503 Error When Switching To IIS HTTPS File Share Distribution Point

mstydel
Contributor

We're looking at migrating to HTTPS for our main file share distribution point from SMB.  We've used SMB since we began with Jamf and have just had that port open on our state's firewall.  Recently they've told us no more on that and have deleted/remove the rule, our only choice going forward would be to use port 8080.  So, as of now our Mac's cannot mount our file share and get packages when off of our network.  Not the end of the world but it was handy to have policies work from home, especially overnight.  We followed the steps to migrate to HTTPS listed in

Using IIS to Enable HTTPS Downloads on a Windows Server 2016 or 2019 File Share Distribution Point -...

however, we get a 503: Service Unavailable message when testing a download in browser and also when a Mac tries mounting to run a policy with a package.  I spent several hours troubleshooting different settings as well as trying different read-only accounts, recreating certificates, checking the inetpub log folder and Event Viewer (neither indicate any local errors), etc.  Nothing seems to be wrong.  Most of the troubleshooting recommendations point to the main problem being the app pool not running, which appears to default to a stopped state if it is crashing, but it is running the entire time with no problems.  I can stop the app pool and then get a page not found error, so it's reaching the the server like it should.  This is a fresh install of IIS on this server, but currently we have IIS uninstalled again and are continuing to use the SMB file share in the meantime.  Is there something I'm missing?

1 ACCEPTED SOLUTION

mstydel
Contributor

Just to wrap this up, Windows Admin Center was still hanging onto port 443 even though it was uninstalled.  The eventually solution (despite hours and hours of searching and only finding posts regarding the issue saying the application pool was stopping due to an issue with the page or a credentials) is comment #3 under the accepted answer here.

View solution in original post

3 REPLIES 3

mstydel
Contributor

I should add, this is on Windows Server 2016.  We are getting ready to move it to 2019 (would go to 2022 to match other servers but it's not listed in the system requirements for Jamf and support advised us to stay within those when I asked if 2022 would be okay).  We uninstalled IIS and are planning to go to 2019 for now and then try adding IIS again after the upgrade.

McLeanSchool
New Contributor III

This may not be the solution to this problem, but I have found that I need to make sure the name of all packages does not have a space in it, as IIS will try to replace the space with %20 in the URL and it messes stuff up.  I use dashes instead of spaces for naming all my packages.

mstydel
Contributor

Just to wrap this up, Windows Admin Center was still hanging onto port 443 even though it was uninstalled.  The eventually solution (despite hours and hours of searching and only finding posts regarding the issue saying the application pool was stopping due to an issue with the page or a credentials) is comment #3 under the accepted answer here.