Errors setting up 2019 virtual with two NICs

-2

In 2010, one of our sys admins setup a 2008 virtual server with 2 NICs and IIS 7.5. One IP was used to host a http port 80 site and the other IP to host a https port 443 site. Internal DNS and and internal firewall settings directed traffic to the appropriate sites and both sites ran as designed and we had no problems.

More recently, one of our sys admins setup a virtual 2019 server with IIS 10 and one NIC. I began testing a new ASP.NET site for https traffic and everything worked as designed. The second NIC was not setup on the virtual 2019 server until a few weeks later. I tried to mirror the setup that was used on the 2008 virtual and IIS 7.5, but after the second NIC was added, it caused a number of errors to occur on the https site. Viewstate errors, encryption errors, Form Authentication errors and SMTP mail errors all occurred.

After reviewing errors from the Event Viewer and doing some research, it appears Windows thinks we are running a web farm. I suspect when the second NIC was added, it changed the Machine Key, which contributed to the majority of errors that have been occurring. I would like to understand what I need to look for in IIS 10, the Application Pool Identity (the https site uses a domain account for impersonation), web.config and machine.config, and SMTP mail (we have an internal Exchange Server that uses an IP range for servers allowed to relay). I am not a sys admin and only a novice developer, and I admit I do not know enough about how to accommodate a setup of this nature on a 2019 virtual server running IIS 10. My network access is limited and I am dependent upon sys admins for much of the setup. Any advice and recommended reading would be greatly appreciated to assist them in proper setup.

System.Security.Cryptography.CryptographicException: Bad Data. at System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr) at System.Security.Cryptography.Utils._DecryptData(SafeKeyHandle hKey, Byte[] data, Int32 ib, Int32 cb, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode PaddingMode, Boolean fDone) at System.Security.Cryptography.CryptoAPITransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at Simple3Des.DecryptData(String encryptedtext) at black_ChangePasswordIS.doDecrypt(String Nm, String dval) in C:\sitefolder\black\ChangePasswordIS.aspx.vb:line 188 at black_ChangePasswordIS.btnChgPwd_Click(Object sender, EventArgs e) in C:\sitefolder\black\ChangePasswordIS.aspx.vb:line 162

This class file is located in the AppCode folder

Imports Microsoft.VisualBasic
Imports System.Security.Cryptography

Public NotInheritable Class Simple3Des
    Private TripleDes As New TripleDESCryptoServiceProvider

    Private Function TruncateHash(
    ByVal key As String,
    ByVal length As Integer) As Byte()

        Dim sha1 As New SHA1CryptoServiceProvider

        ' Hash the key.
        Dim keyBytes() As Byte =
            System.Text.Encoding.Unicode.GetBytes(key)
        Dim hash() As Byte = sha1.ComputeHash(keyBytes)

        ' Truncate or pad the hash.
        ReDim Preserve hash(length - 1)
        Return hash
    End Function

    Sub New(ByVal key As String)
        ' Initialize the crypto provider.
        TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
    End Sub

    Public Function EncryptData(
        ByVal plaintext As String) As String

        ' Convert the plaintext string to a byte array.
        Dim plaintextBytes() As Byte =
            System.Text.Encoding.Unicode.GetBytes(plaintext)

        ' Create the stream.
        Dim ms As New System.IO.MemoryStream
        ' Create the encoder to write to the stream.
        Dim encStream As New CryptoStream(ms,
            TripleDes.CreateEncryptor(),
            System.Security.Cryptography.CryptoStreamMode.Write)

        ' Use the crypto stream to write the byte array to the stream.
        encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
        encStream.FlushFinalBlock()

        ' Convert the encrypted stream to a printable string.
        Return Convert.ToBase64String(ms.ToArray)
    End Function

    Public Function DecryptData(
    ByVal encryptedtext As String) As String

        ' Convert the encrypted text string to a byte array.
        Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)

        ' Create the stream.
        Dim ms As New System.IO.MemoryStream
        ' Create the decoder to write to the stream.
        Dim decStream As New CryptoStream(ms,
            TripleDes.CreateDecryptor(),
            System.Security.Cryptography.CryptoStreamMode.Write)

        ' Use the crypto stream to write the byte array to the stream.
        decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
        decStream.FlushFinalBlock()

        ' Convert the plaintext stream to a string.
        Return System.Text.Encoding.Unicode.GetString(ms.ToArray)
    End Function
End Class

I created a table in SQL that houses the hire date of all employees - pulled off of our AS400. For each date, I generated a GUID string and used it as the wrapper when passwords were auto-generated for each user. Users with domain e-mails were e-mailed their "temporary" password. Users with external e-mails were told to append the last four digits of their SSN to the temporary password that was e-mailed to them. The site would not allow users to fully log-in until they changed their password. STRONG passwords were required. Here is the page code:

