PHPx64 @ IIS on vServer from 1und1.de

torstenjtorstenj Odelzhausen
edited August 2010 in Internet & Media
O.K. - after one week of different installations and reinstallations I found a solution for install the PHPx64 WITHOUT using the x32 enable script on IIS6 (Windows 2003 x64 Edition).

This HOW TO is valid for EVERY Windows 2003 x64 Server but in cause of my experiance with 1und1 I have added additional informations for this system environment.

1. Let's start with 1und1 basics:

Ignore this if your server is not a 1und1 Server, but you can read it. If you want to fast forward jump over this step and go on with 2. REQUIREMENTS.

The factory and default installation is a Windows 2003 x64 Server which is called a "MINIMALSYSTEM". I have no clue what kind of crap they are using for hosting this vServers but for some nice and windows based web solutions this server will work fine.

Anyway - back to the roots...

First at all, if you have a PLESK 8.x or 9.x Version, get rid of this system break and login to 1und1 for a "REINITIALISIERUNG" and start from scratch with a brand new installation without the PLESK things. If you do this, don't forget to set the setup password even if you want keep your old one.
The server will not finalize if you forget this stupid password.

After this is done change the default system language to ENGLISH within the Control panel.
The core system is English based and it's only a language pack installed on it. For getting clean updates from MS which will fit to the server (yep m8, we will do this) we go forward within english.
REBOOT!

After the Box is back again REMOVE (!) the complete IIS installation on the Server AND delete the Inetpub folder on drive C:\.
BTW, if you have some troubles with IIS, this is the way to repair it. It's a hard way but it will work again after remove and reinstall it. BUT don't forget to delete (or rename or remove) the Inetpub folder within the C Drive to get a clean installation of IIS.

When it's gone then REBOOT! ...again!

First at all i recomend to use and install IE8. Go to www.microsoft.com and download IE8 as default Browser. I don't recomend to stay on IE7 which is default on Windows 2003 x64. If this is done reboot again and go forward with the installations from MS Patch site.
Bevore you are able to do this you need to have manualy enable SERVICES - AUTOMATIC UPDATES and start this service to be able to download MS Patches. 1und1 recomends not to do it. BUT WE WILL DO THIS!

Browse to Microsoft ( http://windowsupdate.microsoft.com ) and download all things which is not listed as Security Update for Windows Server 2003 x64 Edition (KBXXXXXX) and Update for Windows Server 2003 x64 Edition (KBXXXXXX).

You can download all the security things for XML, JAVA, .NET - BUT KEEP FINGERS AWAY FROM OTHER UPDATES AND ALSO THE F***ING WINDOWS SEARCH TOOL!!!!!!

Currently I don't know why t... F..k all updates will kill the server. Until this is figured out - KEEP IN MIND! NO SERVER - NO SECURITY updates.

Install all the other funny things of MS or .Net and so on. If you need to do a reboot you need to manually enable the AUTOMATIC UPDATE SERVICE again untill all the MS things are installed. This service will be stopped and disabled after a reboot. Keep in mind that we still talking about the vServer of 1und1.

When everything is done you should have pending 41 HIGH PRIORITY Updates and NO OPTIONAL Software. If you find a Security or Windows Update within the Optional Updates you can install this without any problems. The Server will stay online ;)

So far to 1und1 vServer. That's it! Is your Server so far complete patched and everything is still working? Yes?? O.K. - then we go on to PHPx64...

