What an invigorating 2 weeks!!!

I have spent the last 2 weeks in bliss. By bliss, I mean one week at the MVP Summit with almost 2000 of my colleagues and 1 week at my new position with DynamicWeb NA. I am driven by my passion to connect and excel in my daily job and with the community that I have become a part of. For me, that is IIS. I was lucky enough 3 years ago to receive my first MVP award and just joined a company that recognizes that passion and empowers me to support it.

I missed some friends at the Summit and made even more. It is truly something that I never want to lose. The kinsmanship of like-minded individuals that excel at certain things is unbelievable. If you want to start committing yourself to the community, you should reach out to me. I work on the CI Security IIS benchhmark and we are looking for other people to become active by devoting time to research/edit/author/be a community member for the benchmark with the small team that is currently doing the work. I would love to have additional input and help in the upkeep of this document.

Follow me on twitter. That is really where I try to keep work related stuff, but it also bleeds over to Facebook. Either is fine. If you send me a friend request, I will accept it. I am one of those FB people. :)

Anyway, this is a rambling post, but I just can’t help myself. Thank you Brad and Karla Kingsley (know you don’t really do twitter so I’ll save the link for later) for what you started with me at OrcsWeb and Scott for remembering and reaching out when DynamicWeb NA was looking for someone like me. Never burn technical bridges because that could be your next opportunity.

Hoping that I’ll be posting more soon.

IIS WordPress implementation

This past weekend I noticed a tweet cross my feed about the security end of life for php v5.4. This happens on September 14, 2015. Thankfully I noticed this since this blog is running on WordPress and was using php v5.4. I decided it was finally time to upgrade the version of php that my sites are using.

I logged in and launched WPI and searched for php. I found that php 5.5 is already installed on my system and that php 5.6 was available for installation. I went ahead and installed php 5.6. Figured if I was going to make the update, I would go to the latest version. After installation, I changed my php version using PHP Manager, and ran the phpinfo() page. Unlike my php v5.3 and v5/4 implementations, an error page was returned. Specifically a 500.0 error:


C:\Program Files (x86)\PHP\v5.6\php-cgi.exe – The FastCGI process exited unexpectedly

Error code: The extended attributes are inconsistent.

I started off using Process Monitor from SysInternals to ensure that the root cause wasn’t an NTFS access issue. The worker process could successfully access php-cgi.exe and no errors were logged.

After doing some Googling, I came across a page that mentioned running the php.exe directly to see if any error messages were returned. Every time I tried to run php.exe from a command line, I got a CLI crash. I finally decided to simply double click the php.exe file to launch it. This provided enough information related to the problem for me to effectively research the issue. php was returning an error:

Faulting application name: php.exe, version:, time stamp: 0x53fe2967
Faulting module name: MSVCR110.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1

I was then able to narrow my search to MSVCR110.dll and found the following forums.iis.net post that resolved the issue for me.

I hope you find this post useful and it saves you some downtime on your sites.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at Sherweb.

Setting up Web Deploy on Azure VMs

For starters, I will provide instructions on how to install IIS in case that hasn’t already been done. An easy starting point for enabling the IIS Role and additional features is to use the Web Platform Installer. After you have installed this application, follow these steps:

1. Run Web Platform Installer and search for IIS Recommended.

2. Click Add to select IIS Recommended Configuration to be installed.

3. Search for IIS: ASP.

4. Click Add on the IIS: ASP.NET 4.5 option.

5. Click Install at the bottom of the window and then click I Accept to begin the installation procedure.

This process enables the IIS Role, applies the recommended feature configuration and enables .Net 4.5. Installing these features will configure IIS correctly to serve ASP.Net websites and applications. Any additional IIS features that are required will need to be installed. For reference, here are the features that are installed using this method:


There are a few things to remember when deploying Web Deploy. More than just Web Deploy needs to be installed/configured. The IIS Management Service is used to configure remote connections to the IIS instance as well as who is authorized to connect. This can be installed either via WPI or Roles and Features with-in Server Manager itself. For this demonstration, I will use WPI to install the remaining applications. After launching WPI, search for Management and choose Add for the IIS: Management Service and then repeat for Web Deploy. Click Install. The following screen shows the selected applications ready for installation.


