Tag Archives: IIS

Solving ReportViewer Rendering Issue on IIS7

Solving ReportViewer Rendering Issue on IIS7\r\n\r\n\r\n\r\nApplies to:\r\n

    \r\n

  • Internet Information Services 7.0 (IIS7)
  • \r\n

  • Microsoft Report Viewer Redistributable 2005
  • \r\n

\r\nSymptoms:\r\n

    \r\n

  • Unable to render ReportViewer on ASP.NET Web pages while running on IIS7.
  • \r\n

  • You have no problem viewing your reports when running on debug mode with your Visual Studio 2005.
  • \r\n

  • You are able to view your reports on Report Manager but not able to view them on IIS7.
  • \r\n

  • You encounter JavaScript error when loading your report page with ReportViewer. Image buttons such as calendar appear as red ‘X’.
  • \r\n

\r\nCause:\r\n

    \r\n

  • When the ReportViewer control is added to Web Form (.aspx), the\r\nReserved.ReportViewerWebControl.axd httpHandler is added to System.Web section of the Web.Config file. In IIS7, it should be added under System.Webserver section.
  • \r\n

  • IIS7 Handler Mappings does not contain Reserved.ReportViewerWebControl.axd httpHandler, and therefore unable to render the ReportViewer elements needed by the JavaSript.
  • \r\n

\r\nResolution:\r\n

    \r\n

  • Open Internet Information Services (IIS) Manager and select your Web application.
  • \r\n

  • Under IIS area, double-click on Handler Mappings icon.
  • \r\n

  • At the Action pane on your right, click on Add Managed Handler.
  • \r\n

  • At the Add Managed Handler dialog, enter the following:\r\nRequest path: Reserved.ReportViewerWebControl.axd\r\nType: Microsoft.Reporting.WebForms.HttpHandler\r\nName: Reserved-ReportViewerWebControl-axd
  • \r\n

  • Click OK.
  • \r\n

\r\nReserved-ReportViewerWebControl-axd handler is now added to your Handler Mappings list. Notice that the following line has also been added to your Web.config file under the system.webserver’s handler section:\r\n

<add name="Reserved-ReportViewerWebControl-axd" path="Reserved.ReportViewerWebControl.axd" verb="*" type="Microsoft.Reporting.WebForms.HttpHandler" resourceType="Unspecified" />

\r\nRun your report again.

How To Enable AJAX .NET Framework 3.5 on IIS7 Server

IIS versions before 7.0 did not require <handlers> for AJAX to work.\r\nIf you are installing AJAX on new IIS7 servers, you will have to make sure you have the following code in your web.config:\r\n

<!--  \r\n The system.webServer section is required for running ASP.NET AJAX under Internet \r\n Information Services 7.0.  It is not necessary for previous version of IIS. \r\n --> \r\n <system.webServer> \r\n <validation validateIntegratedModeConfiguration="false"/> \r\n <modules> \r\n <remove name="ScriptModule"/> \r\n <add name="ScriptModule" preCondition="managedHandler" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> \r\n </modules> \r\n <handlers> \r\n <remove name="WebServiceHandlerFactory-Integrated"/> \r\n <remove name="ScriptHandlerFactory"/> \r\n <remove name="ScriptHandlerFactoryAppServices"/> \r\n <remove name="ScriptResource"/> \r\n <add name="ScriptHandlerFactory" verb="*" path="*.asmx" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> \r\n <add name="ScriptHandlerFactoryAppServices" verb="*" path="*_AppService.axd" preCondition="integratedMode" type="System.Web.Script.Services.ScriptHandlerFactory, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> \r\n <add name="ScriptResource" verb="GET,HEAD" path="ScriptResource.axd" preCondition="integratedMode" type="System.Web.Handlers.ScriptResourceHandler, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/> \r\n </handlers> \r\n </system.webServer>

How To Fix ‘Microsoft.Jet.OLEDB.4.0’ error

\r\n

Problem:

\r\n

\r\n

Server Error in ‘/’ Application.

\r\n

——————————————————————–

\r\n

The ‘Microsoft.Jet.OLEDB.4.0’ provider is not registered on the local machine.

