Event ID 5059 (Application pool has been disabled) or Changing identity user for IIS Application Pool

Solution: These two steps out of all steps listed below solved my issue.
1. Assign the right in the Local security group too and
2. Grant “Log on as Batch Job” permission to the application pool identity account

- The account used as application pool identity shouldn’t be locked
- Reset the password of the application pool identity account in case it is expired
- Switch from built-in account to domain account for application pool identity
- Use another domain account as application pool identity
- Give “Full Control” to application pool identity account on shared data and configuration folders
- Give “Log on as Batch Job” permission to the application pool identity account
- Add the application pool identity account to IIS_USRS group
- Check account information in applicationHost.config for possible typos
- Recreate application pools, websites, and shared configuration (if used)
- Make sure to use the same encryption provider (IISWASOnlyCngProvider or IISCngProvider) in applicationHost.config
- Change application pool process model from LogonBatch to LogonService
- If it is a shared configuration setup in IIS, use the same IISWASKey

See links for more details
https://techcommunity.microsoft.com/t5/IIS-Support-Blog/Event-ID-5059-Application-pool-has-been-disabled/ba-p/305274
https://support.office.com/en-gb/article/change-passwords-for-web-application-pools-f7a944ec-3748-4478-8f53-df5569c965b5

Certificate Request Components


Here are the most important details needed to request a certificate when not using an internal CA

  • Common name (Alias):
  • Server name:
  • IP Address
  • Domain
  • Full computer name:
  • FQDN for the primary and secondary alias e.g, xxxx.techd…com

Here you will learn how to create CSR in Apache OpenSSL, IIS, Java Keystore and by using MMC console

Other vial links to understand SSL very well

SSL Encrypted Communications Explained

I’m going to highlight only the important steps for HTTPS communication.

  • A client contacts the server.
  • The client and server exchange information about the communications they intend to perform, such as the ciphers to use (SSL handshake).
  • The server transmits its certificate to the client.
    Note: It depends on the protocol used here as the server only can send its certificate etc.
  • The client checks that it trusts the certification authority that issued the certificate. If it does not recognize the CA and does not get an override, the communication ends.
  • The client checks for revocation information on the certificate. If the certificate is revoked or revocation information is unavailable, then the client might attempt to obtain an override. Implementations vary on how they deal with null or unreachable CRL information, but almost all will refuse to communicate with any entity using a revoked certificate.
  • The client generates a portion of a temporary key for symmetric encryption.
  • The client uses the server’s public key to encrypt the partial temporary key.
  • The client sends the encrypted partial key to the server.
  • The server decrypts the partial key using its own private key.
  • The server completes the secret key.
  • The client and server agree to use the secret key. All communications in the same conversation are encrypted with that key.

Note: It would be possible to use asymmetric encryption for the entire conversation. However, as we talked about earlier, asymmetric encryption results in ciphertext that greatly exceeds the size of the unencrypted source. To solve that problem without exposing a plaintext key, SSL only uses asymmetric encryption while the client and server establish identity and work together to create a symmetric shared key. From that point forward, they only use symmetric encryption. That keeps the size of transmitted data to a minimum. Even better, if an attacker manages to break any point of the transmission besides the initial negotiation, they will only gain a temporary key.

All of that explains why we use suites of ciphers: we need multiple algorithms to make this work.

Redirecting from HTTP to HTTPS

Firstly,  had to change the default port from 80 to 81. This is needed because https listens on port 80 (You may ignore this step ;).

  • Also, I created a record in the host file to redirect traffic from the localhost/loopback address to 127.0.0.1 (This can be done in DNS too but I decided to use the host file)

This can be found in this path C:WindowsSystem32driversetc
So when you enter the IP or hostname, you are automatically redirected to the desired URL. Ensure you open the host file via elevated rights (This is better done by opening or running notepad as an Administrator and opening the path mentioned above. This makes saving any change possible and effortless.

  1. 127.0.0.1       mk.chris.com
  2. 1x.xx.xx.2     mk.chris.com

Note: To make this possible ensure the SSL setting is unchecked not to require certificate otherwise you will never be able to access it via HTTP.

  • Click on the website and
  • Navigate to the SSL Settings
  • Double click to open and set as shown below

Now create a binding to allow HTTP connection for the website as shown below.

New to ensure the URL redirect works by redirecting to HTTPS, kindly follow these steps as shown below

  • Under sites, select the desired website
  • Click on URL rewrite (if you do not have this already installed, click on the web Platform Installer, run it and select URL rewrite to install).
  • Click on Add Rule (Under Action)
  • The Add Rule URL Opens up
  • Enter any desired name to identify your rule
  • Under the Match URl, enter matches the pattern
  • Under “Using”, select Regular expression
  • Under Pattern, select (.*)
  • Select ignore cases, note: this is selected by default in most cases.
  • Navigate to condition and click on “Add” to create a rule
  • Set as shown below and click on Okay
  • Under Actions “Action type”, select Redirect
    Enter the Redirect URL and the
  • Redirect type as “Found (302)

Finally, click on apply on the top right side of the screen.

