Setting up Web Deploy on Azure VMs

For starters, I will provide instructions on how to install IIS in case that hasn’t already been done. An easy starting point for enabling the IIS Role and additional features is to use the Web Platform Installer. After you have installed this application, follow these steps:

1. Run Web Platform Installer and search for IIS Recommended.

2. Click Add to select IIS Recommended Configuration to be installed.

3. Search for IIS: ASP.

4. Click Add on the IIS: ASP.NET 4.5 option.

5. Click Install at the bottom of the window and then click I Accept to begin the installation procedure.

This process enables the IIS Role, applies the recommended feature configuration and enables .Net 4.5. Installing these features will configure IIS correctly to serve ASP.Net websites and applications. Any additional IIS features that are required will need to be installed. For reference, here are the features that are installed using this method:


There are a few things to remember when deploying Web Deploy. More than just Web Deploy needs to be installed/configured. The IIS Management Service is used to configure remote connections to the IIS instance as well as who is authorized to connect. This can be installed either via WPI or Roles and Features with-in Server Manager itself. For this demonstration, I will use WPI to install the remaining applications. After launching WPI, search for Management and choose Add for the IIS: Management Service and then repeat for Web Deploy. Click Install. The following screen shows the selected applications ready for installation.


Click I Accept to complete the installation of the features and all dependencies.

Once the installation has completed, there will be new features added to IIS Manager. Open IIS Manager to configured the Management Service. Double click on the Management Service icon to begin.


Once the feature configuration page is open, there are a few settings that needs to be updated. If the service is running, you can not make updates to the settings. Click Stop in the Actions pane if this is the case. To begin with, check the Enable remote connections setting. Rather than having to maintain IIS Manager users, I choose Windows credentials only. Notice the Enable failed request tracking option below the log setting. In the event of issues using Web Deploy, you can enable this setting to gather additional information. For additional security, you can also set IP Address Restrictions. You can restrict access to specific IP addresses by changing the Access for unspecified clients to Deny. After doing that, add an Allow entry for any IP Addresses that should be allowed to connect.


Click Apply to save the settings and then Start to start the Management Service. Minimize or close IIS Manager.

To ensure that the server is now listening on port 8172, open a command prompt and run netstat –aon | findstr :8172. You should see at least the following response. You could see others depending on your server configuration. If you do not get any response, check services and ensure that the Web Management Service is running. If it is running, check the above steps and ensure that everything is configured correctly.


We will now check the Windows Firewall to ensure that the rule for Web Management Service (HTTP Traffic-In) is enabled. This rule is created when the Web Management Service is installed.


The last thing that will need to be configured is the endpoint for your Azure VM. Login to the Azure portal and navigate to your Virtual Machine endpoints. This is done differently depending on if you are using the classic portal ( or the new portal ( Once you have located the Endpoints configuration screen for your VM, add an entry for Web Deploy for port 8172.


You are now ready to connect using Visual Studio and deploy your website or application.

For reference, here is what a deployment configuration within Visual Studio looks like.


These steps can be followed for configuration of Web Deploy for other providers such as SherWeb’s Performance Cloud as well.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at Sherweb.

Thank you Microsoft for my MVP Renewal – 3 years and going strong

Microsoft MVP Banner
Dear Terri Donahue,
Congratulations! We are pleased to present you with the 2015 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in ASP.NET/IIS technical communities during the past year.

Every year on July 1st since 2013 I watch my email for the above notice from Microsoft verifying that I have been awarded\renewed as an MVP. For people that don’t know about this, it is an award for community work for the previous year. This is anything from running a user group to blogging or being active in forums. There are between 4000 and 5000 MVPs worldwide across multiple disciplines. It is such an honor to belong to this group of professional. Here’s to another great year.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at Sherweb.

