(Versions 7.9.0+)

Hosting with IIS (Internet Information Services) provides a full management interface to configure the network traffic to your website.

Have Questions?  Contact Us

Related Topics:

Benefits of IIS Hosting

IIS provides more features, scalability, & robustness than the lightweight IIS Express. IIS Express is a smaller, self-contained version, which is installed by default and starts as a task with the Pleasant Password Server service.

  • Allows more configuration
  • Allows for more authentication options, such as:
  • Additional logging options
  • etc.

Below are the migration steps, which in the future, will be replaced with a more automated solution.



Q: When configuring load-balancing for the 2 front end servers, should we be using Session Persistence?

A: Currently no, our application (API / clients) do not maintain session persistence in a load balanced environment.

Migration Steps From IIS Express to IIS

Step 1: Copy your Application files to the IIS Machine

Do this step if you are migrating to a different machine running IIS. (Otherwise, skip to Step 2).

  • Copy the Registry entries:
    • On the IIS Express machine, open the Windows registry and expand the HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions, right click on it, and click Export.
    • On the IIS machine locate the same same branch, right-click on it, and click Import.


  • Copy application folders from the IIS Express machine to the IIS machine:
    • C:\Program Files (x86)\Pleasant Solutions
    • C:\ProgramData\Pleasant Solutions\Password Server folders

Step 2: Install your Application on IIS

  • Install the Application on the IIS Machine (if it is not installed already):
    • Install Pleasant Password Server
    • Stop the "Pleasant Password Server" service
    • Disable the "Pleasant Password Server" service

Step 3: Run Web Platform Installer

  • For an IIS server with internet access, download & install the Web Platform Installer tool
    • Configure it to run the following 3 applications:
      • URL Rewrite
      • IIS: Application Initialization
      • IIS: ASP.NET 4.5 or 4.6
        • (found under Application Development)

Step 4: Create a New IIS Site

  • In the IIS Manager, create the new site and set the Physical path to:
    • C:\Program Files (x86)\Pleasant Solutions\Pleasant Password Server\www
  • Bind the site to type HTTPS
  • May choose to use a non-standard port such as 10001, to limit traffic flowing to Password Server
  • Choose a SSL Certificate

Step 5: Configure the IIS Site

  • For the IIS site:
    • Right-click on the IIS website
    • Advanced Settings > (General) > Preload Enabled = True
    • IIS Authentication icon > ASP.NET Impersonation = Disabled
      • * however, for earlier Versions previous to 7.9.0, set to True

Step 6: Configure the IIS Application Pool User

  • Configure the account used for Password Server's "Application Pool"
    • Right-click on the Application Pool > Select "Advanced Options" > Click Identity
      • Choose one of the following options:
        • Option A: LocalSystem (easiest)
        • Option B: Service Account
        • Option C: ApplicationPoolIdentity (default, recommended)


Option A - LocalSystem (easiest)
  • Uses the account which is the most powerful on the machine, with access privileges across the network
Option B - Service Account
  • A local or LDAP account, with Local Admin access
Option C - ApplicationPoolIdentity (default, recommended)

Choosing this route will likely entail more challenging setup steps of account permissions.

  • Use a separate, unique Application Pool Identity
    • Explanation: This creates a new, virtual account to secure the application and it's communications in IIS an across the network with a custom, least privileged account (such as NetworkService). Rather than creating a new account for each application, this account will allow both: running in it's own space and connection to other network locations (e.g. Backup, and MS-SQL).
  • Set Identity = ApplicationPoolIdentity
    • Your new virtual user account can be referenced by this handle:
      • IIS APPPOOL\<YourApplicationPoolName>
    • This user will not be found by searching in your machine/network users
    • This user is only selected by referencing the "IIS APPPOOL\" location, indexed by the name of your application pool

  • (Note: in the next step 7, be sure to set Load User Profile = True)

Step 7: Configure the IIS Application Pool Settings

  • Application Pool > Select the application pool > Advanced Settings:
    • (General) > Start Mode = AlwaysRunning
      • Keep the website running
    • Process Model > Idle Time-out (minutes) = 0
      • Stop the website's App Pool from shutting down if it has been idle for awhile (after 20 minutes)
    • Process Model > Maximum Worker Processes = 0
      • Allow numerous processes at a time
    • * Process Model > Load User Profile = True
      • * Only needed if you are:
        • Using the ApplicationPoolIdentity user,
        • Seeing IsolatedStorage errors in server Logging Details

Step 8: Configure the Application Pool User Permissions

  • Configure Local Machine Access: 
    • If you have chosen a Local Admin account or LocalSystem, your account will have the permissions needed on this machine
    • Otherwise, provide access:
      • If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.
      • File Folders:
        • Give the account "modify" rights on these folders:
          • C:\Program Files (x86)\Pleasant Solutions
          • C:\ProgramData\Pleasant Solutions\Password Server
      • Registry Keys:
        • Give the account "Full Control" rights for the registry settings:
          • Expand the HKEY_LOCAL_MACHINE\SOFTWARE\Pleasant Solutions
          • Right-Click the folder > select Permissions... > select the Group or username > Advanced > Permissions tab
            • select the Group or username > Click Add or View button
              • Type: Allow
              • Applies to: This key and subkeys (Replaces all child object permissions)
              • Can remove the permission "Write DAC"
  • Configure Network Access:
    • This account may need access for the following connections:
      • Network Backups: if your automatic Backups are placed on a network share
      • MS SQL Server Database: give this same user (selected in step 6) access to your database instance
    • (Note: If using the ApplicationPoolIdentity, see how to reference this user in Step 6, Option A.)

Step 9: Start the IIS site

  • Recycle the Application Pool
  • Start the site
  • If necessary, reboot the server and restart IIS


Please Contact Us!  If you have any questions or any difficulties regarding these steps.

  • If the site does not start:
  • If you see "Requested registry access is not allowed"
    • There is an issue with permissions. Switch to using the LocalSystem user.
    • Contact us and let us know to help resolve the issue.

  • If you see an 500 error in your browser,
    • Check for additional Logging detail errors or the windows Event logs.
    • If you do not notice any errors (and the log files are unchanged), you may have missed installing IIS: ASP.NET feature.

  • If you receive an "IsolatedStorage" error:
    • Consider upgrading to 7.9.13 which better handles this.
    • Set "Load User Profile" = True   (step 7)
    • You may also need to set ASP.NET Impersonation  (Step 5)

  • If you receive a "Method Not Allowed" error, when modifying an entry in KeePass for Pleasant client:
    • Remove the WebDAV feature from IIS, and reboot the server
      • Open Control Panel > All Control Panel Items > Programs and Features > Select Turn Windows features on or off
      • Uncheck the WebDAV feature:
        • Internet Information Services > World Wide Web Services > Common HTTP Features
      • Reboot and restart IIS server
Tag page
You must login to post a comment.