Understanding the many types of proxy servers

What are рrоxу ѕеrvеrs?

Proxy servers are typically simple servers (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.

Depending on the purpose, you’ll be able to get proxy servers to route any of these common protocols. There are many different types of proxy servers out there. Some of those types are listed below.

Types of proxy servers:

Anonymous Proxy
The anonymous proxy server identifies itself as a proxy server but does not make the original IP address available.An anonymous proxy server is detectable but provides reasonable anonymity for most users.

High Anonymity Proxy
High Anonymity proxy server does not identify itself as a proxy server and does not make available the original IP address.

Reverse Proxy
A Reverse proxy is tech­ni­cally defined as being a proxy server, how­ever it does not enforce any local poli­cies. Reverse proxies are com­monly used to pass requests through the Inter­net, through a fire­wall iso­lated by pri­vate net­works. Reverse Proxy Servers are used to pre­vent Inter­net clients from hav­ing direct, un-mon­i­tored access to sen­si­tive data resid­ing on con­tent on iso­late servers.

Transparent Proxy
A Transparent Proxy Server tells the remote Computer the IP Address of your Computer. This provides no privacy. These are generally used for their ability to cache websites and do not effectively provide any anonymity to those who use them. However, the use of a transparent proxy will get you around simple IP bans.

Distorting Proxy
Distorting proxy server identifies itself as a proxy server, but make an incorrect original IP address available through the HTTP headers.

Intercepting Proxy
An intercepting proxy, also known as a transparent proxy, combines a proxy server with a gateway. Connections made by client browsers through the gateway are redirected through the proxy without client-side configuration. These types of proxies are commonly detectable by examining the HTTP headers on the server side.

Types of proxy servers (protocols):

Socks Proxy Server:
Depending on Socks protocols, a socks proxy server is a newer protocol that allows relaying of far more different types of data, whether TCP or UDP.

FTP Proxy Server:
Depending on FTP protocols, Relays and caches FTP Traffic.

HTTP Proxy Server:
Depending on HTTP protocols.A one-way request to retrieve Web Pages.

SSL Proxy Server:
Depending on SSL protocols, an extension was created to the HTTP Proxy Server which allows relaying of TCP data similar to a Socks Proxy Server. This one is done mainly to allow encryption of Web Page requests.

Handy Microsoft DOS Commands Used with Shutdown

Here i will be discussing day to day vital Microsoft Commands needed to operate and administer any Windows Environment ranging from Windows Server, 2008, 2012, 2016 and 2019.

Here are some switches associated with Windows regardless of the environment. I will be discussing a few.

Shutdown: The shutdown command allows you to shutdown your PC or Server as the name implies. This will ensure windows initiates the shutdown of the server and same process is followed as shutting down via the UI. The Switches below can be used with the shutdown command.

Syntax Usage: shutdown [/i | /l | /s | /r | /g | /a | /p | /h | /e | /o] [/hybrid] [/f] [/m computer][/t xxx][/d]
Run the shutdown command from windows as shown here for the options and explanations too

Let’s explain what these switches are in details. Note, some systems can let us use (-) switches or (/). This depends on the version of your system.

switchesSyntax Description
/iDisplay the graphical user interface (GUI).
This switch must be the first option.
/lLog off. Note: The /l switch cannot be used with /m or /d options.
/sShutdown the computer.
/rFull shutdown and restart the computer.
/gFull shutdown and restart the computer.
/aAbort a system shutdown. But can only be used during the time-out period.
/pTurn off the local computer with no time-out or warning. Can be used with /d and /f options.
/hHibernate the local computer. Can be used with the /f option.
/hybridPerforms a shutdown of the computer and prepares it for fast startup.
Must be used with /s option.
/eDocument the reason for an unexpected shutdown of a computer.
/oGo to the advanced boot options menu and restart the computer.
Must be used with /r option.
/m computerSpecify the target computer.
/t xxxSet the time-out period before shutdown to xxx seconds. The valid range is 0-315360000 (10 years),
/c Comment the reason for the restart or shutdown.
/fForce running applications to close without forewarning users. The /f parameter is implied when a value greater than 0 is specified for the /t parameter.
/dProvide the reason for the restart or shutdown.

Here are some are examples of how these syntaxes are used.

shutdown /r /c "Rebooting for after windows updates."

This command display a Windows system shutdown window about 30 seconds prompting the user that the computer is going to shutdown and then restart the computer

shutdown /s /m PCtest /t 10

This command will shut down remote Server “PCtest” after 10 seconds.

