Install IIS, .NET Framework, and ASP.NET on the Keyfactor Command Server

Note:  These instructions apply only to Windows installations under IIS.

Internet Information Services (IIS), the ASP.NET Core Hosting Bundle version 8.0 (x64), and .NET Framework 4.7.2 or greater must be installed on the Keyfactor Command server(s) prior to installation of the Keyfactor Command software.

IIS is a standard Windows role added through the Windows Server Manager tool and .NET is a standard Windows feature added through the Windows Server Manager tool. In some cases it may be necessary to update the .NET framework with a downloadable update package or through Windows update, but the built-in version is generally adequate. The ASP.NET Core Hosting Bundle is available for download from Microsoft.

Important:  IIS needs to be configured to allow requests using the HTTP verbs DELETE, GET, POST and PUT to reach the Default Web Site (or other web site if you choose to install to an alternate web site). These are enabled by default. To check whether any of these have been disabled, open the IIS Management console, drill down to highlight the Default Web Site, double-click Request Filtering in the center pane, and review the information on the HTTP Verbs tab.
Check the Installed .NET Framework Version

The .NET Framework may already be installed on your server. If it is not, it will be installed automatically when you install ASP.NET (see Install IIS and Built-in ASP.NET using PowerShell). If the .NET Framework is not already present or the version is not already at least 4.7.2, check the version again after completing the built-in ASP.NET install.

To verify the version of .NET installed, either:

  1. Open the Registry Editor:

    regedit
  2. Navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
  3. Validate that the Release attribute value indicates a version of .NET Framework that is 4.7.2 or higher is installed, as shown in Table 109: .NET Framework Release Values.

Or:

  1. Open a command prompt or PowerShell window and type the following command:

    reg query "HKLM\Software\Microsoft\NET Framework Setup\NDP\v4\Full"
  2. Validate that the Release attribute value indicates a version of .NET Framework that is 4.7.2 or higher is installed, as shown in Table 109: .NET Framework Release Values.

Table 109: .NET Framework Release Values

.NET Framework

Release Value (Decimal)

Release Value (Hexadecimal)
.NET Framework 4.6.2 394802 or 394806 60632 or 60636
.NET Framework 4.7 460805 70805
.NET Framework 4.7.1 461308 or 461310 709FC or 709FE
.NET Framework 4.7.2 461808 or 461814 70BF0 or 70BF6
.NET Framework 4.8 528040, 528049, 528372, or 528449 8oEA8, 80EB1, 80FF4, 81041
Install IIS and Built-in ASP.NET using PowerShell

It is possible to install IIS and the necessary features using PowerShell rather than the below-referenced GUI-based installation method. Install using either the Roles and Features Wizard (see Install IIS and Built-in ASP.NET using the Roles and Features Wizard) or PowerShell.

Keyfactor Command makes use of the Active Directory tools for PowerShell to do group membership queries in Active Directory in some functions (e.g. when using a group to create a mapping between a Linux logon for SSHClosed The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. and one or more SSH keys). The Active Directory module for Windows PowerShell is installed as a feature as part of the Remote Server Administrator Tools.

The correct PowerShell command to install the necessary roles and features is:

Copy
Install-WindowsFeature Web-Server, Web-Asp-Net45, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Http-Logging, Web-Stat-Compression, Web-Filtering, Web-Basic-Auth, Web-Windows-Auth, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Console, RSAT-AD-PowerShell
Important:  Do not install the IIS WebDAV Publishing feature. Keyfactor Command will not operate correctly if this feature is installed.
Tip:  To check and see if all the required roles and features have been installed, use Get-WindowsFeature with the same list of roles and features like so:
Get-WindowsFeature Web-Server, Web-Asp-Net45, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Http-Logging, Web-Stat-Compression, Web-Filtering, Web-Basic-Auth, Web-Windows-Auth, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Console, RSAT-AD-PowerShell

Output from this command will look something like the following, which shows some required features installed and some missing. Make sure all roles and features in the query output are marked Installed before continuing.

Figure 530: Use Get-WindowsFeature to Determine if All Required Roles and Features are Installed

Install IIS and Built-in ASP.NET using the Roles and Features Wizard

The following figures show the components of IIS and ASP.NET necessary to support Keyfactor Command on Windows Server 2019 and 2022. Your Keyfactor Command server may have additional roles or features installed that are not shown in these figures. Install using either the Roles and Features Wizard or PowerShell (see Install IIS and Built-in ASP.NET using PowerShell).

Keyfactor Command makes use of the Active Directory tools for PowerShell to do group membership queries in Active Directory in some functions (e.g. when using a group to create a mapping between a Linux logon for SSH and one or more SSH keys). The Active Directory module for Windows PowerShell is installed as a feature as part of the Remote Server Administrator Tools.

Important:  Do not install the IIS WebDAV Publishing feature. Keyfactor Command will not operate correctly if this feature is installed.

Figure 531: Web Server Role

Figure 532: .NET 4.7 Feature

Figure 533: Role Services Page One

Figure 534: Role Services Page Two

Figure 535: Active Directory Module for Windows PowerShell

Install the ASP.NET Core Hosting Bundle
Important:  The ASP.NET Core Hosting Bundle that is also required (see System Requirements) should not be installed before installing IIS. If the hosting bundle is installed before IIS is installed, the bundle will not function correctly after the IIS install and will require repair.

The ASP.NET Core Hosting Bundle version 8.0 (x64) is available for download from Microsoft:

You need the ASP.NET Core Hosting Bundle, not the .NET Runtime (x64) or the ASP.NET Core Runtime. At the above link, this would be the Download Hosting Bundle option under the Run server apps heading.

Figure 536: Select the Download Hosting Bundle Option Under Run Server Apps

After completing your IIS install, run the installer for the hosting bundle to install. A reboot should not be required.

Tip:  You can use the following PowerShell command to check the .NET core version(s) installed on a server (if any):
dotnet --list-runtimes

Output from this command will look something like this if you have the correct version of the .NET Hosting Bundle installed (notice the path is in C:\Program Files, not C:\Program Files (x86), indicating this is the x64 version):

Microsoft.AspNetCore.App 8.0.11 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]