Applicable to:
- Plesk for Windows
Symptoms
-
Updating Plesk Obsidian for Windows fails:
Error: The installation of the package 'modsecurity' failed with code 1603. (upgrade: Upgrading ModSecurity IIS Module...)
-
Creating new domains or subdomains in Plesk fails:
Domain example.com creation failed
String must not be empty
.....
-
The following modules are missing in Internet Information Services (IIS) Manager > SERVERNAME > Modules:
- ModSecurity IIS (64bits)
- ModSecurity IIS (32bits)
-
The following line does not exist in file
C:\Windows\System32\inetsrv\Config\applicationHost.config
:<section name="ModSecurity" overrideModeDefault="Allow" allowDefinition="Everywhere" />
-
Records similar to the following exist in file
C:\Windows\System32\inetsrv\Config\applicationHost.config
:<sectionGroup name="ModSecurityServer">
<section name="log" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
<section name="firewallSupport" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
<section name="caching" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
<section name="providerDefinitions" overrideModeDefault="Deny" />
<sectionGroup name="security">
<section name="ipSecurity" overrideModeDefault="Deny" />
<section name="requestFiltering" overrideModeDefault="Deny" />
<section name="authorization" overrideModeDefault="Deny" />
<section name="authentication" overrideModeDefault="Deny" />
</sectionGroup>
<section name="serverRuntime" overrideModeDefault="Deny" allowDefinition="AppHostOnly" />
</sectionGroup>
Cause
ModSecurity modules were manually removed from IIS - they are missing in Internet Information Services (IIS) Manager > server_name > Modules.
The root cause is not caused by Plesk itself, resolution of bug #PPPM-12627 will improve Plesk installer to handle this problem. It's important to understand what manipulations and why the customer did on the server before the problem occurred. It's a must to clarify this next time to get the ticket and report to Ivan Postnikov. Check if https://plesk-new.zendesk.com/hc/en-us/articles/12388625539735 also takes place on the same server.
Resolution
-
Connect to the server using RDP.
-
Go to Start > Server Manager > Tools > Internet Information Services (IIS) Manager.
-
Register ModSecurity modules:
-
Go to server_name > Modules:
-
Click Configure Native Modules > Register:
-
Register modules:
name: ModSecurity IIS (32bits)
path:C:\Windows\System32\inetsrv\ModSecurityIIS.dll
name: ModSecurity IIS (64bits)
path:C:\Windows\SysWOW64\inetsrv\ModSecurityIIS.dll
-
-
Restart IIS by opening CMD as Administrator and executing the command:
iisreset /restart
-
Complete the update or create a domain/subdomain anew.
SOME STEPS FROM THE OLD SOLUTION, MAY BE USEFUL
-
Create a backup of file
C:\Windows\System32\inetsrv\Config\applicationHost.config
-
Open file
C:\Windows\System32\inetsrv\Config\applicationHost.config
and perform the following changes:-
Remove the ModSecurityServer section group:
<sectionGroup name="ModSecurityServer">
(...)
</sectionGroup> -
Add the following line into
C:\Windows\System32\inetsrv\Config\applicationHost.config
:<section name="ModSecurity" overrideModeDefault="Allow" allowDefinition="Everywhere" />
-
Save the file
-
Additional information
Instead of removing ModSecurity modules directly from IIS, ModSecurity can be disabled via Plesk: How to disable ModSecurity in Plesk?
Comments
0 comments
Please sign in to leave a comment.