ASP.NET Memory and CPU Considerations as they relate to SharePoint

This post is a potential placeholder for ongoing research into whether or not ASP.NET app pool and machine.config settings changes from the default are necessary for a stable SharePoint installation.

I haven't put them into place yet, but have seen a few installations where they might be necessary.

Here are the governing documents from Microsoft. No connecting mention to SharePoint at all, but it's certainly running on .NET 2.0 technology, so why not, right?

Contention, poor performance, and deadlocks when you make Web service requests from ASP.NET applications:

http://support.microsoft.com/kb/821268

MSDN Improving .NET Application Performance and Scalability

Chapter 6 — Improving ASP.NET Performance

http://msdn.microsoft.com/en-us/library/ms998549.aspx

This aricle might be useful, as well:

828222 How to generate a dump file when ASP.NET deadlocks in IIS 6.0
http://support.microsoft.com/?id=828222

This questions are based off of seeing these events in the event log occasionally:

Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 1013
Date:  6/12/2008
Time:  12:46:05 PM
User:  N/A
Computer: HostNameHere
Description:
A process serving application pool 'SharePoint - AppPool Name' exceeded time limits during shut down. The process id was '####'.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

I like this bit of help from Matt:

http://www.dvsug.org/Matt/Lists/Posts/Post.aspx?ID=3

He's suggesting a memory threshold to recycle at between 800MB to 1.5 GB.

And he led me to this great article:

http://blogs.technet.com/stefan_gossner/archive/2007/11/26/dealing-with-memory-pressure-problems-in-moss-wss.aspx

Talking about memory and CPU issues with SharePoint. Very good read.

And finally found Joel O's post on the topic:

http://blogs.msdn.com/joelo/archive/2007/10/29/sharepoint-app-pool-settings.aspx

And here's a great free utility for managing Application pools:

http://www.harbar.net/articles/APM.aspx

Event ID 1013 - SharePoint edits and uploads hanging

Short Version:

Symptoms: Uploads of documents, pictures, .aspx pages hanging. Edits of pages hanging when trying to check them back in. High-volume Publishing site.

Fix: Change shutdown timeout of application pool from default of 90 to 180, up worker threads for app pool web garden to two (I was lucky enough to have quad-proc machines).

Long Version:

So, recently went live with a SharePoint Publishing site that replaced an existing site that averages a few thousand hits per day. Web farm with two WFEs and an App server. On the first day things were going well for the anonymous external users hitting the site and getting the info they were used to getting. But not so well for internal IT users who were applying edits as requested to the site. Document uploads were taking forever and finally hanging.

The corollary event in the event log is this:

And the text is this:

Event Type:        Warning

Event Source:    W3SVC

Event Category:                None

Event ID:              1013

Date:                     6/9/2008

Time:                     9:59:13 PM

User:                     N/A

Computer:          SPWFE02

Description:

A process serving application pool 'Cybersubstation-Internal' exceeded time limits during shut down. The process id was '6264'.

And lots of 1013s in the event log, but many, many on our golive date and shortly thereafter:

 

Some research turned up this post from Steve Sheppard at Microsoft:

http://blogs.msdn.com/steveshe/archive/2007/12/19/overlapped-recycling-and-sharepoint-configuring-the-shutdown-timeout.aspx

He references the Planning and Deploying Service Pack 1 for Microsoft Office SharePoint Server 2007 in a Multi-server Environment at http://technet.microsoft.com/en-us/library/cc262996.aspx which states that the App pool shut down timeout should be changed from 90 to 300 seconds.

So, go to IIS Admin, right-click on the web app in question and select properties. Select the Home Directory tab and look at the Application pool setting to determine which app pool to modify the timeout for (or just look at the one referenced in the event log).

Now, in IIS Admin, expand the Application pools and right-click and select properties on the app pool in question.

Select the health tab and you should see the default of 90 for shutdown timeout:

 

And changed to 300:

Both my servers immediately starting pegging all 4 cpu's mercilessly. They both shot up to around 100% pretty quick. I assumed this was some kind of temporary adjustment phase. 15 minutes later, it was still happening:

This was obviously worrisome. So I added another thread to the web garden of the app pool (which defaults to one):

Since I'm working with quad-proc machines, I figured this would offset the load nicely.

After monitoring the servers for another 20-30 minutes, the pattern had changed a bit. I now had another w3wp.exe for that application pool, and the total CPU no longer spiked at 100% and stayed there. But it was still consistently between 60-95%, occasionally touching 100%. Still not right.

