Category: IIS server

Encrypt your web.config file

Posted Oct.21, 2011 under IIS server, Servers, Windows and Powershell

Recently, I had a request from a customer, where he wanted to encrypt his web.config file ( wee, a part of it ). Since he didnt know how to do it by himself, he asked us to do it.

Basically, the procedure is very simple.

First, open IIS manager and find the web site you want to encrypt. Got it? Great, when you’re there, look at the site ID, write it somewhere.

 

Then, run command prompt ( as administrator ) and position yourself in the :

C:\Windows\Framework\v4.0.30319\

In case your application is running in .NET 2, position yourself in the V2.0.xxxx folder.

Type in the following command:

aspnet_regiis -pe “connectionStrings” ” -site “IDnumber”

What will this command do?

It will encrypt the connection string part of the web.config file, so it cannot be read in some text editor; ofcourse, your web server will still be able to read the connection string from the file, dont worry :)

BUT WHAT IF I HAVE A VIRTUAL DIRECTOY, AND I WANT TO ENCRYPT THAT web.config FILE?

No problem at all, just use this command:

aspnet_regiis -pe “connectionStrings” -app “/YOURVIRTUALFOLDER” -site “IDnumber”

Notice that I added a “-app “/YOURVIRTUALFOLDER” part to the command.

 

Thats all for today :D Stay smart and bright! :D Bye bye!

Tags: , , , , , , , ,
Leave a Comment

Automatic time update in Windows (sync with internet time a.k.a NTP server )

Posted Sep.02, 2011 under IIS server, Servers, WebSitePanel Fixes, Windows and Powershell

Few days ago, I had a strange issue where all of a sudden, the statistics on some of my web servers stopped working.

First thought was, nah, its some PEBKAC issue. Statistics was working great, and nothing in the configuration wasnt changed for months. The customer must have some outdated link, wrong password or something else.

 

The error my customers were getting is :

 

Microsoft.Web.Services3.ResponseProcessingException: WSE910: An error happened
during the processing of a response message, and you can find the error in the
inner exception. You can also find the response message in the Response
property. ---> Microsoft.Web.Services3.Security.SecurityFault: An error was
discovered processing the header ---> System.Exception: WSE065: Creation time of
the timestamp is in the future. This typically indicates lack of synchronization
between sender and receiver clocks. Make sure the clocks are synchronized or use
the timeToleranceInSeconds element in the microsoft.web.services3 configuration
section to adjust tolerance for lack of clock synchronization. --- End of inner

 

The part of the error that gave me a hint is:
Creation time of the timestamp is in the future. This typically indicates lack of synchronization between sender and receiver clocks.

 

Soooo…I login to my WebSitePanel server and check the time…it was 9:24 AM. I login to the web server that is giving the above mentioned error , also 9.24 AM.

First reaction…WTH!!?!?!?!?

I thought to myself: “Nah..I’ll try it anyway. Left click on the Clock, change time and date settings, Internet time, Change settings, and then click the “Update now”. All of a sudden, my statistics started to work. GREAT, that part is solved.

Now, lets try to find the reason for this behaviour, ofcourse, there are hundreds of articles on the web, and every single one of them is pretty much useless in my case :) .

My search was pointless, and quoting James May from Top Gear, I thought to myself:

“Oh cock!” :)

Well, atleast let me try to patch the thing up. My idea was to use our own ntp servers on all our windows machines ( instead of time.windows.com, or some other ntp server listed ). In order to achieve this, you must replicate these steps:

  1. Stop the W32Time service with : C:\>net stop w32time
  2. Configure the external NTP server by  typing : C:\> w32tm /config /syncfromflags:manual /manualpeerlist:”1stNTP.domain.com, 2ndNTPserver.domain.com”
  3. Then make your  PDC a reliable NTP server with  C:\>w32tm /config /reliable:yes
  4. Start the w32time service with : C:\>net start w32time
  5. You can check the NTP servers configuration by typing: C:\>w32tm /query /configuration

Next thing I decided to do was to autmate the time sync, since I didnt want to rely on Windows to do it.

Command for that is pretty simple : c:\w32tm /resync

In order to achieve that, I created a batch file with the above mentioned command, set it to run every day at 12:00 AM, and thats it. Never heard of time sync issues EVER again!

Bye, Alesandro

Tags: , , , , , , , , ,
2 Comments

Tune up my server, Mr. Admin aka – improve IIS 7/7.5 performance – part 1

Posted Apr.04, 2011 under IIS server, Servers

Couple days ago, I had to setup a machine for a customer of ours who will host a web site for some Microsoft conference in Croatia. Since, this is the biggest IT conference in Croatia, I really tried to take everything to the next level and tweak the hell out of that machine :)

For stress testing, I used Siege with  url.txt file where I saved about 20 links from the web site I was testing, in order to emulate the real world scenario as much as possible.