\r\n

Description: An unhandled exception occurred during the execution of the current web request.

\r\n

Please review the stack trace for more information about the error and where it originated in the code.

\r\n

Exception Details: System.InvalidOperationException: The ‘Microsoft.Jet.OLEDB.4.0’

\r\n

provider is not registered on the local machine.

\r\nSolution:\r\n\r\nYou will get this error on Windows Server 2008 R2 or Windows 7 64 bit. To fix it, switch your Application Pool from Native 64 bit to 32 Bit more under Advanced Settings.\r\n\r\nSuggestion:\r\n\r\nIt is also suggested that you upgrade your application to new ACE OLEDB provider, you can download from here.

How To Fix overrideMode=”Deny” Error (HTTP Error 500.19)

HTTP Error 500.19 - Internal Server Error\r\nThe requested page cannot be accessed because the related configuration data for the page is invalid.\r\nConfig Error\r\nThis configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".\r\n226:     <system.webServer>\r\n227:         <handlers>

\r\nIf you get the error above, you have to make a change in ApplicationHost.config file. To fix this error follow the steps as  below:\r\n

    \r\n

  • Open ApplicationHost.config file in notepad This file is located under C:\Windows\System32\inetsrv\config
  • \r\n

  • Search for <location path=”Default Web Site” overrideMode=”Deny”>
  • \r\n

  • Replace with: <location path=”Default Web Site” overrideMode=”Allow”>
  • \r\n

\r\nChange “Default Web Site”  with the name of your website.\r\n\r\nNOTE: On 64 bit Windows, if you are using 32 bit editor or File Manager, you will NOT be able to see any files in the config folder. Navigate using Windows Explorer or Notepad in native 64 bit mode.

How to Create Rewrite Rule in web.config

If you need a domain URL redirection from yourdomain.com to www.testdomain.com or vise versa, you can do something like this:\r\n\r\nPlace either of these (depending on what you’d like done. And edit to match your domain) inside the <system.webServer></system.webServer> tags in the web.config of the domain.\r\n

<rewrite><rules>\r\n<rule name=”Add WWW prefix” >\r\n<match url=”(.*)” ignoreCase=”true” />\r\n<conditions>\r\n<add input=”{HTTP_HOST}” pattern=”^testdomain\.com” />\r\n</conditions>\r\n<action type=”Redirect” url=”http://www.testdomain.com/{R:1}”\r\nredirectType=”Permanent” />\r\n</rule>

\r\n—————–\r\n

<rule name=”Remove WWW prefix” >\r\n<match url=”(.*)” ignoreCase=”true” />\r\n<conditions>\r\n<add input=”{HTTP_HOST}” pattern=”^www\.testdomain\.com” />\r\n</conditions>\r\n<action type=”Redirect” url=”http://yourdomain.com/{R:1}”\r\nredirectType=”Permanent” />\r\n</rule>\r\n</rules></rewrite>

\r\n

Note: This is applicable on websites hosted on IIS 7.0 or 7.5 (on Windows Server 2008).

Backup IIS7 ApplicationHost.config and Settings

\r\n

Internet Information Services 7 (IIS7) doesn’t use metabase-like file from IIS6. Instead the settings and configuration are stored in schema files and applicationHost.config files.\r\n\r\nSince the configuration files are different, the old IIS6 tools will not be able to backup IIS7 settings.\r\n\r\nThis is the new script that you can use to backup your IIS7 web servers.\r\n\r\n1. Using notepad or any text editor create a file backupiis7.cmd\r\n\r\n2. Insert the following code and save the file:\r\n

\r\n

Code:

