IIS 7.5 Multiple subdomains same wildcard certificate - ssl

This is an odd problem as all I'm trying to do is extend a configuration that is already happily functioning as described by adding a new web site, which is just a copy of an existing web application.
So what we have is a wildcard certificate *.business.com
We already have 8 other sites bound to the same SSL certificate each with their own host names.
a.business.com
b.business.com
..
h.business.com
All the existing sites are quite different in their role/application/structure so in that sense there aren't any duplicate files or applications.
I'm trying to add x.business.com and for some reason IIS does not want to know about it.
I'll explain what I've done and hopefully someone will see the erro of my ways.
My first step was to set an A record in the DNS for the domain.
So all the other URLs listed above all point to the same public IP address.
Lets call it 100.10.10.100
I then created a simple website in IIS with a simple default.htm for testing.
After setting the host name to x.business.com and binding the SSL certificate (using appcmd) I tested the site address. Nothing. By that I mean a generic error saying the site is unreachable. At this point there is no log as the site hasn't served anything.
A ping of the URL returns the IP address set in the DNS but no response.
To try and simplify I added another simple site called TestSite. I made an entry in the hosts file 127.0.0.1 TestSite. Tried the IIS server browser and this also didn't work.
However when I changed the TestSite to use port 81 and then tested http://testsite:81 I got a positive response.
I then tried to extend this test and made another A record testsite.business.com. Added the host name to the existing testsite and then tried http://testsite.business.com:81 it failed.
Rolling everything back and it worked again.
For the life of me I can't see what I need to do to get this working. It seems like a DNS issue but the other 8 sites are all working fine with the same IP address:port (eg 100.10.10.100:80), multiple sites bound to the same SSL certificate without issue and have been working from nearly two years.
I'd like to add I didn't set this up hence the groping around in the dark, but I'm sure I've done something similar in the past without issue.
I've searched for hours and have not found anything glaringly obvious that I've missed. it also worries me when I see few posts with similar issues it makes me think I'm missing something truly basic.
Your thoughts on diagnosing this issue are appreciated.

OK folks you can all relax.
Two issues a typo in the DNS A record. Yep that's on me.
However I also found an interesting piece of code in the default web site.
Default.asp has the following code. It appears this is doing a bit of translation of incoming web requests and redirection.
// Redirect appropriately
response.buffer = True
response.clear
response.status = "301 Moved"
If InStr(sServerName,"a") > 0 Then
response.addHeader "Location", "https://a.business.com/" & Request.QueryString
Elseif InStr(sServerName,"b") > 0 Then
response.addHeader "Location", "https://b.business.com/" & Request.QueryString
End If
So I added
// Redirect appropriately
response.buffer = True
response.clear
response.status = "301 Moved"
If InStr(sServerName,"a") > 0 Then
response.addHeader "Location", "https://a.business.com/" & Request.QueryString
Elseif InStr(sServerName,"b") > 0 Then
response.addHeader "Location", "https://b.business.com/" & Request.QueryString
Elseif InStr(sServerName,"x") > 0 Then
response.addHeader "Location", "https://x.business.com/" & Request.QueryString
End If

Related

Postman still sends to old sever although I updated its' variable

Postman still sends to old sever although I updated its' variable. It works correctly on the web app. I've changed the server & linked the new server with the same sub-domain and deployed the same old app.
The windows app
The web app - works fine and it responds as it should
I changed the variable of the URL
I tried to create a new environment - didn't work
I tried to remove the entire workspace - didn't work
I un/re-installed the app - didn't work either
Is there a cache in the app itself or something to clear it to get the new value?
appreciate your help. T^T
An example to clarify my issue:
I have a subdomain: backend.mydomain.com
I've linked my server IP 152.50.133.60
so backend.mydomain.com points to -> 152.50.133.60
I made backend.mydomain.com free again to use it on a different server
Now I linked my new server IP 163.33.80.92
Now my backend.mydomain.com points to -> 163.33.80.92 & it works fine on (the postman web app & chrome)
When I try from PC app it still has the old value as in console pic
It worked after:
Signed Out.
Made a request not signed in.
Signed in again, then made a request it worked.
No clue why though!

Persits ASPPDF ImportFromUrl ServerXMLHTTP Error: The request has timed out

We have a test website that uses Persits ASPPDF to build a PDF using the ImportFromUrl method. It works fine on our test domain, but when I use the same code on another domain (and crucially perhaps, a sub-domain) I get the "MSXML2::ServerXMLHTTP Error: The request has timed out." error.
This leads me to think its related to the problem outlined in
https://support.persits.com/show.asp?code=PS080709171
"the calling Active Server Page (ASP) should not send requests to an ASP in the same virtual directory or to another virtual directory in the same pool or process. This can result in poor performance due to thread starvation."
So perhaps the config of the two servers hosting the two sites (test and live) are different - and if so what would that be? - Or you can't run this method on a sub-domain? Any guidance out there please?
I've had the same issue for weeks and finally found out what the problem was. In my case, it was because I had set to True the options that allow the debug of classic ASP code, without which I could not debug using visual studio. Setting those options back to False fixed the issue.

