Tuesday, September 21, 2010

Win2008/ R2 IIS7.x Classic Asp upload 200K limit solution

During the process of migrating a site to IIS 7 we came across an issue with Classic ASP file uploads throwing 500 errors when larger than 200kb. There is an EASY fix for this.
In IIS 7, click your site and expand it then click the ASP icon.
Expand the Limits Properties icon, and change the value in the “Maximum Requesting Entity Body Limit” to a value larger than 200000 (which is about 200kb). 2000000 would be roughly 2mb, 20000000 would be 20mb.
Click the APPLY button. That’s it!



IIS7.0的修改方法如下:
打开IIS管理器--双击“IIS”中的“ASP”-- 打开“配置 ASP 应该程序的属性”--展开“限制属性”;
修改“最大请求实体主体限制”的值,默认值为200000(即不到200KB);
把它修改为你想修改的大小,如:52000000(50MB)。
修改完成点击“应用”OK!

IIS6.0的修改方法如下:
在服务里关闭iis admin service服务
找到windows\system32\inetsrv\下的metabase.xml,
打开,找到aspmaxrequestentityallowed 把他修改为需要的值,默认为204800,即200k
把它修改为51200000(50MB)
然后重启iis admin service服务

Tips for Classic ASP developers on IIS7.x

There are a few changes in IIS7 which Classic ASP developers should be aware of.

ASP not installed by default

First things first!  If you're moving from XP to Windows Vista / Longhorn Server, you may be getting this error:
--------------------------------------------------------------------------------------------------------------------
HTTP Error 404.3 - Not Found
Description: The page you are requesting cannot be served because of the Multipurpose Internet Mail Extensions (MIME) map policy that is configured on the Web server. The page you requested has a file name extension that is not recognized, and is not allowed.
--------------------------------------------------------------------------------------------------------------------
this is usually the case when you haven't installed the ASP component.  Go to where you installed IIS and look under IIS/WWW Services/Application Development/ASP and install it.  :)

Access and Classic ASP

A lot of people use Access as a database - because it is small, can be copied around, and is easy to manage.  One of the changes we made in IIS7 in Vista broke using ASP and Access by default.  I described this change in more detail in this post, but essentially it has to do with the fact that Application Pools now use the Application Pool identity's profile and temporary directory, rather than \windows\temp by default.  And since the only one that can write to Network Service's temp directory is the Network Service, anonymous or authenticated ASP applications break, since ASP uses the impersonated identity to access the database.  If you use ASP and Access on IIS7, you've probably seen this error, or a variation of it: 
--------------------------------------------------------------------------------------------------------------------
Microsoft JET Database Engine error '80004005'
Unspecified error

--------------------------------------------------------------------------------------------------------------------
The answer is pretty straight forward:  turn off loadUserProfile, or ACL the temp directory to allow writes.  As a result of this and other compatibility issues, we're considering reverting this change in Longhorn Server / Vista SP1.  In the mean time, you can work around it by doing either of the following:
This appcmd command will turn off loadUserProfile for the Default Application Pool.  if your application runs in a different AppPool, make the corresponding change:
%windir%\system32\inetsrv\appcmd set config /section:applicationPools /[name='DefaultAppPool'].processModel.loadUserProfile:false
This command will ACL the Network Service temp directory to allow creator write / read privledges.  If you run your Application Pool under a different identity, you'll need to ACL that owner's temp directory:
icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant Users:(CI)(S,WD,AD,X)
icacls %windir%\serviceprofiles\networkservice\AppData\Local\Temp /grant "CREATOR OWNER":(OI)(CI)(IO)(F)

**Update 2/19/2009** if you are having issues with Access and ASP you might want to read this terrific guide recently posted on IIS.NET: http://learn.iis.net/page.aspx/563/using-classic-asp-with-microsoft-access-databases-on-iis-70-and-iis-75/ 

 

Script errors no longer shown in browser by default

As a result of our security paranoia, we turned off ASP's default behavior of sending script errors (including line number and code snippet to the browser.  So instead of seeing the typical error you would see ASP throw, you will now see this:
--------------------------------------------------------------------------------------------------------------------
An error occurred on the server when processing the URL. Please contact the system administrator
--------------------------------------------------------------------------------------------------------------------
To revert back to IIS6- behavior, simply run the following command:
%windir%\system32\inetsrv\appcmd set config -section:asp -scriptErrorSentToBrowser:true
Or you can find it in the UI here:


then you'll be back to seeing this style of error instead:
--------------------------------------------------------------------------------------------------------------------
Microsoft VBScript compilation error '800a03ea'
Syntax error
/test.asp, line 4
Response.Write("I love classic ASP" && foo)
-------------------------------------^
--------------------------------------------------------------------------------------------------------------------

 

Parents paths disabled by default (redux)

We disabled parent paths by default with IIS6, but I've seen this hit people on Vista coming from XP, where it is still enabled by default in IIS5.1  The enableParentPaths setting determines where ASP "includes" should be allowed to escape the parent directory (eg. ../../../includeFile.inc).   You'll see this error by default if you try to escape the current directory:
--------------------------------------------------------------------------------------------------------------------

Active Server Pages error 'ASP 0131'
Disallowed Parent Path
/test.asp, line 1
The Include file '../bad.inc' cannot contain '..' to indicate the parent directory.
--------------------------------------------------------------------------------------------------------------------
or you may see this error if you are using a path with ../ in it and your ADODB code
--------------------------------------------------------------------------------------------------------------------

Server.MapPath() error 'ASP 0175 : 80004005'
Disallowed Path Characters
/testdir/test.asp, line 9
The '..' characters are not allowed in the Path parameter for the MapPath method.
--------------------------------------------------------------------------------------------------------------------
To revert back to IIS 5.x behavior, simply run the following command:
%windir%\system32\inetsrv\appcmd set config -section:asp -enableParentPaths:true
or you can find the UI setting here:



APPL_PHYSICAL_PATH no longer returns "\" with path

If you use Request.ServerVariables("APPL_PHYSICAL_PATH") to get at the physical path for your application, you may notice that the physical path no longer returns with a trailing slash.  In previous releases of IIS, we returned this value as stored in the metabase.  In IIS7, we calculate this value based on the configuration store, and we never return a trailing slash.  You'll need to account for this especially if you are the return value with some other part of the path in your application.

