Advanced Logging is an additional IIS feature that helps administrators customizing web server logs. IIS 7, 7.5, and 8 used this feature as a detailed and customized logging option. With IIS 8.5, Enhanced Logging which is a built-in feature in IIS was introduced.
In this post, I will explain a solution for the scenario where Advanced Logging is not recording any logs. I will also provide a trick to enable it per websites.
IIS Shared Configuration allows system administrators to use multiple IIS servers sharing the same configuration file. If you want to keep this configuration file in an Azure file share, there is a specific procedure you need to follow. Step-by-step procedure is in the Solution section below.
You can also try to use “Map network drive” feature in Windows File Explorer or the New-PSDrive command below. In my case, neither of these options provided a permanent solution.
“Timeout expired” errors may be result of a wide range of issues such as network delays, application hangs, database locks. I have recently worked on an issue that was the result of ADO.NET database pool exhaustion.
The entire error message we captured in the DebugDiag dump file:
Exception Details
System.InvalidOperationException
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(System.Data.Common.DbConnection
You may see “An account failed to log on” in Event Viewer with ID 4625 if there are failed attempts to your IIS server from a user or service.
In my case, this was a server in the Exchange environment. The error message we saw in the Event Viewer is below. It was being logged after half an hour.
I have recently worked with a server that was struggling with high CPU usage only at a certain time of the day: 4am. It sounds odd first but it made sense later. I will discuss the scenario and possible solutions in this post.
Security scan tools try to exploit known vulnerabilities in your web applications. This helps system administrators and software developers to detect potential issues in advance and take an action before the applications go live.
One of the vulnerabilities security scan tools look for (and attackers try to exploit) is the vulnerability specified in PCI DSS 3.2 requirement 1.3.7:
Do not disclose private IP addresses and routing information to unauthorized parties
You can create FTP sites under IIS so that your users can perform file operations by using FTP clients. One IIS FTP site is normally sufficient for most companies. However, you may need some extra configuration to allow both external and internal users to access this site.
If you are fine with creating two FTP sites, you can create one for internal users and one for external users. The difference would be setting “External IP Address of Firewall” field for the external site.
IIS stores most of its configuration in the applicationHost.config file. When there are syntax errors or missing entries in this file, one more IIS features may not work and IIS may display an error such as “The configuration section rewrite/globalRules cannot be read“.
