Unknown error has occurred when trying to initialize Web Server Module: "The remote server returned an error: (400) Bad Request." about iis.webmanager HOT 39 CLOSED

I have this problem as well. Any updates?

from iis.webmanager.

Get-Token.ps1.txt

I actually reproduced the same error on my local machine when I manipulated the date format. We may be passing an incorrectly formatted expiration date to the HTTP request. I updated the script and also added some debug output. Can you download it, rename back to .ps1, then run the same command again on the target machine?

By the way, what is the date format on your target machine?

from iis.webmanager.

Suddenly I get this error, too. Couldn't find a way to fix it or get at least more info.
Any help would be appreciated.

from iis.webmanager.

same here! Suddenly seeing this error. Log is attached.
vistrpndas4.zip

from iis.webmanager.

is the IIS server running on the remote machine? Can you go to https://[servername]:55539/#/api/webserver?

from iis.webmanager.

This morning I was able to cinnect for the 1st time to the remote IIS in WAC. After I visited another host and came back to the hosts hosting remote IIS, I started getting the same error (I restarted IIS admin on the remote host but it did not help).
Also I am able to connect to https://[servername]:55539/#/api/webserver? locally and remotely.

from iis.webmanager.

Are you running Windows Admin Center on the same machine as IIS? I did have the same issue once in that case. Also can you try add yourself to the appsettings.json file under "C:\Program Files\IIS Administration\[version]\Microsoft.IIS.Administration\config\appsettings.json" on the IIS host as described here?. When I tested the newest IIS extension, I needed to add myself to appsettings.json to get rid of the error messages. If it does not help, I will continue to debug it. Thanks

from iis.webmanager.

I tried your suggestion but it seems that the file has permission that does not allow changing the file. I even opened the file in notepad as ADMIN but it does not allow me to change the file in spite of the dact that I stopped IIS admin, WWW...
In notepad++ it displays a message "Please Check if this file is opened in another program"

from iis.webmanager.

By default, the files under "C:\Program Files\IIS Administration\[version]\Microsoft.IIS.Administration\config" are owned by System or TrustedInstaller. First, you need to take ownership of that folder, then give yourself permission to modify files in it.
https://www.windowscentral.com/how-take-ownership-files-and-folders-windows-10
https://www.thewindowsclub.com/change-files-and-folders-permissions-in-windows-10

from iis.webmanager.

Also, you should use double backslash in your user name, not single backslash

from iis.webmanager.

Thanks I was able to modify the file, restarted he IIS admin but it did not help I am getting the exact same error

from iis.webmanager.

Let me know the version of WAC and IIS Extension you have
https://localhost:6516/settings/updates should show you the WAC version.
Go to https://localhost:6516/settings/extension/installed. you should find the version of IIS Extension.

When you get the error, go to Edge menu->More tools-Developer tools.
Click the Console tab. What errors do you see that is related to (400) Bad Request?
Click the Network tab, can you see a red command (status code 400)? If so, get the details of that command.

from iis.webmanager.

I got a similar error message, but instead of (400) Bad Request, I had the (401) Unauthorized. I followed the instructions @yaqiyang described: changed the ownership of the folder and added myself as admin and owner in the appsetting.json file. At first, I kept getting the same error message, but I get it working after I reset my machine.

from iis.webmanager.

I got a similar error message, but instead of (400) Bad Request, I had the (401) Unauthorized. I followed the instructions @yaqiyang described: changed the ownership of the folder and added myself as admin and owner in the appsetting.json file. At first, I kept getting the same error message, but I get it working after I reset my machine.

You need to restart the Microsoft IIS Administration service after you changed appsettings.json.

from iis.webmanager.

Same here. Just installed and got a 400 Bad Request. WAC is installed in a different machine and I'm trying to access IIS in a 2022 server core machine.

from iis.webmanager.

Same here. Just installed and got a 400 Bad Request. WAC is installed in a different machine and I'm trying to access IIS in a 2022 server core machine.

Do you have the same problem when accessing IIS on other machines using WAC?

To help us diagnose the problem, please send us the full Response text from the server.

• With the error message showing in the IIS extension, go to Edge menu
• Open "More tools -> Developer tools"
• Select "Network" tab
• Locate the http command that has the error message
• Copy the full response text

from iis.webmanager.

Same here. Just installed and got a 400 Bad Request. WAC is installed in a different machine and I'm trying to access IIS in a 2022 server core machine.

Do you have the same problem when accessing IIS on other machines using WAC?

To help us diagnose the problem, please send us the full Response text from the server.