    Private Sub btnChgPwd_Click(sender As Object, e As EventArgs) Handles btnChgPwd.Click
        Dim DeptEmpID As Integer = CType(Session("DeptEmpID"), Integer)
        Dim cPwd As String = CType(Me.Pwd.Text, String)
        Dim nPwd As String = CType(Me.NewPwd.Text, String)
        Dim cnPwd As String = CType(Me.ConfirmPwd.Text, String)
        Dim pPwd As String = String.Empty
        Dim CondtCk As Integer = 0
        Try

        Catch ex As Exception

        End Try
        If Not (IsNumeric(DeptEmpID)) = True Then
            Response.Redirect("../Login.aspx?msgid=2")
        Else
            If nPwd <> cnPwd Then
                Me.pnlSecQ.Visible = False
                Me.pnlChgPwd.Visible = True
                Me.AdminMsg.ForeColor = Drawing.Color.Red
                Me.AdminMsg.Text = "<div class=""txcenter txtlrg"">Your passwords do not match.  Please try again.  Thank you!</div>"
                Exit Sub
            ElseIf nPwd = cnPwd Then
                If cnPwd.Contains("0") Or cnPwd.Contains("1") Or cnPwd.Contains("2") Or cnPwd.Contains("3") Or cnPwd.Contains("4") Or cnPwd.Contains("5") Or cnPwd.Contains("6") Or cnPwd.Contains("7") Or cnPwd.Contains("8") Or cnPwd.Contains("9") Then
                    CondtCk = CondtCk + 1
                End If
                If cnPwd.Contains("!") Or cnPwd.Contains("@") Or cnPwd.Contains("#") Or cnPwd.Contains("$") Or cnPwd.Contains("%") Or cnPwd.Contains("^") Or cnPwd.Contains("&") Or cnPwd.Contains("*") Or cnPwd.Contains("~") Or cnPwd.Contains("(") Or cnPwd.Contains(")") Or cnPwd.Contains("_") Or cnPwd.Contains("-") Or cnPwd.Contains("+") Or cnPwd.Contains("=") Or cnPwd.Contains("|") Or cnPwd.Contains("\") Or cnPwd.Contains("[") Or cnPwd.Contains("{") Or cnPwd.Contains("]") Or cnPwd.Contains("}") Or cnPwd.Contains(";") Or cnPwd.Contains(":") Or cnPwd.Contains(" ") Or cnPwd.Contains("'") Or cnPwd.Contains(",") Or cnPwd.Contains("<") Or cnPwd.Contains(".") Or cnPwd.Contains(">") Or cnPwd.Contains("?") Or cnPwd.Contains("/") Or cnPwd.Contains("`") Then
                    CondtCk = CondtCk + 1
                End If
                If cnPwd.Contains("A") Or cnPwd.Contains("B") Or cnPwd.Contains("C") Or cnPwd.Contains("D") Or cnPwd.Contains("E") Or cnPwd.Contains("F") Or cnPwd.Contains("G") Or cnPwd.Contains("H") Or cnPwd.Contains("I") Or cnPwd.Contains("J") Or cnPwd.Contains("K") Or cnPwd.Contains("L") Or cnPwd.Contains("M") Or cnPwd.Contains("N") Or cnPwd.Contains("O") Or cnPwd.Contains("P") Or cnPwd.Contains("Q") Or cnPwd.Contains("R") Or cnPwd.Contains("S") Or cnPwd.Contains("T") Or cnPwd.Contains("U") Or cnPwd.Contains("V") Or cnPwd.Contains("W") Or cnPwd.Contains("X") Or cnPwd.Contains("Y") Or cnPwd.Contains("Z") Then
                    CondtCk = CondtCk + 1
                End If
                If cnPwd.Contains("a") Or cnPwd.Contains("b") Or cnPwd.Contains("c") Or cnPwd.Contains("d") Or cnPwd.Contains("e") Or cnPwd.Contains("f") Or cnPwd.Contains("g") Or cnPwd.Contains("h") Or cnPwd.Contains("i") Or cnPwd.Contains("j") Or cnPwd.Contains("k") Or cnPwd.Contains("l") Or cnPwd.Contains("m") Or cnPwd.Contains("n") Or cnPwd.Contains("o") Or cnPwd.Contains("p") Or cnPwd.Contains("q") Or cnPwd.Contains("r") Or cnPwd.Contains("s") Or cnPwd.Contains("t") Or cnPwd.Contains("u") Or cnPwd.Contains("v") Or cnPwd.Contains("w") Or cnPwd.Contains("x") Or cnPwd.Contains("y") Or cnPwd.Contains("z") Then
                    CondtCk = CondtCk + 1
                End If
            End If
            If CondtCk >= 3 And cnPwd.Length >= 8 Then
                Try
                    Dim strSQL1 As String = "SELECT pActiveDate, pPwd FROM DeptPersonnel WHERE (DeptEmpID = @DeptEmpID)"
                    Dim cnn As SqlConnection
                    cnn = New SqlConnection(UConn)
                    Dim cmd As SqlCommand
                    Dim dr As SqlDataReader
                    cmd = New SqlCommand(strSQL1, cnn)
                    cnn.Open()

