Advanced Logging is an additional IIS feature that helps administrators customizing web server logs. IIS 7, 7.5, and 8 used this feature as a detailed and customized logging option. With IIS 8.5, Enhanced Logging which is a built-in feature in IIS was introduced.
In this post, I will explain a solution for the scenario where Advanced Logging is not recording any logs. I will also provide a trick to enable it per websites.
Developers use SameSite cookie attribute to prevent CSRF (Cross-site Request Forgery) attacks. This attribute instructs browsers not to send cookies along with cross-site requests (Reference).
I needed to turn of SameSite cookie attribute for Safari as part of a fix to the issue mentioned here. A simple solution is below.
IIS Shared Configuration allows system administrators to use multiple IIS servers sharing the same configuration file. If you want to keep this configuration file in an Azure file share, there is a specific procedure you need to follow. Step-by-step procedure is in the Solution section below.
You can also try to use “Map network drive” feature in Windows File Explorer or the New-PSDrive command below. In my case, neither of these options provided a permanent solution.
“Timeout expired” errors may be result of a wide range of issues such as network delays, application hangs, database locks. I have recently worked on an issue that was the result of ADO.NET database pool exhaustion.
The entire error message we captured in the DebugDiag dump file:
Exception Details
System.InvalidOperationException
Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached.
System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(System.Data.Common.DbConnection
You may see “An account failed to log on” in Event Viewer with ID 4625 if there are failed attempts to your IIS server from a user or service.
In my case, this was a server in the Exchange environment. The error message we saw in the Event Viewer is below. It was being logged after half an hour.
I have recently worked with a server that was struggling with high CPU usage only at a certain time of the day: 4am. It sounds odd first but it made sense later. I will discuss the scenario and possible solutions in this post.
I came across “System.BadImageFormatException” error while trying to migrate an application from Windows Server 2008 R2 to Windows Server 2012 R2. I will list possible root cause and solution for this issue in this post.
Error message:
Attempt to load Oracle client libraries threw BadImageFormatException. This problem will occur when running in 64 bit mode with the 32 bit Oracle client components installed.
Many web applications require users to upload files. Whether it’s a photo, document or any other type of file, your application should be able to read it from the client computer and store it in the server.
I have recently worked on a case where the developer were trying to use the functions below to get the full path of the file:
string filePath = Path.Combine(Request.Form["file"].ToString());
string filePath = System.IO.Path.GetFullPath(Request.Form["file"].ToString());These functions won’t return the full path if “Include local directory path when uploading files to a server” setting is disabled in Internet Explorer.
Security scan tools try to exploit known vulnerabilities in your web applications. This helps system administrators and software developers to detect potential issues in advance and take an action before the applications go live.
One of the vulnerabilities security scan tools look for (and attackers try to exploit) is the vulnerability specified in PCI DSS 3.2 requirement 1.3.7:
Do not disclose private IP addresses and routing information to unauthorized parties