So, contrary to the Microsoft recommendation from the link above, I dropped the app pool shutdown timeout from 300 down to 180-still double the default of 90, but less than the 300 recommended:

My two WFEs almost immediately calmed down on the CPU spike and have stayed there for about 30 minutes now, with only occasional spikes that only last about 15-20 seconds, even with the constant traffic the web site experiences from the outside.

Thanks Linda, Jeanine, Eddie, Theresa, Joey, Tom. 

IIE Forms Based Authentication from Codeplex

Deploying the IEE Forms Based Authentication Solution

http://www.codeplex.com/CKS

Is the main page for this endeavor.

The previous FBA solution at www.codeplex.com\fba didn’t have a lot of needed functionality including password change or admin password change. The new project at:

http://www.codeplex.com/Release/ProjectReleases.aspx?ProjectName=CKS&ReleaseId=7675

has some great functionality.

I downloaded and installed the fbamanagement.zip file and unzipped its three files to a directory on my Sharepoint server. Running deploy.cmd however, gave me the following error:

The solution can not be deployed.  The feature 'c990a4c5-c5d9-474b-b6f6-67329f1e6a0d' uses the directory "UserAdministration" in the solution. However, it is currently installed in the farm to the directory "FBAConfigurationManagement". Uninstall the existing feature before you install a new version of the solution.

So, I went and found the old deploy.cmd I’d used for the first codeplex FBA management project and edited it to just have the first part of the file, which were the remove commands, like so:

@echo Deploying FBAManagement solution

@set PATH=C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN;%PATH%

stsadm -o deactivatefeature -name FBAUserRoleManagement -url http://vanlaan -force

stsadm -o deactivatefeature -name FBAConfigurationManagement -force

stsadm -o retractsolution -name FBAManagement.wsp -immediate

stsadm -o execadmsvcjobs

stsadm -o deletesolution -name FBAManagement.wsp -override

stsadm -o execadmsvcjobs

Then, I ran the deploy.cmd from the new FBAManagement.zip, and got positive results:

C:\temp\fba\FBAMan>deploy http://vanlaan

Deploying FBAManagement solution

C:\temp\fba\FBAMan>stsadm -o addsolution -filename FBAManagement.wsp

Operation completed successfully.

C:\temp\fba\FBAMan>stsadm -o deploysolution -name FBAManagement.wsp -immediate -allowgacdeployment -force -url http://vanlaan

Timer job successfully created.

C:\temp\fba\FBAMan>stsadm -o execadmsvcjobs

Executing .

Executing solution-deployment-fbamanagement.wsp-0.

Operation completed successfully.

C:\temp\fba\FBAMan>stsadm -o installfeature -name SelfManagement -force

Operation completed successfully.

C:\temp\fba\FBAMan>stsadm -o installfeature -name AdminManagement -force

Operation completed successfully.

C:\temp\fba\FBAMan>stsadm -o activatefeature -name SelfManagement -url http://vanlaan

Operation completed successfully.

C:\temp\fba\FBAMan>stsadm -o activatefeature -name AdminManagement -url http://vanlaan

Operation completed successfully.

And here’s the new links to FBA Management:

When I hit FBA User Management, I get:

Interesting. After lots of looking online, it appears that quite a few members in the community are experiencing this issue.

The funny part is that I *can* go to:

http://vanlaan/_layouts/FBA/Management/Usernew.aspx

And I see the new user creation screen:

http://www.codeplex.com/CKS/Thread/View.aspx?ThreadId=16363

Is the thread that helped me figure this out.

http://www.codeplex.com/CKS

Is the main page for this endeavor.

I emailed a very friendly guy on the codeplex site and got the fixed up pages, which can be downloaded via a link at the end of this article. The file just needs to be unzipped and overwritten to:

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\FBA\MANAGEMENT

By default, when you put these fixed up pages in, you can now see http://vanlaan/_layouts/FBA/Management/Userdisp.aspx

Notice that it only displays up to 10 users initially. I did some searching in the .aspx control pages for FBA Management, located at:

C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\TEMPLATE\LAYOUTS\FBA\MANAGEMENT

Inside of userdisp.aspx, about halfway down the code, there’s a line that reads:

PageSize="10" PagerSettings-Mode="NextPreviousFirstLast" >

If you change this number to a higher number, more will be displayed. I’ll change it to 50 on mine:

As you can see, the 1-10 at the bottom went away, and this page will now display up to 50 FBA users on this one page before you need to hit the Next Page right arrow button.

