Configuring Terminal Server web server
Overview
Terminal Server implements embedded web server based on IIS hostable web core (HWC) functionality. HWC web server is suitable even for environments with large number of devices connecting to one node. It provides necessary performance and stability.
Prerequisities
IIS 7.0 or higher must be installed on the server in order to use HWC web server and therefore it can be used only on Windows Server 2008 or higher. The IIS together with all required features can be installed automatically during installation of SafeQ (both for CML and ORS server) or it can be installed manually.
Web server properties
Behavior of web servers is following:
Configuration in Terminal Server's TerminalServer.exe.config (located in <SafeQ_dir>\terminalserver) has higher priority than configuration obtained from SafeQ.
If necessary ports (see Network communication overview) are occupied by any other application, Terminal Server will not start.
Installation of HWC prerequisites
As the HWC web server requires additional support from the operating system, some server features must be installed in order to run the HWC web server. Required server features can be installed during SafeQ installation or can be set up manually on supported systems.
Installation via SafeQ installer
Non-customized installation of CML
In case of non-customized installation, necessary system roles are installed and HWC server is always configured (if supported by the operation system).
If you do not want have HWC configured automatically, deselect I want to customize my YSoft SafeQ installation and proceed with customized installation.
Note that installation of roles and features via installer may take several minutes.
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site" is deleted from IIS after installation as the site overrides system settings and uses port 80 instead of SafeQ web interface. If IIS was already installed before and you select this option, please make sure that no important site named "Default Web Site" is configured in external IIS otherwise it will be deleted.
Customized installation of CML
During customized installation, you have the possibility to skip automatic installation and configuration of HWC by deselecting option Enable support for embedded IIS web server.
Please check and install necessary roles manually according to guide below.
Update / upgrade of CML server
If you are updating or upgrading SafeQ installation, then no roles nor features are installed. If you want to use HWC web server, then server web role must be enabled manually.
ORS installation
To install web server roles and features use configuration option enableHwcSupport in safeq-ors.ini. The usage is following:
enableHwcSupport = 0 -- roles and features are not installed
enableHwcSupport = 1 -- web server role and corresponding features are installed. Installation includes deleting of the default IIS web site and may take several minutes depending on system usage and configuration.
If port 80 is selected in the installer for SafeQ web interface, then IIS site called "Default Web Site" is deleted from IIS after installation as the site overrides system settings and uses port 80 instead of SafeQ web interface. If IIS was already installed before and you select this option, please make sure that no important site named "Default Web Site" is configured in external IIS otherwise it will be deleted.
Manual installation
Installation via scripts
Server web role and related services can be enabled on Windows Server 2008, 2008 R2 and 2012 also by powershell scripts. To execute these scripts, 64-bit version of Powershell must be used. The commands are different for each Windows version.
Windows Server 2008
ServerManagerCmd.exe -install Web-Server Web-Asp-Net
Windows Server 2008 R2
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net
Windows Server 2012
Import-Module ServerManager
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net45
Add-WindowsFeature Web-WHC
After installation of server web role, the IIS is always installed together with 'Default Web Site' which uses port 80. If you want to have SafeQ 5 web interface using this port (80), delete this default web site in IIS Server Manager, or use command
C:\Windows\System32\inetsrv\AppCmd.exe delete site /site.name:"Default Web Site"
Stopping the web site is not sufficient as it starts again after computer restart.
Fully manual installation example
Goto Server Manager > Roles, then open Add Roles wizzard and select Web Server (IIS) server role.
ASP.NET and Hostable Web Core role services must be enabled together with depending features.
Finally click the Install button. The installation may take several minutes.
Keep in mind that IIS is installed together with Default Web Site running on port 80 which may interfere with SafeQ web interface. If you want to have SafeQ 5 web interface using this port (80), delete this default web site in IIS Server Manager
Logging of web servers
You can recognize successful start of HWC web server from terminalserver.log, located in <SafeQ_dir>\terminalserver:
Initializing web server manager...Web server manager initialized.Web server [Hwc] selected in configuration.Initializing [HWC] web server...Checking port availability...All required ports are available. Checking [HWC] prerequisities...IIS 7.0 or higher is installed.Required IIS features are enabled..NET 4.0 is registered to IIS.Library hwebcore.dll was found in the system.Creating certificate wrapper.Installing and binding certificate to secured ports...Certificates binded and installed.Unbinding certificates from unsecured ports....Certificates unbinded. Activating [HWC] web server.Initialization of [HWC] web server was succesfull.
If error occurs during HWC startup in its kernel, the error is saved into Windows Application Event Log (known limitation of HWC).
The logs can be found in Computer Management > System Tools > Event Viewer > Windows Logs > Application. The source of error is HostableWebCore. Double-clicking the event shows error detail.
Trace logging of web servers
Detailed traces of web server communications is moved from Terminal Server log into separate log file <SafeQ folder>\terminalserver\logs\http_trace.log. These logs contains detailed information of all requests together with headers and response codes. To specify verbosity, go to System > System settings, select Advanced and set dsHttpTraceVerbosity to one of the following options:
none - nothing is logged.
fatal - only requests resulting in 5xx http error code (server error) are logged.
error - requests resulting in 4xx-5xx http code are logged.
info - requests resulting in 2xx-5xx http code are logged.
debug - all requests + request headers are logged (default value).
The Terminal Server does not need restart if the configuration is changed via SafeQ web interface.
dsHttptraceVerbosity = debug
The logs recycle themselves according to current Terminal Server logging configuration.