Website failing...
Using IIS 5. 0 under W2K, I'm having a problem with my website frequently failing. If I look at the site properties in the IIS Management console, it _appears_ to be running ok (ie. no 'Stopped' message against the root virtual directory), but all I need to do is stop it, restart it, then everything is ok until the ...
Using IIS 5.0 under W2K, I'm having a problem with my website frequently failing. If I look at the site properties in the IIS Management console, it _appears_ to be running ok (ie. no 'Stopped' message against the root virtual directory), but all I need to do is stop it, restart it, then everything is ok until the next failure, which may be a couple of hours or days later - there appears to be no pattern which I can see at present.
Looking at the NT event viewer, I noticed the following error message which occured when the server was last rebooted...
"The HTTP server was unable to load the ISAPI Application 'C:\WINNT\System32\idq.dll'. The data is the error."
The file mentioned in the message is present.
If anyone could suggest anything that might be causing this (embarrassing) problem, I would be grateful.
TIA
Alan Harris-Reid
Looking at the NT event viewer, I noticed the following error message which occured when the server was last rebooted...
"The HTTP server was unable to load the ISAPI Application 'C:\WINNT\System32\idq.dll'. The data is the error."
The file mentioned in the message is present.
If anyone could suggest anything that might be causing this (embarrassing) problem, I would be grateful.
TIA
Alan Harris-Reid
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.
Responses to this topic
Are you using Index Server? Because if you are not, remove it from the global WWW properties. You can check that out here:
http://www.microsoft.com/technet/treevie...crsc_iisscr.asp
Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it. You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTH
http://www.microsoft.com/technet/treevie...crsc_iisscr.asp
Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it. You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTH
Clutch, thanks for the reply...
>>Are you using Index Server? Because if you are not, remove it from the global WWW properties.<<
Sorry, I should have said IIS was running on NT4 SP4 (I was looking at the wrong server!). AFAIK NT does not have Index Server (at least I can't see it on the services list). If not, how do I remove it from the global WWW properties?
>>You can check that out here:
http://www.microsoft.com/technet/tr...crsc_iisscr.asp<<
Tried that. All I got was the message "The page you're looking for has been moved or removed from the site."
>>Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it.<<
Sorry, you are talking to a total novice when it comes to some of these terms (the site owner's IT dept, who installed IIS, don't know much about it either!). What are URLScan and IISLockdown?
>>You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir<<
Logs show nothing at present...
Regards,
Alan Harris-Reid
>>Are you using Index Server? Because if you are not, remove it from the global WWW properties.<<
Sorry, I should have said IIS was running on NT4 SP4 (I was looking at the wrong server!). AFAIK NT does not have Index Server (at least I can't see it on the services list). If not, how do I remove it from the global WWW properties?
>>You can check that out here:
http://www.microsoft.com/technet/tr...crsc_iisscr.asp<<
Tried that. All I got was the message "The page you're looking for has been moved or removed from the site."
>>Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it.<<
Sorry, you are talking to a total novice when it comes to some of these terms (the site owner's IT dept, who installed IIS, don't know much about it either!). What are URLScan and IISLockdown?
>>You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir<<
Logs show nothing at present...
Regards,
Alan Harris-Reid
The link must have gotten chopped when you looked at it, because the one on my post worked fine for me just now. However, here is a copy of what is shown on that page (and, if I remember correctly, these instructions should be similar to what you will see in NT4 Server):
Quote:Remove Unused Script Mappings
IIS is preconfigured to support common file name extensions such as .asp and .shtm. When IIS receives a request for one of these file types, the call is handled by a DLL. If you do not use some of these extensions or functionality, remove the mappings.
To remove unused script mappings
In Windows 2000, point to the Start button, point to Programs, point to Program Tools, and then click Internet Services Manager.
Right-click the Web server, and then on the pop-up menu, click Properties.
In the Master Properties box, click WWW Service, and then click Edit.
In the WWW Service Master Properties dialog box, click the Home Directory tab, and then click Configuration.
As appropriate, remove the following references: If you do not use Remove
Web-based password reset .htr
Internet Database Connector (all IIS Web sites should use ADO or similar technology) .idc
Server-side includes .stm, .shtm, and .shtml
Internet Printing .printer
Index Server .ida and .idq
Note: To function correctly, the Application Center user interface requires support for .asp and .js file extensions. Do not remove these mappings.
You can also remove index server by going to "Add/Remove Programs" and then "Add/Remove Windows Components".
Now, onto the IISLockdown tool. You can find the info and link to download that here. If you run the wizard, it will also ask you what you use your server for, and can remove those mappings for you. By running this utility, you can lock the server down and remove the filter at the same time.