For other older switch (-) usage, Please the examples below.

shutdown -s (Shuts down)
shutdown -r (Restarts)
shutdown -l (Logs off)
shutdown -h (Hibernates)
shutdown -i (Interactive mode". Instead of performing an action, it displays a GUI dialog)
shutdown -a (Aborts a previous shutdown command)
shutdown -t 0 -r -f (Force an immediate reboot:)
shutdown -t 30 -r (For a more friendly "give them some time)

Hosting Multiple Domains In Tomcat

Tomcat gives the possibility to host multiple domains in one server (instance), using multiple ‘Host’ tags.

I will demonstrate this setup by using ‘Host’ tags in the
our server.xml. Before diving into the configuration, we will examine the ‘Host’ tag, ‘Context’ tag and ‘Alias’ tags to enable us get a better understanding of the whole concept.

<Host name="techdirectarchive" appBase="[application base]" autoDeploy="[true/false]" 
        unpackWARs="[true/false]">
    <Alias>...</Alias>
    <Context path="" docBase="" reloadable="[true/false]"/>
   </Host>

This is how the ‘Alias’ tag looks and used to provide aliases for your actual domain. For example you have a domain called ‘techdirectarchive.com’, and you want to run the same application for http://www.techdirectarchive.net’, the you would have to use this ‘Alias’ tag to provide an alias name for the actual domain.

<Host name="domain1.com" ...>
    <Alias>www.techdirectarchive.com</Alias>
    <Alias>techdirectarchive.com</Alias>
    <Alias>www.techdirectarchive.net</Alias>
    ...
   </Host>

As shown above, to have multiple aliases you can add multiple ‘Alias’ tags for each domain alias name. Using ‘Context’ tag. A’Context’ element represents a web application running inside a host. where each directory under ‘webapps’ directory of your tomcat is one context.
Manager and Admin consoles of your tomcat installation are two different contexts running under your ‘localhost’ domain.

<Context path="" docBase="" reloadable="[true/false]"/>

In the snippet shown above, this is a very basic or minimum configuration needed for a context. Here are the attributes relating to ‘Context‘ tag. Let’s discuss them in details.

Path Attribute: This is the relative URL [to the host URL in which this Context is being configured] of the context. For example, you want to run the application from “techdirectarchive.com/easy” then the ‘path’ attribute needs to be “/beta”.

DocBase‘ – The document Base directory as the name implies, the root directory for this context is given and this can be an absolute path to the directory/WAR file OR relative to the ‘appBase’ given in the ‘Host’ tag. If the context root directory is inside the ‘appBase’ directory of the ‘Host’ tag then we can give it as shown below.

 docBase="."

Reloadable: This defaults to ‘false’ if you give the value ‘true’. Tomcat looks for changes in the ‘WEB-INF/classes’ or ‘WEB-INF/lib’ directory and reloads the context automatically.
Note:
– This will useful in development environment, so that a new deployment doesn’t result restarting tomcat.
– But on production server its better to leave the default value as setting it to true results an overhead on the server.

Now the ‘Host’ tag – it represents a host [also called as Virtual Host] running, associated with a domain name in the server. We can have multiple ‘Host’ tags to host multiple domains in one tomcat. review the attributes associated.

<Host name="techdirectachive" appBase="[application base]" autoDeploy="[true/false]" 
        unpackWARs="[true/false]">
   ...
   <Host/>

Name: Here you would simply give the Domain Name attribute which you want to deploy.
AppBase: – Application Base Directory attribute. Here we need to give the root directory for this application which contains web applications to be deployed on this host. It can be either an absolute path to the directory OR relative to the ‘CATALINA_BASE’ directory.

AutoDeploy: This flag denotes the newly placed web applications that should be deployed automatically. If this attribute is set to true and you
place a WAR file OR a Web application directory in ‘appBase’ then tomcat automatically deploys the application.
UnpackWARs: If set to true Tomcat will automatically unpack the WAR files placed in to corresponding directory structure. Lets see the configuration needed to host multiple domains.

<Engine defaultHost="techdirectarchive.com" name="Catalina">
    <Host name="techdirectarchive.com" appBase="/home/user1/techdirectarchive">
     <Alias>www.techdirectarchive.com</Alias>
     <Context path="" docBase="."/>
    </Host>
    <Host name="techdirectarchive2.com" appBase="/home/user1/techdirectarchive2">
     <Alias>www.techdirectarchive2.com</Alias>
     <Context path="" docBase="."/>
    </Host>
    <Host name="techdirectarchive3.com" appBase="/home/user1/techdirectarchive3">
     <Alias>www.techdirectarchive2.com</Alias>
     <Context path="" docBase="."/>
    </Host>
   </Engine>

Here, three domains were hosted and tested in Tomcat and three host tags used for each hoisted domain. Every domain pointed to a different [‘appBase’] directory. Absolute paths for ‘appBase’ attributes were used as well.
Note: You can as well use relative path to CATALINA_BASE. This works too as tested.

https://stackoverflow.com/questions/9424554/one-tomcat-instance-for-two-domains-and-two-webapps