REQUIREMENTS:

The server is patched and IIS is removed. Also the Inetpub folder is removed. Now, you need to download files listed below:

1. PHP x32 (php-5.3.3-nts-Win32-VC9-x86.msi)
http://windows.php.net/downloads/releases/php-5.3.3-nts-Win32-VC9-x86.msi

2. Microsoft 2008 C++ Runtime (x64) (vcredist_x64.exe)
http://www.microsoft.com/downloads/details.aspx?familyid=bd2a6171-e2d6-4230-b809-9a8d7548c1b6&displaylang=en

3. PHP x64 (PHPx64.zip)
http://icrontic.com/files/apps/php64/PHPx64.zip

3. FastCGI (fcgisetup_1.5_rtw_x64.msi)
http://www.microsoft.com/downloads/details.aspx?familyid=16CC6B0A-C93B-4B07-AF21-B47F5874DF66&displaylang=en

4. Notepad++ (... :wink: because you are using a blank server)
;D

O.K. - now we are ready to prepare the PHPx64 installation on our server:

Open control panel and select the installation of the Webserver. For using Send Mails and Post within PHP or whatever we will also install the Microsoft IIS SMTP Service which will work only local.
We will close it down against our script kidies that they are not able to use the server as spam relay or whatever. Don't forget to install additional extensions (like ASP and so on) to the IIS Webserver.

When everything is done, fine - reboot and now we will install the PHPx64.
Go forward in this way:

1. Install Microsoft 2008 C++ Runtime (...after this installation you will find a MS Security Update on Microsoft Website for the Runtime, do it)

BTW, this is valid only for vServer from 1und1. If you have a full server or whatever you can install EVERYTHING FROM MICROSOFT which is absolut my recomendation!!

2. Install PHPx32 (...yes m8, I'm SURE!!!!) to C:\PHPx64 and SELECT IIS FastCGI. You can now enable whatever you want or disable but I would recomend to keep the default selection. I extend the installation selection only with REGISTER *.PHP EXTENSION ON THE SYSTEM.

When it's done:

3. Install FastCGI

At the moment this all will not work ;) but don't care about IIS or any log events. Keep fingers away from IIS because we will fix this now.

Open the Registry, browse to HKLM\Software\Wow6432Node and EXPORT the PHP entry. Now, delete the entry within the registry and open the Exported key to edit it. Just remove "Wow6432Node" to move PHP out from the 32bit environment into the 64bit environment and also remove the VERSION information.
If it's done your registry file should look like this:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\PHP]
"InstallDir"="C:\\PHPx64\\"
"WebServerType"="iis4FastCGI"

This should be the final one. Save it and add it to the registry.

Now, browse to the C:\PHPx64 folder and SAVE the current php.ini file from your 32bit installation to somewhere to keep it save. After you have the php.ini stored on a save place, DELETE the C:\PHPx64 folder. DO NOT UNINSTALL IT!

Extract the PHPx64.zip to a folder of your choice. Inside there extract the php-5.2.5-x64-2007-11-12.zip and finaly rename the php-5.2.5 (x64) folder to PHPx64.

!!!!!!!!!!!!!!!!!!! ATTENTION !!!!!!!!!!!!!!!!!!!

Now, if this was done, I have had seen that for some unknown reason the NTFS permissions on this folder will not fit.

I have no clue if it's only 1und1 related or if this is for all x64 Server not valid. If you don't do it or if you are not sure if this problem is related to you just open a PHP website just do the next steps.

If you jump over and you want to open a php site and see a Windows Login Box or you will get a IIS 500.x ACL Permission Error failure message from IIS then you know the NTFS permissions are not right. You don't need to start from scratch. Just repair the NTFS permissions and that's it.

Anyway - here is a workaround to fix the NTFS permissions:

1. Go to drive C:\ and create a folder named TEMPx64 (or whatever you want)
2. Copy the complete extracted and renamed folder PHPx64 below this TEMP folder
3. Do you remember the php.ini file? Yes? ;) Copy this file also into the PHPx64 folder
4. Go to the parent PHPx64 folder which exists in the TEMPx64 folder
5. Right click the PHPx64 folder, PROPERTIES and select tab SECURITY.
6. Click now on ADVANCED (right bottom corner)
7. Untick the "Allow inheritable..." and when the WARNING WINDOW will come up, select REMOVE (!) - do not a copy of the current NFTS permissions.

Ignore the fact that this folder will unusabel bla, bla, bla...

8. Click O.K.
9. Click O.K. again (...I'm not sure if you need to to it again. Hmmm... Click on every O.K. you will see until everything is closed!)

