case INDEX_OF(Message, 'System.IO.IOException') 
            when 0 then 'N'
            when NULL then 'N'
            else 'Y'
         end as IOE
       , CASE strcnt(Message, 'System.IO.IOException')
             when 0 then 'No'
             else 'Yes'   
         end as IOException
 
from  '[LOGFILEPATH]'
 
WHERE ( EventType = 1 OR EventType = 2 )

and    INDEX_OF(Message, 'System.IO.IOException') > 0

 
ORDER BY
         TimeGenerated DESC


Output

 

Explanation

  1. INDEX_OF
    • We use INDEX_OF to find the position of the sought string in the Message column
      • When the column contains System.IO.IOException the query returns the starting position of the found pattern
      • When not found, null is returned
  2. STRCNT
    • We invoke STRCNT to count number of matches
      • When String not found, 0 return
      • When matched, number of matches

 

References

  1. StackOverflow
    • Log Parser Case Statement
      Link