Prevent Internal IP address disclosure

One of the vulnerability that we had to fix on a recent project was the disclosure of the IP address when IIS had to redirect a web request to another page and here is how it got fixed.

Based on the following Microsoft support article: “FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0” [1]; follow these steps to set the SetHostName property in IIS, so that the System Admin defined hostname is revealed in the response header as opposed to the internal IP address..

1. Click Start, click Run, type cmd, and then click OK to open a command prompt.
2. Change to the folder where the Adsutil.vbs tool is located. By default, this folder is the following:
   • %SYSTEMROOT%\Inetpub\AdminScripts
3. Type the following command, where x is your site identifier and hostname is the alternate host name that you want to use:
   • cscript adsutil.vbs set w3svc/x/SetHostName hostname
   • X can be looked by from IIS mmc. Click here [2] to know to look up the site identifier.

   If this does not fix the problem then try installing the latest service pack for Windows Server 2003 and then restart your computer

   References:

   1. Microsoft Support: FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0
   2. Chris Crowe’s Blog – IIS Web Site Identifiers.

Getting started with windbg

A while ago I have posted a blog on Troubleshooting an IIS Crash/Hang, where I have mentioned that we can use a tool called Windbg to analyze the dump file that is extracted when an IIS crash occurs. I have found the following some excellent tutorials for learning about how to use Windbg for troubleshooting with IIS and other issues. Following are some of those useful resources

• Getting started with windbg – part I
• Getting started with WinDbg – Part II
• Using WinDbg – Hunting Exceptions
• WinDbg + SOS Cheat Sheet

References:
1. Speaking of which
2. Kent Boogaart
3. WinDbg

IIS – Internal Server Error, Class not registered

On one of the Win XP Professional machines IIS was throwing an Internal Server Error. When I checked the Event Viewer, there was a “Class not Registered” error and following was the content of the event:

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 36
Description: The server failed to load application ‘/LM/W3SVC/1/ROOT. The error was ‘Class not registered’.

Bare bones: ASP and ASPX pages were not being recognised and http 500 error was returned to the browser.

I was able to google my way to the fix on Bernard’s MSMVP blog and God it made my day. Here is the working solution, its not my solution but I felt the need to document it and to share.

I was able to fix this issue following these steps:

1) Open Command Prompt and type “cd \windows\system32\inetsrv”
2) Run “msdtc -resetlog”
3) Run “rundll32 wamreg.dll, CreateIISPackage”
4) Run “regsvr32 asptxn.dll”
5) Run “iisreset”
6) Reboot…

Reference:
1. The famous ‘Class not registered’ – Bernard’s MSMVP Blog

Installing Dotnet Windows Services (the easiest way).

Introduction
I will demonstrate the easiest way of installing a windows service. Using the InstallUtil.exe has been my primary mechanism of installing a windows service until I came across Windows Services Can Install Themselves by W. Kevin Hazzard. That article has demonstrated a service can be installed/uninstalled/launched from the command line alone. I on the other hand have come up with a way to install/uninstall the windows service by double clicking the service executable.

Traditional command line approach: C:\> InstallUtil MyWinService.exe
Kevin Hazzard’s command line approach: C:\> MyWinSvcHost.exe -install
My approach: Just double click on the Service exe.


• Download Source code

How the code works

The first double click on the service executable will install the service and the second double click on the service executable will uninstall the service.

When ever we run a windows service, the main method gets executed as this serves as the entrypoint for the service. The list of of existing windows services can be fetched using the GetServices method of the Service controller class. Loop through the array of services to determine if our service is already installed.

ServiceController[] services = ServiceController.GetServices();

foreach (ServiceController service in services)
{
if (service.ServiceName.Equals(SERVICE_NAME))
{
_IsInstalled = true;
}
}

If the service does not exist on the machine we will install it by executing the InstallMe method of the SelfInstaller class, followed by a messagebox notification of the same.

SelfInstaller.InstallMe();
MessageBox.Show("Successfully installed the " + SERVICE_NAME, "Status", MessageBoxButtons.OK, MessageBoxIcon.Information);

If the service does not exist on the machine we will uninstall it by executing the UninstallMe method of the SelfInstaller class, followed by a messagebox notification of the same.

SelfInstaller.UninstallMe();
MessageBox.Show("Successfully uninstalled the " + SERVICE_NAME, "Status", MessageBoxButtons.OK ,MessageBoxIcon.Information);

As Kevin said in his article this style of installing the service without using the InstallUtil.exe provides us with many options of installing and invoking the service. Happy coding my dear fellow s/w brothers. There might be a downside to this approach; what is someone double clicks on the exe in mission-critical environment [3] ? Situations like that can be prevented by prompting the user if he/she would really likes to Install/Uninstall the service. Another cool suggestion from PIEBALDconsult is to develop a windows form inside the service that would actually allow the user to install/uninstall and control the state of the windows service.

