book

Internet Information Services (IIS) 6 Resource Kit

Name: Internet Information Services (IIS) 6 Resource Kit
Author: The Microsoft IIS Team
ISBN: 9780735614208

by The Microsoft IIS Team

September 2003

Intermediate to advanced

1264 pages

35h 56m

English

Microsoft Press

Read now

Unlock full access

Internet Information Services (IIS) 6.0
SPECIAL OFFER: Upgrade this ebook with O’Reilly
A Note Regarding Supplemental Files
Acknowledgments
Introduction
Resource Kit Compact Disc
Document Conventions
Flowchart SymbolsArt SymbolsReader Alert ConventionsCommand-line Style Conventions
Support Policy
I. Deploying Internet Information Services (IIS) 6.0
1. Overview of Deploying IIS 6.0
Overview of Deploying an IIS 6.0 Web ServerProcess for Deploying an IIS 6.0 Web ServerDeploying a New IIS 6.0 Web ServerUpgrading and Migrating a Server to IIS 6.0
Overview of IIS 6.0
IIS 6.0 Benefits and FeaturesInternet and Intranet Applications on IIS 6.0

Determining Application Compatibility with IIS 6.0
Moving from IIS 5.0 Isolation Mode to Worker Process Isolation Mode
Reviewing Application Isolation ModesBenefits of Moving to Worker Process Isolation ModeSecurity EnhancementsDefault process identity for Web sites and applications set to NetworkServicePerformance and Scaling EnhancementsSupport for processor affinity for worker processes in an application poolElimination of inactive worker processes and reclamation of unused resourcesDistributing client connections across multiple worker processesAvailability EnhancementsReduced number of server restarts that are required when administering Web sites and applicationsA fault-tolerant request-processing model for Web sites and applicationsIsolation of failed worker processes from healthy worker processesHealth monitoring of Web sites and applicationsPrevention of Web sites or applications that fail quickly from consuming system resourcesAutomatic restart of poorly performing Web sites and applications
2. Deploying ASP.NET Applications in IIS 6.0
Overview of Deploying ASP.NET Applications in IIS 6.0Process for Deploying ASP.NET Applications in IIS 6.0Deploy the Web ServerInstall ASP.NET ApplicationsComplete the ASP.NET Application Deployment
Deploying the Web Server
Installing Windows Server 2003Installing and Configuring IIS 6.0Enabling ASP.NET in the Web Service Extensions List
Installing ASP.NET Applications
Creating Web Sites and Virtual Directories for each ASP.NET ApplicationCreating Web Sites and Home DirectoriesCreating Virtual DirectoriesCopying ASP.NET Application ContentEnabling Common Storage for ASP.NET Session StateSelecting the Method for Maintaining and Storing ASP.NET Session StateConfiguring Out-of-Process Session State with the ASP.NET State ServiceConfiguring Out-of-Process Session State with SQL ServerConfiguring Encryption and Validation KeysConfiguring ASP.NET Applications to Use the Appropriate Session StateSession state is maintained in-processSession state is maintained out-of-process with the ASP.NET state serviceSession state is maintained out-of-process with a computer running Microsoft SQL ServerSecuring the ASP.NET Session State Connection String
Completing the ASP.NET Application Deployment
Ensuring the Security and Availability of ASP.NET ApplicationsVerifying That the ASP.NET Applications Were Deployed SuccessfullyBacking Up the Web ServerEnabling Client Access
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help Topics
3. Securing Web Sites and Applications
Overview of the Securing Web Sites and Applications ProcessProcess for Securing Web Sites and ApplicationsReduce the Attack Surface of the Web ServerPrevent Unauthorized Access to Web Sites and ApplicationsIsolate Web Sites and ApplicationsConfigure User AuthenticationEncrypt Confidential Data Exchanged with ClientsMaintain Web Site and Application Security
Reducing the Attack Surface of the Web Server
Enabling Only Essential Windows Server 2003 Components and ServicesEnabling Only Essential IIS Components and ServicesEnabling Only Essential Web Service ExtensionsEnabling Only Essential MIME TypesConfiguring Windows Server 2003 Security Settings
Preventing Unauthorized Access to Web Sites and Applications
Storing Content on a Dedicated Disk VolumeSetting IIS Web Site PermissionsSetting IP Address and Domain Name RestrictionsSetting NTFS PermissionsThe user who is accessing the Web sites and applicationsThe application pool identity that is used by the Web sites and applications
Isolating Web Sites and Applications
Evaluating the Effects of Impersonation on Application CompatibilityIdentifying the Impersonation Behavior for ASP ApplicationsSelecting the Impersonation Behavior for ASP.NET ApplicationsImpersonation is disabledImpersonation is enabledImpersonation is enabled and a specific impersonation identity is specifiedConfiguring Web Sites and Applications for Isolation