\r\n

@echo off\r\ncls\r\n\r\npushd "%WinDir%\System32\inetsrv"\r\n\r\necho.| date | find /i "current">datetime1.tmp\r\necho.| time | find /i "current">datetime2.tmp\r\n\r\nfor /f "tokens=1,2,3,4,5,6" %%i in (datetime1.tmp) do (\r\n  echo %%n>datetime1.tmp\r\n)\r\nfor /f "tokens=1,2,3,4,5,6" %%i in (datetime2.tmp) do (\r\n  echo %%m>datetime2.tmp\r\n)\r\nfor /f "delims=/ tokens=1,2,3" %%i in (datetime1.tmp) do (\r\n  set TMPDATETIME=%%k%%i%%j\r\n)\r\nfor /f "delims=:. tokens=1,2,3,4" %%i in (datetime2.tmp) do (\r\n  set TMPDATETIME=D%TMPDATETIME%T%%i%%j%%k%%l\r\n)\r\n\r\nappcmd add backups %TMPDATETIME%\r\n\r\ndel datetime1.tmp\r\ndel datetime2.tmp\r\n\r\nset TMPDATETIME=\r\n\r\npopd\r\necho.

\r\n

\r\n3. The IIS7 configuration will be backed up at the following path:\r\n

\r\n

C:\Windows\System32\inetsrv\backup

\r\n

\r\nNOTE: you can also use Task Scheduler to automate backups.

\r\n

ASP.NET Security Vulnerability Workaround

Update on ASP.NET Vulnerability

\r\n Earlier this week We posted about an ASP.NET Vulnerability.\r\nMicrosoft is actively working on releasing a security update that fix the issues ready for broad distribution across all Windows platforms via Windows Update. We’ll post details about this once it is available.\r\n \r\n\r\nRevised Workaround and Additional URLScan Step\r\nIn our first community post we covered a workaround you can apply immediately on your sites and applications to prevent attackers from exploiting it. Today, we are revising it to include an additional defensive measure.\r\nThis additional step can be done at a server-wide level, and should take less than 5 minutes to implement. Importantly, this step does not replace the other steps in the original workaround, rather it should be done in addition to the steps already in it. Below are instructions on how to enable it.\r\n \r\n\r\nInstall and Enable IIS URLScan with a Custom Rule\r\n\r\nIf you do not already have the IIS URLScan module installed on your IIS web server, please download and install it:\r\n\r\n \r\n

\r\nIt takes less than a minute to install on your server.\r\n \r\n\r\nAdd an Addition URL Scan Rule\r\nOnce URLScan is installed, please open and modify the UrlScan.ini file in this location:\r\n

%windir%\system32\inetsrv\urlscan\UrlScan.ini

\r\nNear the bottom of the UrlScan.ini file you’ll find a [DenyQueryStringSequences] section. Add an additional “aspxerrorpath=” entry immediately below it and then save the file:\r\n\r\n \r\n

[DenyQueryStringSequences]\r\naspxerrorpath=

\r\nThe above entry disallows URLs that have an “aspxerrorpath=” querystring attribute from making their way to ASP.NET applications, and will instead cause the web-server to return an HTTP error. Adding this rule prevents attackers from distinguishing between the different types of errors occurring on a server – which helps block attacks using this vulnerability.\r\nAfter saving this change:\r\n\r\n

run “iisreset”\r\nfrom a command prompt (elevated as admin\r\n

\r\nFor the above changes to take effect. To verify the change has been made, try accessing a URL on your site/application that has a querystring with an aspxerrorpath and verify that an HTTP error is sent back from IIS.\r\n URL Scan Summary\r\nIf you’ve already implemented the workaround we’ve previously published, please add the above step to help block attackers from exploiting the vulnerability.\r\nOur team is working around the clock to release an update via Windows Update that fixes the underlying product vulnerability. Until that update is available, you can use the above workaround to help prevent attackers from using the vulnerability against your applications.\r\nOnce we release the security update, you will no longer need to implement any workaround steps.\r\n\r\nThe alternative option: Using IIS request filtering:\r\nThese instructions are an alternative for the UrlScan instructions above for systems running IIS on Windows Vista Service Pack 2, Windows Server 2008 Service Pack 2, Windows 7, or Windows Server 2008 R2.\r\n1. Install the Request Filtering feature in IIS through either Add/Remove Programs or Role Manger by selecting the feature under Internet Information Services, World Wide Web Services, Security.\r\n2. Launch Internet Information Services (IIS) Manager.\r\n3. Select the server node in the left pane.\r\n4. Double-click Request Filtering.\r\n5. Select the Query Strings tab and click Deny Query String … in the Actions pane.\r\n6. Enter aspxerrorpath= in the dialog box and select OK.\r\n\r\nAlternatively, you can also use the following appcmd command to set this request querystring:\r\n

appcmd set config /section:requestfiltering /+denyQueryStringSequences.[sequence=’aspxerrorpath=’]

