The directory containing the dll is at $TomcatHome/isapi/ I opened that wide up for testing after more secure configurations did not work. Don't worry - this will absolutely NOT be used for production: IUSR, I_USRS, and USERS all have full control. DefaultAppPool has everything but full control - Modify, execute, write.
However, the isapi_redirect.dll's logs show that it is not getting tomcat errors the way it used to, so I do think it is connecting but then being banned by Tomcat itself. For example the logs used to have messages that tomcat wasn't listening on 8009 until I figured out that the AJP connector is now commented out by default in server.xml. After fixing that and a few other things, the logs suddenly started spitting back the complete html of the 403 error pages - in other words I do think it is now connecting. On Tue, Feb 25, 2020 at 12:54 PM <jonmcalexan...@wellsfargo.com.invalid> wrote: > What permissions are on the file containing the DLL, and Worker files? > > > Dream * Excel * Explore * Inspire > Jon McAlexander > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions > > Upcoming PTO: 11/8, 11/11, 11/15, 11/22, 11/28, 11/29, 12/2, 12/6, 12/13, > 12/20 – 12/31 > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > > > This message may contain confidential and/or privileged information. If > you are not the addressee or authorized to receive this for the addressee, > you must not use, copy, disclose, or take any action based on this message > or any information herein. If you have received this message in error, > please advise the sender immediately by reply e-mail and delete this > message. Thank you for your cooperation. > > > -----Original Message----- > From: Ellen Meiselman <elle...@gmail.com> > Sent: Tuesday, February 25, 2020 11:51 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: At wits end: Difficulties with IIS ISAPI connector and Tomcat > > Thank you - when I remove the secret line, save and restart Tomcat, it > results in the same 403 error. > > On Tue, Feb 25, 2020 at 12:34 PM André Warnier (tomcat/perl) < > a...@ice-sa.com> > wrote: > > > The workers.properties below look good to me at first sight. > > > > Just to eliminate something, could you try the following changes : > > > > 1) workers.properties : > > remove the line > > > worker.worker1.secret="mySecret". > > > > 2) AJP Connector in tomcat : > > > > <Connector protocol="AJP/1.3" > > address="127.0.0.1" > > port="8009" > > secretRequired="false" > > redirectPort="8443" /> > > > > then restart tomcat and IIS. > > What's happening then ? > > > > Note : this is something new in tomcat 8.5.51 compared to 8.5.50 and > > earlier. > > Before, by default, the "secret" was disabled. Since 8.5.51, by > > default, the secret is enabled, and you have to disable it explicitly > > if you don't want it (as I did above). > > > > With the settings above, we are just trying to get back to a > > configuration without secret, to check if that works in your case. > > As indicated in the documentation > > ( > > http://tomcat.apache.org/tomcat-8.5-doc/config/ajp.html#Standard_Imple > > mentations) > > you can > > do that in your case, because the communication between IIS and Tomcat > > is fairly secure, since it happens all within the same host. > > > > > > On 25.02.2020 18:06, Ellen Meiselman wrote: > > > Yes, everything is on the same server. > > > > > > workers.properties: > > > # Set properties for worker1 (ajp13) > > > worker.worker1.type=ajp13 > > > worker.worker1.host=127.0.0.1 > > > worker.worker1.port=8009 > > > worker.worker1.secret="mySecret". > > > > > > On Tue, Feb 25, 2020 at 11:27 AM > > > <jonmcalexan...@wellsfargo.com.invalid> > > > wrote: > > > > > >> -----Original Message----- > > >> From: Ellen Meiselman <elle...@gmail.com> > > >> Sent: Tuesday, February 25, 2020 10:01 AM > > >> To: Tomcat Users List <users@tomcat.apache.org> > > >> Subject: Re: At wits end: Difficulties with IIS ISAPI connector and > > Tomcat > > >> > > >>> Hi, > > >> > > >>> I've been testing, and so far, there is no change in the behavior. > > >>> I am > > >> still getting the same tomcat->based 403 error. > > >> > > >>> Based on what you said above... > > >>> > > >>> secretRequired="true" (which is the default, so it can be removed) > > >>> secret="xxxxxxx" > > >> > > >> > > >>> ...I removed secretRequired="true" and left secret. So the > > >>> connector > > >> definition now looks like this: > > >>> <Connector protocol="AJP/1.3" > > >>> address="127.0.0.1" > > >>> port="8009" > > >>> secret="mySecret" > > >>> redirectPort="8443" /> > > >> > > >> <SNIP> > > >> > > >> I'm assuming that your web-front-end is on the same server as your > > Tomcat > > >> instance, based on you having the address set to 127.0.0.1, correct? > > What > > >> do you have in your workers.properties file? > > >> > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > >
