IIS Configuration Guidelines for running: Sterling Gentran:Server HTTP Gateway Sterling Gentran:Server HTTP Message Forwarder on Microsoft Windows Server 2012 Version 1.0 Last updated: August 11, 2017 Author: Albert Wang & Mike Hull Licensed Materials - Property of IBM IBM Sterling Gentran:Server for Microsoft Windows Copyright IBM Corp. 1990, 2013. All Rights Reserved. US Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Page 1 of 6
Table of Contents Overview... 3 Enabling IIS on Windows Server 2012... 3 Configuring IIS... 3 1a. Creating an application pool... 3 1b.Editing application pool settings... 3 2. Creating a web site... 4 3. Creating virtual directories... 4 4. Enabling execute permissions... 4 5. Creating ISAPI module mapping... 5 6. Modifying Authentication... 5 7. Opening a port in the firewall... 6 URLs for the HTTP Gateway and HTTP Message Forwarder... 6 Configuring Permissions for HTTP Message Forwarder... 6 Page 2 of 6
Overview To use the HTTP Gateway or the HTTP Message Forwarder features in Sterling Gentran:Server, the Microsoft Windows IIS (Internet Information Service) web server must be enabled and configured. This document details the steps necessary to install and use IIS on Windows Server 2012. This is not replacement documentation for installing and setup of the gateways; it is a supplemental guide for specific IIS configuration. This document applies to the following products: IBM Sterling Gentran:Server for Microsoft Windows 5.3.1 Enabling IIS on Windows Server 2012 Installing IIS and Enabling ISAPI Extensions and ASP Go to Control Panel -> Administrative Tools -> Server Manager Select Add Roles and Features in middle panel Click the Next button in the wizard to begin On the Select Installation Type dialog, click the Next button to accept defaults (Role-based or Feature-based installation) On the Select Destination Server dialog, click the Next button to accept defaults (your server name) On the Select Server Roles dialog, check the Web Server (IIS) checkbox A popup dialog will appear to confirm selection of [Tools] IIS Management Console too Click the Add Features button Click the Next button (on the Select Server Roles dialog) On the Select Features dialog, click the Next button to accept defaults On the Web Server Role (IIS) dialog, click the Next button On the Role Services dialog, expand the Application Development node and check the ISAPI Extensions and ASP checkboxes. ASP is only needed for the HTTP Message Forwarder. Click the Next button to install Configuring IIS Open Administrative Tools > Internet Information Services (IIS) Manager and navigate to the Web Server (IIS) node in the tree 1a. Creating an application pool Under the Connections pane, expand the tree node of the server name and select the Application Pools tree node Click on the Add Application Pool link on the right side Enter the name of the new application pool [Gentran] and Click the OK button 1b.Editing application pool settings Select the new application pool (Gentran) > Right click and Select Advanced Settings Change the GENERAL value for Enable 32-Bit Applications to True Change the value for Identity to LocalSystem Click OK > OK to exit Advanced settings Page 3 of 6
2. Creating a web site Under the Connections pane, select the Sites tree node Click the Add Web Site link on the right side Enter the new Site name [Gentran] Assign the Application pool to the app pool that was created earlier (Gentran). Enter the Physical path field, enter the Gentran bin folder location (c:\gensrvnt\bin) For the Port number, enter a new, unused port number (80 belongs to Default Web Site). For example, 8080, etc. This will be specified in the post-to URL. Click the OK button If using the HTTP Message Forwarder, also complete these steps: Repeat the above steps using the values below Site name field: MsgFwdr Application pool field: Gentran (use the Select button to choose the App pool from before) Physical path field: C:\Program Files\HTTP Message Forwarder Port field: another new, unused port number (8880) * You need a separate website for the Message Forwarder since the Physical Path is used as the file path for the XML log file and the save-post-data file generated by the Message Forwarder. 3. Creating virtual directories Under the Sites tree node, right-click on the new web site (Gentran) and select Add Virtual Directory. For the Alias field, enter the name of the virtual directory (gentran). This will be specified in the post-to URL. For the Physical path field, enter the Gentran bin folder location (c:\gensrvnt\bin) Click the OK button For HTTP Message Forwarder: Repeat the above steps using the values below Alias field: fwd Physical path field: C:\Program Files\HTTP Message Forwarder 4. Enabling execute permissions Select the new virtual directory gentran in the tree view Double-click on Handler Mappings in the middle pane Click the Edit Feature Permissions link on the right side Check the Execute checkbox Click the OK button For HTTP Message Forwarder: Repeat the above steps for the new virtual directory fwd Page 4 of 6
