Blog du Tristank

So terrific that 3 of 4 readers rated it "soporific"

Website Security Suggestion: Get rid of cruft! (script included)

Right: One of my pet hates is cruft on a production website. Cruft is stuff – files – which has accumulated because nobody’s paying attention. Cruft includes sampleware. Developer experiments. Readmes. Sample configs. Backups of files which never get cleaned up. Just general accumulated stuff. It’s website navel lint. Hypertext hairballs. Cruft. Has. No. Place…. Read more

App Pool Recycling Defaults: Why 1740 minutes?

Without doubt, one of the most FAQ when discussing Application Pools in IIS Admin and Troubleshooting workshops! Scott Forsyth shares Wade’s answer In Wade’s words: “you don’t get a resonate pattern”. then follows up with useful advice on establishing your own best recycling interval: First off, I think 29 hours is a good default. For… Read more

IIS 7: But why do I get a 500.19 – Cannot add duplicate collection entry- with 0x800700b7 !?

(Because I’m sure that was your exact exclamation when you hit it!) Also applies to IIS 7.5 (Windows Server 2008 R2), IIS 8.0 (Windows Server 2012), IIS 8.5 (Windows Server 2012 R2) and IIS 10 (Windows Server 2016). The Background This week, I was out at a customer site performing an IIS Health Check, and got… Read more

TMG Rollup 3 out now; so’s Mod_Security for IIS

TMG SP2 Update Rollup 3 As the ISA Blog mentions, Rollup 3 for TMG Service Pack 2 is now available: We are happy to announce the availability of Rollup 3 for Forefront Threat Management Gateway (TMG) 2010 Service Pack 2 (SP2). TMG SP2 Rollup 3 is available for download here: Rollup 3 for Forefront Threat… Read more

Important Kerberos-related hotfix for IIS 7.5

Users cannot access an IIS-hosted website after the computer password for the server is changed in Windows 7 or in Windows Server 2008 R2;en-US;2545850 Essentially, if the computer acount password changes, AppPoolIdentities might be unable to perform Kerberos authentication thereafter (if IIS is restarted as well).  … Read more

IE10 Compat Inspector

There’s an very handy-looking new tool that can be used to quickly determine a site’s compatibility with IE10. I set it up with Fiddler on one of my machines, and can now enable a pop-up item in Fiddler under the Rules menu. I wasn’t familiar with Fiddler’s rules engine before… more investigation is needed!… Read more

IUSR vs Application Pool Identity – Why use either?

(pasted from my email clippings. I’m on holiday right now, catching up on paperwork!) The TLDR version is: using AppPoolIdentity as both the App Pool Account and Anonymous user account lets you have multiple isolated anonymous websites on one box. IIS 7.x and upwards (as of Win2008 R2 and Windows 2008 SP2, also in IIS 8.x in Windows Server… Read more

Configuring Kerberos for SharePoint farms – a generic gotchas list

Recently, I worked on a Kerberos configuration issue with a customer; these are my notes from the visit. You’ll see some common themes with Kerbie Goes Bananas, and it puts much of that into practice. Speaking of, I must redo Kerbie with SetSPN -S  (shameface)   1. DNS should use an A record to refer… Read more

PSA: You really need to update your Kerberos setup documentation with SetSPN -S!

Hi! You might remember me from such posts as Kerbie Goes Bananas, and SetSPN improvements for Windows 2008. Or something. I’m here with a public service announcement! Excitement! It’s been long enough since Windows 2008 (and the downlevel release of SetSPN) that I feel comfortable respectfully asking you to please: Search and Replace SetSPN -A… Read more

DebugDiag 1.2 (64-bit capable, .Net 2.0+ compatible) released

Great news, everybody! Wait, that was Farnsworth-y – no, really, it’s great news! DebugDiag 1.2 (or to give it its full title, the Debug Diagnostic Toolkit) has been released to the web and is available from the Microsoft Download Center. Notes from the email that described this release: Analysis: · .Net 2.0 and higher analysis… Read more