Click I Accept to complete the installation of the features and all dependencies.

Once the installation has completed, there will be new features added to IIS Manager. Open IIS Manager to configured the Management Service. Double click on the Management Service icon to begin.


Once the feature configuration page is open, there are a few settings that needs to be updated. If the service is running, you can not make updates to the settings. Click Stop in the Actions pane if this is the case. To begin with, check the Enable remote connections setting. Rather than having to maintain IIS Manager users, I choose Windows credentials only. Notice the Enable failed request tracking option below the log setting. In the event of issues using Web Deploy, you can enable this setting to gather additional information. For additional security, you can also set IP Address Restrictions. You can restrict access to specific IP addresses by changing the Access for unspecified clients to Deny. After doing that, add an Allow entry for any IP Addresses that should be allowed to connect.


Click Apply to save the settings and then Start to start the Management Service. Minimize or close IIS Manager.

To ensure that the server is now listening on port 8172, open a command prompt and run netstat –aon | findstr :8172. You should see at least the following response. You could see others depending on your server configuration. If you do not get any response, check services and ensure that the Web Management Service is running. If it is running, check the above steps and ensure that everything is configured correctly.


We will now check the Windows Firewall to ensure that the rule for Web Management Service (HTTP Traffic-In) is enabled. This rule is created when the Web Management Service is installed.


The last thing that will need to be configured is the endpoint for your Azure VM. Login to the Azure portal and navigate to your Virtual Machine endpoints. This is done differently depending on if you are using the classic portal (manage.windowsazure.com) or the new portal (portal.azure.com). Once you have located the Endpoints configuration screen for your VM, add an entry for Web Deploy for port 8172.


You are now ready to connect using Visual Studio and deploy your website or application.

For reference, here is what a deployment configuration within Visual Studio looks like.


These steps can be followed for configuration of Web Deploy for other providers such as SherWeb’s Performance Cloud as well.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at Sherweb.

Thank you Microsoft for my MVP Renewal – 3 years and going strong

Microsoft MVP Banner
Dear Terri Donahue,
Congratulations! We are pleased to present you with the 2015 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in ASP.NET/IIS technical communities during the past year.

Every year on July 1st since 2013 I watch my email for the above notice from Microsoft verifying that I have been awarded\renewed as an MVP. For people that don’t know about this, it is an award for community work for the previous year. This is anything from running a user group to blogging or being active in forums. There are between 4000 and 5000 MVPs worldwide across multiple disciplines. It is such an honor to belong to this group of professional. Here’s to another great year.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at Sherweb.

Managing SSL Bindings with PowerShell

I recently wrote a blog post for the Hey, Scripting Guy! blog related to Updating SSL Bindings. This is a process that is time consuming and tedious when working with server farms. By automating this process with PowerShell, the manual importing of the certificates and updating the bindings can be done programmatically. Until you upgrade your IIS Servers to IIS 8 and can use the Centralized Certificate Store, this is the next best thing. Jump on over and take a look.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and IT Infrastructure Specialist at OrcsWeb, a Sherweb Company that offers managed hosting solutions

A look back

I am sure that everyone faces a crossroads in their professional careers. For me, that happened a little over 4 years ago. I knew that my time was coming to an end with LendingTree and I had started the search for my next position. Unlike most of my peers that stayed within the industry, I knew that I would not be happy working for a bank. That being said, I found a few postings that looked very interesting. One was a project management ‘consulting’ position. The other, a job that a wonderful friend of mine had alerted me to a year prior. I was not ready to move-on at that time but I kept in close contact with the company, just in case. After multiple interviews (including one that I totally thought I had blown), I had a decision to make. I was lucky in that I had a couple of choices. Now was the time to weigh my options and make the decision that I felt to be best for me. Yes, I created a good/bad list and evaluated both options. In the end, I chose to accept a position with OrcsWeb.

