question

Steve Custer avatar image
Steve Custer asked

Configuring Web Synchronization on Windows 7 Ultimate (x64)

Hello,

I am trying to configure a SQL 2008 merge publication for Web Synchronization on IIS 7.5 which is running on a Windows 7 Ultimate (x64) box. I have done this many times using IIS 6 without a problem, but IIS 7.5 is not so forgiving. My goal is to have a Pocket PC connect anonymously and synchronize a database using a merge pull subscription.

I have installed all of the IIS 6 compatibility modules and all of my attempts to run the Web Synchronization Wizard were done as an Administrator using elevated priv's. The wizard completed its task without any errors.

The problem comes when I try to confirm the web site is working by loading http://ssc/efinity_pub/sqlcesa35.dll into IE. Whether I do it from the same machine running IIS or from a Pocket PC that is connected to that computer, I get an HTTP error 500.19. I have faithfully reproduced this on two Windows 7 boxes on two totally separate networks.

If I change the DefaultAppPool Identity from ApplicationPoolIdentity to NetworkService as I found suggested on one internet site, The error changes to 401.2. One way or another, I run into some kind of permissions error.

Any help would be greatly appreciated.

Steve Custer

replicationmergewindows7
10 |1200 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

3 Answers

· Write an Answer
Kevin Radcliffe avatar image
Kevin Radcliffe answered

This was hard to find! I was having the same problem.
I am using Windows 7 Professional (x64), but I imagine it will be the same for Ultimate

  1. Add perms under "Security" for your sync folder (efinity_pub?) for:
    MACHINENAME\IIS_IUSRS <-- Replace with your own machine name of course

    At this point, you may be "done" and sqlcesa35.dll may just work
    I received a 500.0 error, which was not useful, so I needed step 2 (below)

  2. Pull up an Administrator command prompt and ran the following:

cscript %SystemDrive%\inetpub\AdminScripts\adsutil.vbs set w3svc/AppPools/Enable32bitAppOnWin64 0

After that, I was able to see the usual result when browsing to sqlcesa35.dll?diag

Note: For step #1, your folder probably already has permissions for IUSR
You need to explicitly ADD permissions for MACHINE\IIS_IUSRS

10 |1200 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Dave 4 1 avatar image
Dave 4 1 answered

The original question is the exact same problem that I've been having. Nearly every article that I've come to seems to mention the IIS_IUSRS group but this doesn't seem to solve the problem for me. Does anyone have any other ideas?

10 |1200 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Steve Custer avatar image
Steve Custer answered

After much trial and error, my team and I have found a series of steps that works. I had a support ticket with Microsoft to work this out, but they just said that they don't know of any way to do it; the tech even said he would tell me of an unsupported method if he knew one. We knew we were close to success, so we kept trying.

I don't fully understand everything that we did and there may be some steps in this procedure that are superfluous. We have tested this on several servers in-house and have successfully applied this procedure at one of our customers.

Here is the text from our internal document:

Creating a PPC publication on a Windows 7 or Windows Server 2008 R2 requires some deviation from the standard method. Everything is done the same up until you get to the part knows as “Configure Web Synchronization” This document lists the alternative steps for enabling your PPCs to connect to the publication.

  1. You must start by running the Configure Web Synchronization Wizard as the administrator. You can do this by running the SQL Server Management Studio as administrator and calling the wizard from there.
    An alternate way to start the wizard is available if you have previously configured Web Synchronization for SQL Compact on this computer: A shortcut to the wizard can be found in START>>All Programs>>Microsoft SQL Server Compact 3.5.

    a. There is only one step in the Wizard that varies from what you would do for IIS 6: On the Virtual Directory Information page, create the virtual directory under C:\inetpub\wwwroot rather than the default folder of C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sync\SQL. This is done because Windows 7 has tight security on the Program Files and Program Files (x86) folders.

  2. Next, we must circumvent a new feature of Windows 7 and IIS 7.5 and that is the fact that the DefaultAppPool runs under the credentials of a new entity called the ApplicationPoolIdentity. This Identity has new and mysterious security properties which seem to prevent anonymous logins to the web site. For this reason, we will create our own Application Pool which will use the NetworkService account.

    a. Click on Application Pools in the Connections tree.
    b. In the Actions pane on the right of the screen, select Add ApplicationPool.
    c. I named my new App Pool SQLReplicationAppPool and did not change the other values of the Add Application Pool dialog.
    d. In the center Application Pools pane, right-click on the SQLReplicationAppPool and select Advanced Settings.
    e. Click on the Identity property and click the elipsis button to change the Identity.
    f. Change the Identity of the SQLReplicationAppPool to NetworkService
    g. Click OK on the two open dialogs.

  3. The next steps are done to overcome a shortfall in the Web Synchronization Wizard. I have no idea what that shortfall is, but if you don’t take these steps synchronization does not work.

    a. Right-click on Computer and select Manage.
    b. In the left-most pane of the Computer Management window, expand the Services and Applications node and click on Internet Information Services (IIS) Manager.
    c. In the IIS Management Console’s Connections tree, right-click on the web site that represents the publication and select Remove.
    d. After the previous step, the web site that I removed in step two becomes a folder in IIS. I right-clicked on it again and selected Convert to Application.
    e. We need to use the SQLReplicationAppPool, so you should click the Select button.
    f. Change to the SQLReplicationAppPool and click OK on both dialog windows.

  4. Right Click on newly create application and click Edit Permissions. Make sure that IUSR has Read and Execute permissions.

  5. Finally, we need to restart IIS.

    a. In the Connections tree, click on the top level node that represents the IIS Server.
    b. In the Actions pane, click on Restart.

10 |1200 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Write an Answer

Hint: Notify or tag a user in this post by typing @username.

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.