January, 2013

  • Never doubt thy debugger

    How to export IIS .config and .key files at the command line


    Handy for a batch maintenance operation a customer had to run on a few hundreds servers: they basically needed to do what’s described in this article but in a script rather than from the IIS GUI.

    From Shared Configuration (Appendix 3):

    By default, IIS includes two main providers for securing properties. These providers are located in the applicationHost.config file's <configProtectedData> configuration section and are defined in the <providers> element. The AesProvider is specific to dealing with encryption and decryption for properties that are in the system.webServer section. The IISWASOnlyRsaProvider is specific to dealing with encryption and decryption for properties that are in the system.applicationHost section. These keys are in the iisConfigurationKey and iisWasKey key containers and are machine-specific. In a Web farm scenario, if encryption is required, then a key from one machine - usually the one that created the applicationHost.config file - is exported and brought into the other machines so that secure properties can be decrypted and used by the Web server

    So just copy the .config files from “C:\Windows\System32\Inetsrv\config” and use aspnet_regiis –px to export the Keys:

    aspnet_regiis -px "iisConfigurationKey" "D:\iisConfigurationKey.xml" -pri

    To import the Keys on another machine run the following:

    aspnet_regiis -pi "iisConfigurationKey" "D:\iisConfigurationKey.xml"

    The parameter after the -pi is the name of the key container to be imported. In this case, it is the "iisConfigurationKey" key container. The other key container that IIS uses is the "iisWasKey" key container.



    The difference between the right word and the almost right word is the difference between lightning and a lightning bug.

    Mark Twain

  • Never doubt thy debugger

    Error 502 - Web server received an invalid response while acting as a gateway or proxy server


    I saw this error some time ago while working on an eCommerce solution. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server. Redirect/move happens like it should, but after approximatively 2 minutes after posting an order the user receives an http error 502.
    The order is correctly processed by SAP but the web applications is built in a way that the user is getting a confirmation page when the order is processed: this page is never presented to the user due to the 502 error.

    FREB gave us further details about the error: 502.3, 2147954417 which translates into ERROR_INTERNET_OPERATION_CANCELLED.

    This lead me to this post which describes a different error but based on the same principle and the solution still applies to our scenario: we increased the proxy timeout to 5 minutes to accommodate all reasonably long running requests and the problem was solved.

    appcmd.exe set config  -section:system.webServer/proxy /timeout:"00:05:00"  /commit:apphost




    It's not the size of the dog in the fight, it's the size of the fight in the dog.

    Mark Twain

Page 1 of 1 (2 items)