Today, I can honestly say that I made the absolute best choice. I have had nothing but support and more learning opportunities than I ever thought were possible. I have been lucky enough to work with some great people that do not mind teaching what they know. I have broken things, and resolved very complex problems, and simply provided insight into issues that I had seen before. I became active on the IIS forums (this has been the application that I have supported for more years than most people even realize exist). I started working in the security arena for IIS with CI Security. I was awarded Microsoft MVP for asp.net/IIS (emphasis on the IIS). I even got the pleasure of working as a Technical Reviewer on a Microsoft class which focused on IIS Administration. I have spoken at a few user groups. I even travelled all the way from South Carolina to Dallas once.

All of the preceding text is simply a way for me to say “Thank You” to the Kingleys for giving me this opportunity. My teammates have been awesome and I couldn’t imagine working anywhere else.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and It Infrastructure Specialist at OrcsWeb, a Sherweb Company that offers managed hosting solutions

Know it, Prove it

Microsoft is kicking off a challenge on 2/1/2015 via the Microsoft Virtual Academy training site. The Microsoft Virtual Academy offers free Microsoft training delivered by experts in their fields. There are training courses aimed at the IT Pro, developers and even students.

During the challenge, there are 8 different tracks with 28 days of learning topics in each one. Personally, I will be rocking my skills on the Hybrid Cloud path.

Take a look and sign up to join me in my quest to Know it. Prove it. You have less than 12 days to accept the challenge.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

IIS Manager and Script generation

There are always questions on the forums related to scripting settings related to IIS configuration files. In IIS7 and above, there is a nifty feature called the Configuration Editor.  For reference, this blog post is written and pertains to IIS 8.5. This is important because some settings mentioned in this post are not available on any versions prior to IIS 8.5.

This feature allows you to ‘look’ at your configuration files and even update them via the GUI interface. This can be very handy since you are not manually updating one of the configuration files for either the entire IIS Server or one of your websites or applications. Since the format of the file requires specific items, using a tested script or GUI interface can aid in ensuring that you do not accidentally forget a “ or  < in the file which renders it unusable by IIS.

You access this feature by opening Internet Information Services (IIS) Manager. There is a Configuration Editor feature at the server level, the web site level, and for any folder, virtual directory or application within a website.


The location of the feature determines what configuration file will be modified by any changes made. Changes made at the server level will impact the primary configuration documents for the IIS installation. For example, if you would like to view the default settings for the application pools, you would access the Server name and double click on the Configuration Editor icon to open the feature. As you can see from the screenshot below, I have selected the section related to applicationPools. At the bottom of the screenshot, the active configuration file is listed as applicationhost.config.


The screenshot below shows the default settings for application pools as shown in both the configuration editor and the applicationhost.config file.


Making a change in the Configuration Editor updates the applicationhost.config file once you select Apply.

Let’s say for instance, you decide you would like to modify the default settings for your application pools but would like to script it so you can implement it at a later time or across multiple systems. Rather than the defaults for idleTimeout and idleTimeoutAction, you want to implement a longer timeout value and rather than terminating the process, you want to suspend it. The idleTimeoutAction item is only relative to IIS 8.5. For prior versions, you can change the idleTimeout following this same process as well. You are going to set the idleTimeout to 60 minutes rather than the default of 20. You are also going to change the idleTimeoutAction to Suspend rather than Terminate. This comes in handy when you have a website that takes a while to load but only has certain periods of time where it is active. By suspending the process, you do not have to wait for the initial spin-up which occurs after a worker process has been terminated. Any changes that are made in the editor are shown in BOLD in the GUI.


You will now notice that there are multiple actions available (Apply, Cancel, Generate Script). This is where the cool stuff happens. You are going to click Generate Script since you really want the PowerShell commands needed to make this change rather than applying the changes now. This will open a Script Dialog box that provides the auto-generated script in multiple languages including C#, AppCmd, and PowerShell.


You can now copy the script and integrate it into initial build scripts for creating a new IIS server or even as a stand alone script to simply update the settings that you have chosen.

