iis – al3xclarke

November 18, 2014November 18, 2014

IIS 7.5 cannot see NLB IP addresses

I just ran into a problem whereby new IP addresses (added to my NLB cluster) would not appear in the dropdown bindings list within IIS 7.5.

It was possible to manually enter the IP within the Site Bindings of IIS, but this didn’t allow the site to work.

HTTP error 404 was returned when attempting to access site.

The problem is caused by the new IP address not being present on the IP listen list. I’m sure that previous versions of IIS would automatically update list, but this doesn’t appear to be the case with 7.5.

To add an IP address to the listen list simply open an elevated Command Prompt and enter the following text.

netsh http add iplisten xxx.xxx.xxx.xxx

Be sure to replace the x’s with the correct IP address (for me this was the one I just added to the NLB cluster).

Hit enter and then type the following text and hit enter again.

iisreset

If all goes well, you should receive a confirmation message stating that the IP address has been added and a couple of other messages regarding the reset of IIS.

After completing the above steps I found that my site in IIS (bound to this new IP address) was now working. However, the IP address still does not appear in the dropdown list of the Site Bindings window. If anyone knows why then please let me know!

Update: Shortly after posting this article I noticed that others sites on this server (using the default IP address) were not working. It turns out that I had to add this IP address to the listen list too – despite these sites working just fine before.

The following commands may also be required – especially when experimenting.

Show IP listen list:
netsh http show iplisten

Remove IP from listen list:
netsh http remove iplisten xxx.xxx.xxx.xxx

August 25, 2014August 26, 2014

Finding out-of-date WordPress installations

Several websites, that are hosted on servers I manage, recently fell victim to XML Quadratic Blowup Attacks. They were all running WordPress version 3.9.1 or below.

I first noticed a problem when one of the servers started to run extremely slowly. Every website it hosted was taking an age to respond and frequently timing out. The CPU was maxed out at 100%, mainly from PHP requests.

Further investigation narrowed down the website under attack. Below is a screenshot showing the traffic trend for the month to date of that website.

WordPress DoS Attack — Traffic Trend by Day report for a WordPress website subjected to a DoS attack.

On 15th August page views began to spike, with the most popular requested file being xmlrpc.php.

The temporary fix was to rename the file before installing WordPress 3.9.2, which contains a fix for this exploit.

However, I began to wonder how many other sites, that I was responsible for, could be vulnerable.

So, I decided to write a PowerShell script that scans all websites (on IIS 6 or 7) and checks their current WordPress installation version.

vScanner Console Output — Results are displayed directly in the console and can also be sent to you via email.

Since the WordPress API is used to obtain the current version, you can set this script to run as a task on your server. If an out of date installation of WordPress is detected then you’ll receive an email notification.

Download vScanner v1.0

To turn on email updates, set $SendEmail (line 5) to 1 and be sure to update lines 6 – 11 with your email address and SMTP server details.

August 16, 2014August 20, 2014

msdeploy fails after installing Windows updates

After installing some updates (around 30 in total, between reboots) I noticed that msdeploy was failing to synchronise the IIS Metabase and files from another server.

I’ve ran into this problem before and, if I recall correctly, it also occurred after running Windows Update.

The following error was returned when trying to run msdeploy.

Error: Object of type ‘webServer’ and path ” cannot be created.
Error: Configuration system failed to initialize
Error: Unrecognized configuration section startup. (C:\Program Files\IIS\Microsoft Web Deploy V2\msdeploy.exe.config line 2)
Error count: 1.

Also, when trying to load Internet Information Services (IIS) Manager, a warning popped up saying “Configuration system failed to initialize”.

The problem appeared to be with the following files.

C:\Windows\System32\inetsrv\config\applicationHost.config
C:\Windows\System32\inetsrv\config\administration.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\machine.config
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\web.config

The first file had a size of 18KB on the server in question. However, the same file on another server in the cluster had a size of 74KB. The other files were also of different sizes.

In addition to the above, I noticed that the following files from the C:\Windows\System32\inetsrv\config\schema directory were also missing.

APE_schema.xml
heliconApe_schema.xml
NetFx40_IIS_schema_update.xml
NetFx45_IIS_schema_update.xml

I don’t know what went wrong, but can only presume (based on past experience and the modified timestamp of the first file) that Windows Update broke this.

The fix was easy – simply restore the files from a backup. You can always copy them from another server in the cluster, which is what I did.