Re: slow iis 6.0 performance

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Param R. (pr_at_nospam.com)
Date: 11/24/04 

Date: Wed, 24 Nov 2004 11:44:50 -0600

I forgot to add. Here is my setup:-

Domain A (Office where I sit):-

1. SBS 2003 Server with Stand Alone CA installed that issues server & client
certs. - SBSSERVER
2. Windows XP Clients all members of Domain A

Domain B (Data Center where IIS servers reside):-

1. 1 Domain Controller - Forest Root
2. 2 IIS Web Servers which are member of Domain B

Absolutely no connection or trust between Domain A & B.

Now the IIS web servers have server certs installed that are issued by
SBSSERVER Clients use client certificates issued by SBSSERVER.

does that help a bit?

thanks!

"Param R." <pr@nospam.com> wrote in message
news:eAWN0wk0EHA.1740@TK2MSFTNGP15.phx.gbl...
> OK, here is a wild guess. I looked at the client certificate installed on
> my machine that was issued by the CA. Here is the Authority Information
> Access section:
>
> [1]Authority Info Access
>
> Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
>
> Alternative Name:
>
> URL=ldap:///CN=Lazard%20Group%20Inc,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=LAZARDGROUP,DC=local?cACertificate?base?objectClass=certificationAuthority
>
> [2]Authority Info Access
>
> Access Method=Certification Authority Issuer (1.3.6.1.5.5.7.48.2)
>
> Alternative Name:
>
> URL=http://brserver-i.mydomain.local/CertEnroll/brserver-i.LAZARDGROUP.local_Lazard%20Group%20Inc.crt
>
> Could it be that when this client certificate is being presented to the
> IIS web server it is trying to contact the CA via LDAP? Both the paths
> above are unreachable from the IIS web server. Now, I checked 1 level up
> i.e. the root CA Cert and the path for the CRL is:-
>
>
>
> [1]CRL Distribution Point
>
> Distribution Point Name:
>
> Full Name:
>
> URL=http://certs.mydomain.com/certenroll/Lazard%20Group%20Inc.crl
>
> URL=http://brserver-i.mydomain.local/certenroll/Lazard%20Group%20Inc.crl
>
>
>
> The first URL is reachable from the IIS web server. I have copy pasted it
> into IE on the IIS server and it comes up fine.
>
> What could be going on? I am having the exact same error on a local test
> IIS server in the same domain as the CA also.
>
> thanks!
>
>
>
> "Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> wrote in
> message news:ug1HPgk0EHA.2600@TK2MSFTNGP09.phx.gbl...
>
>> Last guess.
>> It is trying to use LDAP which is not online or has no SSL?
>>
>> Event Source: Schannel
>> Event ID: 36876
>> Description: The certificate received from the remote server has not
>> validated correctly. The error code is 0x80090322. The SSL connection
>> request has failed. The attached data contains the server certificate.
>> Event Source: Schannel
>> -or-
>>
>>
>>
>> Event ID: 36876
>> Description: The certificate received from the remote server has not
>> validated correctly. The error code is 0x80090325. The SSL connection
>> request has failed. The attached data contains the server certificate.
>>
>>
>> "Param R." <pr@nospam.com> wrote in message
>> news:eiM2Oxj0EHA.3500@TK2MSFTNGP09.phx.gbl...
>>>I dont use remote shares. Files reside on the local HDD.
>>>
>>> thanks!
>>>
>>> "Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> wrote in
>>> message news:Ormm%23sj0EHA.3808@tk2msftngp13.phx.gbl...
>>>> Do you use remote shares for your website content? If yes, the security
>>>> has changed.
>>>> http://support.microsoft.com/?id=813615
>>>>
>>>> --
>>>> compatible web farm Session replacement for Asp and Asp.Net
>>>> http://www.nieropwebconsult.nl/asp_session_manager.htm
>>>>
>>>> "Param R." <pr@nospam.com> wrote in message
>>>> news:ep0CMRj0EHA.3832@TK2MSFTNGP10.phx.gbl...
>>>>> No virus software and here is an error I am getting in the Event Log.
>>>>> I dont know if they have anything to do with it or not.
>>>>>
>>>>> Security Event 537:
>>>>>
>>>>> Logon Failure:
>>>>>
>>>>> Reason: An error occurred during logon
>>>>>
>>>>> User Name:
>>>>>
>>>>> Domain:
>>>>>
>>>>> Logon Type: 3
>>>>>
>>>>> Logon Process: Schannel
>>>>>
>>>>> Authentication Package: Microsoft Unified Security Protocol Provider
>>>>>
>>>>> Workstation Name: -
>>>>>
>>>>> Status code: 0xC000006D
>>>>>
>>>>> Substatus code: 0x80090325
>>>>>
>>>>> Caller User Name: -
>>>>>
>>>>> Caller Domain: -
>>>>>
>>>>> Caller Logon ID: -
>>>>>
>>>>> Caller Process ID: -
>>>>>
>>>>> Transited Services: -
>>>>>
>>>>> Source Network Address: -
>>>>>
>>>>> Source Port: -
>>>>>
>>>>>
>>>>>
>>>>> For more information, see Help and Support Center at
>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>
>>>>>
>>>>> thanks!
>>>>>
>>>>> "Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> wrote in
>>>>> message news:OMTvW%23e0EHA.3584@TK2MSFTNGP11.phx.gbl...
>>>>>> Does your event log report things? Did you install a virustool which
>>>>>> obviously slows things down?
>>>>>>
>>>>>> "Param R." <pr@nospam.com> wrote in message
>>>>>> news:eDitFxb0EHA.2016@TK2MSFTNGP15.phx.gbl...
>>>>>>> ASP.NET. SQL Database. Same application ran 3x faster on IIS 5.0. So
>>>>>>> database/code, everything is the same. Even when I plug a client
>>>>>>> locally into the same switch it is slow.
>>>>>>>
>>>>>>> thanks!
>>>>>>>
>>>>>>> "Egbert Nierop (MVP for IIS)" <egbert_nierop@nospam.invalid> wrote
>>>>>>> in message news:epoN0Bb0EHA.2012@TK2MSFTNGP15.phx.gbl...
>>>>>>>> Not really easy to guess.
>>>>>>>> Do you use ISAPI stuff or do you use a database that you per
>>>>>>>> accident forgot to give indexes?
>>>>>>>> What technology do you use?
>>>>>>>>
>>>>>>>> --
>>>>>>>> compatible web farm Session replacement for Asp and Asp.Net
>>>>>>>> http://www.nieropwebconsult.nl/asp_session_manager.htm
>>>>>>>>
>>>>>>>> "Param R." <pr@nospam.com> wrote in message
>>>>>>>> news:%23Af2Xxa0EHA.3236@TK2MSFTNGP15.phx.gbl...
>>>>>>>>> Hi all, we recently upgraded our server to 2003 and everything is
>>>>>>>>> just slowww now. Same application running on same .net version on
>>>>>>>>> iis 5 was way faster. Any ideas? I read something about buffering
>>>>>>>>> in iis 6.0? I have buffering turned on under the IIS properties
>>>>>>>>> for the website. Does that help? What could be causing it to be
>>>>>>>>> slow?
>>>>>>>>>
>>>>>>>>> thanks!
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>
>
>

