Restrict IIS to listen only on X IP Address. Allowing you to co-run with TomCat/Apache on port 80 with IIS on port 80


Long title I know. So your running IIS on your server and serving up websites on port 80.  You also have some third party program that’s running on Tomcat. Maybe like Atlassian products like Jira or Confluence. However they have to run on ports like 8088 or 8443 for SSL because TomCat can bind the port numbers but cannot use port 80 because IIS hogs that up on all your IP addresses.

Assuming your server has more then one IP you can limit IIS to only bind on a single IP and then in TomCat’s config you can limit it’s binding IP to the other. (Technically you’re not limiting IIS you’re limiting the http web protocol that IIS uses).


Open a command prompt as an administrator

Show which IP Address IIS is listening/binding too with this command.

netsh http show iplisten

Then limit IIS to listen/bind certain IP address with this command

netsh http add iplisten

Reboot the server (You could try restarting http service but that doesn’t always show up in services and it’s a pain. Easier to reboot).

Run the listen command again and you should that the restricted IP is no longer in the list. You’re now free to use that IP for TomCat or some other service and bind to port 80 and 443.

Getting Out of Memory Exception when you have plenty of Memory/RAM available


This is a great article on why having or adding more memory won’t fix your Out of Memory Exception.   Bottom line.. on a 32bit server you’re site will crash when it hits between 600MB and 800MB.  The amount varies based on what else is going on with the machine.   The solution? Basically, you have to upgrade to a 64bit OS or re-write your application.


Why adding more memory won’t fix your Out of Memory error by Edge

Copied from the article directly, in case it ever goes down.


Here an interesting case. Consider there 2 scenarios:

Both are running the same website, both have the same amount of users connected.

Now imagine this website has a page to upload pictures, just like any regular photo-album website.

For some reason, at some point the users complain that they see an error page indicating out of memory error.

So, you wonder: How come? they are just uploading a photo to my website, and I still have plenty of memory in my server anyway.

Anyhow, you stop thinking about this and go for the easiest, quick and dirty solution: If the system tells me that my computer does not have enough memory then I just need to add more memory. Right?

And guess what? you still will get the error message.

That's a very common mistake. Having a machine with 10GB of memory does not mean you will have 10GB of memory available. I explain.

It does not matter if your computer or server has 512 MB, 1 GB, 2 GB, 4 GB or 8 GB of RAM. If your machine is a 32-bit machine it will only be able to see/manage 4 GB. That's mathematics, that's life, that's the way things are and you can't do nothing about it. A 32-bit machine can not do more than that.

Additional memory may increase your system performance, but it won't increase the memory availability. Sure your computer will use less the hard disk for swapping operations and will be able put more stuff in memory and start some programs faster, but 4GB is the limit; after this point the memory management module will start doing disk swap and to use the famous page file.

And here comes more bad news: Your Windows system on a 32-bit machine requires 2 GB allocated only for it.

So, if you have 4 GB installed, effectively you will have 2 GB only for applications; your windows will be using alone 2 GB.

So, what does out of memory means?

Well, according to some people at Microsoft, this limit for an average configuration is reached between 600 MB and 800 MB of utilization. That 800 number is NOT A RULE, is a baseline. Generally speaking the largest majority of configurations with website, .NET and SQL Server database might have a problem around this point. Of course, this can vary from system to a matter of fact a system can be out of memory at just 600 MB.

Yes, it does sounds crazy. You look so happy now that you just bought a 4GB RAM notebook and your computer is breaking with just 800MB, hun?

Here is another point for you. Have you ever seen someone bragging that he/she bought a 10-megapixel camera and now he/she believes their pictures are going to be better because of this?

Well, guess what? Just like the number of megapixels in a camera box does not have much to do with picture quality, RAM memory does not have much to do with hard disk space.

That's a common mistake: People buy RAM as if they were buying a hard disk.

RAM usage needs to me continuous, unlike hard disk. A simple 5MB Microsoft Word document when saved in a hard disk can be split up in hundreds of pieces; When you open this file in memory, the RAM requires those 5MB to be allocated continuously.

Can you see now the reason for the 'out of memory' message?

Yes, it really means 'there is not enough continuous memory to place that file in memory'. Your system might have 2GB of RAM but unfortunately it might be too busy with stuff running and there is no enough continuous memory to put the picture you are uploading.

Yeah, you can not do much but you can buy a 64-bit machine then when you add more memory you can really use it more efficiently. And yes, we have Microsoft Windows systems for 64-bit machines.

If you do not want to buy a new system of upgrade you current server to a better version then you should think other solutions in the business process, such as to avoid users upload pictures with more than 1 MB in size to be uploaded.

Upgrading your IIS 1024 SSL Cert to 2048 Encryption


If you’re trying to renew your cert to 2048 on IIS from 1024, it’s not as straight forward.  The cert request you produce on IIS will fail validation at your SSL provider if it’s not a request to renew a 1024 cert.

MS has a solution, but it’s basically.. you create another dummy site. Create a new certificate there and then instead of renewing your other site, you tell it to replace the existing cert with the new one.


Here are the actual steps.

