Install IIS, .NET Framework, and ASP.NET on the Keyfactor Command Server
Internet Information Services (IIS), the ASP.NET Core Hosting Bundle version 8.0 (x64), and .NET Framework 4.7.2 or greater must be installed on the Keyfactor Command server(s) prior to installation of the Keyfactor Command software.
IIS is a standard Windows role added through the Windows Server Manager tool and .NET is a standard Windows feature added through the Windows Server Manager tool. In some cases it may be necessary to update the .NET framework with a downloadable update package or through Windows update, but the built-in version is generally adequate. The ASP.NET Core Hosting Bundle is available for download from Microsoft.
Check the Installed .NET Framework Version
The .NET Framework may already be installed on your server. If it is not, it will be installed automatically when you install ASP.NET (see Install IIS and Built-in ASP.NET using PowerShell). If the .NET Framework is not already present or the version is not already at least 4.7.2, check the version again after completing the built-in ASP.NET install.
To verify the version of .NET installed, either:
-
Open the Registry Editor:
regedit -
Navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full - Validate that the Release attribute value indicates a version of .NET Framework that is 4.7.2 or higher is installed, as shown in Table 896: .NET Framework Release Values.
Or:
-
Open a command prompt or PowerShell window and type the following command:
reg query "HKLM\Software\Microsoft\NET Framework Setup\NDP\v4\Full" - Validate that the Release attribute value indicates a version of .NET Framework that is 4.7.2 or higher is installed, as shown in Table 896: .NET Framework Release Values.
Table 896: .NET Framework Release Values
.NET Framework |
Release Value (Decimal) |
Release Value (Hexadecimal) |
---|---|---|
.NET Framework 4.6.2 | 394802 or 394806 | 60632 or 60636 |
.NET Framework 4.7 | 460805 | 70805 |
.NET Framework 4.7.1 | 461308 or 461310 | 709FC or 709FE |
.NET Framework 4.7.2 | 461808 or 461814 | 70BF0 or 70BF6 |
.NET Framework 4.8 | 528040, 528049, 528372, or 528449 | 8oEA8, 80EB1, 80FF4, 81041 |
Install IIS and Built-in ASP.NET using PowerShell
It is possible to install IIS and the necessary features using PowerShell rather than the below-referenced GUI-based installation method. Install using either the Roles and Features Wizard (see Install IIS and Built-in ASP.NET using the Roles and Features Wizard) or PowerShell.
Keyfactor Command makes use of the Active Directory tools for PowerShell to do group membership queries in Active Directory in some functions (e.g. when using a group to create a mapping between a Linux logon for SSH The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. and one or more SSH keys). The Active Directory module for Windows PowerShell is installed as a feature as part of the Remote Server Administrator Tools.
The correct PowerShell command to install the necessary roles and features is:
Install-WindowsFeature Web-Server, Web-Asp-Net45, Web-Default-Doc, Web-Dir-Browsing, Web-Http-Errors, Web-Static-Content, Web-Http-Logging, Web-Stat-Compression, Web-Filtering, Web-Basic-Auth, Web-Windows-Auth, Web-Net-Ext45, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Mgmt-Console, RSAT-AD-PowerShell
Output from this command will look something like the following, which shows some required features installed and some missing. Make sure all roles and features in the query output are marked Installed before continuing.
Figure 527: Use Get-WindowsFeature to Determine if All Required Roles and Features are Installed
Install IIS and Built-in ASP.NET using the Roles and Features Wizard
The following figures show the components of IIS and ASP.NET necessary to support Keyfactor Command on Windows Server 2019 and 2022. Your Keyfactor Command server may have additional roles or features installed that are not shown in these figures. Install using either the Roles and Features Wizard or PowerShell (see Install IIS and Built-in ASP.NET using PowerShell).
Keyfactor Command makes use of the Active Directory tools for PowerShell to do group membership queries in Active Directory in some functions (e.g. when using a group to create a mapping between a Linux logon for SSH and one or more SSH keys). The Active Directory module for Windows PowerShell is installed as a feature as part of the Remote Server Administrator Tools.
Figure 528: Web Server Role
Figure 529: .NET 4.7 Feature
Figure 530: Role Services Page One
Figure 531: Role Services Page Two
Figure 532: Active Directory Module for Windows PowerShell
Install the ASP.NET Core Hosting Bundle
The ASP.NET Core Hosting Bundle version 8.0 (x64) is available for download from Microsoft:
You need the ASP.NET Core Hosting Bundle, not the .NET Runtime (x64) or the ASP.NET Core Runtime. At the above link, this would be the Download Hosting Bundle option under the Run server apps heading.
Figure 533: Select the Download Hosting Bundle Option Under Run Server Apps
After completing your IIS install, run the installer for the hosting bundle to install. A reboot should not be required.
You can use the following PowerShell command to check the .NET core version(s) installed on a server (if any):
Output from this command will look something like this if you have the correct version of the .NET Hosting Bundle installed (notice the path is in C:\Program Files, not C:\Program Files (x86), indicating this is the x64 version):