none
IIS 10 :- Default page is not working. RRS feed

  • Question

  • Hello Folks,

    I have Web server running on Windows server 2016 (IIS10). Multiple websites are hosted on it but currently single website is working from that server. 

    Now i am trying to host new website but it is not working. After some basic troubleshooting, i came to know that default IIS page is also not working when i am entering server IP/Hostname. 

    We have single IP assigned and using host headers method for multiple site. By using netstat, we concluded that server is responding to port 80, no issue we that. IIS reset is done multiple time but no luck. 

    Please let me know how to troubleshoot further. I cant restart server as one Website is working. 


    Thanks, Chinmay.

    Wednesday, November 6, 2019 1:33 PM

Answers

  • I have reinstall IIS and cleaned up all unwanted web sites and then redployed the new website. IIS reinstall worked in my case. 

    Now after new site deployment i have getting.. 


    Thanks, Chinmay.

    • Marked as answer by Chinmayjoshi25 Wednesday, November 13, 2019 1:43 PM
    Friday, November 8, 2019 5:47 PM

All replies

  • You'll reach the IIS experts over here in dedicated forums.

    https://forums.iis.net/

     

     




    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    • Proposed as answer by Tim CerlingMVP Wednesday, November 6, 2019 3:44 PM
    Wednesday, November 6, 2019 2:01 PM
  • Is the user access directly via IIS or you are using SSL offloading or bridging on the load balancer?

    Since one website is working, it's not clear why you cannot use the default iis webpage - maybe you did not add the page name to the list of default documents?

    And by working what do you mean exactly? IIS error, page not found, timeout? do you see an HTTP status code? Is your DNS A record for that new site correct?


    [SharePoint lurker]

    Wednesday, November 6, 2019 2:06 PM
  • Is the user access directly via IIS or you are using SSL offloading or bridging on the load balancer?  The site which is working fine is configured with binding and at the firewall end we have NATing.  

    Since one website is working, it's not clear why you cannot use the default iis webpage - maybe you did not add the page name to the list of default documents? IISSTART.HTM is allready added and moved to TOP. 

    And by working what do you mean exactly? IIS error, page not found, timeout? do you see an HTTP status code? Is your DNS A record for that new site correct?  I am getting Page cant displayed. I am not even browse on local server. Also tried with Local host file entry. 


    Thanks, Chinmay.

    Wednesday, November 6, 2019 2:15 PM
  • It's ok to not be able to open it locally, unless you add the hostname entry inBackconnectionhostnames, but it needs restart. An example (better check first if any others are defined with get-itemproperty):

    New-ItemProperty HKLM:\System\CurrentControlSet\Control\Lsa\MSV1_0 -Name "BackConnectionHostNames" -Value "myNiceSite.cooldomain.yes" -PropertyType multistring

    But this isn't the actual problem, since you cannot reach it outside the server/vm, so I would look at the NAT fw rules, since it rejects all that isn't defined, from what I recall. I am not doing this on a daily basis, so not a firewall wizz, but it should be because of a rule from the user segment to your IIS site.

    N.B. You should not see your request in the site's IIS logs, if it cannot reach IIS, due to the missing rule, so I would check it!


    [SharePoint lurker]


    • Edited by Vlad Țepeș Wednesday, November 6, 2019 2:29 PM Forgot smth
    Wednesday, November 6, 2019 2:25 PM
  • Since you have multiple websites on the server, you will need to use host headers to distinguish them when a request comes in. You will need to create a DNS alias that points to the server and then add that into the bindings. I like to add both the short alias and the fully qualified name. 

    In authentication, set it to only anonymous access.

    Another testing trick that you can do is to put the site on a different port and then browse http://servername:88 

    Browsers normally are set to show "friendly messages" which mask the underlying error. You can use Powershell's Invoke-WebRequest to see the full IIS response.

    If that doesn't work for you, then  based on this statement "The site which is working fine is configured with binding and at the firewall end we have NATing. ", I think that you will need to explain more about your network setup for forum users to help you.   

    • Edited by MotoX80 Wednesday, November 6, 2019 3:13 PM
    Wednesday, November 6, 2019 3:04 PM
  • I have executed invoke-webrequest towords working site and got status code 200 OK. 

    I am getting below error for localhost and all other sites. 

    


    Thanks, Chinmay.