\r\nFor more information on using appcmd to configure IIS, see Getting Started with AppCmd.exe.\r\n\r\nConfigure ASP.Net applications to use uniform custom errors\r\nIn the root folder of each ASP.NET web application, determine if you already have a web.config file in this folder. You must have rights to create a file in the target directory to implement this workaround.\r\nIf the ASP.NET application does not have a web.config file:\r\n\r\nOn .NET Framework 3.5 and earlier\r\n1. Create a text file named web.config in the root folder of the ASP.NET application, and insert the following contents:\r\n

<configuration>\r\n<location allowOverride=”false”>\r\n<system.web>\r\n<customErrors mode=”On” defaultRedirect=”~/error.html” />\r\n</system.web>\r\n</location>\r\n</configuration>

\r\n2. Create a text file named error.html containing a generic error message and save it in the root folder of the ASP.NET application.3. Alternatively, you can rename error.html in the web.config file to point to an existing error page, but that page must display generic content, not context-specific content.\r\n\r\nOn .NET Framework 3.5 Service Pack 1 and later\r\n1. Create a text file named web.config in the root folder of the ASP.NET application, and insert the following contents:\r\n

<configuration>\r\n<location allowOverride=”false”>\r\n<system.web>\r\n<customErrors mode=”On” redirectMode=”ResponseRewrite” defaultRedirect=”~/ErrorPage.aspx” />\r\n</system.web>\r\n</location>\r\n</configuration>

\r\n2. If you are comfortable using C#, we recommend using the following ErrorPage.aspx\r\n\r\nfile:\r\n

<%@ Page Language=”C#” AutoEventWireup=”true” %>\r\n<%@ Import Namespace=”System.Security.Cryptography” %>\r\n<%@ Import Namespace=”System.Threading” %>\r\n<script runat=”server”>\r\nvoid Page_Load()\r\n{\r\nbyte[] delay = new byte[1];\r\nRandomNumberGenerator prng = new RNGCryptoServiceProvider();\r\nprng.GetBytes(delay);\r\nThread.Sleep((int)delay[0]);\r\nIDisposable disposable = prng as IDisposable;\r\nif (disposable != null)\r\n{\r\ndisposable.Dispose();\r\n}\r\n}</script>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>\r\n<html xmlns=”http://www.w3.org/1999/xhtml”>\r\n<head runat=”server”>\r\n<title> </title>\r\n</head>\r\n<body>\r\n<div> An error occurred while processing your request.     </div>\r\n</body>\r\n</html>

\r\n3. If you are comfortable using Visual Basic .NET, we recommend using the following ErrorPage.aspx file:\r\n

<%@ Page Language=”VB” AutoEventWireup=”true” %>\r\n<%@ Import Namespace=”System.Security.Cryptography” %>\r\n<%@ Import Namespace=”System.Threading” %>\r\n<script runat=”server”>\r\nSub Page_Load()\r\nDim delay As Byte() = New Byte(0)\r\n{\r\n}\r\nDim prng As RandomNumberGenerator = New RNGCryptoServiceProvider()\r\nprng.GetBytes(delay)\r\nThread.Sleep(CType(delay(0), Integer))\r\nDim disposable As IDisposable = TryCast(prng, IDisposable)\r\nIf\r\nNot disposable Is Nothing\r\nThen\r\ndisposable.Dispose()\r\nEnd IfEnd Sub\r\n</script>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>\r\n<html xmlns=”http://www.w3.org/1999/xhtml”>\r\n<head runat=”server”>\r\n<title></title>\r\n</head>\r\n<body>\r\n<div>  An error occurred while processing your request.  </div>\r\n</body>\r\n</html>

\r\nIf the ASP.NET application already has a web.config file:\r\n\r\nOn .NET Framework 3.5 RTM and earlier\r\n1. Insert the bracketed text in the sample below into your existing web.config file:\r\n

