ghost
commented
8 years ago Github doesn't want to put slash in front of { or smth along those lines. Anyway, fix down below.
this: cmd /C c:\install\RegistryUnlocker.exe u "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID{9fa5c497-f46d-447f-8011-05d03d7d7ddc}"
should be like: cmd /C c:\install\RegistryUnlocker.exe u "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}"
Here, all commands fixed:
cmd /C c:\install\RegistryUnlocker.exe u "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v RunAs /d "domain\$apppoolUser" /t REG_SZ /f cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v EndPoints /d "ncacn_ip_tcp,0,22000" /t REG_MULTI_SZ /f cmd /C c:\install\LsaStorePrivateData set "SCM:{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" "$apppoolUserPassword" cmd /C c:\install\RegistryUnlocker.exe l "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9fa5c497-f46d-447f-8011-05d03d7d7ddc}"keys
Manual fix below, we should make sure these steps can be done reliably by Puppet.
Dism /online /Enable-Feature /FeatureName:NetFx3 /all Dism /online /Enable-Feature /FeatureName:IIS-WebServerRole Dism /online /Enable-Feature /FeatureName:IIS-WebServer Dism /online /Enable-Feature /FeatureName:IIS-CommonHttpFeatures Dism /online /Enable-Feature /FeatureName:IIS-Security Dism /online /Enable-Feature /FeatureName:IIS-RequestFiltering Dism /online /Enable-Feature /FeatureName:IIS-StaticContent Dism /online /Enable-Feature /FeatureName:IIS-DefaultDocument Dism /online /Enable-Feature /FeatureName:IIS-ApplicationDevelopment Dism /online /Enable-Feature /FeatureName:IIS-NetFxExtensibility /all Dism /online /Enable-Feature /FeatureName:IIS-ISAPIExtensions Dism /online /Enable-Feature /FeatureName:IIS-ASP Dism /online /Enable-Feature /FeatureName:IIS-ISAPIFilter Dism /online /Enable-Feature /FeatureName:IIS-ASPNET /all Dism /online /Enable-Feature /FeatureName:IIS-CGI Dism /online /Enable-Feature /FeatureName:IIS-ServerSideIncludes Dism /online /Enable-Feature /FeatureName:IIS-CustomLogging Dism /online /Enable-Feature /FeatureName:IIS-BasicAuthentication Dism /online /Enable-Feature /FeatureName:IIS-WebServerManagementTools Dism /online /Enable-Feature /FeatureName:IIS-ManagementConsole
c:\windows\system32\inetsrv\appcmd set config -section:system.applicationHost/log /centralLogFileMode:"CentralW3C" /centralW3CLogFile.period:"Hourly" /centralW3CLogFile.logExtFileFlags:"Date, Time, ClientIP, UserName, SiteName, Method, UriStem, UriQuery, HttpStatus, BytesSent, UserAgent, Referer, ProtocolVersion, Host" /commit:apphost
set-webconfigurationproperty /system.webServer/security/authentication/anonymousAuthentication -name userName -value ""
cmd /C c:\install\RegistryUnlocker.exe u "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v RunAs /d "domain\$apppoolUser" /t REG_SZ /f cmd /C REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" /v EndPoints /d "ncacn_ip_tcp,0,22000" /t REG_MULTI_SZ /f cmd /C c:\install\LsaStorePrivateData set "SCM:{9fa5c497-f46d-447f-8011-05d03d7d7ddc}" "$apppoolUserPassword" cmd /C c:\install\RegistryUnlocker.exe l "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID{9fa5c497-f46d-447f-8011-05d03d7d7ddc}"keys
netsh advfirewall firewall add rule name="RPC Mapper" dir=in action=allow profile=domain remoteip=localsubnet protocol=tcp localport=135 service=RpcSs netsh advfirewall firewall add rule name="AHADMIN Fixed Endpoint" dir=in action=allow profile=domain remoteip=localsubnet protocol=tcp localport=22000 program=%windir%\system32\dllhost.exe
iisreset
Very important thing is to change next values: