Fix: 503 Service Unavailable when accessing content on Windows Media Services 2008 server behind load balancer


I have three Windows 2008 Media servers that I’ve had issues with getting to work behind our F5 BigIP load balancer.  When we took packet traces, HTTP GET requests from the Media Player client have been responded to with 503 Service Unavailable.  

You can read all about this particular issue at the Random on Window Media blog.  The solution ended up being applying the KB960372 hotfix, which was apparently released March 13, 2009.  The hotfix KB article doesn’t exist as of today, but Random’s post suggests it will show up eventually.
[update 04-08-2009]
KB960372 is now available.
 
 
The WMS 2008 x64 hotfix can be found at

Howto: Enable SSL on Windows Media Services Web Administration Site running on Windows 2008 / IIS 7.0


The Windows Media Services (Web) web site does not use encrypted connections by default. Here’s how to enable SSL on the administration web site.

1. In Server Manager, expand Roles > Web Server (IIS) > Internet Information Services (IIS Manager). Highlight the IIS 7.0 web server

2. Under Security, Select Server Certificates

3. On the Actions pane on the right hand side, select Create Self-Signed Certificate. Give the certificate a firendly name like wmsadmin > OK

4. In IIS Manager, highlight the Windows Media Administration Site. On the Actions pane on the right hand side, select Bindings

5. Highlight the existing http binding for port 8080, which is the port the Windows Media Administration Site runs on. Click Edit Binding. Change this port to a different number, such as 8081 and press OK. Make sure this port does not conflict with any other ports the server may be utilizing.

6. Click the Add button and specify the following parameters:

  • Under Type, select https
  • Under IP Address, select the IP Address the Windows Media Administration Site runs on
  • Under port, enter 8080
  • Under SSL Certificate, select the self-signed certificate you created above.
  • Click OK twice

7. Launch Internet Explorer and verify you can access the Windows Media Administration Site at https://xxx.xxx.xxx.xxx:8080 where xxx.xxx.xxx.xxx is the IP Address of the IIS server that the Windows Media Administration Site runs on.

For additional details on enabling SSL on a IIS 7.0 web site see ScottGu’s post, which includes clear directions and pretty pictures.

FWIW there does not appear to be an easy way to automatically redirect http traffic to a secure site. Raoul did post some workarounds that may work, but I have yet to try them personally. KB 839357 is an alternative that uses the same idea of using custom error pages to redirect the user.

Howto: Delegate administrative rights to Windows Media Services Web Administration to non-admins


As an administrator, follow these steps to delegate administrative rights to Windows Media Services Web Administration to non-admins. This has been tested on a server running Windows Server 2008.

1. Create a local, non-administrator group that is named WMS Local Administrators on the server computer that is running Windows Media Services. Add the user account that you want to delegate the administration task to to this newly created local group

2. Click Start > Run

3. Type dcomcnfg

4. Expand Console Root > Component Services > Computers > My Computer > DCOM Config

5. Right Click Windows Media Services > Properties > Security

6. Edit Access Permissions and add the WMS Local Administrators group to the Access Permission list

7. Click OK twice and close the DCOMcnfg box

8. Restart the Windows Media Services service

You should now be able to access the Windows Media Services Web administration tool at http://xxx.xxx.xxx.xxxx:8080 by using the user account that is the member of the WMS Local Administrators group, where xxx.xxx.xxx.xxx is the IP address of the Windows Media Services web server.

Running Windows Media Services and and IIS on the same server in Windows Server2008


MS KB328728 describes how to run Windows Media Services and and IIS on the same server in Windows 2003, but the WMSHttpSysCfg utility the KB article references does not exist on Windows 2008.

Here’s how to run both WMS and IIS on Windows 2008.

1. Install both WMS and IIS

2. Add a second IP address to the server by either configuring a second NIC or by binding a second IP address to the existing network card.

3. From a command prompt type
net stop wmserver
net stop iisadmin
net stop http

4. From a command propmt run netsh.exe. It will open a netsh> command prompt.

5. Type http and press enter. You will now have a netsh http> command prompt.

6. Type show iplisten and press enter. It should not show any IP addresses under “IP Listen” if this procedure has not been done before.

7. What you want to do now is to add the IP address that IIS websites will EXCLUSIVELY use. Type add iplisten 99.99.99.99 and press enter (where 99.99.99.99 is the IP address that IIS websites will use).

You can confirm this by repeating step #6 above.

8. From a command prompt type
net start wmserver
net start iisadmin
net start http

9. Create websites (or configure the default website) using only the IP address that was used in step #7 above.

To configure IIS, open Server Manager > Roles > Web Server (IIS) > Internet Information Services (IIS ) Manager > ServerName > Sites.

Right click Default Web Site and select Edit Bindings.

Highlight the binding, press edit, and enter the IP address > OK > Close.

10. Restart the web server by typing iisreset from a command prompt.

11. Configure WMS HTTP Server Control Protocol to use the IP address THAT WAS NOT USED in step #7 above.

To configure WMS HTTP Server Control Protocol, open Server Manager > Roles > Streaming Media Services > Windows Media Services > ServerName.

Select the Properties tab, then click Control Protocol.

Right click WMS HTTP Server Control Protocol and click Disable.

Right click WMS HTTP Server Control Protocol and select Properties.

Click Allow selected IP Addresses to use this Protocol. Specify the IP address you DID NOT assign to IIS in step #7 above. Click Apply > OK.

Right-click WMS HTTP Server Control Protocol, and then click Enable.

Instructions are based on a solution posted by Wayne Coleman.

Follow

Get every new post delivered to your Inbox.

Join 32 other followers