Managing SSL Bindings with PowerShell

I recently wrote a blog post for the Hey, Scripting Guy! blog related to Updating SSL Bindings. This is a process that is time consuming and tedious when working with server farms. By automating this process with PowerShell, the manual importing of the certificates and updating the bindings can be done programmatically. Until you upgrade your IIS Servers to IIS 8 and can use the Centralized Certificate Store, this is the next best thing. Jump on over and take a look.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at OrcsWeb, a Sherweb Company that offers managed hosting solutions

A look back

I am sure that everyone faces a crossroads in their professional careers. For me, that happened a little over 4 years ago. I knew that my time was coming to an end with LendingTree and I had started the search for my next position. Unlike most of my peers that stayed within the industry, I knew that I would not be happy working for a bank. That being said, I found a few postings that looked very interesting. One was a project management ‘consulting’ position. The other, a job that a wonderful friend of mine had alerted me to a year prior. I was not ready to move-on at that time but I kept in close contact with the company, just in case. After multiple interviews (including one that I totally thought I had blown), I had a decision to make. I was lucky in that I had a couple of choices. Now was the time to weigh my options and make the decision that I felt to be best for me. Yes, I created a good/bad list and evaluated both options. In the end, I chose to accept a position with OrcsWeb.

Today, I can honestly say that I made the absolute best choice. I have had nothing but support and more learning opportunities than I ever thought were possible. I have been lucky enough to work with some great people that do not mind teaching what they know. I have broken things, and resolved very complex problems, and simply provided insight into issues that I had seen before. I became active on the IIS forums (this has been the application that I have supported for more years than most people even realize exist). I started working in the security arena for IIS with CI Security. I was awarded Microsoft MVP for (emphasis on the IIS). I even got the pleasure of working as a Technical Reviewer on a Microsoft class which focused on IIS Administration. I have spoken at a few user groups. I even travelled all the way from South Carolina to Dallas once.

All of the preceding text is simply a way for me to say “Thank You” to the Kingleys for giving me this opportunity. My teammates have been awesome and I couldn’t imagine working anywhere else.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and It Infrastructure Specialist at OrcsWeb, a Sherweb Company that offers managed hosting solutions

Know it, Prove it

Microsoft is kicking off a challenge on 2/1/2015 via the Microsoft Virtual Academy training site. The Microsoft Virtual Academy offers free Microsoft training delivered by experts in their fields. There are training courses aimed at the IT Pro, developers and even students.

During the challenge, there are 8 different tracks with 28 days of learning topics in each one. Personally, I will be rocking my skills on the Hybrid Cloud path.

Take a look and sign up to join me in my quest to Know it. Prove it. You have less than 12 days to accept the challenge.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

IIS Manager and Script generation

There are always questions on the forums related to scripting settings related to IIS configuration files. In IIS7 and above, there is a nifty feature called the Configuration Editor.  For reference, this blog post is written and pertains to IIS 8.5. This is important because some settings mentioned in this post are not available on any versions prior to IIS 8.5.

This feature allows you to ‘look’ at your configuration files and even update them via the GUI interface. This can be very handy since you are not manually updating one of the configuration files for either the entire IIS Server or one of your websites or applications. Since the format of the file requires specific items, using a tested script or GUI interface can aid in ensuring that you do not accidentally forget a “ or  < in the file which renders it unusable by IIS.

You access this feature by opening Internet Information Services (IIS) Manager. There is a Configuration Editor feature at the server level, the web site level, and for any folder, virtual directory or application within a website.


The location of the feature determines what configuration file will be modified by any changes made. Changes made at the server level will impact the primary configuration documents for the IIS installation. For example, if you would like to view the default settings for the application pools, you would access the Server name and double click on the Configuration Editor icon to open the feature. As you can see from the screenshot below, I have selected the section related to applicationPools. At the bottom of the screenshot, the active configuration file is listed as applicationhost.config.


The screenshot below shows the default settings for application pools as shown in both the configuration editor and the applicationhost.config file.


Making a change in the Configuration Editor updates the applicationhost.config file once you select Apply.

Let’s say for instance, you decide you would like to modify the default settings for your application pools but would like to script it so you can implement it at a later time or across multiple systems. Rather than the defaults for idleTimeout and idleTimeoutAction, you want to implement a longer timeout value and rather than terminating the process, you want to suspend it. The idleTimeoutAction item is only relative to IIS 8.5. For prior versions, you can change the idleTimeout following this same process as well. You are going to set the idleTimeout to 60 minutes rather than the default of 20. You are also going to change the idleTimeoutAction to Suspend rather than Terminate. This comes in handy when you have a website that takes a while to load but only has certain periods of time where it is active. By suspending the process, you do not have to wait for the initial spin-up which occurs after a worker process has been terminated. Any changes that are made in the editor are shown in BOLD in the GUI.


You will now notice that there are multiple actions available (Apply, Cancel, Generate Script). This is where the cool stuff happens. You are going to click Generate Script since you really want the PowerShell commands needed to make this change rather than applying the changes now. This will open a Script Dialog box that provides the auto-generated script in multiple languages including C#, AppCmd, and PowerShell.


You can now copy the script and integrate it into initial build scripts for creating a new IIS server or even as a stand alone script to simply update the settings that you have chosen.

The generated PowerShell script contains this code:

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/applicationPools/applicationPoolDefaults/processModel" -name "idleTimeout" -value "01:00:00"

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/applicationPools/applicationPoolDefaults/processModel" -name "idleTimeoutAction" -value "Suspend"

You will then opened a PowerShell command window ran as Administrator. Paste the code into the window and run it. Voila, your updates were inserted into the applicationhost.config file and the default settings for new application pools are now configured the way that you want.


There are many settings that can be scripted following these same steps for websites. The Configuration Editor feature at the website level accesses the web.config file for the specified site or application. For example, if you want to change the way that customErrors are handled for your website, you can access the customErrors section of the web.config via the Configuration Editor and change the mode from the default RemoteOnly to On or Off. Once again, you can either apply the setting manually or Generate Script for your script repository or for future use.

I hope you find this blog post helpful, especially if you are just learning PowerShell and working with IIS,

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

Website Encryption

I was asked a curious question the other day related to the number of websites that have SSL certificates installed. After thinking about it, big companies have SSL but most personal websites don’t. Based on my own feelings, the reason things are this way is due to the upfront and yearly costs of SSL certificates as well as not realizing the benefits of encrypting your website content.

During this discussion, a friend told me about the Let’s Encrypt project. This is an exciting new FREE Certificate Authority that will be arriving in the Summer of 2015.

Let’s Encrypt will not be for everyone.  There will still be needs for the Extended Validation, wildcard, and multiple –domain certificates that are provided by Certificate Authorities such as VeriSign and GoDaddy to name a few.

The current application only supports apache but IIS is in the works. A small piece of management software is installed on the server that handles everything from proving control of the website, to requesting the certificate and installing it on the site. It also tracks certificate expiration dates ,handles auto renewal of the certificate and provides the ability to revoke the certificate if needed.

Since there is not a Windows/IIS version currently available, I do not have hands on experience with it. I am definitely looking forward to taking it for a test drive once it is available to see how it handles multiple websites on the same machine, host header sites, or even servers that have SNI and CCS installed.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

HTTP/2–Through the looking glass

One of the things discussed at the MVP Summit this year was HTTP/2. The IIS group had a great session related to this upcoming protocol. Since this is being worked on across multiple companies to develop the new standard, we are able to blog about certain aspects of the protocol. The community is asking that people take an early look at the protocol. Test your applications. Try to find breaking changes so they can be addressed early in the process.

The Internet Engineering Task Force (IETF) works to produce high quality technical documents. The draft document for HTTP/2 is a great resource  to gather additional information related to this undertaking.

