Category Archives: Windows

Here you can surf for various Windows issues and fixes….

How to switch Plesk control panel from IIS to Apache?

How to switch Plesk control panel from one webserver to another?

Launch command prompt.

Start >> Run >> cmd
If IIS is used as Plesk web server switch it to Apache

%plesk_bin%\reconfigurator.exe –switch-plesk-web-server –new-provider=apache

If Apache is used as Plesk web server switch it to IIS

%plesk_bin%\reconfigurator.exe –switch-plesk-web-server –new-provider=iis

ASP.NET , IIS and 32 bit emulation mode in 64 bit server

How to switch between the 32-bit versions of ASP.NET and the 64-bit version of ASP.NET on a 64-bit version of Windows?

IIS 6.0 supports both the 32-bit mode and the 64-bit mode. However IIS 6.0 does not support running both modes at the same time on a 64-bit version of Windows. ASP.NET 1.1 runs only in 32-bit mode. ASP.NET 2.0 runs in 32-bit mode or in 64-bit mode. Therefore, if you want to run ASP.NET 1.1 and ASP.NET 2.0 at the same time, you must run IIS in 32-bit mode.

ASP.NET 1.1, 32-bit version

// To run the 32-bit version of ASP.NET 1.1, follow these steps:

  1. Click Start, click Run, type cmd, and then click OK.
  2. Type the following command to enable the 32-bit mode:
    cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1
  3. Type the following command to install the version of ASP.NET 1.1 and to install the script maps at the IIS root and under:
    %SYSTEMROOT%\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe -i
  4. Make sure that the status of ASP.NET version 1.1.4322 is set to Allowed in the Web service extension list in Internet Information Services Manager.

ASP.NET 2.0, 32-bit version

// To run the 32-bit version of ASP.NET 2.0, follow these steps:

  1. Click Start, click Run, type cmd, and then click OK.
  2. Type the following command to enable the 32-bit mode:
    cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1
  3. Type the following command to install the version of ASP.NET 2.0 (32-bit) and to install the script maps at the IIS root and under:
    %SYSTEMROOT%\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
  4. Make sure that the status of ASP.NET version 2.0.50727 (32-bit) is set to Allowed in the Web service extension list in Internet Information Services Manager.

ASP.NET 2.0, 64-bit version

// To run the 64-bit version of ASP.NET 2.0, follow these steps:

  1. Click Start, click Run, type cmd, and then click OK.
  2. Type the following command to disable the 32-bit mode:
    cscript %SYSTEMDRIVE%\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0
  3. Type the following command to install the version of ASP.NET 2.0 and to install the script maps at the IIS root and under:
    %SYSTEMROOT%\Microsoft.NET\Framework64\v2.0.50727\aspnet_regiis.exe -i
  4. Make sure that the status of ASP.NET version 2.0.50727 is set to Allowed in the Web service extension list in Internet Information Services Manager.

Ref : http://support.microsoft.com/kb/894435

How to turn off “Automatic Updates” in Windows ?

How to turn off “Automatic Updates” in Windows ?
1. Login to the server as Administrator
2. Start >> Run >> gpedit.msc (hit enter)
3. Navigate to  “Local Computer Policy >> Computer Configuration >> Administrative Templates >> Windows Components >> Windows Update ”
4. Click on “Configure Automatic Updates”
5. Click “Properties” and select ” Disable” option
6. Save the changes and verify it from “My Computer (right click)>> Properties >>  Automatic Updates”

How To Configure PassivePortRange In IIS ?

How to add PassivePortRange in IIS and firewall exception fot Microsoft FTP service (MSFTPSVC) in windows server ?

Applicable to : Windows 2000 Server with IIS5
Windows 2003 Server with IIS6
Windows 2008 Server with IIS7

To work FTP passive connection properly we have to do two things

A) Add Passive port range in IIS
B) Add firewall exception in windows firewall

For Windows 2000 Server

A) Add Passive port range in IIS

Configure PassivePortRange via Registry Editor
1. Start Registry Editor (Regedt32.exe).
2. Locate the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Msftpsvc\Parameters\
3. Add a value named “PassivePortRange” (without the quotation marks) of type REG_SZ.
4. Close Registry Editor.
5. Restart the FTP service.

Note: The range that FTP will validate is from 5001 to 65535.

B) Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.
FOR /L %I IN (5500,1,5701) DO netsh firewall add portopening TCP %I “Passive FTP”%I
3. Each port in the range will be added with an “OK” confirmation.

Or you can manually add the port exception as follows.

1. Click Start >> Run >> firewall.cpl ( Hit enter) , and select the Exceptions tab.
2. Click the Add Port button.
3. Enter a Name for the Exception and the first number in the port range.
4. Click TCP if not already selected and click OK.
5. Repeat for each port in the range – for large ranges see the end of the document.
6. Enable the Windows Firewall on the General Tab.

For Windows 2003 Server

A) Add Passive port range in IIS

a) To Enable Direct Metabase Edit
1. Open the IIS Microsoft Management Console (MMC).
2. Right-click on the Local Computer node.
3. Select Properties.
4. Make sure the Enable Direct Metabase Edit checkbox is checked.

b) Configure PassivePortRange via ADSUTIL script
1. Click Start, click Run, type cmd, and then click OK.
2. Type cd Inetpub\AdminScripts and then press ENTER.
3. Type the following command from a command prompt.
adsutil.vbs set /MSFTPSVC/PassivePortRange “5500-5700”
4. Restart the FTP service.

You’ll see the following output, when you configure via ADSUTIL script:

Microsoft (R) Windows Script Host Version 5.6

Copyright (C) Microsoft Corporation 1996-2001.