HTTPS generates back-end issues

One of my old website is running TYPO3 v4.5.
I bought a SSL certificate and my sys admin installed it on the server.
the front-end is running well on https
tha back-end login form runs weird : one time my login/password are ok, but sometimes it doesn't allow me to enter the back-end.
It is totally random and in Firebug, I have no clue in the console or in the network tab to help me. Same behavior for Chrome, FF or IE.
I tried a lot of parameters :
[BE]LockSSL = 1
[SYS][reverseProxyIP] with " ... "
[SYS][reverseProxySSL] with " * "
[SYS][cookieSecure] = 1
I event tried a lot of different combinations, with no success.
Please notice that I also get a TYPO3 6.2 website and those parameters work perfectly on it. I guess that I am missing somthing for v4.5 ?
Check the BE cookieDomain configuration!

Missing configuration for the issuer of security tokens error

I inherited an existing project without its development environment. I have UAT code and a backup of the Production database. I can run up the site locally via Visual Studio but have hit an authentication problem trying to setup a fresh standalone DEV server on AWS (single server, no load balancer). The doco indicates the Prod server is a dual server setup with a load balancer.
The front end site pages do display, although some search is not working. On trying to log into the backend pages, Chrome returns "The xxx page isn't working. xxx redirected you too many times." Using developer tools, I can see the page redirects back and forth between SWT?realm=... and sitefinity?wrap_defalted=true&wrap_access_token... On the second redirect response header there is "X-Authentication-Error:Missing configuration for the issuer of security tokens 'https://xxx/Sitefinity/Authenticate/SWT' "
I tried different values in the web.config lines:
<federatedAuthentication>
<wsFederation passiveRedirectEnabled="true" issuer="http://localhost" realm="http://localhost" requireHttps="true"/>
<cookieHandler requireSsl="false"/>
</federatedAuthentication>
but that actually made things worse so I have reverted.
I checked all the settings mentioned in http://docs.sitefinity.com/administration-switch-to-claims-based-authentication and they seem to be set correctly. I don't really know what else I can check to get this working.
I found http://docs.sitefinity.com/administration-configure-security, but it does not seem like these settings are set (I don't have access to Prod server so can't confirm if it is actually setup with load balancing). I am currently using a 30 day trial license so am not sure if this is contributing to the problem. The official license is in the process of being transferred by the client. The domain name associated with the official license would be different to the domain my new server is currently running on.
I am also running version 8 code on a version 9 install of Sitefinity. I wanted to get it working before I tried to upgrade the code. I think there was also an assembly load to manifest mismatch when I tried upgrading my local version.
Found the solution: Don't mess with the SecurityConfig.config file.
<securityTokenIssuers>
<add key="B886AA7BFB5515BA63F577A44BBEB5C7AE674035514D128BC397346B11F4C97A" encoding="Hexadecimal" membershipProvider="Default" realm="http://localhost" />
</securityTokenIssuers>
<relyingParties>
<add key="B886AA7BFB5515BA63F577A44BBEB5C7AE674035514D128BC397346B11F4C97A" encoding="Hexadecimal" realm="http://localhost" />
</relyingParties>
Even though it is running on a server, the above lines should still point to localhost. It seems like these only need to be edited if you have a multi-server setup with an entirely separate STS.
I initially changed it to match the new domain name, but after some experimentation around adding localhost and HTTP variations, it seems like it works best with just localhost.
Even when I changed the web.config entry above to use the new domain as the issuer instead of localhost and the SecureConfig.config to specify only the new domain as the realms, it didn't seem to work. I guess the authentication must try to hit localhost specifically.

AppHarbor doesn't forward Headers with _ on the Header name

I'm using AppHarbor and had a problem where none my users where being authenticated due to the fact that the CRSF (Cross-Site-Request-Forgery) check was failing.
I found out that the problem was that the custom CRSF_Header used was not being forwarded to my AppHarbor (even though other custom headers were)
It turns out that the problem is that Headers with _ (underscore) on the name are not forwarded by AppHarbor internal proxies.
The fix was then to rename the header name from CRSF_Header to CRSF-Header.
My question is: Is there another way to do this? or I have to avoid _ on headers when using AppHarbor.
Note that IIS and Cassini had no probs with these headers (so far I only had this problem in AppHarbor)
Ok I found this AppHarbor article that confirms it: http://support.appharbor.com/discussions/problems/5442-custom-http-header-not-reaching-the-application
Annoyingly AppHarbor discussion search wasn't working properly when I had this issue since I didn't saw that article when searched for it