  1. In the Microsoft Management Console (MMC), right-click the default Web site, click New, and then click Site.
  2. Create a new site and give it a temporary name.
  3. Right-click the new site, click Properties, click the Directory Security tab, and then click Server certificate.
  4. Select Create new certificate and follow the wizard to create a new CSR. When prompted, select Prepare the request now but send it later.
  5. Use the CSR that you just created to request a new certificate from the certificate authority (CA) that issued the original certificate.
  6. When you receive the certificate from VeriSign or another third-party CA, save it to your hard drive. Remember the serial number of this certificate and where you save it.
  7. Right-click the temporary site that you created in step 2, click Properties, click the Directory Security tab, click Server certificate, and then click Next. Follow the wizard. When prompted, select Process the pending request.
  8. After the certificate has been installed, click OK, and then stop and start the Web site.
  9. Right-click the temporary site that you created in step 2, click Properties, click Directory Security, and then click Server certificate.
  10. Select Remove the current certificate and follow the wizard. This removes the certificate from IIS, but the certificate remains in the certificate store.
  11. Right-click the Web site that has the original server certificate installed (that is, the certificate that you are renewing or replacing), click Properties, click Directory Security, click Server certificate, and then select Replace the current certificate.
  12. Select the certificate that you just installed. If you see duplicate certificate names, make sure that you select the certificate that matches the serial number that you noted in step 6.

HTTP Error 404.17

HTTP Error 404.17 - Not Found
The requested content appears to be script and will not be served by the static file handler.

One Possible Solution:

%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe -i

IIS7 Windows7/Server2008 ApplicationPoolIdentity Security Change from Network Service


Yeah this one got me..

The change microsoft made to have AppPool now run as “ApplicationPoolIdentity” instead of Network service.

So if you normally give Network Service rights needed to your webapp, you now have to stop doing that and change it to

IIS AppPool\DefaultAppPool



End of that.





  1. Open Windows Explorer
  2. Select a file or directory.
  3. Right click the file and select "Properties"
  4. Select the "Security" tab
  5. Click the "Edit" and then "Add" button
  6. Click the "Locations" button and make sure you select your machine.
  7. Enter "IIS AppPool\DefaultAppPool" in the "Enter the object names to select:" text box.
  8. Click the "Check Names" button and click "OK".

By doing this the file or directory you selected will now also allow the "DefaultAppPool" identity access.

EventID 4625 on Windows 2008 IIS7 Windows Authentication Error

I was having wierd authentication issues on a Windows 2008 server with IIS7. I was trying to use Windows Authentication.  Worked fine from a remote location but failed when local on the server.

An account failed to log on.

    Security ID:        NULL SID
    Account Name:        -
    Account Domain:        -
    Logon ID:        0x0

Logon Type:            3

Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:        xxxxxx
    Account Domain:        xxxxxx

Failure Information:
    Failure Reason:        An Error occured during Logon.
    Status:            0xc000006d
    Sub Status:        0x0

Process Information:
    Caller Process ID:    0x0
    Caller Process Name:    -

Network Information:
    Workstation Name:    xxxx-xxxxxx
    Source Network Address:    ###.###.###.###
    Source Port:        49597

Detailed Authentication Information:
    Logon Process:       
    Authentication Package:    NTLM
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon request fails. It is generated on the computer where access was attempted.

The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).

The Process Information fields indicate which account and process on the system requested the logon.

The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested

I found the solution on the MS Support site, Q89681.  Which suggested to turn off the LoopbackCheck.

To set the DisableLoopbackCheck registry key yourself, follow these steps:

  1. Set the DisableStrictNameChecking registry entry to 1. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:

    281308 Connecting to SMB share on a Windows 2000-based computer or a Windows Server 2003-based computer may not work with an alias name

  2. Click Start, click Run, type regedit, and then click OK.
  3. In Registry Editor, locate and then click the following registry key:


  4. Right-click Lsa, point to New, and then click DWORD Value.
  5. Type DisableLoopbackCheck, and then press ENTER.
  6. Right-click DisableLoopbackCheck, and then click Modify.
  7. In the Value data box, type 1, and then click OK.
  8. Quit Registry Editor, and then restart your computer.

HTTP Error 404.17 Not Found – Using WCF .SVC Service

So you’re getting IIS error’s when trying to run a .svc file that’s coded to use WCF or Windows Communication Foundation.

HTTP Error 404.17 - Not Found

The requested content appears to be script and will not be served by the static file handler.

or maybe..

HTTP Error 404.3 - Not Found

The page you are requesting cannot be served because of the extension configuration. If the page is a script, add a handler. If the file should be downloaded, add a MIME map.

Took me awhile to realize I need to setup/configure IIS and WCF properly.  Here are the steps from MS, I went through and realized I had missed one component (IIS6 Scripting tools, who would have thought), which I probably didn’t need, but the big ones that I didn’t have WCF Http Activation installed.  After that, I registered WCF..

"%WINDIR%\Microsoft.Net\Framework\v3.5\WFServicesReg.exe" /c

and then I was golden, but there might be other things you are lacking or missing. So go through all the steps.

One-Time Set Up Procedure for the Windows Communication Foundation Samples