Configuring User Authentication
Configuring Web Site AuthenticationSelecting a Web Site Authentication MethodAuthentication Methods that Do Not Require or Encrypt User CredentialsAnonymous accessAuthentication that is independent of the client configuration and userAuthentication Methods That Encrypt User CredentialsConfiguring the Web Site Authentication MethodConfiguring FTP Site Authentication
Encrypting Confidential Data Exchanged with Clients
Using SSL to Encrypt Confidential DataUsing IPSec or VPN with Remote Administration
Maintaining Web Site and Application Security
Obtaining and Applying Current Security PatchesEnabling Windows Server 2003 Security LogsEnabling File Access Auditing for Web Site ContentConfiguring IIS LogsW3C Extended log file formatIIS log file formatNCSA Common log file formatODBC loggingCentralized binary loggingReviewing Security Policies, Processes, and ProceduresIdentifying changes in Web server configuration that can compromise security
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help topics
4. Ensuring Application Availability
Overview of the Ensuring Application Availability ProcessProcess for Ensuring Application AvailabilityEstablishing Application Availability GoalsConfiguring IIS 6.0 for Optimum AvailabilityTesting Applications for Compatibility
Establishing Application Availability Goals
Setting Service Availability GoalsMeasuring Service AvailabilitySetting Request-Handling GoalsRequest-Handling ReliabilityRequest Processing TimeTesting Request-Handling
Configuring IIS 6.0 for Optimum Availability
Isolating ApplicationsDetermining the Application Isolation Needs of Your ServerCreating Application Pools and Assigning Applications to ThemRecycling Worker ProcessesRecycling and Maintaining StateRecycling by Elapsed TimeRecycling by Number of RequestsRecycling at Scheduled TimesRecycling on a Virtual-Memory ThresholdRecycling on a Used-Memory ThresholdTuning PerformanceManaging Isolation and PerformanceConfiguring Idle Time-out for Worker ProcessesConfiguring a Request Queue LimitManaging ASP.NET and Request Queue LimitConfiguring Web GardensSetting Processor Affinity on Servers with Multiple CPUsManaging Application Pool HealthConfiguring Worker Process PingingOptimizing Ping IntervalsConfiguring Rapid-Fail Protection for Worker ProcessesConfiguring the Startup Time Limit for Worker ProcessesConfiguring the Shutdown Time Limit for Worker ProcessesEnabling Debugging for Application Pool FailuresConfiguring Application Pool Identity
Testing Applications for Compatibility
Checking for Known Conflicts with IIS 6.0Testing Applications for Compatibility with IIS 6.0Version Detection IncompatibilityWwwroot and Scripts Retrieval IncompatibilityTesting Applications for Functional Compatibility with IIS 6.0ISAPIs Not Enabled in the Web Service Extensions NodeMIME Types IncompatibilityRecycling IncompatibilityOverlapped Recycling and Single Instance Application IncompatibilitySubauthentication Is Not Installed
Additional Resources
Related InformationRelated Help Topics
5. Upgrading an IIS Server to IIS 6.0
Overview of Upgrading an IIS Server to IIS 6.0Process for Upgrading an IIS Server to IIS 6.0Prepare to UpgradePerform the UpgradeConvert to Worker Process Isolation ModeConfigure IIS 6.0 PropertiesConfigure IIS to Host ASP.NET ApplicationsComplete the Upgrade
Preparing to Upgrade
Determining Compatibility with Windows Server 2003Determining the Compatibility of Existing Windows Servers with UpgradeDetermining the Compatibility of Existing HardwareDetermining the Compatibility of Existing SoftwareIdentifying and Compensating for Changes to IIS 6.0Ensuring That the WWW Service is Enabled After UpgradeCompensating for Changes to IIS ComponentsDetermining Application Compatibility with Worker Process Isolation ModeEvaluating the Benefits of Worker Process Isolation ModeSecurity EnhancementsDefault process identity for Web sites and applications is set to NetworkServicePerformance and Scaling EnhancementsSupport for processor affinity for worker processes in an application poolElimination of inactive worker processes and reclamation of unused resourcesDistributing client connections across multiple worker processesAbility to Isolate Web sites and applications from each otherAvailability EnhancementsReduced number of Web server restarts required when administering Web sites and applicationsA fault-tolerant request processing model for Web sites and applicationsIsolation of failed worker processes from healthy worker processesHealth monitoring of Web sites and applicationsPrevention of Web sites or applications that fail quickly from consuming system resourcesAutomatic restart of poorly performing Web sites and applicationsEvaluating Application Changes Required for Worker Process Isolation ModeEvaluating Management and Provisioning Script Changes Required for Worker Process Isolation ModeVerifying Application Compatibility with Worker Process Isolation Mode in a LabDetermining Application Compatibility with the .NET Framework
Performing the Upgrade
Backing Up the ServerVerifying That Clients Are Not Accessing Web SitesPreventing the WWW Service from Being DisabledModifying the Registry or Unattended Setup ScriptRunning the IIS Lockdown ToolCustom Server Configurations with the IIS Lockdown ToolServer Roles in the IIS Lockdown ToolUpgrading the Server to IIS 6.0Verifying That the Operating System Upgrade Was SuccessfulBacking Up the IIS 6.0 Metabase
Converting to Worker Process Isolation Mode
Documenting the Current Application Isolation SettingsApplication isolation settingsProcess identity that is used by the Web site or applicationConfiguring IIS 6.0 to Run in Worker Process Isolation ModeConfiguring Application Isolation Settings in Worker Process Isolation ModeFor each Web site or application configured in High isolation in IIS 5.0For each Web site or application configured in Low or Medium isolation in IIS 5.0Example: Converting to Worker Process Isolation Mode
Configuring IIS 6.0 Properties
Enabling the WWW ServiceConfiguring Web Service ExtensionsConfiguring MIME TypesModifying References to IIS 6.0 Metabase PropertiesUpgrading FrontPage Extended Web SitesDetermining Whether to Run the IIS Lockdown Tool and UrlScanIIS Lockdown ToolUrlScanMaking Security-Related Configuration ChangesEnabling Essential IIS Components and ServicesRemoving Unnecessary IIS Virtual DirectoriesConfiguring the Anonymous User Identity
Configuring IIS 6.0 to Host ASP.NET Applications
Configuring IIS 6.0 to Use the Correct Version of the .NET FrameworkConfiguring the .NET FrameworkReviewing How ASP.NET Applications Run In Each Application Isolation ModeBehavior of ASP.NET Applications that Are Running in IIS 5.0 Isolation ModeBehavior of ASP.NET Applications that Are Running in Worker Process Isolation ModeMigrating Machine.config Attributes to IIS 6.0 Metabase Property SettingsMigrating Recycling-Related AttributesMigrating the timeout AttributeMigrating the requestLimit AttributeMigrating the memoryLimit AttributeMigrating Performance-Related AttributesMigrating the webGarden and cpuMask AttributesMigrating the restartQueueLimit AttributeMigrating the idleTimeout AttributeMigrating Health-Related AttributesMigrating the shutdownTimeout AttributeMigrating the pingFrequency and pingTimeout AttributesMigrating Identity-Related AttributesMigrating the username AttributeOption 1 Configure IIS 6.0 to use NetworkServiceOption 2 Configure IIS 6.0 to use a new service account and grant the account the minimal user rights or group membership to allow the applications to run successfullyOption 3 Configure IIS 6.0 to use a new service account that belongs to the local Administrators groupMigrating the password Attribute
Completing the Upgrade
Verifying That the Web Sites and Applications Run ProperlyBacking Up the ServerEnabling Client Access
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Tools
6. Migrating IIS Web Sites to IIS 6.0
Overview of Migrating IIS Web Sites to IIS 6.0Process for Migrating IIS Web Sites to IIS 6.0Prepare for MigrationDeploy the Target SeverMigrate Web Sites with the IIS 6.0 Migration ToolMigrate Web Sites ManuallyConfigure IIS 6.0 PropertiesPerform Application-Specific Migration TasksComplete the Migration
Preparing for Migration
Identifying Which Web Site and Application Components to MigrateDetermining Compatibility with Windows Server 2003Compatibility of Existing HardwareCompatibility of Existing SoftwareDetermining Application Compatibility with Worker Process Isolation ModeEvaluating the Benefits of Worker Process Isolation ModeSecurity EnhancementsDefault process identity for Web sites and applications is set to NetworkServicePerformance and Scaling EnhancementsSupport for processor affinity for worker processes in an application poolElimination of inactive worker processes and reclamation of unused resourcesDistributing client connections across multiple worker processesAbility to Isolate Web sites and applications from each otherAvailability EnhancementsReduced number of Web server restarts required when administering Web sites and applicationsA fault-tolerant request processing model for Web sites and applicationsIsolation of failed worker processes from healthy worker processesHealth monitoring of Web sites and applicationsPrevention of Web sites or applications that fail quickly from consuming system resourcesAutomatic restart of poorly performing Web sites and applicationsEvaluating Application Changes Required for Worker Process Isolation ModeEvaluating Management and Provisioning Script Changes Required for Worker Process Isolation ModeVerifying Application Compatibility with Worker Process Isolation Mode in a LabDetermining Application Compatibility with the .NET FrameworkSelecting a Migration MethodIdentifying the Role of the IIS 6.0 Migration ToolMigration Tasks That Are Automated by the IIS 6.0 Migration ToolMigration Tasks That Must Be Completed ManuallyMigrating Additional Web Site and Application ContentConfiguring Additional Web Site and Application PropertiesPerforming Application-Specific Migration Tasks