If you will be the admin for IIS anywhere, get to know it well. There are many resources available on technet for IIS, and some other elsewhere too. Try out this site some time, as it has some pretty good info:
www.iisanswers.com
Now, when you checked the logs, were you just checking the Event viewer (System, Application, etc), or the actual IIS logs. The IIS logs are normally located at C:\WINNT\system32\LogFiles and are subdivided by site. Good luck.
Quote:Remove Unused Script Mappings
IIS is preconfigured to support common file name extensions such as .asp and .shtm. When IIS receives a request for one of these file types, the call is handled by a DLL. If you do not use some of these extensions or functionality, remove the mappings.
To remove unused script mappings
In Windows 2000, point to the Start button, point to Programs, point to Program Tools, and then click Internet Services Manager.
Right-click the Web server, and then on the pop-up menu, click Properties.
In the Master Properties box, click WWW Service, and then click Edit.
In the WWW Service Master Properties dialog box, click the Home Directory tab, and then click Configuration.
As appropriate, remove the following references: If you do not use Remove
Web-based password reset .htr
Internet Database Connector (all IIS Web sites should use ADO or similar technology) .idc
Server-side includes .stm, .shtm, and .shtml
Internet Printing .printer
Index Server .ida and .idq
Note: To function correctly, the Application Center user interface requires support for .asp and .js file extensions. Do not remove these mappings.
You can also remove index server by going to "Add/Remove Programs" and then "Add/Remove Windows Components".
Now, onto the IISLockdown tool. You can find the info and link to download that here. If you run the wizard, it will also ask you what you use your server for, and can remove those mappings for you. By running this utility, you can lock the server down and remove the filter at the same time.
If you will be the admin for IIS anywhere, get to know it well. There are many resources available on technet for IIS, and some other elsewhere too. Try out this site some time, as it has some pretty good info:
www.iisanswers.com
Now, when you checked the logs, were you just checking the Event viewer (System, Application, etc), or the actual IIS logs. The IIS logs are normally located at C:\WINNT\system32\LogFiles and are subdivided by site. Good luck.
Clutch, many thanks for your reply. I'll take a look at everything you suggested and see if it makes any difference.
BTW, I'm looking at your original reply right now and I definitely cannot see the last part. How could we be looking at different versions (apart from the fact that I am a 'Junior member' (when do I lose that tag?) and you are a moderator)?
Regards,
Alan
BTW, I'm looking at your original reply right now and I definitely cannot see the last part. How could we be looking at different versions (apart from the fact that I am a 'Junior member' (when do I lose that tag?) and you are a moderator)?
Regards,
Alan
Quote:
BTW, I'm looking at your original reply right now and I definitely cannot see the last part. How could we be looking at different versions (apart from the fact that I am a 'Junior member' (when do I lose that tag?) and you are a moderator)?
Regards,
Alan
What last part can you not see? Are you talking about the difference between NT4 and Win2K's IIS?
With respect to the membership listing, I don't know what the steps are to get you "promoted". Anybody else know?
BTW, I'm looking at your original reply right now and I definitely cannot see the last part. How could we be looking at different versions (apart from the fact that I am a 'Junior member' (when do I lose that tag?) and you are a moderator)?
Regards,
Alan
What last part can you not see? Are you talking about the difference between NT4 and Win2K's IIS?
With respect to the membership listing, I don't know what the steps are to get you "promoted". Anybody else know?
Clutch...
Here is what I can see from your 1st reply in this thread. As you can see, the stuff you quoted in your second reply (Removing unused script mappings, etc.) is not there!
Quote:Are you using Index Server? Because if you are not, remove it from the global WWW properties. You can check that out here:
http://www.microsoft.com/technet/tr...crsc_iisscr.asp
Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it. You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTH
__________________
Regards,
clutch
Regards,
Alan
Here is what I can see from your 1st reply in this thread. As you can see, the stuff you quoted in your second reply (Removing unused script mappings, etc.) is not there!
Quote:Are you using Index Server? Because if you are not, remove it from the global WWW properties. You can check that out here:
http://www.microsoft.com/technet/tr...crsc_iisscr.asp
Also, have you properly locked down IIS (all the updates, use URLScan/IISLockdown, etc)? IISLockdown would normally unregister that filter anyway unless specified not to, so you are probably not using it. You should check your IIS logs as well to see if you are getting scanned or have been attacked by some old Code Red servers, because they used to hit some old exploits on that filter. If you were being scanned, you would see some gibberish like this in your logs:
/scripts/..%%35c../winnt/system32/cmd.exe?/c+dir
HTH
__________________
Regards,
clutch
Regards,
Alan