Working on account management, there appears to be two ways to recover a user’s password. On the userdisp.aspx page above, if you click on one of the users names, you’ll be taken to the useredit.aspx page for that user:

Here you can edit their email address or click Reset Password. The password is automatically generated and sent to the email address here. From a helpdesk or administrative point of view, one could potentially change the email address temporarily to the helpdesk personnel assisting the end user to get the password, then change it using the Change Password web part. I bring this up because currently the password complexity is pretty heinous, and nothing I’d want to try to read out to an end user or trust them to get it typed correctly into the Change Password web part. Here are some examples:

eGV*7ROs[WE#qQ
or
=o:F6SH]Msfn_k

Wow. So, there’s one way to reset the password. What I’ve done in a couple of situations now is to have an Account Management page hanging off of the front page of my top portal site collection, like this:

As you can see, you still need the old password to change the password, so there’s still not a true administrative change password. Also, for some reason, it says Old Password twice, when in fact the second field is for the New Password. It works, though—trust me.

So, we’ve got two ways to generate a new, very complex password for the end user—one in FBA User Management, one is to have the user type in their account name in the Recover Password web part, which will e-mail them a new password (nope—not their original one—a newly generated, highly complex one.)

I did some asking, and the folks over at codeplex came through again. Thanks, Siegfriedcw. He brings up some interesting points about the means of password storage in the SQL database, and about how making them retrievable with passwordFormat="Clear" would seriously compromise any security, and most likely damage pre-existing accounts.

Siegfried did some research and initially thought that this expression:

passwordStrengthRegularExpression=""

could control the complexity of the generated passwords. He found, however, that … well, I’ll just quote him here:

“UPATE: while going through the source code I figured out that the randomly generated password does not make use of the passwordStrengthRegularExpression as of yet. Maybe this might be planned for the future, but right now it appears to not have any effect. As far as I can see the new password is created with the following line of code:

System.Web.Security.Membership.GeneratePassword(System.Web.Security.Membership.MinRequiredPasswordLength, System.Web.Security.Membership.MinRequiredNonAlphanumericCharacters);”

So, for now, it looks like we’re stuck with these very complex passwords. Hopefully, there will be some remedy in the final release to set password complexity. For now, I guess prepare your helpdesk people for a long time on the phone with end users, explaining cut and paste.

Download new_fba_management_pages.zip

As you can see, it has no issues mailing an external account, either.

So, administratively, I’ve not seen a way for helpdesk or the IT staff to simply Change an FBA user’s password. As you can in Active Directory, for example. I’ve also tried out the membershipseeder.zip, available at http://www.codeplex.com/CKS/Release/ProjectReleases.aspx?ReleaseId=7450 , which looks like this:

The Password Recovery web part here must have some elements in your web.config for it to work. Again, thanks to the folks at codeplex.com for this assistance:

<system.net>
<mailSettings>
<smtp from="Admin@sharepoint.com">
<network host="yourmailserverhostname" port="25" />
</smtp>
</mailSettings>
</system.net>

After inputting these elements into my web.config using notepad (you’ll find system.net down towards the bottom—at least I did on mine), the email came through fine, and looked a bit like this:

Dual-Authentication: Forms-Based and Windows Auth on same Web App

Update 2.5.08:

http://msdn2.microsoft.com/en-us/library/bb975136.aspx

Intro article to three new articles on FBA from Microsoft. Get the other two in the margins on the left.

End Update:

http://www.andrewconnell.com/blog/articles/HowToConfigPublishingSiteWithDualAuthProvidersAndAnonAccess.aspx

(the best guide—Andrew Connell)

http://channel9.msdn.com/ShowPost.aspx?PostID=299338

http://weblog.vb-tech.com/nick/archive/2006/06/14/1617.aspx

http://www.networkworld.com/community/node/18581   (Good one)

“A few caveats about using FBA before you enable it.  First, the crawler in SharePoint for indexing cannot crawl a web application that uses FBA.  You must have the same content extended onto a separate web application that is configured to use Integrated Windows Authentication or Basic Authentication/SSL for this to work properly.  Secondly, Office client integration can be impacted when using FBA.  It is best used for scenarios where users download Office content for reading, not necessarily scenarios where they contribute to document content.  This is due to limitations in the Office client software and how it handles FBA.”