• With the error message showing in the IIS extension, go to Edge menu
• Open "More tools -> Developer tools"
• Select "Network" tab
• Locate the http command that has the error message
• Copy the full response text

Same issue for 2022 Standard with GUI.

Error for 2022 Standard with GUI: {"sessionId":"f66e8382-2ccf-4394-bc11-f99699dd26b6","completed":"True","results":[],"exception":"The remote server returned an error: (400) Bad Request.","progress":[{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading response stream... (Number of bytes read: 0)","percent":-1,"secondsRemaining":-1,"type":"Processing"},{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading response stream... (Number of bytes read: 15)","percent":-1,"secondsRemaining":-1,"type":"Processing"},{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading web response completed. (Number of bytes read: 15)","percent":-1,"secondsRemaining":-1,"type":"Completed"},{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading response stream... (Number of bytes read: 0)","percent":-1,"secondsRemaining":-1,"type":"Processing"},{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading response stream... (Number of bytes read: 15)","percent":-1,"secondsRemaining":-1,"type":"Processing"},{"id":174593042,"parentId":-1,"activity":"Reading web response","status":"Reading web response completed. (Number of bytes read: 15)","percent":-1,"secondsRemaining":-1,"type":"Completed"}],"statusCode":0}

from iis.webmanager.

@desmondkung , thanks for the data. Unfortunately, I don't see anything that can help. Can you export all that data to HAR file and send it to me?

To export as HAR, select the export button on top of the Network tab,

from iis.webmanager.

@yaqiyang what's your MSFT mail address? I'll send to you as a zip attachment.

from iis.webmanager.

@yaqiyang what's your MSFT mail address? I'll send to you as a zip attachment.

[email protected]

I got status 400 from a remote machine if IIS Admin is not exposed on default port 55539. But the error message is different. So that is most likely not the root cause for you. When you capture the network traffic data, please first move focus away from IIS in WAC, then click on IIS from left navigation pane again to make sure you have captured all network traffic during the process.

Thanks

from iis.webmanager.

@desmondkung Error 400 can also be related to authentication. Do you have permissions to access IIS Administration on the remote machine? Can you access it by something like https://[reomote machine name]:55539?

from iis.webmanager.

@desmondkung Error 400 can also be related to authentication. Do you have permissions to access IIS Administration on the remote machine? Can you access it by something like https://[reomote machine name]:55539?

I did a "powershell tnc -port 55539" from the WAC gateway.
Before (port closed) and after explicitly opening 55539 (port open) on the remote iis machine, I'm getting shown the same error message: Unknown error has occurred when trying to initialize Web Server Module: "The remote server returned an error: (400) Bad Request."

from iis.webmanager.

• When I tried tnc localhost -port 55539 in my test, it was successful. But not successful when I did just tnc -port 55539
• What happens if you just try to navigate to https://[reomote machine name]:55539 in the browser?

The error you mentioned above happens when the remote IIS server is in an unknow state. You can uninstall IIS Admin from your remote machine and let WAC install it automatically.

from iis.webmanager.

• When I tried tnc localhost -port 55539 in my test, it was successful. But not successful when I did just tnc -port 55539
• What happens if you just try to navigate to https://[reomote machine name]:55539 in the browser?

The error you mentioned above happens when the remote IIS server is in an unknow state. You can uninstall IIS Admin from your remote machine and let WAC install it automatically.

1. Test-netconnection requires a destination.
2. will test browser access shortly.
3. I used the recommended option where WAC installs IISAdmin 6.0 from online source. It doesn't add a firewall rule for 55539 though.

from iis.webmanager.

Firewall is not a problem. That is the first thing I tested. WAC can still access IIS even if port 55539 is not enabled from the Firewall. It is something else that put the IIS server in an unknown state that I cannot reproduce. If possible, try access it on the IIS machine through https://localhost:55539

from iis.webmanager.

https://localhost:55539 works.

from iis.webmanager.

This is what you have. The remote address is at port 80, not a secure port. But in my local test, it is always the same port of WAC.

I think some configuration settings on your WAC are causing the problem, but I cannot reproduce it. Are you running WAC from a remote machine?

from iis.webmanager.

Yeah, WAC is remote gateway. There is http to https redirection from 80 to 8443.

from iis.webmanager.

@desmondkung, I set up a remote WAC gateway exactly like yours, but still cannot reproduce it. Does this happen to other machines? Can you try to access IIS on a different machine?

from iis.webmanager.

@desmondkung, I set up a remote WAC gateway exactly like yours, but still cannot reproduce it. Does this happen to other machines? Can you try to access IIS on a different machine?

Let me try on 2019 standard.

