About Us Products Services Partners Certification Testimonials Contact Us Support
Call Us :(718) 361-1010
Lansend Microsoft Certified Partner Microsoft Small Business Specialist

Display detailed ASP 500 errors in IIS 7

clock May 29, 2014 09:58 by author Ashwin Pai

There are two requirements for this , most articles do not mention the second requirement.

1. In the ASP configuration set " Send error to browser" to true

You can also do it using the the command-line tool AppCmd.exe

appcmd.exe set config "Default Web Site" -section:system.webServer/asp /scriptErrorSentToBrowser:"True"


2. In the Error pages Configuration go to " Edit Feature Settings" on the right & select " Detailed Errors"


Note this applies to all errors.

Installing a self-signed SAN SSL certificate on your Exchange Server

clock October 18, 2013 07:07 by author Ashwin Pai

Installing a self-signed SAN SSL certificate on your Exchange Server

There are many articles on the web about installing self-signed SSL certificates, but most of them assume multiple servers in a corporate environment & a certain level of knowledge and experience from the tech. It does not take into consideration the tech supporting an SBS server who has to deal with this issue once in a blue moon, when the SSL certificate expires on the server & Outlook et all start nagging. All you want to do is fix it & get out of there.

This article was pruned from the following three in-depth articles.

  1. How to create your own self signed SSL UCC SAN Certificate to use with Exchange 2007/2010
  2. How to add a Subject Alternative Name to a secure LDAP certificate MS KB 931351
  3. Issuing a Certificate for a Pending Request

In most SBS environments the Certificate server & the Exchange server are probably one and the same.
Nevertheless I have distinguished between the two by call the Certificate server as Certserver
If there is only one SBS server , then all references to a server are to the same Server

The Exchange server probably has an internal name & is on an internal domain name such as domain.local
Additionally you may have published the OWA on a different URL which to access the server from the Internet.
I have therefore referred to the Exchange Server in the following way. Please modify appropriately.

Internal name:

External name:

The same domain naming convention applies to autodiscover.

There are two text files attached to this post. You will need to download them & rename them accordingly.

request.txt (875.00 bytes)

Sancerts.txt (373.00 bytes)

  1. Sancerts.txt
    This file is a batch file & has to be run on the certificate server. It prepares the server to accept SAN requests. Presumably it has to be run only once during the lifetime of the server. Rename it to Sancerts.bat
  2. request.txt
    This is your request file. rename it to Request.inf & save it on the Exchange Server.



  1. Run the batch file Sancerts.bat on the Certificate Server , there is a pause at the end so you can verify that it was successful. If successful , press any key to close the Command window.
  2. Modify Request.inf to match your domain names & server names. If the inside & outside names & domain names are the same you need not duplicate entries.
  3. Open a command prompt on the Exchange server & navigate to the location where you saved Request.inf.
    Note: the process will create files & you should have rights to create files.
  4. At the command prompt, type the following command, and then press ENTER:
    certreq -new request.inf certnew.req.
  5. Type the following command, and then press ENTER:
    certreq -submit certnew.req certnew.cer
    You will get a popup asking you to select the Certificate server. It will probably be the same server
  6. If the above command is successful you will get a response that provides you the Request ID number to retrieve the certificate. Make a note of the number. Do not close the Window.
  7. On the certificate Server go to Administrative tools >>Certification Authority
  8. The above will bring up the CertSrv , go to Pending Requests ,  & issue the pending request , it should have today's date as you just requested it.
  9. Return back to the command prompt on the Exchange Server &type the following command, and then press ENTER:
    certreq -retrieve RequestID certnew.cer
    ReuquestID is the number you made of note of in step 6 above
  10. type the following command, and then press ENTER:
    certreq -accept certnew.cer

At this point if all goes well you have created  for & installed a new San certificate on the Exchange Server.

You now need to install this certificate on the OWA for the Exchange server ( See Image below)

  1. Open IIS Manager on the Exchange Server
  2. GO to Sites & select the site that hosts the OWA , in most instances it is the Default Website
  3. Click on Bindings in the Actions Menu on the right hand side.
  4. You should two https Types You will need to apply the certificate to both
  5. Highlight the first https & select edit a Window will pop up
  6. Under SSL certificate , use the drop down menu to select the certificate you just created
    Sadly I could not figure out a way to give it a friendly name so you may have duplicate entries of Internal.domain.local
    Select each one & click View to view the certificate & confirm that you have selected the correct certificate
    The correct certificate will have a validity date of one year from today
  7. Repeat 5 & 6 above for the other https
  8. Restart IIS & you should be done


The other SAD part is that I could not figure out how to assign the certificate for more than one year.

If anybody can figure that out please post on our Facebook page

I hate this nonsense of doing this every year
























Providing a website access to a folder on another server in IIS 7

clock June 26, 2013 09:04 by author Ashwin Pai
  1. On the server that has the folder to which the web server ( other server) will connect , create the share Create a local user ( to avoid domain issues)Give that local user appropriate rights to that share.
  2. On the other server that has the website, Create a Virtual directory In the website.

