Setup IIS FTP Service Passive Mode Ports

If you have an IIS with FTP passive mode enabled, you probably want to specify the port range for data channels.  That way, you can specify the port ranges in your firewall.


For example, you can specify IIS server’s “FTP Firewall Support”.  For example, you can specify The Data Channel Port Range to go from port 5000 to port 5100.

Click “Apply”.  You must restart your Microsoft FTP Service in order for the port range to take effect.  Doing “iisreset” is not be sufficient.

Troubleshooting Tip:

If you test it using FileZilla client, you should set the debug to level 3 verbose in order to see the data channel port requested by the server.

The key info you are looking for is the following:


227 Entering Passive Mode (a1,a2,a3,a4,p1,p2).

The data channel post is p1*256 + p2. 


227 Entering Passive Mode (54,20,20,88,228,225). would mean using port 58593.

Make sure that port is specified by IIS FTP and it is allowed by the firewall inbound rules.



IIS WordPress Uploaded Files 500 Error


therI cannot believe I ran into the same problem I blogged about 3 years ago.  So I am add more symptoms and more details to the problem.  I hope it will save many people using IIS WordPress hours of troubleshooting.


  • You are running WordPress on IIS
  • You cannot even upload a file or image to WordPress Media Library
  • After you upload a file or image to WordPress Media Library, you cannot access the file via URL.  For example, would only return a server 500 error.  Or if you have an uploaded image, you may see a broken image icon in WordPress.
  • You can across this problem after you upgrade your WordPress site to a new or different version of PHP.


This is caused by configuration of

  • IIS configuration of PHP and the NTFS permissions set on specific folders.

Quick Fix:

    1. Add {serveranme}/IIS_IUSRS with read permission to the file, or uploads folder or wp-content folder.  Obviously, if you choose wp-content, you can propagate the permission down to subfolder and files.
    2. This only fixes the uploaded files in the WordPress site.  You may still get the same problem with future uploaded files.


  1. Locate your php.ini.  For example, C:\Program Files (x86)\PHP\vX.X
  2. Always check your php.ini to see the setting value for “upload_tmp_dir”.  The default value is probably “C:\Windows\Temp”.  It is critical that you verify this.  In fact, I recommend you create a new folder and use it exclusively for PHP upload temp directory.  For example, you can create a “C:\PHP_upload_temp”
  3. Now you need to apply the appropriate permissions to 2 folders with 2 users:
  wp-content (or uploads) PHP upload temp directory (C:\PHP_upload_temp)
IUSR Modify Modify
{servername}/IIS_IUSRS Read Read
  • The above suggestions should work.  You may reduce the permission to see if it works for you.
  • NTFS uses inherited permissions.  You should use Properties/Security/Advanced to view the permissions.
  • The permissions must be set property in PHP upload temp directory first.  The uploaded file will be uploaded to that directory before it is copied to the wp-content/uploads folder.
  • If you see “Parent Object’’” under “Inherited from”, it may indicate some orphaned permission.
  • “When you upload a file, PHP sends the file to a temporary directory on the hard drive (for me it is C:\Windows\Temp) and then copies it over to it’s intended directory.  Once the file has landed in the temporary directory, it is assigned the permissions of that directory. The problem is when Windows copies that file, it keeps the temporary directory’s permissions and doesn’t inherit your web directory’s permissions.”


Again, the following 3 articles really help:

note: I don’t think creator owner plays a part in this problem.

How to Delete Old IIS Logs with Scheduled Task

IIS can rotate log files.  I just wish it could also delete log files older than x number of days.

Since IIS 7.5 does not do it, I would have to write a quick powershell script for it.

To begin, the following will list all files within the folder/subfolders (i.e. the whole tree recursively) that is older than 30 days and match the file name pattern “u_ex*.log”.

   1: $srcPath = "C:\inetpub\logs\LogFiles\"

   2: $filePattern = "u_ex*.log"

   3: $cutoffDays = 30


   5: # output the file names to delete

   6: Get-ChildItem $srcPath -Include $filePattern -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(0-$cutoffDays)} | out-string


Once you are comfortable, you can replace “out-string” with “Remove-Item”.  It will delete those old files.

   1: $srcPath = "C:\inetpub\logs\LogFiles\"

   2: $filePattern = "u_ex*.log"

   3: $cutoffDays = 30


   5: # delete the files

   6: Get-ChildItem $srcPath -Include $filePattern -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(0-$cutoffDays)} | Remove-Item


Say you also want to keep a log of the files you are deleting:

   1: $srcPath = "C:\inetpub\logs\LogFiles\"

   2: $filePattern = "u_ex*.log"

   3: $cutoffDays = 30

   4: $logFolder = "C:\temp\"

   5: $logPath = $logFolder + (Get-Date).tostring("yyyyMMdd") + "_cleanuplog.txt"


   7: # log file names to delete to a log file

   8: Get-ChildItem $srcPath -Include $filePattern -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(0-$cutoffDays)} | out-file $logPath -Append


  10: # delete the files

  11: Get-ChildItem $srcPath -Include $filePattern -Recurse | Where-Object {$_.LastWriteTime -lt (Get-Date).AddDays(0-$cutoffDays)} | Remove-Item


Special thanks to Nathan Hartley’s powershell answer.


IIS No NLog File Outputs

If your application is not output nlog file as configured, you should make sure your target output file folder has the right permission for the IIS application pool identity.

For example, on the IIS server, you can go to the output folder’s properties –> security tab and add “Modify” permission for IIS_IUSRS.

As usual, be sure to grant only the minimum permissions required for the appropriate account.

Deployed WebAPI 2.0 on IIS returns 404


I am setting up a new project and it works fine on my local desktop.  When I deploy it to IIS, it returns 404.


The IIS website was created and used .NET 2.0 by default.


  1. Go to IIS –> Application Pools.
  2. Find the website application and make sure it uses .NET Framework v4.0.30319 instead of v2.050727 and Managed pipeline mode = Integrated.

How to Install GoDaddy Wildcard SSL Certificate onto Multiple IIS 8 Servers

With wildcard SSL certificate, you are trying to protect all subdomains (e.g.,

You start off by creating a certificate signing request (CSR) from server01 and submit it to GoDaddy.

Once GoDaddy generates the certificates, you can download them and install them onto server01.  Be sure your certificate is SHA-2, not SHA-1.

Now if you want to install the same certificates into server02 using the same instructions, you will encounter the problem of disappearing certificates after you choose to “Complete Certificate Request”. 


1.  on server01 IIS—> Server Certificate, export the wildcard SSL certificate to a .pfx file after specifying a password.


2.  on server02 IIS—> Server Certificates, import the certiciate .pfx file after entering the specified password.


IIS WordPress MySQL root password is Invalid


  1. You are installing WordPress via IIS Web Platform Installer
  2. On the PREREQUISITES section, it shows that MySQL is not installed, you specify a password.
  3. After WPI downloads and installs, it shows the error message “password for user account ‘root’ is not valid” on INSTALL section.
  4. You try different stronger passwords and it yields the same error.
  5. When you look at the log, you see the error: “The security settings cannot be applied.”


  1. In my case, I go to Control Panel –> Program and Features
  2. Uninstall MySQL 5.1. 
  3. Delete C:\Program Files\MySQL
  4. Delete C:\ProgramData\MySQL (WARNING: THIS WILL DELETE ALL YOUR MYSQL Database data files. Don’t do this unless you are sure).
  5. Reinstall WordPress Application via IIS Web Platform Installer.
  6. If everything is OK, you should see the following screen: