Host Named Site Collections with anonymous log in issues

Scenario :

We have a Claims Based Web Application which hosts various Host Named Site Collections.
One of these sites requires Anonymous Access. I have applied AA to the Web Application and activated it on the Site Collection in question. However, when users log in, when they navigate to another page they lose their login credentials (as if the cookies arent holding their data). Then they browse as Anonymous Users but suddenly they will appear logged in again?
Is this an error or a known issue? Can you use Anonymous Access on Claims Based Host Named Site Collections? Is their anything I can do to stop logged in users from suddenly being logged out and in?
Thanks >> copy from here

Root cause : suspected is because our HNSC web application root is not empty for port 80 , we have assign host header for it.

Workaround :  using power shell command to assign https to AAM then the https access will not facing this issues.
example of the power shell command
Set-SPSiteUrl (Get-SPSite 'http://portal.contoso.com') -Url 'https://portal.contoso.com' -Zone Internet

SharePoint 2013 RBS setup for second content database

Normally you can get the information from internet for first time RBS setup step , example : https://blogs.technet.microsoft.com/bogdang/2014/12/04/install-and-configure-rbs-with-sharepoint-2013-and-sql-server-2012/

just sharing some command for setup on the following content DB after first RBS content DB is enable ,

http://go.microsoft.com/fwlink/?LinkID=188395&clcid=0x409 >> download for RBS.msi x64 package  which is 5287KB file size is the correct version to support second content DB. if u downloaded the previous version then mind be not working.

SQL Query
==========
use wss_content
if not exists (select * from sys.symmetric_keys where name = N'##MS_DatabaseMasterKey##') create master key encryptionby password = N'Admin Key Password !2#4'

use wss_content
if not exists (select groupname from sysfilegroups where groupname=N'RBSFilestreamProvider')alter database wss_content add filegroup RBSFilestreamProvider

contains filestream

use wss_content
alter database wss_content add file (name = RBSFilestreamFile, filename = 'F:\Blobstore') to filegroup RBSFilestreamProvider


first content db enabel rbs , run at SQL server
===================================================

msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY DBNAME="WSS_Content_RBS" DBINSTANCE="DBPRD02" FILESTREAMFILEGROUP=RBSFilestreamProvider FILESTREAMSTORENAME=FilestreamProvider_1

first content db enabel rbs , run at application and web front end server
=====================================================
msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi DBNAME="WSS_Content" DBINSTANCE="DBInstance Name" ADDLOCAL="Client,Docs,Maintainer,ServerScript,FilestreamClient,FilestreamServer"


second content db :need to enabe RBS ( run at sql or applicatin server)
=================================================================
msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi REMOTEBLOBENABLE=1 FILESTREAMPROVIDERENABLE=1 FILESTREAMSTORENAME=FilestreamProvider_1 DBNAME="WSS_Content" ADDLOCAL="EnableRBS,FilestreamRunScript" DBINSTANCE="DBPRD02"


second content db : wfe install for rbs second content db
==========================================================
msiexec /qn /lvx* rbs_install_log.txt /i RBS.msi TRUSTSERVERCERTIFICATE=true FILEGROUP=PRIMARY DBNAME="WSS_Content" DBINSTANCE="DBPRD02" FILESTREAMFILEGROUP=RBSFilestreamProvider FILESTREAMSTORENAME=FilestreamProvider_1

powershell enable RBS
====================
$cdb = Get-SPContentDatabase WSS_Content
$rbss = $cdb.RemoteBlobStorageSettings
$rbss.Installed()
$rbss.Enable()
$rbss.SetActiveProviderName($rbss.GetProviderNames()[0])
$rbss

powershell migrate sql data to RBS
=================================
$cdb = Get-SPContentDatabase WSS_Content
$rbss = $cdb.RemoteBlobStorageSettings
$rbss.SetActiveProviderName($rbss.GetProviderNames()[0])
$rbss.Migrate()

Last Step :
========
Need to add application pool service account to the content DB for DB owner role.

*if not granted db role for application pool account, when you upload file will see error message . File name can't contain the following characters : &?<>#{}%~/\.


more information :
http://blogs.technet.com/b/pramodbalusu/archive/2011/07/09/rbs-and-sharepoint-2010.aspx

Why Normally HNSC is using the port 80 with blank host header setting for web application ?

Copy from : http://www.jeremytaylor.net/2013/03/04/host-named-site-collections-sharepoint-2013/

Note – HNSC can be created on a non default Web Application but you’ll need to add bindings in IIS for your HNSC as the Web Application isn’t listening to all port 80 requests and would need to know about the HNSC it hosts. 

Thats why a lot of blogs usually specify HNSCs on default web apps, because adding IIS bindings can get messy. 

=======================================================================

If you using the port 80 with empty host header then you are no need do manually do IIS binding for your site collection HNSC . else you need to do IIS binding for each site collection created by HNSC.

Why cannot user SharePoint Farm Account for application pool ?

As i understand if application pool account using the SharePoint Farm Account  is over privilege but today i just notice we can extract the service account password from the application pool .

with the following script then we can get the password then just understand using the SharePoint Farm Service Account for application is very risky for the security leaking.

 PowerShell

try{

Import-Module WebAdministration

Get-WebApplication

$webapps = Get-WebApplication

$list = @()

foreach ($webapp in get-childitem IIS:\AppPools\)

{

$name = "IIS:\AppPools\" + $webapp.name

$item = @{}

$item.WebAppName = $webapp.name

$item.Version = (Get-ItemProperty $name managedRuntimeVersion).Value

$item.State = (Get-WebAppPoolState -Name $webapp.name).Value

$item.UserIdentityType = $webapp.processModel.identityType

$item.Username = $webapp.processModel.userName

$item.Password = $webapp.processModel.password

$obj = New-Object PSObject -Property $item

$list += $obj

}

$list | Format-Table -a -Property "WebAppName", "Version", "State", "UserIdentityType", "Username", "Password"

}catch

{

$ExceptionMessage = "Error in Line: " + $_.Exception.Line + ". " + $_.Exception.GetType().FullName + ": " + $_.Exception.Message + " Stacktrace: " + $_.Exception.StackTrace

$ExceptionMessage

}

copy from this site

Query to check which backup task is running at back end

SELECT r.session_id,command,

            s.text,

            start_time,

            percent_complete,

            CAST(((DATEDIFF(s,start_time,GetDate()))/3600) as varchar) + ' hour(s), '

                  + CAST((DATEDIFF(s,start_time,GetDate())%3600)/60 as varchar) + 'min, '

                  + CAST((DATEDIFF(s,start_time,GetDate())%60) as varchar) + ' sec' as running_time,

            CAST((estimated_completion_time/3600000) as varchar) + ' hour(s), '

                  + CAST((estimated_completion_time %3600000)/60000 as varchar) + 'min, '

                  + CAST((estimated_completion_time %60000)/1000 as varchar) + ' sec' as est_time_to_go,

            dateadd(second,estimated_completion_time/1000, getdate()) as est_completion_time

FROM sys.dm_exec_requests r

CROSS APPLY sys.dm_exec_sql_text(r.sql_handle) s

WHERE r.command in ('RESTORE DATABASE', 'BACKUP DATABASE', 'RESTORE LOG', 'BACKUP LOG')

Kill the process

Kill

KILL 1866 WITH STATUSONLY >> check the status on this progress