The Microsoft article—including info on configuring the SSP for FBA

http://technet2.microsoft.com/Office/en-us/library/3107ebf3-2037-45f4-90b9-4200d9799b361033.mspx?mfr=true

“In the Client Integration section, under Enable Client Integration, make sure No is selected, and then click Save.

•	If you select Yes, features that start client applications according to document types will be enabled. This option will not work correctly with some types of forms-based authentication.
•	If you select No, features that start client applications according to document types will be disabled. Users will have to download documents and then upload them after they make changes.

“

http://blogs.msdn.com/sharepoint/archive/2006/08/16/configuring-multiple-authentication-providers-for-sharepoint-2007.aspx

(Configuring Multiple Authentication Providers for SharePoint 2007)

Good list of different sites with guides on this:

http://weblogs.asp.net/erobillard/archive/2007/09/07/moss-and-forms-based-authentication-the-tricks.aspx 

Ok, I’ve already created http://vanlaan and https://www.vanlaans.com web apps. http://vanlaan handles Windows authentication, while https://www.vanlaans.com currently handles Windows and anonymous. I want to switch the latter to use Forms-Based Authentication.

As my first step, I want to create the ASP.NET 2.0 database to hold my user authentication information.

Here I’ve navigated to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727 and am about to run aspnet_reqsql.exe to create this database, which will kick off a wizard:

Click Next twice on the wizard then:

I’ve named my database FBAdb and gone with defaults on the other portions.

Click Next to see the summary screen, then next again and you should see this:

Hey, it’s been created. Good times. Here’s your proof:

Now to create our single user in the database. Again, following Andrew Connell’s instructions, we’ll create a new web site project in Visual Studio 2005.

Following AC’s recommendation, I’ve gone with the following:

Click Ok.

Now, AC next instructs us to Add a web.config file. This is done by clicking Website, then Add New Item:

When we click Add New Item, we’ll see this screen, where we’ll need to select Web Configuration File:

Click Add.

This is what it looks like to start with:

We’ll replace the <connectionStrings/> portion with this:

1:  <connectionStrings>

2:      <add name="FBAdbSQLConnString"

3:          connectionString="server=[THEMAN];database=FBAdb;
                      Integrated Security=SSPI;"

4:          providerName="System.Data.SqlClient"

5:      />

6:  </connectionStrings>

So, now I’ve added it to my web.config file:

So, then I added in the following information into the web.config file under system.web:

  1:  <!-- membership provider -->

  2:  <membership defaultProvider="AcAspNetSqlMembershipProvider">

  3:      <providers>

  4:          <add name="AcAspNetSqlMembershipProvider"

  5:              type="System.Web.Security.SqlMembershipProvider, System.Web,
  6:              connectionStringName="AcSqlConnString"

                       Version=2.0.0.0, Culture=neutral,

PublicKeyToken=b03f5f7f11d50a3a"

  7:              enablePasswordRetrieval="false"

  8:              enablePasswordReset="true"

  9:              requiresQuestionAndAnswer="false"

  10:              applicationName="/"

  11:              requiresUniqueEmail="false"

  12:              passwordFormat="Hashed"

  13:              maxInvalidPasswordAttempts="5"

  14:              minRequiredPasswordLength="1"

  15:              minRequiredNonalphanumericCharacters="0"

  16:              passwordAttemptWindow="10"

  17:              passwordStrengthRegularExpression=""

  18:          />

  19:      </providers>

  20:  </membership>

  21: 

  22:  <!-- role provider -->

  23:  <roleManager enabled="true" defaultProvider="AcAspNetSqlRoleProvider">

  24:      <providers>

  25:          <add name="AcAspNetSqlRoleProvider"

  26:              type="System.Web.Security.SqlRoleProvider, System.Web,

                       Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

  27:              connectionStringName="AcSqlConnString"

  28:              applicationName="/"

  29:          />
  30:      </providers>

  31:  </roleManager>

I removed all of the numbers followed by “:”’s and changed the two connection string names to match what I used above and seemed to make it happy. Looks like this:

Then, I’ll launch the Website via Website, ASP.NET Configuration:

 

The site loaded thus:

Then, switch from Integrated Authentication to Forms Authentication.

When I hit the Security tab, I get this error:

“There is a problem with your selected data store. This can be caused by an invalid server name or credentials, or by insufficient permission. It can also be caused by the role manager feature not being enabled. Click the button below to be redirected to a page where you can choose a new data store.