Not sure if this info helps. I'm connecting to the servers using WAC's "Manage As" option as domain admin instead of my domain user account. The servers that are connected to WAC also have resource-based constrained delegation applied using the following lines:

$gateway = "server1" # Machine where Windows Admin Center is installed
$node = "server2" # Machine that you want to manage
$gatewayObject = Get-ADComputer -Identity $gateway
$nodeObject = Get-ADComputer -Identity $node
Set-ADComputer -Identity $nodeObject -PrincipalsAllowedToDelegateToAccount $gatewayObject

from iis.webmanager.

The error occurred when WAC tried to create an access token on the target machine. Your domain admin account should also be a local admin. So it should be able to create access tokens. But anything can happen. Maybe the log files can give us some clues. Check the logs on the target machine at C:\Program Files\IIS Administration\logs. They could have some useful error messages.

In this process, WAC calls Get-Token.ps1 to create the token. So, you can try to run Get-Token.ps1 directly and see if it works. The file is at https://github.com/microsoft/IIS.WebManager/blob/dev/src/app/resources/scripts/iis_scripts/Get-Token.ps1

1. download the file to the target machine, put it under c:\users\[username]\documents
2. On the WAC gateway, open PowerShell, it should be at directory c:\users\[username]\documents
3. Run command,
   .\Get-Token.ps1 -sessionID "session123" -command "ensure" -apiHost "https://localhost:55539"

It should return the created Access Token with name "WAC/session123" and some other data. You should also see the tokens at https://localhost:55539/security/tokens

from iis.webmanager.

@yaqiyang just tested connection to 2019 and it works. 2022 doesn't have any log file. I'll try the token script on 2022 shortly.

from iis.webmanager.

400 when running PowerShell in 2022 target

No token created on local

from iis.webmanager.

2019 target (working)

2022 target (not working)

from iis.webmanager.

date time format

result from PowerShell

result from WAC

from iis.webmanager.

Thanks a lot for your help to debug this issue. I will submit a pull request for it. But the fix in the IIS extension will have to come in our next update, which may be soon. At the same time, you may have to change your short date format to something like m/d/yyyy for it to work. I don't see a good workaround here.

from iis.webmanager.

You're welcome! Glad to help. This issue isn't a priority so I can wait for the update to be pushed out.

from iis.webmanager.

I have updated to the latest version of web admin center, and I have updated the server and rebooted. I get the following error when running the script from powershell on the host machine:
.\Get-Token.ps1 -sessionID "session123" -command "ensure" -apiHost "https://localhost:5553
9"
Command: Invoke-WebRequest 'https://localhost:55539/security/api-keys' -UseBasicParsing -UseDefaultCredentials -ContentType 'application/json'
Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS
secure channel.
At C:\Users\username\Documents\Get-Token.ps1:110 char:14

• ... $query = Invoke-WebRequest "$apiHost/security/$CreateEndpoint" -Us ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
    eption
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

I get a similar error when running it from WAC on my machine against the host:
Unable to connect to the remote server

• CategoryInfo : InvalidOperation: (Systems.net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], Webexception
• FullyQualifiedErrorID : WebCmdletWebResponseException,Microsoft.Powershell.Commands.InvokeWebRequestCommand

Has this been fixed in the latest IIS plugin update for WAC, or do I need to keep waiting? Thanks

from iis.webmanager.

I have updated to the latest version of web admin center, and I have updated the server and rebooted. I get the following error when running the script from powershell on the host machine: .\Get-Token.ps1 -sessionID "session123" -command "ensure" -apiHost "https://localhost:5553 9" Command: Invoke-WebRequest 'https://localhost:55539/security/api-keys' -UseBasicParsing -UseDefaultCredentials -ContentType 'application/json' Invoke-WebRequest : The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. At C:\Users\username\Documents\Get-Token.ps1:110 char:14

• ... $query = Invoke-WebRequest "$apiHost/security/$CreateEndpoint" -Us ...

•             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebExc
    eption
  • FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

I get a similar error when running it from WAC on my machine against the host: Unable to connect to the remote server

• CategoryInfo : InvalidOperation: (Systems.net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], Webexception
• FullyQualifiedErrorID : WebCmdletWebResponseException,Microsoft.Powershell.Commands.InvokeWebRequestCommand

Has this been fixed in the latest IIS plugin update for WAC, or do I need to keep waiting? Thanks

That is a different problem. Are you trying to access your local IIS from WAC? If so, you need to do this and restart your IIS Administration service, https://github.com/microsoft/IIS.Administration#:~:text=Open%20src%5CMicrosoft.IIS.Administration%5Cconfig%5Cappsettings.json%2C%20modify%20the%20users%20section%20as%20below%2C

from iis.webmanager.