Duet 1.5 and IIS Sites using Host Headers
Microsoft Internet Information Server (IIS) allows websites that are hosted for a site name rather than the machine name or IP address of the system. For example, the Duet server may need to be known as http://duet versus the NetBIOS name of the server for example “duetprd”; which would make the default web site address normally http://duetprd. This is done by creating a web site in IIS and assigning a header as shown below during the Site Creation Wizard:
In order for the Duet installation to leverage this type of installation, two additional tasks must be completed and are shown below. This is also required for uninstalling the website, which can be part of Support Pack and Hot Fix updates.
1 - Remove Host Headers during Duet installation/uninstalling
During the installation or uninstalling of the Microsoft Request Handler and Metadata Service components, you must remove the Host Header configuration from your site.
To remove the Host Header, open your IIS Manager and navigate to your web site that will be used for the Duet components. Right click on the web site and select “Properties”. On the “Web Site” tab shown below, click on the “Advanced” Button to edit the Host Header information.
On the Advanced Web Site Identification box, select the relevant identity entry and click “Edit”.
In the edit dialog box, remove the entry for the “Host Header Value:” shown below as “DUET” and click ok to back out of the dialog boxes.
You may now complete the installation of the Microsoft Duet components.
During the Request Handler installation, ensure the proper port for the web site is entered, in our case our TCP port was 8888.
After the installation is complete, make sure to reset the Host Header information to the proper site name.
2 – Set NTLM Authentication for Web Site
The Microsoft web services must be set to use Basic Authentication from SAP. As per Microsoft KB article 294382, when the Host Header differs from the client machine, the web service requests will fail with 401 errors.
Two resolutions are available, first for Kerberos Authentication and the second is for NTLM. For Duet the site should use NTLM. In order to implement NTLM authentication on the website first find the site’s “Identifier” shown in the picture below as “1477372446”.
From a command prompt, use the ADSUTIL.vbs file to set “NTLM” as the authentication provider for this web site. The VBS file is located in <system drive>:\inetpub\adminscripts. The command to execute for this example would be:
cscript adsutil.vbs set w3svc/1477372446/root/NTAuthenticationProviders “NTLM”
To verify this completed successfully run:
cscript adsutil.vbs get w3svc/1477372446/root/NTAuthenticationProviders
And the system should return:
NTAuthenticationProviders : (STRING) “NTLM”
The site is now set for NTLM authentication and the website can be tested.