 

 

Session_OnEnd not firing

If you find that Session_onEnd event in your global.asa is not firing, check out this blog post from Lou on the issue and the fix.

Classic ASP on IIS 7 (setting, tips...)

It's not really difficult to run classic ASP on Internet Information Server 7, but there are some bumps down the road. Here's a little help to get you started:
First of all, check whether you have the Windows feature for ASP installed. Go to Programs and Features in Control Panel and click Turn Windows features on and off. Navigate down the tree of features and make sure ASP is checked.
ASPWindowsFeature
Next, go to Internet Information Server (IIS) Manager (run inetmgr from the Start Search box to get there fast) and create a new application pool for ASP.
ASPApplicationPool
This should be a "No managed code" and "Classic" app pool if you do not intend to mix and match the .NET Framework and ASP.NET in the same pool. The Integrated pipeline would not make sense, because it only applies to integrating HTTP modules that are either native or managed .NET implementations.
I had some difficulties setting the identity of the application pool to the new built-in IUSR account. This account replaces the former computer account called IUSR_machinename. Same goes for the IIS_WPG group for application pools that is replaced by the builtin group IIS_IUSRS. Read more about it here. Under the Advanced Settings of the "ASP" application pool you will find the Identity property under Process Model. The default value is NetworkService. I found no way to set this to the BUILTIN\IUSR by choosing SpecificUser and setting BUILTIN\USR under Identity SpecificUser Credentials. I guess that you shouldn't be running ASP sites under IUSR anymore. It is used for anonymous users automatically.
ASPIUSRIdentity
To easy the administration effort, there is a way to turn off the IUSR account without turning off anonymous identification:
appcmd set config -section:anonymousAuthentication -userName:"" --password
And lastly, create your new web application. For example, copy the ASP site folder under C:\inetpub\wwwroot, where the default installation location of "Default Web Site" of IIS. Convert the folder (or virtual directory) to an application and choose "ASP" as the application pool. Check whether the .asp extension is mapped to the correct handler and whether it is enabled. Also make sure that the identity of your application pool has sufficient rights (and no more than that) to access the files in the web site's folder.
IISASPEnabled
One final note: whenever there is a error in the ASP website, and you get this error message: "An error occurred on the server when processing the URL. Please contact the system administrator",
ASPErrorMessage
it's probably because by default no error messages are sent to the client in IIS7. Change the setting "Send Errors To Browser" of your web application under the ASP icon to reveal such errors.
ASPReturnErrorMessages
Side note: if you get the nice Internet Explorer 500 error message and no particular details at all, remember to uncheck the "Show friendly HTTP error messages" checkbox under Internet Options, Advanced of IE.

Best Max Memory Settings for SQL Server 2005/2008

It is pretty important to make sure you set the Max Server memory setting for SQL Server 2005/2008 to something besides the default setting (which allows SQL Server to use as much memory as it wants, subject to signals from the operating system that it is under memory pressure). This is especially important with larger, busier systems that may be under memory pressure. 
This setting controls how much memory can be used by the SQL Server Buffer Pool.  If you don’t set an upper limit for this value, other parts of SQL Server, and the operating system can be starved for memory, which can cause instability and performance problems. It is even more important to set this correctly if you have “Lock Pages in Memory” enabled for the SQL Server service account (which I always do for x64 systems with more than 4GB of memory).
These settings are for x64, on a dedicated database server, only running the DB engine, (which is the ideal situation).
Physical RAM                        MaxServerMem Setting
2GB                                           1500
4GB                                           3200
6GB                                           4800
8GB                                           6400
12GB                                         10000
16GB                                         13500
24GB                                         21500
32GB                                         29000
48GB                                         44000
64GB                                         60000
72GB                                         68000
96GB                                         92000
128GB                                       124000
If you are running other SQL Server components, such as SSIS or Full Text Search, you will want to allocate less memory for the SQL Server Buffer Pool. You also want to pay close attention to how much memory is still available in Task Manager. This is how much RAM should be available in Task Manager while you are under load (on Windows Server 2003):
Physical RAM            Target Avail RAM in Task Manager
< 4GB                               512MB – 1GB
4-32GB                              1GB – 2GB
32-128GB                            2GB – 4GB
> 128GB                              > 4GB
You can use T-SQL to set your MaxServerMemory setting. The sample below sets it to 3500, which is the equivalent of 3.5GB. This setting is dynamic in SQL Server 2005/2008, which means that you can change it and it goes into effect immediately, without restarting SQL Server.
-- Turn on advanced optionsEXEC  sp_configure'Show Advanced Options',1;GO
RECONFIGURE
;GO
-- Set max server memory = 3500MB for the serverEXEC  sp_configure'max server memory (MB)',3500;GO
RECONFIGURE
;GO
-- See what the current values areEXEC sp_configure;
You can also change this setting in the SSMS GUI, as you see below:
image
Finally, I have learned that it is a good idea to temporarily adjust your MaxServerMemory setting downward by a few GB if you know you will be doing a large file copy on your database server (such as copying a large database backup file).

http://www.sqlservercentral.com/blogs/glennberry/archive/2009/10/29/suggested-max-memory-settings-for-sql-server-2005_2F00_2008.aspx