Default IIS Configuration for Patch Manager Server

Description

This article provides the default Directory Security settings for the Patch Manager Server in Internet Information Services (IIS). If problems arise as a result of changes to these settings, use this article to revert the Patch Manager Server Website to its original configuration.

Applies To

Prism Patch Manager 6.4

Symptons

Any of the following problems can be an indication that Internet Information Services is not configured properly:

• All agents appear offline.
• Access to the Patch Manager Server Website is denied.
• The Patch Manager Server Website returns an "Internal Server Error" message.
• The Patch Manager Server Website returns a "Service Unavailable" message.
• The Patch Manager Server Website appears garbled and missing images.
• "Detection results not found" appears in the Platform column of the Computers page.

Cause

Communication issues between the Patch Manager Server and the IIS Web server typically arise if the default settings in IIS have been altered by the administrators or if configuration settings are modified as the result of security policies instituted on the server or across the network.

Resolution

A) Make certain ASP.NET 1.1 is selected instead of ASP.NET 2.0 or higher:

1. On the IIS server, go to Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager (in Windows 2000 Server, IIS is called Internet Services Manager).
2. Expand Web Sites (Windows 2003) or the Server name (Windows 2000) then right-click and choose Properties on New Boundary Prism Patch Manager Server.
3. Visit the ASP.NET tab and make certain ASP.NET 1.1 is chosen instead of ASP.NET 2.0 or higher.

B) Verify the Web Server Extensions are configured properly:

1. On the IIS server, go to Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager.
2. Highlight Web Server Extensions.
3. The following items need to be enabled:
       Active Server Pages
       ASP.NET v1.1.4322
       Patch Manager Server

C) Verify the account membership of the PLUS ADMINS group:

1. Within Computer Management, drill into Local Users and Groups and then select Groups.
2. Within the properties of the PLUS ADMINS group, verify the following accounts exist:
       Administrator
       ASPNET
       IWAM_"SERVERNAME"
       NT AUTHORITY\NETWORK SERVICE
       PatchLink
       PLUS ANONYMOUS
       PLUS_AGENT
       PLUS AGENT (does not exist in version 6.3 or higher)

D) Verify the permissions and directory settings for the web site:

1. On the IIS server, go to Start > Programs > Administrative Tools > Internet Information Services (IIS) Manager (in Windows 2000 Server, IIS is called Internet Services Manager).
2. Expand Web Sites (Windows 2003) or the Server name (Windows 2000) then expand PLUS.
3. Use the following chart to ensure that the PLUS directories are appropriately configured. Pay special attention to the virtual directories.

To view and modify directory settings, right-click on the directory name > select Properties > switch to the Directory Security tab > click Edit in the Authentication and access control section.