Relevant Pages

  • Re: IIS still vulnerable to hackers even with latest patches.
    ... Secure configuration e.g. ... Note that if the hack occurred through an IIS web server vulnerability, ...
    (microsoft.public.security)
  • Re: security event 537
    ... Here is the Authority Information Access ... Could it be that when this client certificate is being presented to the IIS ... web server it is trying to contact the CA via LDAP? ... The first URL is reachable from the IIS web server. ...
    (microsoft.public.windows.server.general)
  • Re: Advantages of using the Visual Studio Development Server (VSDS) compared to IIS
    ... the IIS Web Server or the Visual Studio Development Server (VSDS) ... The "NETWORK SERVICES" account referenced in that article doesn't exist. ... application using either the IIS Web Server or the Visual Studion ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Cannot view SSI on IIS
    ... actually it may be even easier to check the IIS web server logs, ... > We have a Windows 2000 Server running IIS. ... > If we cancel the authentication box we get an error that is "Error 403.1 ... > technician from the School Board was the last one to use the server. ...
    (microsoft.public.inetserver.iis.security)
  • RE: The remote certificate is invalid according to the validation proc
    ... the webservice is protected through https/ssl. ... you also add client certificate in your ... try accessing the server service to see ... SSL certificate or the servername you used to access the server. ...
    (microsoft.public.dotnet.framework.aspnet.webservices)