The following message may help in diagnosing the problem: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)”

I changed my SQL Server 2005 Surface Area Configuration to this:

Did a reboot and then went back to the Security tab:

Same error. Huh.

Just had a thought. Realized I’d specified my server as:

connectionString="server=[THEMAN];database=FBAdb;

Gonna go take the [] out.

Wow. I must be some kind of genius:

Moving on: Click Select Authentication type

Click From the Internet, then click Done:

Select Security Tab again, then click Create User:

I’ve entered info to create user fbaadmin with a cryptic password:

And, just for fun, we’ll go look at the database in SQL Server Mgmt Studio and verify it was created there:

After Creating the user, Click the Provider tab then Select a different provider for each feature (advanced)

As you can see, the providers I specified in my web.config file, FBAAspNetSqlRoleProvider, exist here. That’s good.

Clicking test on either should provide us with following positive message:

Provider Management

Successfully established a connection to the database.

Now, AC’s directions have us go create a web site and site collection, then extend that web app onto another IIS web site which will have different authentication. I’ve already done that portion, with http://vanlaan as my default site and https://www.vanlaans.com extended from that site onto the Internet zone. It is this entry point that I’ll want users to use Forms-Based Authentication.

So, to add the following information into the above web sites’ web.config files:

Connection string:

<connectionStrings>

                                    <add name="FBAdbSqlConnString"

               connectionString="server=THEMAN;database=FBAdb;&#xD;&#xA;                                         Integrated Security=SSPI;"

          providerName="System.Data.SqlClient"

        />

                  </connectionStrings>

Membership and role provider:

<!-- membership provider -->

                                  <membership defaultProvider="FBAAspNetSqlMembershipProvider">

                                                     <providers>

                                                                          <add name="FBAAspNetSqlMembershipProvider"

              type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

              connectionStringName="FBAdbSqlConnString"

              enablePasswordRetrieval="false"

              enablePasswordReset="true"

              requiresQuestionAndAnswer="false"

                 applicationName="/"

                 requiresUniqueEmail="false"

                 passwordFormat="Hashed"

                 maxInvalidPasswordAttempts="5"

                 minRequiredPasswordLength="1"

                 minRequiredNonalphanumericCharacters="0"

                 passwordAttemptWindow="10"

                 passwordStrengthRegularExpression=""

             />

                                                                </providers>

                                </membership>

                                                <!-- role provider -->

                                <roleManager enabled="true" defaultProvider="FBAAspNetSqlRoleProvider">

                                                <providers>

                                                                <add name="FBAAspNetSqlRoleProvider"

                 type="System.Web.Security.SqlRoleProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

                 connectionStringName="FBAdbSqlConnString"

                 applicationName="/"

             />

                                                </providers>

                                </roleManager>

First, I’m going to save a copy of my web.config files I’m about to edit.

Then, I’ll cut and paste the connection string portion that’s written above below the </Sharepoint> tag and above the <system.web> tag.

Again, here’s the string I used:

  </SharePoint>

<connectionStrings>

                                    <add name="FBAdbSqlConnString"

               connectionString="server=THEMAN;database=FBAdb;&#xD;&#xA;                                         Integrated Security=SSPI;"

          providerName="System.Data.SqlClient"

        />

                  </connectionStrings>

Looks like this:

Then, we’ll add the membership and role provider language to the web.config filejust after the first <system.web> tag and above (for me) the     <securityPolicy> :

Need to do the same for the web.config for https://www.vanlaans.com . Done.

Now, need to do the same for the Central Admin web app:

Here, I used Visual Studio to add the lines in:

Again, following AC’s instructions, this web.config has one small change:

        <roleManager enabled="true" defaultProvider="AspNetWindowsTokenRoleProvider">

All else was the same.

Now, to change the Authentication Provider for the Internet zone of the http://vanlaan web app, which is basically saying we’re changing the authentication for the extended web site at https://www.vanlaans.com .

Click Application Management, Authentication Providers. Make sure the correct web app is selected, then click the Internet Zone:

We’re going to select Forms, which opens up the Membership Provider name and Role Manager name fields. We’re also going to click Enable Anonymous access. Then

Membership Provider name: FBAAspNetSqlMembershipProvider

Role Manager name: FBAAspNetSqlRoleProvider

Like this:

We’ll leave Enable Client Integration unchecked, as it doesn’t work all that super with FBA.

