Setup IIS FTP Service Passive Mode Ports

If you have an IIS with FTP passive mode enabled, you probably want to specify the port range for data channels.  That way, you can specify the port ranges in your firewall.

SNAGHTML5c5e5e85

For example, you can specify IIS server’s “FTP Firewall Support”.  For example, you can specify The Data Channel Port Range to go from port 5000 to port 5100.

Click “Apply”.  You must restart your Microsoft FTP Service in order for the port range to take effect.  Doing “iisreset” is not be sufficient.

Troubleshooting Tip:

If you test it using FileZilla client, you should set the debug to level 3 verbose in order to see the data channel port requested by the server.

The key info you are looking for is the following:

SNAGHTML5c62643e

227 Entering Passive Mode (a1,a2,a3,a4,p1,p2).

The data channel post is p1*256 + p2. 

Thus,

227 Entering Passive Mode (54,20,20,88,228,225). would mean using port 58593.

Make sure that port is specified by IIS FTP and it is allowed by the firewall inbound rules.

Reference:

http://slacksite.com/other/ftp.html

http://www.serv-u.com/respcode.asp?resp=227

Advertisements

How to Reduce Spam Mail

 

To opt out of credit card/insurance offers, go to www.optoutprescreen.com.  It is free.  You need to fill out your date of birth and social security #.

To reduce incoming telemarketing calls, go to www.donotcall.gov.  It is free.

To opt out of mail catalogs, magazines, etc, go to www.DMAchoice.org. The cost is $2 for 10 years.

Reference:

Here is the official instructions from FTC:

https://www.consumer.ftc.gov/articles/0262-stopping-unsolicited-mail-phone-calls-and-email

Entity Framework Core – Code First

For Entity Framework Core, the code first migration commands are slightly different.

remove-migration

It will remove / undo the migration script generated by the command “add-migration <scriptname>”

 

update-database –migration:0

It will rollback all the migration scripts you deployed to a database (i.e. update-database ),

How to Pass PCI – Disable TLS 1.0, SSL 2.0, SSL 3.0

If you are trying to pass PCI Compliance, the security scan may complain your Windows 2008 Server R2 having TLS 1.0, or SSL 2.0 or SSL 3.0 enabled.

1. VERY IMPORTANT: Install this optional update or you won’t be able to remote desktop to the server after you disable TLS 1.0

https://support.microsoft.com/en-us/help/3080079/update-to-add-rds-support-for-tls-1.1-and-tls-1.2-in-windows-7-or-wind

SNAGHTML26c2e9

2. You might need to add TLS 1.2 support for your SQL Server.

https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server

 

3. Useful Tool

Use the following to disable TLS 1.0 and other weak cipher suites.

https://www.nartac.com/Products/IISCrypto/Download

4. FTP Server

I had to apply the follow fix in order for the FTP upload continues to work.  Otherwise, a FTP client, such as Filezilla, reports an error “550 The supplied message is in incomplete.  The signature was not verified”.  The FTP client keeps on repeating the upload of the same file again and again.

https://support.microsoft.com/en-us/help/2888853/fix-the-supplied-message-is-incomplete-error-when-you-use-an-ftps-clie

 

Reference:

https://blogs.msdn.microsoft.com/friis/2016/07/25/disabling-tls-1-0-on-your-windows-2008-r2-server-just-because-you-still-have-one/

https://community.spiceworks.com/topic/1401592-howto-make-your-rdp-pci-dss-compliant

https://support.microsoft.com/en-us/help/3135244/tls-1.2-support-for-microsoft-sql-server

IIS WordPress Uploaded Files 500 Error

 

therI cannot believe I ran into the same problem I blogged about 3 years ago.  So I am add more symptoms and more details to the problem.  I hope it will save many people using IIS WordPress hours of troubleshooting.

Symptoms:

  • You are running WordPress on IIS
  • You cannot even upload a file or image to WordPress Media Library
  • After you upload a file or image to WordPress Media Library, you cannot access the file via URL.  For example, http://www.xxxx.com/wp-content/uploads/2017/04/xxxx.pdf would only return a server 500 error.  Or if you have an uploaded image, you may see a broken image icon in WordPress.
  • You can across this problem after you upgrade your WordPress site to a new or different version of PHP.

Causes:

This is caused by configuration of

  • IIS configuration of PHP and the NTFS permissions set on specific folders.

Quick Fix:

    1. Add {serveranme}/IIS_IUSRS with read permission to the file, or uploads folder or wp-content folder.  Obviously, if you choose wp-content, you can propagate the permission down to subfolder and files.
    2. This only fixes the uploaded files in the WordPress site.  You may still get the same problem with future uploaded files.

Solution:

  1. Locate your php.ini.  For example, C:\Program Files (x86)\PHP\vX.X
  2. Always check your php.ini to see the setting value for “upload_tmp_dir”.  The default value is probably “C:\Windows\Temp”.  It is critical that you verify this.  In fact, I recommend you create a new folder and use it exclusively for PHP upload temp directory.  For example, you can create a “C:\PHP_upload_temp”
  3. Now you need to apply the appropriate permissions to 2 folders with 2 users:
  wp-content (or uploads) PHP upload temp directory (C:\PHP_upload_temp)
IUSR Modify Modify
{servername}/IIS_IUSRS Read Read
  • The above suggestions should work.  You may reduce the permission to see if it works for you.
  • NTFS uses inherited permissions.  You should use Properties/Security/Advanced to view the permissions.
  • The permissions must be set property in PHP upload temp directory first.  The uploaded file will be uploaded to that directory before it is copied to the wp-content/uploads folder.
  • If you see “Parent Object’’” under “Inherited from”, it may indicate some orphaned permission.
  • “When you upload a file, PHP sends the file to a temporary directory on the hard drive (for me it is C:\Windows\Temp) and then copies it over to it’s intended directory.  Once the file has landed in the temporary directory, it is assigned the permissions of that directory. The problem is when Windows copies that file, it keeps the temporary directory’s permissions and doesn’t inherit your web directory’s permissions.”

Reference:

Again, the following 3 articles really help:

http://www.howyoudo.info/index.php/how-to-fix-windows-server-upload-file-inherit-permissions-error/

http://www.amixa.com/blog/2011/04/29/iis-wordpress-images-500-error/

http://chris.wastedhalo.com/2011/01/wordpress-upload-permissions-on-iis-7-fix/

note: I don’t think creator owner plays a part in this problem.