<?xml version=”1.0″?>\r\n<configuration>\r\n<configSections> …  </configSections>\r\n<appSettings> … </appSettings>\r\n<connectionStrings> … </connectionStrings>\r\n[\r\n<location allowOverride=”false”>\r\n<system.web>\r\n<customErrors mode=”On” defaultRedirect=”~/error.html” />\r\n</system.web>\r\n</location>\r\n]\r\n<system.web> … </system.web>\r\n<system.codedom> … </system.codedom>\r\n</configuration>

\r\n2. Create a text file named error.html containing a generic error message and save it in the root folder of the ASP.NET application.\r\n3. Alternatively, you can rename error.html in the web.config file to point to an existing error page, but that page must display generic content, not context-specific content.\r\n\r\nOn .NET Framework 3.5 Service Pack 1 and later\r\n1. Insert the bracketed text in the sample below into your existing web.config file:\r\n

<?xml version=”1.0″?>\r\n<configuration>\r\n<configSections> … </configSections>\r\n<appSettings> … </appSettings>\r\n<connectionStrings> … </connectionStrings>\r\n[\r\n<location allowOverride=”false”>\r\n<system.web>\r\n<customErrors mode=”On” redirectMode=”ResponseRewrite” defaultRedirect=”~/ErrorPage.aspx” />\r\n</system.web>\r\n</location>]\r\n</configuration>\r\n<system.web> … </system.web>\r\n<system.codedom> … </system.codedom>\r\n</configuration>

\r\n2. If you are comfortable using C#, we recommend using the following ErrorPage.aspx file:\r\n

<%@ Page Language=”C#” AutoEventWireup=”true” %>\r\n<%@ Import Namespace=”System.Security.Cryptography” %>\r\n<%@ Import Namespace=”System.Threading” %>\r\n<script runat=”server”>\r\nvoid Page_Load()\r\n{\r\nbyte[] delay = new byte[1];\r\nRandomNumberGenerator prng = new RNGCryptoServiceProvider();\r\nprng.GetBytes(delay);\r\nThread.Sleep((int)delay[0]);\r\nIDisposable disposable = prng as IDisposable;\r\nif\r\n(disposable != null)\r\n{\r\ndisposable.Dispose();\r\n}\r\n}\r\n</script>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>\r\n<html xmlns=”http://www.w3.org/1999/xhtml”>\r\n<head runat=”server”>\r\n<title></title>\r\n</head>\r\n<body>\r\n<div> An error occurred while processing your request. </div>\r\n</body>\r\n</html>

\r\n3. If you are comfortable using Visual Basic .NET, we recommend using the following ErrorPage.aspx file:\r\n

<%@ Page Language=”VB” AutoEventWireup=”true” %>\r\n<%@ Import Namespace=”System.Security.Cryptography” %>\r\n<%@ Import Namespace=”System.Threading” %>\r\n<script runat=”server”>\r\nSub Page_Load()\r\nDim delay As Byte() = New Byte(0)\r\n{\r\n}\r\nDim prng As RandomNumberGenerator = New  RNGCryptoServiceProvider()       prng.GetBytes(delay)\r\nThread.Sleep(CType(delay(0), Integer))\r\nDim disposable As IDisposable = TryCast(prng, IDisposable)\r\nIf\r\nNot disposable Is Nothing\r\nThen\r\ndisposable.Dispose()\r\nEnd If\r\nEnd Sub\r\n</script>\r\n<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Transitional//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd”>\r\n<html xmlns=”http://www.w3.org/1999/xhtml”>\r\n<head runat=”server”>\r\n<title></title>\r\n</head>\r\n<body>\r\n<div> An error occurred while processing your request. </div>\r\n</body>\r\n</html>

\r\nImpact of Workaround:\r\nIf an error occurs during a Web transaction, the Web clients will see the same generic error message on the server, regardless of what error actually occurs. Additionally, any requests for Web pages which contain the string aspxerrropath= in the querystring portion of the URL will be blocked, and an HTTP error message returned to the client.\r\n\r\nYou can learn more about this vulnerability and the workaround from:\r\n\r\n