Troubleshooting Issues on Windows 2012

This TechNote covers newer versions of Ithicos Solutions products running on Windows Server 2012 / 2012 R2 with any service pack. This includes:

  • Directory Update v2.5 or later
  • Directory Manager v2.2 or later
  • Directory Search v2.0 or later
  • Directory Password 1.2 or later

Note: Versions older than the above versions are not supported on Windows Server 2012.

The top reported problems with Windows Server 2012 are:

  • Missing IIS prerequisites during or after installation
  • .NET Framework not being registered properly with IIS
  • Restrictive User Access Control (UAC) settings during installation
  • IIS and AJAX Control Compression

Missing Prerequisites

Missing prerequisites may cause the installer to fail or may cause the application to not work once installed. Our software relies on key components of Microsoft Internet Information Server and the .NET Framework 4.x platform. The simplest way to install all of the necessary components is to use the PowerShell Server Management module. It does not hurt to run this again even if the components are already installed.

1.  Open a PowerShell command prompt as an administrator 
2.  Type Import-Module ServerManager and press Enter
3.  Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, NET-FRAMEWORK-45-Core, NET-FRAMEWORK-45-ASPNET, Web-HTTP-Logging, Web-NET-Ext45, Web-ASP-Net45 and press Enter
4.  Reboot if prompted.

Microsoft is continually making updates to the .NET Framework v4.0/v4.5 including bug fixes and security updates. We strongly recommend keeping your server within 2 or 3 months of the most recent updates. So, ensure that you run a “Windows Update” on your server periodically and ensure that all critical as well as recommended updates are applied.

Installation Access Denied or Administrator Permissions Required

Windows Server 2012 is great operating systems, well, except for maybe those bloody tiles. Windows 2012 provides more scalability, stability, and security than ever before. But thanks to improvements in security, getting any application to run can be an arduous process.

The Windows Server 2012  User Access Control (UAC) is a feature that allows you to place even tighter security controls on Windows Server users by prompting for tasks that require elevated access, limiting access even Administrators have by default, and requiring that application installers be digitally signed by a trusted certificate authority. While we wholeheartedly support making Windows Server more secure, it sure can make installing applications a pain in the neck.

We occasionally have a customer report that when they try to run our installer, they get an "access denied," "insufficient rights," "Administrator privileges are required to install this product," or "Error message: unable to contact domain" type messages even when they are logged on as a member of Domain Admins. This is usually resolved by following these steps:

1. Ensure that you are logged on as a domain user that is a member of the IIS server's local Administrators  group
2. Copy the installer file (the MSI) file to a folder such as c:\temp (in this example, DirectoryUpdate.MSI)
3. Open a command prompt as an Administrator (Run As Administrator)
4. Run the Microsoft installer using this command:         
       msiexec.exe /i c:\temp\directoryupdate.msi

From this point, you should be able to continue forward with a standard installation. For a tightly locked down system, though, you may also need to run the Configuration wizard as an administrator. Right click on the Configuration wizard and choose "Run As Administrator"


Log file and Photo folders

Directory Update, Directory Password, and Directory Manager can create tab-separated value files (text) that record individual changes using the respective application. This is controlled in the Auditing section of the AppSettings.XML file. The logs are stored by default in c:\inetpub\wwwroot\directoryupdate\logs or c:\inetpub\wwwroot\directorymanager\logs.

Assuming that you have created a dedicated application pool that uses the NETWORK SERVICE security context, make sure that the NETWORK SERVICE user has "Modify" permissions to this folder.

File system permissions for Ithicos applications

The same holds true for the Photos folder if you are allowing users to upload photos in to the Active Directory. That folder is c:\inetpub\wwwroot\directoryupdate\photos or c:\inetpub\wwwroot\directorymanager\photos.


Update, Update, Update

Our software relies on the security and stability of the Windows Operating System, Internet Information Server, and the .NET Framework. Microsoft is continually providing updates in the form of updating security fixes as well as roll-up or convenience updates to the operating system. These updates are important not only for the stability and security of your computing environment, but often these updates fix code that our software relies on to execute. Ensure that you regularly update all recommended and critical updates provided by Microsoft. Including any updates affecting IIS or the .NET Framework.

Last Review: 17 Dec 2016