                    cmd.Parameters.Add("@DeptEmpID", Data.SqlDbType.Int)
                    cmd.Parameters("@DeptEmpID").Value = DeptEmpID

                    dr = cmd.ExecuteReader()
                    Do While dr.Read()
                        pActiveDate = dr("pActiveDate")
                        Dim GUIDWrapper As String = gtGUID(pActiveDate)
                        pPwd = dr("pPwd")
                        pPwd = doDecrypt(GUIDWrapper, pPwd)
                    Loop
                    dr.Dispose()
                    dr = Nothing
                    cnn.Close()
                    cnn = Nothing
                    If cPwd <> pPwd Then
                        Me.pnlSecQ.Visible = False
                        Me.pnlChgPwd.Visible = True
                        Me.AdminMsg.ForeColor = Drawing.Color.Red
                        Me.AdminMsg.Text = "<div class=""txcenter txtlrg"">The password you entered as your ""current"" password does not match your actual password.  Please try again.  Thank you!</div>"
                    Else
                        ChgPwd(DeptEmpID, nPwd)
                    End If
                Catch ex As Exception
                    Me.AdminMsg.Text = "<div class=""txcenter txtmd"">" & ex.ToString() & "</div>"
                End Try
            Else
                Me.AdminMsg.ForeColor = Drawing.Color.Red
                Me.AdminMsg.Text = "<div class=""txcenter txtlrg"">The password you entered does not meet the security requirements.  Your password must be at least 8 characters in length and you must have 3 of 4 of the following.<br /> - At least 1 upper case character<br /> - At least 1 lower case character<br /> - At least 1 number<br /> - At least 1 special character.<br /><br />Please try again.  Thank you!</div>"
            End If
        End If
    End Sub
    Public Function doDecrypt(ByVal Nm As String, ByVal dval As String) As String
        Dim wrapper As New Simple3Des(Trim(Nm)) 'Hash w/Hire Date
        Dim retval As String = ""
        retval = wrapper.DecryptData(dval)
        Return retval
    End Function

“System.InvalidOperationException: Timeout expired. The timeout period elapsed prior to obtaining a connection from the pool. This may have occurred because all pooled connections were in use and max pool size was reached. at System.Data.ProviderBase.DbConnectionFactory.TryGetConnection(DbConnection owningConnection, TaskCompletionSource1 retry, DbConnectionOptions userOptions, DbConnectionInternal oldConnection, DbConnectionInternal& connection) at System.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal(DbConnection outerConnection, DbConnectionFactory connectionFactory, TaskCompletionSource1 retry, DbConnectionOptions userOptions) at System.Data.SqlClient.SqlConnection.TryOpenInner(TaskCompletionSource1 retry) at System.Data.SqlClient.SqlConnection.TryOpen(TaskCompletionSource1 retry) at System.Data.SqlClient.SqlConnection.Open() at Login.doDBAuth(String pEmail, Int32 LgnType)” I had to recycle the AppPool serveral times. I've made sure to close all of my db connections after each call to the database.

Event code: 4005 Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. Event time: 5/18/2020 10:35:33 AM Event time (UTC): 5/18/2020 2:35:33 PM Event ID: f3d3c82873744ccd9fcad5fc293ee8ee Event sequence: 1426 Event occurrence: 52 Event detail code: 50201 I have no idea why this message continuously appeared in the event viewer. Anonymous Authentication is enabled, Impersonation is enabled, and Forms authentication is enabled. Impersonation is used because write permission is required on the site.

