Problems with WAMP and Windows IIS 7.0+ settings

I wanted to share with the community at-large, a problem I identified with WAMP installations (or possibly any PHP utilities that configure Windows Server settings) on a Windows 2008 Server. I’m guessing this problem could occur in Windows 2003 servers as well.

Basically, when ASP.NET developers are working… they make heavy use of “localhost” as the dns name that should resolve to their local IP Address. IIS automatically leverages the Windows Authentication mechanisms in Windows and, assuming Windows Integrated Security is being used on the website in question, authenticates the developer/user to proceed to access the website resources.

When attempting to install and configure Apache to run on your Windows 2008 server in order to leverage MySQL and PHP based web-frameworks… you may realize that your normal Windows Integrated Security websites are no-longer running and actually prevent you from accessing them. (This occurs only if you’re using the standard port 80 to access your website.) This is because the WAMP install package and other similar packages that configure Apache to run on a Windows Server, typically modify the “hosts” file burried in your Windows directory. The fix was emailed out to my staff in this following communication:

After working all morning on understanding why my XXXX, XXXXXXXXXX, and demo Silverlight web applications were failing to allow me to access them, I discovered the following :

When using Windows-Authentication on websites, I was being “prompted” for a username/password while accessing my webapps on “localhost” or . This is never supposed to happen because “localhost” is supposed to resolve to your local machine and automatically authenticate you using the normal Windows Integrated security.

It turns out that installing “WAMP”, which was necessary to get the XXXX application up-and-running with MySQL, phpMyAdmin, and the like… messed around with the “hosts” file located at C:\Windows\System32\drivers\etc!

In particular… it modified this :
# localhost name resolution is handled within DNS itself.
# localhost
# ::1 localhost

To this :
# localhost name resolution is handled within DNS itself.
# localhost
# ::1 localhost localhost127.0.0.1 localhost

To fix the problem… with non PHP specific web-pages… you need to modify the HOSTS file and set it back by doing this :
# localhost name resolution is handled within DNS itself.
# localhost
# ::1 localhost
# localhost127.0.0.1 localhost

I have logged in to the server and corrected this problem. The impact is that anytime we were logged on to the web-server directly (or our local development boxes for that matter) this would have prevented us from viewing websites that had Windows Integrated Security enabled and Anonymous Authentication disabled unless we were using a non-standard web port.

Consider yourselves warned about the dangers of installing PHP sdk’s and runtimes alongside your ASP.NET/Silverlight/MVC3 stuff.

Chad W. Stoker
President & CTO
CodeSmart Inc

Comments are closed.

Our Capabilities Include:

Custom Software Development
Enterprise Architecture
Project Management
Systems Analysis
Performance Testing


These methods are vital to our work:

Agile Methodology
Test-Driven Development


About CodeSmart, Inc.

CodeSmart has been locally owned and operated in the Olympia, WA area since 2002. We direct, design, develop and deliver full end-to-end information systems using leading edge Microsoft .Net technologies and recommended best practices.