Category Archives: Microsoft IIS

Exchange 2016 and Windows Server 2016 OWA issue

By | 16/03/2017

When using Exchange 2016 with Windows Server 2016, you may get this issue, when you open OWA: “ERR_SPDY_INADEQUATE_TRANSPORT_SECURITY” This is displayed in Google Chrome. This is due to enabled SSL ciphers that are outdated on IIS, and can be “lock down’ed” with this free utility: https://www.nartac.com/Products/IISCrypto Run it on the Exchange server and press “Best… Read More »

Compliance check: IIS leaks internal IP

By | 21/12/2016

During security audit scans, it is sometimes seen that a Microsoft Internet Information Services (IIS) server is exposing the servers internal ip, when a speciel get request is sent to the server. This can be due to misconfig, unpatched server or maybe something that is default. It can be amended by running this on IIS… Read More »