This TechNote covers newer versions of Ithicos Solutions products running on Windows Server 2008 x64 and Windows Server 2008 R2 (any service pack). This includes:
Windows Server 2008 R2 is the minimum recommended platform for our applications due to improved scalability, stability, and security. But thanks to improvements in security, getting any application to run can be an arduous process.
Most of the problems getting the software running correctly are usually corrected by ensuring that the prerequisites are fully met and that the server is fully patched.
The top reported problems with Windows Server 2008 and Windows Server 2008 R2 are:
Missing prerequisites may cause the installer to fail or may cause the application to not work once installed. Our software relies on key components of Microsoft Internet Information Server and the .NET Framework 4.x platform. The simplest way to install all of the necessary components is to use the PowerShell Server Management module.
1. Open a PowerShell command prompt as an administrator 2. Type Import-Module ServerManager and press Enter 3. Type Add-WindowsFeature Web-Server, Web-Basic-Auth, Web-Windows-Auth, Web-ASP-NET, Web-Net-Ext, AS-Web-Support 4. Press Enter 4. Reboot if prompted.
Microsoft is continually making updates to the .NET Framework v4.0/v4.5 including bug fixes and security updates. We strongly recommend keeping your server within 2 or 3 months of the most recent updates. So, ensure that you run a “Windows Update” on your server periodically and ensure that all critical as well as recommended updates are applied.
This is easy to resolve.
1. Open a Windows command prompt as an administrator 2. Run %windir%\Microsoft.NET\Framework64\v4.0.30319/aspnet_regiis.exe /iru 3. Run %windir%\Microsoft.NET\Framework\v4.0.30319/aspnet_regiis.exe /iru 4. Run IISRESET.EXE
We use a series of web controls that are sometimes called AJAX or RAD controls. We have found that under some circumstances, these controls are interfering with IIS’s own compression capabilities. The errors usually manifest themselves though things like buttons or searches not working. This is also easy to resolve.
In the application folder, such as c:\inetpub\wwwroot\DirectoryUpdate, locate the Web.Config file, and then make a backup copy of it. Then load Web.Config in to a text editor, locate and delete these two lines:
<add name="RadCompression" type="Telerik.Web.UI.RadCompression" /> and <add name="RadCompression" type="Telerik.Web.UI.RadCompression" preCondition="integratedMode" />
Save the file and then run IISRESET.EXE
An Application Pool is essentially a memory space and dedicated set of threads that can be assigned to an IIS web site or web application. Separating web sites or web applications helps to prevents one application from causing problems for another.
Our software installers automatically create a dedicated application pool for each of our application pools, such as “DirectoryManagerAppPool”. Here are the Advanced Settings for an application pool.
The application pool has 3 key properties that must be set correctly:
IIS, by default, will flush the cache of any application that is not being actively used. You can improve performance/start-up time by increasing the “Idle Time-out (minutes)” value to a larger value, such as 600. However, this may result in IIS consuming more RAM on the servers.
Windows Server 2008 User Access Control (UAC) is a feature that allows you to place even tighter security controls on Windows Server users by prompting for tasks that require elevated access, limiting access even Administrators have by default, and requiring that application installers be digitally signed by a trusted certificate authority. While we wholeheartedly support Microsoft making Windows Server more secure, it sure can make installing applications a pain in the neck.
We occasionally have a customer report that when they try to run our installer, they get an "access denied" or "insufficient rights" type message even when they are logged on as a member of Domain Admins. This is usually resolved by following these steps:
msiexec.exe /i c:\temp\directoryupdate.msi
From this point, you should be able to continue forward with a standard installatoin. For a tightly locked down system, though, you may also need to run the Configuration wizard as an administrator. Right click on the Configuration wizard and choose "Run As Administrator"
Directory Update, Directory Password, and Directory Manager can create tab-separated value files (text) that record individual changes using the respective application. This is controlled in the Auditing section of the AppSettings.XML file. The logs are stored by default in the application's .\logs folder.
Our newest installer automatically creates a dedicated Application Pool and gives the NETWORK SERVICE user access to that folder. But, you may be customizing your installation. Assuming that you have created a dedicated application pool that uses the NETWORK SERVICE security context, make sure that the NETWORK SERVICE user has "Modify" permissions to this folder.
The same holds true for the Photos folder if you are allowing users to upload photos in to the Active Directory. That folder is c:\inetpub\wwwroot\directoryupdate\photos or c:\inetpub\wwwroot\directorymanager\photos.
Our software relies on the security and stability of the Windows Operating System, Internet Information Server, and the .NET Framework. Microsoft is continually providing updates in the form of updating security fixes as well as roll-up or convenience updates to the operating system. These updates are important not only for the stability and security of your computing environment, but often these updates fix code that our software relies on to execute. Ensure that you regularly update all recommended and critical updates provided by Microsoft. Including any updates affecting IIS or the .NET Framework.