How to Install GoDaddy Wildcard SSL Certificate onto Multiple IIS 8 Servers

With wildcard SSL certificate, you are trying to protect all subdomains (e.g. server01.companyXXXX.com, server02.companyXXXX.com).

You start off by creating a certificate signing request (CSR) from server01 and submit it to GoDaddy.

https://support.godaddy.com/help/article/4950/generating-a-certificate-signing-request-microsoft-iis-8

Once GoDaddy generates the certificates, you can download them and install them onto server01.  Be sure your certificate is SHA-2, not SHA-1.

https://support.godaddy.com/help/article/4951/installing-an-ssl-certificate-in-microsoft-iis-8

Now if you want to install the same certificates into server02 using the same instructions, you will encounter the problem of disappearing certificates after you choose to “Complete Certificate Request”. 

Solution:

1.  on server01 IIS—> Server Certificate, export the wildcard SSL certificate to a .pfx file after specifying a password.

SNAGHTMLbf3cf76

2.  on server02 IIS—> Server Certificates, import the certiciate .pfx file after entering the specified password.

SNAGHTMLbf87bd0

Advertisements

SQL Connection Issue in AWS EC2 After Releasing Elastic IP

Background

We recently consolidated websites/servers hosted on AWS EC2. 

On ServerA, we released a couple of elastic IP address.  Using EC2 –> Networking –> Manage Private IP Addresses, I unassigned those orphaned private IPs.

Problem

After reboot, we found that ServerA can no longer connect to another SQL server.

Solution

It turns out that I forgot one thing.  We used to have those orphaned private IPs as static IPs, instead of DHCP on the ServerA OS network setting.  Thus, I removed those obsolete private IPs from network adapter setting IPv4.   

The lesson is that any extra obsolete private IPs on the server network setting could lead to SQL connection issues.

How to Reduce Time To First Byte (TTFB) with IIS WordPress

Problem

There are many tools and many guidelines outline to help speed up web pages.  In my case, it is WordPress hosted in IIS 8.  TTFB was ~2 seconds and it took 5 seconds to load the page.

Black Hole

Optimization is like a black hole, sucking all your time while you try to score better on some benchmarks.  Common tricks include:

  • Use FastCGI
  • Use WinCache
  • Use WordPress cache plugin, such as W3 Total Cache.
  • Faster CPU, more Memory, use SSD drive

Troubleshoot

You can use many online sites (e.g. pingdom) to give you waterfall and recommendations.  They are also good to establish your performance baseline.

If you see high TTFB, then the next step is to use a browser on your web server to load the website.  Any web browser (Chrome, IE, Firefox) can give you a waterfall, if you still have a high TTFB, then you know it is something related to the web server, not due to long network distance from a test client.

Solution

For me, the following trip reduces my WordPress page:

  • Total load time from > 5 seconds to 1.2 seconds. 
  • TTFB dropped from ~2 seconds to 183 ms.

The solution is to disable IPv6 on Windows Server.  I simply used Microsoft’s “Fix it”

http://support.microsoft.com/en-us/kb/929852

Reference:

http://forums.iis.net/t/1153459.aspx (many thanks to that thread of discussion!!!)

IIS WordPress MySQL root password is Invalid

Problem

  1. You are installing WordPress via IIS Web Platform Installer
  2. On the PREREQUISITES section, it shows that MySQL is not installed, you specify a password.
  3. After WPI downloads and installs, it shows the error message “password for user account ‘root’ is not valid” on INSTALL section.
  4. You try different stronger passwords and it yields the same error.
  5. When you look at the log, you see the error: “The security settings cannot be applied.”

Solution

  1. In my case, I go to Control Panel –> Program and Features
  2. Uninstall MySQL 5.1. 
  3. Delete C:\Program Files\MySQL
  4. Delete C:\ProgramData\MySQL (WARNING: THIS WILL DELETE ALL YOUR MYSQL Database data files. Don’t do this unless you are sure).
  5. Reinstall WordPress Application via IIS Web Platform Installer.
  6. If everything is OK, you should see the following screen:

image

     

How to Schedule Windows Update Download

Problem

On one of the Windows Servers, when Windows Update runs, it takes up 100% CPU.  We do not want to disable the Windows Update.  So we look for a way to schedule/control/restrict/throttle the Windows Update Download.  Note we are not trying to schedule the installation of the downloaded updates.

Solution

The trick is configure BITS (the transfer service which Windows Update depends on) so that it has 0 bandwidth during production hours.

   1: Windows Registry Editor Version 5.00 

   2:  

   3: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\BITS] 

   4: "EnableBITSMaxBandwidth"=dword:00000001 

   5: "MaxTransferRateOnSchedule"=dword:00000000 

   6: "MaxBandwidthValidFrom"=dword:00000004 

   7: "MaxBandwidthValidTo"=dword:00000011 

   8: "UseSystemMaximum"=dword:00000001 

   9: "MaxTransferRateOffSchedule"=dword:00000014 

Explanation

EnableBITSMaxBandwidth = 1 turns on the bandwidth control.

MaxTransferRateOnSchedule = 0 means 0 kilbits per second allowed within the restricted schedule period.

MaxBandwidthValidFrom = 4 means the restricted schedule period starts at 4AM PST

MaxBandwidthValidTo = 11 means the restricted schedule period ends at 5PM PST

UseSystemMaximum = 1 means there is no limit on bandwidth outside of the restricted schedule period.

 

 

 

Reference:

https://technet.microsoft.com/en-us/library/bb457145.aspx

https://community.myhughesnet.com/hughesnet/topics/way_to_schedule_windows_update_downloads

https://podio.com/winwintechnologycom/win/apps/how-to-do/items/1

Configure Web Deploy on IIS 8

As usual, it takes quite a bit of effort to get web deploy working properly on IIS 8.

Personally, I find the following articles more useful:

http://www.asp.net/web-forms/overview/deployment/configuring-server-environments-for-web-deployment/configuring-a-web-server-for-web-deploy-publishing-(web-deploy-handler)

http://www.iis.net/learn/publish/troubleshooting-web-deploy/troubleshooting-common-problems-with-web-deploy

 

Here is my recommended checklist:

  1. Windows Server 2012 already has .NET 4.0 on it, so you don’t need to install it.
  2. Run Web Platform Installer and Add/Install the following:
    1. IIS: Management Service
    2. IIS: Basic Authentication
    3. Web Deploy 3.5
  3. Make sure your Web Deploy also has IIS Deployment Handler (and sub features) installed.  That was missing for me.
  4. On IIS 8, enable “Basic Authentication” on the server level.
  5. On IIS 8, Management Service.  Enable remote connections and start Web Management Service.
  6. Make sure Web Management Service has “Automatic” startup in Services.
  7. Make sure the Windows Firewall allows inbound port 8172 for the Web Management Service.
  8. Make sure Azure or AWS or 3rd party firewall allows inbound 8172.

In my case, I was encountered something like the following:

Problem:

Could not connect to the destination computer (“deployserver”). On the destination computer, make sure that Web Deploy is installed and that the required process (“The Web Management Service”) is started.

The remote server returned an error: (404) Not Found.

Cause:

Web Deploy was installed.  However, IIS Deployment Handler was never installed.

Solution:

  1. Control Panel –> Program and Features
  2. Microsoft Web Deploy 3.5 –> Change –> Change
  3. Make sure IIS Deployment Handler and sub features are installed.

image