    Wednesday, November 6, 2019 5:02 PM
  • Did you try port 88? (Try the IP address instead of localhost too). 

    Did you add the DNS alias and update the bindings?

    Do all sites have unique bindings? (Different host names and/or port numbers.)

    Do you have IIS logging enabled for all web sites? Do an invoke-webrequest for a unique character string and see which site is returning the 404.  Ie:   http://mysite.mydomain.com/whatsiteisthis.aspx  then search the current logs for whatsiteisthis.aspx.

    Also check your httperr logs for relevant entries. C:\Windows\System32\LogFiles\HTTPERR

    Wednesday, November 6, 2019 6:31 PM
  • No, i tried to port 80.  Additionally, added new port binding for default web site...and tried invoke-webrequest. 

    got error "Connection closed." 

    Also checked HTTPERR logs and found 404 error. 

    May be server reboot will solve the issue. 

     

    Thanks, Chinmay.

    Wednesday, November 6, 2019 9:14 PM
  • Try a simple iisreset.exe first.

    You're probably going to have to share your IIS site bindings in order for anyone to help. Copy and paste the <sites>..</sites> section from "C:\Windows\System32\inetsrv\config\applicationHost.config".

    Change the names if you need/wish to hide your organization's identity, but be consistent. Do a "change all" and use something like "mydomain.com" and "myserver".     

     
    Wednesday, November 6, 2019 9:39 PM
  • Here is the application host config contents. 

    <sites>
                <site name="Default Web Site" id="1" serverAutoStart="true">
                    <application path="/" applicationPool="DefaultAppPool">
                        <virtualDirectory path="/" physicalPath="C:/inetpub/wwwroot" userName="administrator" password="[]" />
                    </application>
                    <bindings>
                        <binding protocol="http" bindingInformation="10.10.10.10:90:" />
                    </bindings>
                    <traceFailedRequestsLogging enabled="true" />
                </site>
                <site name="site5.com" id="2" serverAutoStart="true">
                    <application path="/" applicationPool="Site5">
                        <virtualDirectory path="/" physicalPath="D:\Users\LocalUser\w1000240" userName="w1000240" password="[]" />
                    </application>
                    <bindings>
                        <binding protocol="http" bindingInformation="10.10.10.10:80:site5.com" />
                        <binding protocol="http" bindingInformation="10.10.10.10:80:www.site5.com" />
                        <binding protocol="https" bindingInformation="10.10.10.10:443:www.site5.com" sslFlags="0" />
                        <binding protocol="https" bindingInformation="10.10.10.10:443:site5.com" sslFlags="0" />
                        
                    </bindings>
                </site>
                <site name="TEST-FTP" id="4">
                    <application path="/">
                        <virtualDirectory path="/" physicalPath="D:\Users\LocalUser\w1000240" />
                        <virtualDirectory path="/FTP" physicalPath="D:\FTP" />
                    </application>
                    <bindings>
                        <binding protocol="ftp" bindingInformation="10.10.10.10:21:" />
                    </bindings>
                    <ftpServer>
                        <security>
                            <ssl controlChannelPolicy="SslAllow" dataChannelPolicy="SslAllow" />
                        </security>
                        <directoryBrowse showFlags="DisplayVirtualDirectories" />
                    </ftpServer>
                </site>
                <site name="Site6.com" id="3" serverAutoStart="true">
                    <application path="/" applicationPool="Site6.com">
                        <virtualDirectory path="/" physicalPath="D:\Users\LocalUser\w4000012" />
                    </application>
                    <bindings>
                        <binding protocol="http" bindingInformation="10.10.10.10:80:Site6.com" />
                    </bindings>
                </site>
                <site name="Site1.com" id="5" serverAutoStart="true">
                    <application path="/" applicationPool="Site1.com">
                        <virtualDirectory path="/" physicalPath="D:\Users\LocalUser\d4001274" />
                    </application>
                    <bindings>
                        <binding protocol="http" bindingInformation="10.10.10.10:8082:www.site1.com" />
                    </bindings>
                </site>
                <site name="Site4" id="6" serverAutoStart="true">
                    <application path="/" applicationPool="site4.com">
                        <virtualDirectory path="/" physicalPath="C:\inetpub\wwwroot\site4.com" userName="site4" password="[]" />
                    </application>
                    <bindings>
                        <binding protocol="http" bindingInformation="10.10.10.11:80:site4.com" />
                        <binding protocol="http" bindingInformation="10.10.10.11:80:www.site4.com" />
                    </bindings>
                    <traceFailedRequestsLogging enabled="true" />
                </site>


    Thanks, Chinmay.