And, after clicking ok, we go to the website (where I’ve already enabled anonymous on the site) and get this to start:

Notice I’ve still got my https: from the previous SSL application. And I’ve got the Sign In button up top right, which indicates I am in anonymously. Clicking Sign In gets me this:

Ok, now we’ll go to add the fbaadmin account we created above to the site via Site Actions, Site Settings, People and Groups. We go to add users and when I just type in fba, the following occurs:

Now, this is not exactly what I wanted to see. It doesn’t behave the same way as if we were connecting to Active Directory and it would at least give us some id’s containing that string. But, if we type in fbaadmin, the id in its entirety, we get a match.

And, as we can see, the Provider is displayed here, showing us where this id came from.

And that's my walkthrough for setting up Dual authentication on a single Sharepoint web application. Much thanks to Andrew Connell and the guys at Alachua. (Lawrence, Ian, Dave)

Sharepoint quick start

So, I am by no means the first person to write about these "warm-up" scripts for Sharepoint 2007. But a good friend pointed out that there's still a lot of Sharepoint 2007 admins out there who may not have heard of them yet. So, here's yet another link in the chain.

To start with, just google the phrase "moss warm-up scripts" and you'll get most of what you need.

The highlights:

The actual files:

Download WarmUpServer.zip

Joel Oleson's post:

http://blogs.msdn.com/joelo/archive/2006/08/13/697044.aspx

Here's a link to a long post on Sharepoint Reporter Blog about how to create a good Sharepoint 2007 VPC image, which includes screenshots, etc on the warm-up scripts:

http://www.pptspaces.com/sharepointreporterblog/Lists/Posts/Post.aspx?ID=24

Basically, open and extract the warmupserver.zip file's files. I usually extract them to the same directory as stsadm: C:\Program Files\Common Files\Microsoft Shared\web server extensions\12\BIN . Tthen right-click and edit warmupserver.cmd file. Copy the whole call :HitPage moss:42512 /default.aspx line again and then replace moss:42512 with yourservername:portnumber for Central Admin, moss:42512 with yourservername:80 (or whatever your main portal is) and the moss:36342 from the /ssp/admin with servername and port number. Or you can put the full address of each site collection, like http://sharepoint or http://machinename:7440 , etc.

Go take a look at your web application pools in IIS to see when they recycle nightly and then schedule the startup.bat to run as a task just after that. You may even want to change when the web apps cycle and put them all within a window of about 15 minutes, then run the task right after that.

Enjoy

Thanks Ray, Ian

ASP.Net 2.0 Installation should generally be done after IIS 6.0 installation

When installing Sharepoint 2007, a couple prerequisites are IIS 6.0 and the .NET 3.0 framework. Generally, when building a server from scratch, one would install IIS 6.0 first, then run the .NET 3.0 framework installation. If you are working on a server that, for some reason, already has .NET 3.0 framework installed and then you install IIS 6.0 (or just flipping the order on building a new server), you might run into an error where the IIS 6.0 installation doesn't recognize that ASP.NET has been installed.

This is an example of the error you might receive:

'

Setup is unable to proceed due to the following error(s):

This product requires ASP.NET v2.0 to be set to 'Allow' in the list of Internet Information Services (IIS) Web Server Extensions. If it is not available in the list, re-install ASP.NET v2.0. Correct the issue(s) listed above and re-run setup.

"

You can verify this by going to Start, Administrative Tools, and selecting IIS Manager (or clicking start, run, and typing appsrv.msc) Then browse to: Default Web Site (or web site you want to verify), aspnet_client, system_web

In an instance where ASP.NET 2.0 or the .NET 3.0 framework has not been installed at all, you will see this:

However, here, you can see that, indeed, ASP.NET 2_0_50727 has been properly installed. This is the version that will appear after running the .NET 3.0 framework installation and is the correct version to run Sharepoint 2007.

If it's not there, however, you can get it here in IIS without having to reinstall the entire .NET 3.0 installation package. The file you want to run from the cmd line is aspnet_regiis from the folder with the correct version number. You can just do a search for aspnet_regiis, like so:

As you can see, it is present in both the earlier version's folder (v1.1.4322) and the later version's folder (v2.0.50727). We want to run the later version's folder. Or, of course, if you just know that C:\Windows\Microsoft.NET\Framework\v2.0.50727 contains the file you need, just browse there.

The command to run is aspnet_regiis -i . This will install ASP.NET 2.0 for the current IIS server. From the command line it looks like this:

So, there you go. That's how to add ASP.NET versions to an IIS server if IIS gets installed after the ASP.NET version gets installed. Enjoy.