All rights reserved.PassivePortRange : (STRING) “5500-5700”

B) Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.
FOR /L %I IN (5500,1,5701) DO netsh firewall add portopening TCP %I “Passive FTP”%I
3. Each port in the range will be added with an “OK” confirmation.

Or you can manually add the port exception as follows.

1. Click Start >> Run >> firewall.cpl ( Hit enter) , and select the Exceptions tab.
2. Click the Add Port button.
3. Enter a Name for the Exception and the first number in the port range.
4. Click TCP if not already selected and click OK.
5. Repeat for each port in the range – for large ranges see the end of the document.
6. Enable the Windows Firewall on the General Tab.

For Windows 2008 Server


A) Add Passive port range  in IIS

1. Go to IIS 7.0 Manager. In the Connections pane, click the server-level node in the tree.
2.  Double-click the FTP Firewall Support icon in the list of features.
3. Enter a range of values for the Data Channel Port Range.
4. Once you have entered the port range for your FTP service, click Apply in the Actions pane to save your configuration settings.

Notes:

1. The valid range for ports is 1024 through 65535. (Ports from 1 through 1023 are reserved for use by system services.)
2. You can enter a special port range of “0-0” to configure the FTP server to use the Windows TCP/IP dynamic port range. The default dynamic port range in windows 2008 server is from 49152 to 65535.

You can view this details by issuing the folowing command in the server.

C:\Users\Administrator>netsh int ipv4 show dynamicport tcp

3. For additional information, please see the following Microsoft Knowledge Base articles:

* 929851 – http://support.microsoft.com/kb/929851/

4. This port range will need to be added to the allowed settings for your firewall server.

To configure the external IPv4 Address for a Specific FTP Site


1. Go to IIS 7.0 Manager. In the Connections pane, click the FTP site that you created earlier in the tree, Double-click the FTP Firewall Support icon in the list of features.
2. Enter the IPv4 address of the external-facing address of your firewall server for the External IP Address of Firewall setting.
3. Once you have entered the external IPv4 address for your firewall server, click Apply in the Actions pane to save your configuration settings.

B. Add firewall exception in windows firewall

To add a range of ports to Windows Firewall from the Command Line

1. Click Start, click Run, type cmd, and then click OK.
2. Type in the following where the range is specified in ( ) and the name of the firewall entry is in ” “.

3.  FOR /L %I IN (49152,1,65535) DO netsh advfirewall firewall add rule name=”Passiveport”%I dir=out action=allow protocol=TCP localport=%I

4. Each port in the range will be added with an “OK” confirmation.

The command to add individual port in exception is pasting below.

C:\Users\Administrator>netsh advfirewall firewall add rule name=”OpenPort65535″ dir=out action=allow protocol=TCP localport=65535

Reference : http://support.microsoft.com/kb/555022

http://learn.iis.net/page.aspx/309/configuring-ftp-firewall-settings/

How to use IPSEC to filter packets ?

<!– @page { size: 8.5in 11in; margin: 0.79in } P { margin-bottom: 0.08in } –>

How to use IPSEC to filter packets ?

Internet Protocol security (IPSec) can be used to filter packets coming/going to the server. This can be done easily using Netsh IPSec tools.

Here first we need to add a filterlist‘ which contains a group of ‘filter’s. Each ‘filter’ is associated with some ‘filteraction‘ like permit or block.

A “policy” is the IPSec policy under which the rule is being applied and a “rule” is the one which links a policy to a filterlist and a filteraction. So as a result the rule make the action specified in the filteraction apply to the filters present in the filterlist.

Suppose I want to block all connection from IP 192.168.192.100. I will go like this.

1. Launch the command prompt (Start >> run >> cmd)

2. Add the filterlist.

C:\Documents and Settings\Administrator> netsh ipsec static add filterlist name=myfilterlist

3. Add filteraction

C:\Documents and Settings\Administrator> netsh ipsec static add filteraction name=myaction action=block

4. Add filter

C:\Documents and Settings\Administrator> netsh ipsec static add filter filterlist=myfilterlist srcaddr=192.168.192.100 dstaddr=Me

5. Add policy

C:\Documents and Settings\Administrator> netsh ipsec static add policy name=mypolicy assign=yes

6. Add rule

C:\Documents and Settings\Administrator> netsh ipsec static add rule name=myrule policy=mypolicy filterlist=myfilterlist filteraction=myaction

Now all the connections from/to IP 192.168.192.100 is blocked.

Alternatively we can configure all these using graphical interface. For that login to the server and open local security management console ( start >> run >> secpol.msc).

How to change RDP listening port in Windows 2003 server?

In order to modify the RDP listening port,  follow the steps mentioned below.

1) Run REGEDIT on your Server.

Start >> Run >> regedit and hit Enter

2) Export the following key: (Right click and export)


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

3) Edit the REG file and change the name of the key to something like:


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp-New

4) In the REG file find


PortNumber


and change it to whatever port you want.
(right click and modify)

5) Import the REG file back to the registry.

You can now connect to the new port by using the Windows Terminal Server client.

To Alter the Port on the client side:

1) Go to the Start menu and click on Run.

2) On the Run menu type mstsc and click Enter.

Note: To use RDP on computers with operating systems other than Windows XP/2003 you will first need to install the RDP client.

3) In the RDP window, in the Computer box, scroll to the computer name or IP to which you wish to connect.

4) Add a :Port(without the quotes) where “Port” is the decimal value of the destination port.

5) Press Connect.

Another method of connecting to a different port that default is to run the MSTSC command with the required command line parameters:
/v:ServerName[:Port]

For example: MSTSC /v:192.168.0.191:3390

=================

For more information : http://support.microsoft.com/kb/555031/en-us