Opencart .php on IIS 7.5 Permission Denied

image

The Problem

We ran into an interesting issue while playing with Opencart on IIS 7.5. The issue was around a common third party module being used called Magic Zoom Plus.

The error showed it’s self with the loading of some junk text at the beginning of many pages when loading.

The text looked like this:

Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus

.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\

magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/

magiczoomplus.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module

\magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus

.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\

magictoolbox/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus

.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox

/magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173Warning: file_put_contents(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): failed to open stream: Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 171Warning: unlink(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus.css): Permission denied in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 172Warning: rename(C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/magiczoomplus

.css~backup,C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox/

magiczoomplus.css): Access is denied. (code: 5) in C:\inetpub\wwwroot\www.domain.com\admin\controller\module\magictoolbox\module.php on line 173

 

We knew immediately that it is a windows server permission error. However the strange thing is that we were pretty sure that the permissions were correct. We looked around at the settings and found them to be correct too.

The Solution

We ended up going to the website root, and selecting permission (on the server with RDP) and resetting the entire folder and all sub folders permissions. This fixed the problems. Can’t explain why but this is the second time we have needed to do this while running PHP on IIS. May be time to change back to a real php server.

The Permanent Fix

We have done details here that explain how to stop the being necessary.

Opencart on IIS 7.5 Windows 2008 Server FTP Permissions Changing

SmarterMail Automatic Reply Email Message

image

Setup Auto Reply (Auto-Responder) in SmarterMail

To configure Auto-Reply in SmarterMail, you login to the webmail account you wish to setup a reply for.

https://mail.interactivewebs.com

Login with the email address of the account in question, and the password provided.

Then Select Settings / autoresponder

image

Select the Enable auto-responder / then the Auto-Responder Message tab

image

Type your Subject / Message

image

Then click Save, and you are done!

SmarterMail Autodiscover setup configuration

Setup of SmarterMail Autodiscover configuration

image

A simple understanding of autodiscover is that it is the configuration necessary to allow advanced email programs like macmail and outlook to configure themselves with only an email address and password. No more telling clients all the server settings necessary to get them all setup.

At least that is the theory.

Exchange server has supported it for some time, but configuration under a multi domain setup is a total pain in the butt. Typical off MS to dream something up, then balls it up in the implementation.

SmarterMail does a much better job of it. Configuration is virtually non existent, it basically just works.

http://portal.smartertools.com/KB/a2415/set-up-auto-discovery-with-smartermail.aspx

But their article is a little skimp for the non server admins.. so this is a step through course.

Assuming that you are using Microsoft DNS server for your DNS hosting (and I realise that most probably don’t but it is the more difficult to configure), this is how you add the SRV records mentioned in the article above.

On the DNS server, select New other record on the domain in question.

image

Scroll down and select SRV

image

Type the name: _autodiscover

Change the port to: 443

Put in your mail servers address that will respond to an HTTPS request.

image

The resulted record looks like this:

image

If you click on the _tcp link, it will look like this:

image

Local Testing

On your local machine, bring up a command prompt “CMD” and type in nslookup:

image

Gives this:

image

Type in “set type=SRV”

image

Then type in :_autodiscover._tcp.dnnform.com  (replace dnnfrom.com with your domain that you just configured above) It should reply wiht the sver hostname matching the record you created in the DNS server above:

image

External Testing

Performing an external test of the SRV record, and the fact that the server responds with XML reply.

Navigate to: https://www.testexchangeconnectivity.com

image

Select the Outlook Autodiscover from the list of services.

Enter an email address on the domain you have just set up with the service.

In the case above, we are using the domain “dnnform.com” so the test address we will use is: test.dnnform.com (it does not need to exist on the smartermail server)

The Domain \ User name: test\test (it will not be used)

Password: test (it will not be used)

Then perform test.

image

The result you are looking for when expanded looks something like this.

image

This shows that the request was directed to and received some XML response from the server.

All good.

Help

If anyone needs professional assistance with their SmarterMail setup or similar, please feel free to contact us on our website at: http://www.interactivewebs.com

Opencart – HTTP Error 500.50 – URL Rewrite Module Error 0x80070005 Handler StaticFile

Problem

500 – Internal server error.

There is a problem with the resource you are looking for, and it cannot be displayed.

 

While working with Opencart shopping cart on an IIS server, we encountered this while browsing to a static image file that was uploaded as a website logo file.

image

Solution

The problem turned out to be related to IIS permissions. The folder structure hosting the website needed: IIS_IUSRS(<servername>\IIS_IUSRS) – modify to include Modify permissions.

As per this article: http://www.interactivewebs.com/blog/index.php/websites/creating-a-new-opencart-deployment-on-a-windows-server-iis/

Once we fixed that the problems all were solved.

DotNetNuke Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. EventID 1315

image

The Problem

We were receiving some really really strange behaviour with a dotnetnuke website.

The log files showed:

Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. with EVENT ID 1315

 

The behaviour was this:

Login with Internet Explorer worked.

Login with some versions of firefox failed others worked

Login with Chrome failed.

When login failed, the browser would refresh and then show the page you were on before login.

Now in this instance we tried nearly everything we could think of. we tried different application pools different.net settings in IIS. and we hand we have a good idea of both server management and asp.net.

He also had is particularly confused that other DotNetNuke websites on this particular server were running just fine.

To cut a long story short the problem turned out to be very specific that site we were using.

Solution

We were in the process of migrating somebody else’s site to our servers, and we had exported their site and site content using the DotNetNuke template feature. Ordinarily this would work just fine, however in this case the user on the other website had defined the login.aspx page to have administrator only privileges. They had set the login link from the skin to automatically directed to the login.aspx webpage. In the site settings they had defined no page for the DotNetNuke login page.

What this meant was that as the user attempted login to the DotNetNuke website, the attempt to call the login.aspx page was made and the DotNetNuke automatic lockout protection system was called in to play. This lockout protection system will throw up the standard DotNetNuke login screen, if the page is either undefined or unavailable as with both the case with this website. It just so happens that this lockout protection system doesn’t work particularly well with chrome. That’s a whole not a problem and I don’t intend to solve.

The solution here was to login using Internet Explorer, enable permissions on the login.aspx page which in the DotNetNuke website was simply called login. I was then able to select this page as the login page in the admin/site settings page. Once the login page was correctly defined I then ensured that the login module that come standard with DotNetNuke was included on this page.

After making these changes to the settings, we stopped receiving the error message:

DotNetNuke Event message: Forms authentication failed for the request. Reason: The ticket supplied was invalid. EventID 1315

And the site continued to operate correctly from there. Now whilst this was a very particular configuration that was imported from an invalid template website. I have noticed that in forums discussing this event ID, nobody has come up with a solution suggesting to look for the validity of your login settings within DotNetNuke. Hence the reason for this blog post.

I hope that saves somebody a lot of time, as I blew nearly 2 days try to resolve this one.

If anybody needs assistance with this type of problem, please feel free to contact us on our website.

AD FS certificate rollover CRM 2011

You find that you can’t logon to your CRM 2011 IFD deployment that you have configured around 12 months earlier.

image

In the browser you may see:

HTTP Error 401 - Unauthorized: Access is denied

<html><body><p>
An error has occurred. 
<br/><br/>
Try this action again. If the problem continues, check the Microsoft Dynamics CRM Community for solutions or contact your organization&#39;s Microsoft Dynamics CRM Administrator. Finally, you can contact Microsoft Support.
</p></body></html>
 
Looking at the server log may show:

SERVER Log Error show: 1309

Event code: 3005
Event message: An unhandled exception has occurred.
Event time: 9/07/2012 12:09:59 PM
Event time (UTC): 9/07/2012 2:09:59 AM
Event ID: 50c7c9d7c3ba4b839bca7c72b9edf410
Event sequence: 51779
Event occurrence: 11
Event detail code: 0
 
Application information:
    Application domain: /LM/W3SVC/2/ROOT-1-129862684501956875
    Trust level: Full
    Application Virtual Path: /
    Application Path: C:\Program Files\Microsoft Dynamics CRM\CRMWeb\
    Machine name: VSERVER08
 
Process information:
    Process ID: 3208
    Process name: w3wp.exe
    Account name: NT AUTHORITY\NETWORK SERVICE
 
Exception information:
    Exception type: SecurityTokenException
    Exception message: ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

 
 
Request information:
    Request URL: https://auth.interactivewebs.com:444/default.aspx
    Request path: /default.aspx
    User host address: 124.189.39.157
    User: FSERVER4\Administrator
    Is authenticated: True
    Authentication Type: Negotiate
    Thread account name: NT AUTHORITY\NETWORK SERVICE
 
Thread information:
    Thread ID: 15
    Thread account name: NT AUTHORITY\NETWORK SERVICE
    Is impersonating: True
    Stack trace:    at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.CreateClaims(SamlSecurityToken samlSecurityToken)
   at Microsoft.IdentityModel.Tokens.Saml11.Saml11SecurityTokenHandler.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Tokens.SecurityTokenHandlerCollection.ValidateToken(SecurityToken token)
   at Microsoft.IdentityModel.Web.TokenReceiver.AuthenticateToken(SecurityToken token, Boolean ensureBearerToken, String endpointUri)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.SignInWithResponseMessage(HttpRequest request)
   at Microsoft.IdentityModel.Web.WSFederationAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at Microsoft.Crm.Authentication.Claims.CrmFederatedAuthenticationModule.OnAuthenticateRequest(Object sender, EventArgs args)
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
 
 
Custom event details:

And you find an error in the login attempt that gives you a 401 error.

ID4175: The issuer of the security token was not recognized by the IssuerNameRegistry. To accept security tokens from this issuer, configure the IssuerNameRegistry to return a valid name for this issuer.

Cause

The likely cause is that the ADFS certificate rollover has happened. Basically the self issued certificate that is used and configured as part of your IFD setup with CRM and AD FS has issued a new certificate around 1 week before the expiry of the old one.

If you start the SD SF services and look under:

Service >> Certificates

You will notice a primary and secondary certificate.

image

The Fix

Basically the certificate automatically rolls over to a new one and ADFS won’t authenticate any more. Here are the steps that seem to fix this issue:

  1. Open windows Powershell as administrator (right click runas)image
  2. Run the following commands:
  3. add-pssnapin Microsoft.adfs.powershell
  4. set-adfsproperties -autocertificaterollover $true
  5. update-adfscertificate -urgent
  6. Run the CRM deployment manager
    image
  7. Run through Configure Claims-Based Authentication Wizard (no changes)
  8. Run through Configure Internet-Facing Deployment Wizard (no changes)
  9. Restart the adfs service
    From a Command Prompt “cmd” Type
    net stop adfssrv
    then
    net
    start adfssrv
  10. Restart the Microsoft Asynchronous processing service
    From Services Windows
    Click the Restart Icon while the Service is selected
    image
  11. run an iisreset from the elevated command prompt
    Start RUN “cmd”
    iisreset

From here you should be good to go.

If you need assistance with CRM IFD setup see this post: http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

NOTE: In our case, the running through of the authentication wizard had defaulted the names back to the server name. We needed to manually put in the address correctly as per the setup of the IFD explained in the link above.

 

Event ID 17137 from source MSSQL$MICROSOFT##SSEE

 

Cleaning up the Event Log

On a system running the CRM 2011 IFD as described here: http://www.interactivewebs.com/blog/index.php/server-tips/microsoft-crm-2011-how-to-configure-ifd-hosted-setup/

You may notice in the Event Log some errors that look like:

The description for Event ID 17137 from source MSSQL$MICROSOFT##SSEE cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

AdfsArtifactStore

The specified resource type cannot be found in the image file

The Solution

1) Open SQL server management studio.

2) Connect to \\.\pipe\MSSQL$MICROSOFT##SSEE\sql\query

image

3) Right-click on the database AdfsArtifactStore and select “Properties”

4) Click on the Options page

5) Set “Auto close” to False