5. Creating ISAPI module mapping Select the virtual directory gentran in the tree view Click on Handler Mapping, click on the Add Module Mapping link on the right side click Request path field, enter *.dll Click Module dropdown, select IsapiModule Click Executable field, enter the full path for SCDeliveryQuery.dll (c:\gensrvnt\bin\scdeliveryquery.dll) Click Name field, enter ISAPI-dll Click on the Request Restrictions button On the Mapping tab, check the Invoke handler only if request is mapped to checkbox. Select File radio button On the Access tab, select the Execute radio button Click the OK button (to close the Request Restrictions dialog) Click the OK button (to close the Add Module Mapping dialog) There will be a message box prompt asking if you want to allow this ISAPI extension. Click the Yes button. This will add an Allowed entry for SCDeliveryQuery.dll in ISAPI and CGI Restrictions (click server name tree node to see this) For HTTP Message Forwarder: Repeat above steps for virtual directory fwd using the value below: Executable field: C:\Program Files\HTTP Message Forwarder\SCHttpMessageForwarder.dll 6. Modifying Authentication Only for HTTP Message Forwarder: Select the virtual directory fwd in the tree view Double-click on Authentication in the middle pane Click on Anonymous Authentication in the list view Click the Edit link on the right side Select the Application pool identity radio button (WARNING: you can t go back to using IUSR once this is done since it requires entering the system-generated IUSR password) This allows messageforwarderconfig.asp (and SCMsgForwarderConfig.dll) to write the ASP settings to the local registry. An alternative would be to open RegEdit and add IUSR (with Full Control rights) to the permissions list for the GSW InternetGateways registry key. Page 5 of 6
7. Opening a port in the firewall Go to Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security Select Inbound Rules in the tree view Click the New Rule link on the right side Select Port radio button Click the Next button In the Specific local ports field, enter the port number that you specific earlier when you created the web site. Click the Next button Click the Next button (Allow the connection radio should already be selected) Click the Next button (Domain, Private, and Public checkboxes should already be checked) Enter the name of the rule and Click the Finish button URLs for the HTTP Gateway and HTTP Message Forwarder When specifying the destination URL for an outbound HTTP Gateway mailbox, you need to include the port number that you specified earlier when you created the web site as follows: When posting to your HTTP Gateway, use this URL: http://myservername:8080/gentran/scdeliveryquery.dll When posting to your HTTP Message Forwarder, use this URL: http://myservername:8880/fwd/schttpmessageforwarder.dll Configuring Permissions for HTTP Message Forwarder The following steps are not needed on Windows 2012. However, if the HTTP Message Forwarder is having issues saving the configuration settings to the registry or writing to the log file, these steps should help resolve those issues. Registry permissions Open Regedit.exe Go to the HKLM\...\GENTRAN\InternetGateways\SCHTTPMessageForwarder registry key Right click > Select Permissions Add the IUSR account Check the Full Control checkbox Allows messageforwarderconfig.asp (and SCMsgForwarderConfig.dll) to write the ASP settings to the local registry. Folder permissions Go to the C:\Program Files\HTTP Message Forwarder folder Right click > Select Properties Go to Security tab Add the IWAM account Check the Write checkbox This allows SCHttpMessageForwarder.dll to write the log file (schttpmessageforwarder.xml) and to save the incoming POST data (schttpmessageforwarderpost.txt). Page 6 of 6