So, for starters, lets throw out some numbers, to see how the machines copes when the IIS install is out of the box :


The test has been run with 150 concurrent users.
Lifting the server siege...      done.                                         Transactions:                    5215 hits
Availability:                 100.00 %
Elapsed time:                  59.83 secs
Data transferred:             472.64 MB
Response time:                  1.69 secs
Transaction rate:              87.16 trans/sec
Throughput:                     7.90 MB/sec
Concurrency:                  147.32
Successful transactions:        5215
Failed transactions:               0
Longest transaction:            5.99
Shortest transaction:           0.25

So, lets take look on the Longest and Shortest transaction value – pretty jumpy, right?

It took the machine to serve the page, in a range of 0.25 to almost 6 seconds? SLOW!

STOP!  Tweaking time :)

One note – do not run 32 bit apps in 64 application pool – waste of resources!

Since this is a website which has around 120 requests to the IIS server for loading one page  I have TURNED OFF the compression!

Why? Simple tradeoff, more bandwidht for less CPU usage. With compression turned on, site had around 1.2 MB ( a lot, I know ), but with compression turned off, site loading time went down for almost 50%, and the site size went for for only 100 KB :)   -  a good trade off in my opinion!

Next -  lets cache this sucker out, I turned on caching for both dynamic and static content, pretty simple setting for a huge improvement!

Now, lets dive into some more complex tweaking -  .Net and registry tweak.

Does the “word”  MaxConcurrentThreadsPerCPU sound familiar?

Basically, with standard out-of-the-box setting, number of requests per CPU is limited to 12.

By default, this entry doesnt exist in the registry, so we need to add it.

MaxConcurrentRequestsPerCPU within HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0 determines the number of concurrent requests per CPU.

Since that value in .NET 4 is already set to 5000, there’s no need to change that is you run a .NET 4 application, but in my case, I had applications with .NET 2, .NET 3.5 and .NET 4 running on the machine, so I have set the value  MaxConcurrentRequestsPerCPU to 0 – which means unlimited.

Lets do some load stress with the new IIS and .NET setting. Again, we will run Siege with 150 concurrent users.
Lifting the server siege...      done.                                         Transactions:                    8171 hits
Availability:                 100.00 %
Elapsed time:                  59.58 secs
Data transferred:             643,80 MB
Response time:                  0.96 secs
Transaction rate:             137.14 trans/sec
Throughput:                     10.73 MB/sec
Concurrency:                  131.67
Successful transactions:        8171
Failed transactions:               0
Longest transaction:            1.99
Shortest transaction:           0.15

So, as we can see, we had almost 3000 more transactions, better transaction rate and load time improved over 3 times ( 0.15 to 1.99 sec ).

But wait, there’s more, in the next post, we will do some network level tweaking, and see if we can get even more juice from the machine.

 

NOTE:  Since I didnt write the applications  and didnt have access to them to review them, I had to optimize the server as much as possible.

Tags: , , , , , , ,
1 Comment

Bit Rate Throttling? – HELL YEAH!

Posted Oct.15, 2010 under IIS server, News, Servers

Fact number one: If you have a streaming server, you must install this extension!

Great, now that we’ve got this fact covered, we can move on.

IIS site says:

Bit Rate Throttling, an IIS Media Services extension, saves money on network costs by metering the download speed of media and data files. For media, Bit Rate Throttling accomplishes this by automatically detecting the encoded bit rates of 11 common media formats, such as Windows Media Video (WMV), Flash Video (FLV), and MPEG 4 (MP4), and then throttling the response to the client. For any other file or MIME type, Bit Rate Throttling allows administrators to configure custom throttling rules.

Now, lets explain the same thing in a bit simpler way.

If you have a server which streams any kind of media files, Im sure you have noticed extremely high bandwidht usage on that machine. In my experience, over 40% of the bandwidth is wasted! WAIT! WHY, HOW?

Read More »

Tags: , , , , , , , ,
Leave a Comment

Cook!? Can you warm up my application? NO! I cannot!:D

Posted Oct.13, 2010 under IIS server, Servers, Windows and Powershell

In the beginning, some c/p from IIS site:

IIS Application Warm-Up for IIS 7.5 enables IT Professionals to improve the responsiveness of their Web sites by loading the Web applications before the first request arrives. By proactively loading and initializing all the dependencies such as database connections, compilation of ASP.NET code, and loading of modules, IT Professionals can ensure their Web sites are responsive at all times even if their Web sites use a custom request pipeline or if the Application Pool is recycled.

Now, ME!

At first glimse you can say : “WOW” this extension rocks!!! I dont have to wait for my application to compile! My site will load much much faster!

And, imagine, you would be completely RIGHT! This is a great extension, but ( yeah, there’s a but ), I would NEVER install this extension on a shared hosting server! Why you ask?

Biggest reason is the WASTE of resources!

By preloading some site that has 5-10 unique visitors/day ( yes there are sites like that ), you are efectively wasting resources on the server. Imagine what would happen if you had around 500-600 applications on the server, all preloaded? How much RAM would the machine need to have to keep all those applications preloaded? I guess the answer is : A LOT!

So, conclusion, when to use IIS Application Warm-Up?

Use it on your own machine! When you have a dedicated machine just for 1-2 websites.  You, and your users will benefit from preloaded applications. Everything will open more faster!

If you have a shared hosting machine, MY reccomendation is to NOT use the IIS Application Warm-Up extension!

Tags: , , , , , , ,
2 Comments