The generated PowerShell script contains this code:

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/applicationPools/applicationPoolDefaults/processModel" -name "idleTimeout" -value "01:00:00"

Set-WebConfigurationProperty -pspath 'MACHINE/WEBROOT/APPHOST'  -filter "system.applicationHost/applicationPools/applicationPoolDefaults/processModel" -name "idleTimeoutAction" -value "Suspend"

You will then opened a PowerShell command window ran as Administrator. Paste the code into the window and run it. Voila, your updates were inserted into the applicationhost.config file and the default settings for new application pools are now configured the way that you want.


There are many settings that can be scripted following these same steps for websites. The Configuration Editor feature at the website level accesses the web.config file for the specified site or application. For example, if you want to change the way that customErrors are handled for your website, you can access the customErrors section of the web.config via the Configuration Editor and change the mode from the default RemoteOnly to On or Off. Once again, you can either apply the setting manually or Generate Script for your script repository or for future use.

I hope you find this blog post helpful, especially if you are just learning PowerShell and working with IIS,

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

Website Encryption

I was asked a curious question the other day related to the number of websites that have SSL certificates installed. After thinking about it, big companies have SSL but most personal websites don’t. Based on my own feelings, the reason things are this way is due to the upfront and yearly costs of SSL certificates as well as not realizing the benefits of encrypting your website content.

During this discussion, a friend told me about the Let’s Encrypt project. This is an exciting new FREE Certificate Authority that will be arriving in the Summer of 2015.

Let’s Encrypt will not be for everyone.  There will still be needs for the Extended Validation, wildcard, and multiple –domain certificates that are provided by Certificate Authorities such as VeriSign and GoDaddy to name a few.

The current application only supports apache but IIS is in the works. A small piece of management software is installed on the server that handles everything from proving control of the website, to requesting the certificate and installing it on the site. It also tracks certificate expiration dates ,handles auto renewal of the certificate and provides the ability to revoke the certificate if needed.

Since there is not a Windows/IIS version currently available, I do not have hands on experience with it. I am definitely looking forward to taking it for a test drive once it is available to see how it handles multiple websites on the same machine, host header sites, or even servers that have SNI and CCS installed.

Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions

HTTP/2–Through the looking glass

One of the things discussed at the MVP Summit this year was HTTP/2. The IIS group had a great session related to this upcoming protocol. Since this is being worked on across multiple companies to develop the new standard, we are able to blog about certain aspects of the protocol. The community is asking that people take an early look at the protocol. Test your applications. Try to find breaking changes so they can be addressed early in the process.

The Internet Engineering Task Force (IETF) works to produce high quality technical documents. The draft document for HTTP/2 is a great resource  to gather additional information related to this undertaking.

The Windows 10 Technical Preview supports HTTP/2 on the client and server side. I decided to spin up a cloud server on my Azure account to take this for a spin. To begin with, there are a few things required in order to test. The Web Server role has to be enabled. HTTP/2 also only works over the TLS cryptographic protocol so an SSL certificate has to be bound to the testing website.  I did not have to complete any of the additional steps in this blog post to ensure that HTTP/2 was enabled. Depending on the version of Technical Preview that you are using, you may need to set the registry key.

Since I want to take a look at all aspects of IIS on this version of Windows, I broke my cardinal rule of ‘Never enable all IIS Features’. The quick way to perform the install is by using PowerShell. I ran the command Add-WindowsFeature –IncludeAllSubFeature –IncludeManagementTools from Windows PowerShell. Once the installation completed, I launched IIS Manager so that I could bind an SSL certificate to the Default Web Site.

Once this was done, I opened Internet Explorer. I then pressed the F12 key to open the F12 Developer Tools so I could watch the network traffic. In the below screenshot, you can see the icon for Network. Click that icon and then click the Green start arrow. This will allow you to see the protocol that is being used between the client and the server.



Now that I had everything setup and ready to go, I navigated to https://localhost. The default IIS page is loaded over TLS and the network trace shows the protocol is HTTP2.



This is a quick way to verify that HTTP/2 is the negotiated protocol between the client and the server.

If you are interested in following the progress of the development of this protocol, here is a list of URLs that provide additional information and testing capabilities.


Terri is a Microsoft MVP (ASP .NET/IIS), an MCSA: Windows Server 2012, and a Cloud Administrator at OrcsWeb, a hosted server company providing managed hosting solutions