Event code: 4009 Event message: Viewstate verification failed. Reason: The viewstate supplied failed integrity check. Event time: 5/18/2020 10:46:09 AM Event time (UTC): 5/18/2020 2:46:09 PM Event ID: 17e4f8e27fdb40ba86e5845d462e361e Event sequence: 2 Event occurrence: 1 Event detail code: 50203 ViewStateException information: Exception message: Invalid viewstate. Client IP: 10.1.40.176 Port: 56317 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36 PersistedState: e7KIfwaPQGMzlihF7OPrredrmJUc0uou5KwiafvCWzdnTICpwkv4qdrZhJARXVef0HtXsEKIASNF4g0UdIzSO+SPeHHjQDKZl8+mWnP7U4U= Referer: https://sitedomain:443/login.aspx?msgid=1 Path: /login.aspx .ASPXFORMSAUTH session name was used on the old site. After researching this error, I changed the session name in IIS. I don't know if this corrected this error. I haven't had the opportunity to test this yet.

Exception information: Exception type: SmtpFailedRecipientException Exception message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay for useremailaddress@domainname.com at System.Net.Mail.SmtpTransport.SendMail(MailAddress sender, MailAddressCollection recipients, String deliveryNotify, Boolean allowUnicode, SmtpFailedRecipientException& exception) at System.Net.Mail.SmtpClient.Send(MailMessage message) at ForgotPassword.SendErr(String Msg) in C:\sitefolder\ForgotPassword.aspx.vb:line 109 at ForgotPassword.btnContd_Click(Object sender, EventArgs e) in C:\sitefolder\ForgotPassword.aspx.vb:line 74 at System.Web.UI.WebControls.Button.OnClick(EventArgs e) at System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) I began testing this page after realizing mail would not relay. We host an Exchange server on our network. Mail WAS relaying before the second NIC was added to the server. The IP Address of this site fell within the IP range of network servers allowed to relay on our network on the Exchange server. This page generates a random 6-digit code and a GUID and then inserts those values in a database along with the user's e-mail. A URL is generated using the GUID string as a query string on the URL. When the user clicks the link e-mailed to them, they are sent to a page where they must enter the 6-digit code in order to obtain their password. Here is entry of web.config and page code.

  <system.net>
    <mailSettings>
      <smtp deliveryMethod="Network">
        <network defaultCredentials="true" host="servername" />
      </smtp>
    </mailSettings>
  </system.net>

    Protected Sub doSendLink(ByVal pFName As String, ByVal pLName As String, ByVal pEmail As String, ByVal SecQ As Integer, ByVal SecA As String)
        Dim FullName As String = String.Format(pFName + " " + pLName)
        Try
            Dim str As String = "<div class=""txcenter txtlrg"">Hello " & pFName & "<br /><br />Our records indicate you have requested the retrieval of your password.  If you find this e-mail to be in error, please contact the [Department Name] immediately (xxx) xxx-xxxx.  If you have indeed requested your password, please click the link below and enter this code (<span style=""color: #FF0000;"">" & SecQ & "</span>) when you arrive at the page.<br /><br /><a href=""https://siteaddress/RetrievePwd.aspx?dc=" & SecA & """>Support Center<a></div>"
            Dim _msg As New MailMessage()
            _msg.From = New MailAddress("internalmail@domainname.com", "Webmaster")
            _msg.To.Add(New MailAddress(pEmail, FullName))
            _msg.Subject = "Forgot Password Request"
            _msg.Body = str
            _msg.IsBodyHtml = True

            Dim SmtpMail As New SmtpClient
            SmtpMail.Host = "servername"
            SmtpMail.Send(_msg)

            Me.AdminMsg.Text = "<div class=""txcenter txtlrg"">An e-mail has just been sent to your mailbox.  Please follow the directions contained in the e-mail to retrieve your password.  Thank you!</div>"
        Catch ex As Exception
            SendErr(ex.ToString())
        End Try
    End Sub

IIS was configured with the server name and port 25. The IP of the server was in the list of IP's eligible for relay on the Exchange server.

Faulting application name: mmc.exe, version: 10.0.17763.1, time stamp: 0x176b88f0 Faulting module name: inetmgr.dll, version: 10.0.17763.1, time stamp: 0x17b88003 Exception code: 0xc0000005 Fault offset: 0x0000000000036e23 Faulting process id: 0x3cc Faulting application start time: 0x01d62d2dec25601b Faulting application path: C:\Windows\system32\mmc.exe Faulting module path: C:\Windows\System32\inetsrv\inetmgr.dll Report Id: 6ef17671-01df-4761-8041-a3eb8a1fa273 Faulting package full name: Faulting package-relative application ID: The application crashed several times after this error occurred.

As you might imagine, this day was a nightmare for me. I realize that when testing on the local machine, IIS Express by-passes a lot of security, but everything that happened on this day was something I was not prepared for. LOL!

asp.net
web-config
iis-10
applicationpoolidentity
asked on Stack Overflow May 25, 2020 by tml109 • edited May 26, 2020 by tml109

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0