If you have done everything right, the TEMP folder should be accessable, the PHPx64 not ;) ...do it wrong for right working! :D
If you still see within PROPERTIES - SECURITY - ADVANCED - PERMISSIONS ENTRIES Box some names or groups or anything else highlight this and press the remove button until the complete Box is empty.
Hit O.K. as often as you see it and until everything is closed. :D

10. Now, TEMPx64 folder again, open it and right click on the PHPx64 folder
11. PROPERTIES - SECURITY - ADVANCED

12. Now 1st click enable "REPLACE PERMISSIONS... bla, bla" and 2nd click enable "ALLOW INHERITABLE... bla, bla"

13. Select O.K. - O.K. - O.K - and everything is done.

!!!!!!!!!!!!!!!!!!!

Now go ahead and MOVE (do not a copy) the PHPx64 folder from C:\TEMPx64 to C:\ and reboot.

After the reboot is done, go to the IIS, REGISTER PHP ISAPI, select C:\PHPx64\php5isapi.dll on the extensions tab within IIS and that's it! Finaly reboot the box and enjoy that PHP is running.

BUT!!!!!! STOP!!!!!

It might be that you are now claiming "...ohhh damn shit!! it's still not working...". And this might be true because of only two reasons:

1. YOU have something done wrong so please double check it
2. YOU need to edit your PHP script

Open your PHP script within Notepad++ and search for this string:
"< ?" which will be normaly at the very first line.

(hmmm... Do the search without space. For some unknown reasons I can't add some php commands within this thread)

This will not work! You need to replace every "<? </b>< ?" with "< ? php"
If a PHP developer know how to solve this problem it would be great if you can post this here.

NOW (!) you are ready to run PHPx64 and run scripts on IIS without using the stupid x32 things on it.

SMTP ADDON:

O.K. folks, let the server us an SMTP server or service which is not accessable from outside.

First at all open the php.ini wich is inside C:\PHPx64 and search for "localhost". Replace this name with your current Server name. I'm not sure if you can also use the FQDN name but I don't care about it because we will use this only for send mails within IIS.

If you have the SMTP service installed open IIS and close it down for security reasons:

1. Default SMTP Server - right click PROPERTIES
2. GENERAL tab: Select your PUBLIC IP Address (lets assume this will be: 80.80.80.80)



3. ACCESS tab:
  • Button AUTHENTICATION: enable Anonymous access only
  • Button CONNECTION: enable ONLY THE LIST BELOW and grant your Server (not the localhost or 127.0.0.1) the access rights - OK
  • Button RELAY RESTRICTIONS: enable ONLY THE LIST BELOW and grant your Server the right AND DISSABLE "Allow all computers... bla, bla, bla" - OK
Now - double check.

On the Server open commandline and type TELNET YOUR-SERVERNAME 25

You should see the helo reply. Now, go to a different box, open again TELNET 80.80.80.80 25 (use your public IP instead 80.80.80.80 of cause) and you should see - nothing!

BE AWARE!!! This is not U.S. NSA security conform :wink: but it will work that your server is able to send mails if you are using a SMTP send formular within PHP and a safe that our script kiddies are not able to use this as relay or spaming server. In addition to increase more security you should enable the firewall of Windows to prevent inbound access to port 25!!

Enjoy it!

Recomendations or suggestions or if you just want write to a Thread add your comments here pls!



Torsten Jahnke
IT Consulting

Comments

  • torstenjtorstenj Odelzhausen
    edited August 2010
    Within the attached ZIP is a saved file which i get as reply after i called the index.php on my server.

    Because of prevent some attacks I changed all IP's and URL's within :crazy:
    I also include my working index.php which will show you how to mange the php tag at the first line.

    It could be that your script contains multiple php tags, so do a search and replace over the whole script.

    If you want to download the complete package which contains everything you will ned for the installation please feel so free and use this link:

    http://www.multiupload.com/R9YDO863OI

    Check this out and enjoy it!

    :rockon:
Sign In or Register to comment.