    Thursday, November 7, 2019 1:58 PM
  • Do directories like D:\Users\LocalUser\w1000240 contain strictly web site content? Or is this a user's home directory that contains subfolders like Desktop and Documents, etc...? It should be web content only.

    Is the D: drive a local drive and is this your main data drive for this server?

    Which site works?

    I see that your default web site points to C:/inetpub/wwwroot and site4 points to a subfolder C:\inetpub\wwwroot\site4.com. I do not recommend doing that. Don't intermix web site content.

    I see that you are adding credentials to the virtual directory path. That indicates to me that your file system security may not be correctly set up. Putting in a user and password (that may change) like that should not be necessary.

    <virtualDirectory path="/" physicalPath="D:\Users\LocalUser\w1000240" userName="w1000240" password="[]" />

    Let's review file security. If you look at the details tab in task manager, you will see your worker processes run as an account whose name matches the app pool name. That account needs access to the web files in order to serve up the site. 

    You can read more about identities here.

    The good news is that all worker process identities are members of the IIS_IUSRS group. You should be granting read access to that group for your web site content.  (Unless you have very strict security requirements.)

    The next question is end user access. Which sites are anonymous and which sites need to authenticate the end user for access. Let's start with one web site and get that working anonymously.

    You have 2 choices, grant read access to the web content to the IUSR (or other) account, or set anonymous access to use the app pool identity. If you wish to use IUSR then you need to grant IUSR read access to the web content.

    Here is a suggestion, you are free to ignore it if you want. Create a folder structure on the D drive for your web related files. Pick one of your current sites that you want to play with.
     
    D:\>tree
    Folder PATH listing
    Volume serial number is 6E96-0E60
    D:.
    └───IIS
        ├───WebLogfiles
        │   └───W3SVC4
        └───WebSites
            ├───Site7
            └───Site8
      
    From an admin command prompt run... replacing "Site7" with your test site name.

    md D:\IIS
    md D:\IIS\WebLogfiles
    md D:\IIS\WebSites
    md D:\IIS\WebSites\Site7
    icacls.exe "D:iis" /grant "BUILTIN\IIS_IUSRS:(OI)(CI)(RX)"
    icacls.exe "D:\iis\WebLogfiles" /grant "BUILTIN\IIS_IUSRS:(OI)(CI)(M)"
    icacls.exe "D:\iis\WebSites\Site7" /grant "NT AUTHORITY\IUSR:(OI)(CI)(RX)"

    Put a default.htm file in the site folder. Just a simple <html><body>Hello</body></html>
    In the site's basic setting set it's physical folder to  D:\IIS\WebSites\Site7. Remove any credentials. Set the logging directory to D:\IIS\WebLogfiles. 

    Try and browse the site and let me know how you make out.   

    One more thought... on a client machine do an "nslookup site1.com" and double check the IP address. Do that that for all names. (I see 10.10.10.10 and 10.10.10.11 IP addresses.)
    • Edited by MotoX80 Thursday, November 7, 2019 7:47 PM
    Thursday, November 7, 2019 7:40 PM
  • Maybe start with IP address only on a unique port. Don't put a host name in the bindings. Try this on the server and from another machine that is on the same subnet. 

    Friday, November 8, 2019 4:12 PM
  • Hello

    try invoke-webrequest http://10.10.10.10:90

    --> <binding protocol="http" bindingInformation="10.10.10.10:90:>

    you defaut web site seem to listen on port 90 (and not on localhost)


    Olivier.



    Friday, November 8, 2019 4:26 PM
  • I have reinstall IIS and cleaned up all unwanted web sites and then redployed the new website. IIS reinstall worked in my case. 

    Now after new site deployment i have getting.. 


    Thanks, Chinmay.

    • Marked as answer by Chinmayjoshi25 Wednesday, November 13, 2019 1:43 PM
    Friday, November 8, 2019 5:47 PM
  • Set your error pages to return the details to the client.

    Friday, November 8, 2019 11:43 PM