The Windows 10 Technical Preview supports HTTP/2 on the client and server side. I decided to spin up a cloud server on my Azure account to take this for a spin. To begin with, there are a few things required in order to test. The Web Server role has to be enabled. HTTP/2 also only works over the TLS cryptographic protocol so an SSL certificate has to be bound to the testing website.  I did not have to complete any of the additional steps in this blog post to ensure that HTTP/2 was enabled. Depending on the version of Technical Preview that you are using, you may need to set the registry key.

Since I want to take a look at all aspects of IIS on this version of Windows, I broke my cardinal rule of ‘Never enable all IIS Features’. The quick way to perform the install is by using PowerShell. I ran the command Add-WindowsFeature –IncludeAllSubFeature –IncludeManagementTools from Windows PowerShell. Once the installation completed, I launched IIS Manager so that I could bind an SSL certificate to the Default Web Site.

Once this was done, I opened Internet Explorer. I then pressed the F12 key to open the F12 Developer Tools so I could watch the network traffic. In the below screenshot, you can see the icon for Network. Click that icon and then click the Green start arrow. This will allow you to see the protocol that is being used between the client and the server.



Now that I had everything setup and ready to go, I navigated to https://localhost. The default IIS page is loaded over TLS and the network trace shows the protocol is HTTP2.



This is a quick way to verify that HTTP/2 is the negotiated protocol between the client and the server.

If you are interested in following the progress of the development of this protocol, here is a list of URLs that provide additional information and testing capabilities.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

Why Upgrade to PowerShell 4.0

If you have browsed my blog site, you see that I occasionally like to do a little PS scripting. It is fun to challenge yourself to learn other things. Over on the Hey, Scripting Guy! Blog, they are doing a ‘Why should I upgrade to PowerShell 4.0? blog series. Today, my guest post is the featured post in the series. Hop on over and check it out.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

Blog Migration

With the impending shutdown of Cytanium, the time had come for me to migrate my site to a new host. I decided to check out the SherWeb offerings based on the discount they are providing for Cytanium customers. Since I use WordPress as my blogging application, my new host had to support php and MySQL.

After looking at the plans offered by SherWeb, I decided to go with Linux Expert hosting. To save you one contact with support, be sure to mention in the order that you are going to be using WordPress and need php safe mode set to Off. There were a few contributing factors to this decision. The Starter Hosting options (for both Windows and Linux hosting) do not include MySQL database support and you can not upgrade to include this support. The Windows Expert hosting plan supports MySQL and php as an optional add-on product but not within the base cost of the hosting package. Honestly, this just placed SherWeb out of what I was willing to pay for my hosting solution. Luckily, WordPress is a php/MySQL application so the underlying web server has less impact on a migration than other web applications may have.

I started working on my migration. There are a few things to be aware of before beginning. The installation location of the WordPress files on your existing host is important to know. If it is installed in a folder rather than the root, you will have to account for that folder structure when you migrate your site to the new host. Also, if your domain will be changing, you will also need to make those changes in the database for migration. Here is the guide that I followed to complete the migration over to SherWeb. A few notes, I did move my site to the root of my hosting before starting the migration. This was for ease of migration only since I do not have any other application that I am hosting.

I used the free BackWPup plugin to complete the migration. I enabled backing up everything. Once the backup was completed, I copied the zip file to my local hard drive and unzipped it to be ready to ftp my data up to SherWeb once I was ready for that step.

I logged into my Control Panel at SherWeb and installed WordPress with the click of a button.



This was the easiest way for me to configure my database name and user and ensure that all rights were assigned correctly. I used the same db name, user, and password as my previous host so I would not have to manually update any configuration files. Once the the install was completed, the fun part started.

I used FTP to upload my web files into the root of my hosting plan. SherWeb provides phpMyAdmin for administering your MySQL databases. From the interface, I was able to import my existing data into the new database.

I was able to preview my site and ensure functionality before updating DNS to point to the new location. Today, my blog is running on our parent company’s shared platform. All in all, it was a easy migration. Hopefully this information will make your migration from Cytanium over to SherWeb painless as well.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions