Hi, Happy new year: I'm trying to move an existing large site (as above) to a more secure 2012R2 environment.
I have backed up the database and IIS site folder
I have enabled asp.net in the 2012R2 server
I have created a IIS folder and virtual directory and an empty SQL database with a dbo "myadmin" role and password.
I have installed from a 4.11.10 install and edited webconfig permissions so IIS_IUSRScan update the web config and the install completed and I browsed the resultant install.
I then Nuked the iis folder, copied in the old site, edited the connection string, restored the old site database and granted "myadmin" dbo permissions.
I compared the two web configs
There is only the mail and connection string which are different
Make sure you apply your app_pool identity to SQL server (if on same box) and make sure the same app_pool is applied to the Umbraco folder with full permissions and you should be good to go.
Thanks Martin, Rackspace support came to the same conclusion as you were writing, but they didnt pick up your link. Granted IIS_IURS full permissions but this is a security hole. Trying to put a better practise together as I get to understand what is going on. Great help. Thanks now for the next road block... or may be it will all actually work....
Umm no that would be suicidal! Never give IIS_USRS full perms!
The article I offered up just shows its a default, rather than a requirement in IIS8. Go into the advanced settings for the app_pool and change it to Application Pool Identity which is a isolated process for the application and safe. Once you've done this you can set the same app_pool to the Umbraco folder and set read/write perms.
Just to add, as explained in the first post, if SQL server is on the same box you can set the SQL user to the application pool too. This will isolate the entire application to a single app_pool which is the safest way to run Umbraco on one box.
Moving a working 4.11.10 site on 2008R2 to 2012R2
Hi, Happy new year: I'm trying to move an existing large site (as above) to a more secure 2012R2 environment.
I have backed up the database and IIS site folder
I have enabled asp.net in the 2012R2 server
I have created a IIS folder and virtual directory and an empty SQL database with a dbo "myadmin" role and password.
I have installed from a 4.11.10 install and edited webconfig permissions so IIS_IUSRScan update the web config and the install completed and I browsed the resultant install.
I then Nuked the iis folder, copied in the old site, edited the connection string, restored the old site database and granted "myadmin" dbo permissions.
I compared the two web configs
There is only the mail and connection string which are different
but I get:
HTTP Error 500.19 - Internal Server Error
Error Code 0x8007000d
http://myserverumbraco.local:80/
\\?\D:\IIS\myserverUmbraco\web.config
Any thoughts please?
Ok, should have done this before, just ran the copy with the clean install config and got
Access to the path 'D:\IIS\MyServerUmbraco\App_Data\umbraco.config' is denied.
Now to find what role Umbraco 4 is running under on IIS 8.5 on SQL 20012R2
Hi Ian
I found this to be a bit of a Gotcha in newer versions of IIS/Windows Server.
http://tech.pro/tutorial/1531/umbraco-redirecting-all-requests-to-loginaspx
Make sure you apply your app_pool identity to SQL server (if on same box) and make sure the same app_pool is applied to the Umbraco folder with full permissions and you should be good to go.
M.
Thanks Martin, Rackspace support came to the same conclusion as you were writing, but they didnt pick up your link. Granted IIS_IURS full permissions but this is a security hole. Trying to put a better practise together as I get to understand what is going on. Great help. Thanks now for the next road block... or may be it will all actually work....
Hi Ian
Umm no that would be suicidal! Never give IIS_USRS full perms!
The article I offered up just shows its a default, rather than a requirement in IIS8. Go into the advanced settings for the app_pool and change it to Application Pool Identity which is a isolated process for the application and safe. Once you've done this you can set the same app_pool to the Umbraco folder and set read/write perms.
Regards
Martin.
Just to add, as explained in the first post, if SQL server is on the same box you can set the SQL user to the application pool too. This will isolate the entire application to a single app_pool which is the safest way to run Umbraco on one box.
Regards
M.
is working on a reply...