Update

Version 2.0: Code is located in CoolService_V2.zip

a) Added SMESSER’s [4] code to get rid the annoying alert box (Cannot start service from the command line or a debugger.) that appears after the service has been installated/uninstalled.

b) Added code to make this approch more secure (Thanks to PIEBALDconsult’s concern) by prompting the user, is he/she REALLY likes to install/uninstall the service.

c) Moved the WSInstaller class to a WSInstaller.cs for a cleaner code.

References:
1. MSDN
2. Windows Services Can Install Themselves by W. Kevin Hazzard
3. PIEBALDconsult (A fellow member at Code Project)
4. SMESSER (A fellow member at Code Project)

Troubleshooting an IIS Crash/Hang

This is an experience of mine at a client. It was a project about integrating a third party application with the client’s web application, so that the client could provide better service to its customers.

I have designed and implemented this ASP integration application and the project was deployed successfully. Everyone was very impressed with my work and I was happy.

I was thinking how well my design was and that all implementations should be as good as mine. how nice would it be if all the systems that are designed and implemented ran smoothly after a successful QA, with out ever crashing or needing any monitoring.

Phone rings !!!!

Wake up Caveman!!! Wake up !!! Ohhhhhhhh Shoot!! it was only a dreammmm….. damn-it!!

I woke up from my dream with the annoying ring of the phone. I got this call from the support groupMe: Hello, Me here

Support Guy(SG): Hi this is SG from the Support group, how are you?

Me: Good, How about you?

SG: alrite

Me: What’s up?

SG: The website is hanging intermittently and we are having to do an IISReset to bring back the site.

Me: hmm… Is there a pattern to this issue?

SG: The CSR Manager said that this happens randomly and that the business is getting effected because of the outage.

Me: Okay I will take a look at this and get back to you.

SG: This priority 1 issue.

Me: (I thought of shouting at him: so what!!! hold on !!! I will get to it when I can get to it) Thanks for letting me know this…. and the call ends.

This is the time when I was scratching my head about what could possibly have gone wrong, that caused the website to hang. My first instinct told me that the third party component might be the culprit (as later turned out to be) as I did not design/code it, heheheheeeee.

There could be several reasons like some of the following that can cause an application failure.

1. Network Issues.

2. Too many database connections.

3. Unreasonable CPU utilization.

4. Disk access errors.

5. Web Service failures.

6. Erroneous third party components.

7. Memory Leaks.

8. Threading issues, etc…

I would usually start with checking the health of the Web application that includes (but not limited to) checking the following:

• No. of Database Connections.
• CPU on Web Server and Database Servers..
• Event viewers on all servers.
• Memory consumed by Dllhosts or Worker (w3wp.exe) processes.
• Web Service call durations.

At times this might also not help and all you would notice is a blip on the radar that does not tell you much, like an iisreset has been automated and that a crash has occurred.

How would you know the cause of the crash/hang?

IIS State is a command line utility, that is a part of the IIS 6.0 Resource toolkit, that is a very handy to diagnoize IIS related issues.To attach IISState to a particular w3wp.exe process execute the following command (where <PID> is the Process ID). This will do an immediate dump of the current process.

iisstate -p <PID>
IISState also supports the following optional switches:

• -sc(waits for a “soft crash” such as an ASP 0115 Trappable Error Occured in an External Object)
• -hc (waits for a “hard crash” where the process terminates unexpectedly)
• -d(write out a dump file, which can be used for further analysis, e.g. by WinDBG)

IISState outputs a logfile containing the stacks of all the threads in the process. I used the IISState utility to get a dump file and a logfile by hooking it to the only w3wp.exe process. I got lucky and the crash happened in a little time. Upon examining the dump I have noticed that the one of the threads was waiting on another thread to get its job done and that, that thread was waiting on another thread. I traversed through a bunch of threads to finally derive at a thread that was the culprit. I was able to figure out that this thread belonged to a third part dll as mentioned in the thread info.

I have checked with the company that owned the dll and found out that they had released a newer version that took care of the thread issue..

Another way of diagnosing the issue would be by further analyzing the dump file with utility like DebugDiag, WinDBG. For this method of diagnosis you will need the .pdb files of the application and the necessary symbols.

Useful tools:
1. IIS 6.0 Resource Kit Tools
2. Debug Diagnostic Tool (DebugDiag)
3. WinDBG