  3. Specify the pass through authentication , by clicking on Connect as

  4. Select Specific user & click on SET

  5. Provide the username & password for the user you created on the first server in step 1, make sure you specify server name

  6. Ok out till you reach the screen in step 3 & clcik test settings. If you have done it right you should get a connect succesfull response.
  7. If you do not get a succesfull response.
    Check to see if you can connect to the share & map the drive in Windows.
    Netbios traffic must flow between the two servers.

Windows 2008 access denied when editing files

clock June 28, 2012 06:41 by author Ashwin Pai

If you are logged on to the Windows 2008 server as an Administrator or with Administrator privileges, UAC kicks in. If you try to edit files such as web.config , login scripts you get “access denied when you try to the save the file.

Windows 2008 now expects Administrators to manually launching notepad.exe from the start menu, right clicking it and choose “Run as Administrator”. & the browse to the folder & open the required file.

For non-Administrators you can simply give full access to the folder in Security & it will work, but Administrators have to jump through hoops,. Go figure.

If you are like me, you have probably set up the file associations to open these files in notepad when you double click on the file. If you are server administrator you probably do this often on multiple servers.

There are many elaborate solutions out there. I solved my problem by doing the following.

  1. Go to Start >>Administrative Tools >> Local security Policy
  2. Go to Local Policies >>Security Options
  3. Towards the bottom , you will see “ User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode”
  4. Double click & change to “ Elevate without prompting”


Note: You are effectively disabling UAC & should be aware of the implications of doing so.

Event ID: 27 While processing a TGS request for the target server krbtgt

clock May 12, 2012 12:59 by author Ashwin Pai

While processing a TGS request for the target server krbtgt XXXXXXXX
did not have a suitable key for generating a Kerberos ticket (the missing key has an ID of 8).
The requested etypes were 18.  The accounts available etypes were 23  -133  -128  3  1.

Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 27

The cause of the event is that the client requests a service ticket with a etype 18 (aes256-cts-hmac-sha1-96), which is not supported by Windows Server 2003 but supported by Windows Server 2008 R2. If the Kerberos authentication works properly, you can safely ignore the events. It just informs the clients what etypes it supports.

For more information, please refer to the following articles:

The security principals and the services that use only DES encryption for Kerberos authentication are incompatible with the default settings on a computer that is running Windows 7 or Windows Server 2008 R2


Event ID 27 — KDC Encryption Type Configuration



No such interface supported SMTP logs not generated

clock October 18, 2011 08:03 by author Ashwin Pai

When you install SMTP on Windows 2008 Server , SMTP logs may not be getting generated. Websites may or may not be sending out emails & when you click on Current sessions in IIS 6.0 manger you get the message " No such interface supported".

While not obvious the ODBC Logging module a role service in Server Manager needs to be installed.

Windows Server 2008 SMTP Service logging


Thank you Steve Schofield


still does not work then try this.

Close MMC

C:\Windows\System32\inetsrv>regsvr32 smtpsnap.dll
C:\Windows\System32\inetsrv>regsvr32 smtpadm.dll

Reopen mmc

Thanks UnderCoverGuy

ASP.NET is not authorized to access the requested resource

clock November 18, 2010 16:43 by author Ashwin Pai

When you build a website in ASP.NET on  IIS 7.0 parts of your website may not work & display the error shown below.

In this instance the website is sending an order confirmation email.

The reason you get this error is that the default configuration of IIS 7.0 uses the user MACHINE NAME\Network Service to execute some types of anonymous access and not IUSR_MACHINENAME.

You have two options one is to setup impersonation by editing the web.config   file if you are just the system admin & are uncomfortable messing around with the web.config file then the simpler option is to give the  user MACHINE NAME\Network Service modify rights the folder in question which in this case  is C:\inetpub\mailroot\Pickup\



Server Error in '/' Application.

Access to the path 'C:\inetpub\mailroot\Pickup\b47ff1f1-dc5a-4fed-a8c2-a80d7c26d901.eml' is denied.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: System.UnauthorizedAccessException: Access to the path 'C:\inetpub\mailroot\Pickup\b47ff1f1-dc5a-4fed-a8c2-a80d7c26d901.eml' is denied.

ASP.NET is not authorized to access the requested resource. Consider granting access rights to the resource to the ASP.NET request identity. ASP.NET has a base process identity (typically {MACHINE}\ASPNET on IIS 5 or Network Service on IIS 6) that is used if the application is not impersonating. If the application is impersonating via <identity impersonate="true"/>, the identity will be the anonymous user (typically IUSR_MACHINENAME) or the authenticated request user.

To grant ASP.NET access to a file, right-click the file in Explorer, choose "Properties" and select the Security tab. Click "Add" to add the appropriate user or group. Highlight the ASP.NET account, and check the boxes for the desired access.

Source Error:

If it helped would appreciate a rating star.

Microsoft Certified Partner


Version Information: Microsoft .NET Framework Version:2.0.50727.3615; ASP.NET Version:2.0.50727.3618




    <<  March 2021  >>

    View posts in large calendar

    Sign in

    About Us Products Services Partners Certification Testimonials Contact Us Support Site Map Copyright © 2021. All Rights Reserved.