Deploying the Target Server
Installing Windows Server 2003Installing and Configuring IIS 6.0
Migrating Web Sites with the IIS 6.0 Migration Tool
Installing the IIS 6.0 Migration ToolVerifying That Clients Are Not Accessing Web SitesRunning the IIS 6.0 Migration ToolVerifying That the IIS 6.0 Migration Tool Ran SuccessfullyMigrating Additional Web Site ContentMigrating Content Located Outside the Home Directory of the Web SiteMigrating Content Located in Virtual DirectoriesModifying IIS 6.0 Metabase Properties That Reference the Systemroot Folder
Migrating Web Sites Manually
Verifying That Clients Are Not Accessing Web Sites Before a Manual MigrationCreating Web Sites and Virtual DirectoriesCreating Web Sites and Home Directories on the Target ServerCreating Virtual DirectoriesMigrating Web Site ContentConfiguring Web Site Application Isolation SettingsDocumenting the Current Application Isolation Settings on the Source ServerApplication isolation settingsProcess identity that is used by the Web site or applicationConfiguring Application Isolation Settings in IIS 5.0 Isolation ModeConfiguring Application Isolation Settings in Worker Process Isolation ModeFor each Web site or application configured in High isolation in IIS 5.0For each Web site or application configured in Low or Medium isolation in IIS 5.0
Configuring IIS 6.0 Properties
Configuring IIS 6.0 Properties That Reference Local User AccountsConfiguring Web Service ExtensionsConfiguring MIME TypesMigrating Server Certificates for SSLMigrating FrontPage Users and RolesConfiguring IIS 6.0 to Host ASP.NET ApplicationsConfiguring IIS to Use the Correct Version of the .NET FrameworkConfiguring the .NET FrameworkReviewing How ASP.NET Applications Run in Each Application Isolation ModeBehavior of ASP.NET Applications That Are Running in IIS 5.0 Isolation ModeBehavior of ASP.NET Applications That Are Running in Worker Process Isolation ModeMigrating Machine.config Attributes to IIS 6.0 Metabase Property SettingsDetermining Whether to Run the IIS Lockdown Tool and UrlScanIIS Lockdown ToolUrlScan
Performing Application-Specific Migration Tasks
Modifying Application Code for Compatibility with Windows Server 2003 and IIS 6.0Modifying References to Windows Platform Components and APIs No Longer Supported in Windows Server 2003Modifying References to IIS 6.0 Metabase PropertiesModifying Applications To Be Compatible with Worker Process Isolation ModeInstalling Additional Software Required by ApplicationsMigrating MTS Packages, COM Objects, and COM+ ApplicationsModifying ODBC Data Connection Strings and DSNsModifying ODBC DSNsCreating System ODBC DSNsCreating IP Addresses That Are Used by ApplicationsCreating Users and Groups That Are Used by ApplicationsCreating Registry Entries for Applications
Completing the Migration
Verifying That the Web Sites and Applications Migrated SuccessfullyBacking Up the Target ServerEnabling Client Access
Additional Resources
Related IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
7. Migrating Apache Web Sites to IIS 6.0
Overview of Migrating Apache Web Sites to IIS 6.0Process for Migrating Apache Web Sites to IIS 6.0Prepare for MigrationDeploy the Target SeverPerform the MigrationMigrate Apache-Specific ExtensionsConfigure IIS 6.0 After MigrationEnable Client Access After Migration
Preparing for Migration
Determining Web Site Compatibility with IIS 6.0Determining Web Site Compatibility with Worker Process Isolation ModeIdentifying the Role of the Migration ToolSelecting a Migration Tool Installation OptionSource Server Installation OptionTarget Server Installation OptionIntermediate Computer Installation Option
Deploying the Target Server
Installing Windows Server 2003Installing IIS 6.0Configuring the FTP Service
Performing the Migration
Installing the Migration ToolInstalling the Migration Tool on Computers Running LinuxInstalling the Migration Tool on Computers Running WindowsConfiguring the Target Server for MigrationVerifying that Clients Are Not Accessing Web SitesMigrating Web Site ContentMigrating Web Site ConfigurationRecovering from an Interruption in the Migration ProcessDetermining Cause of and Resolving ErrorsRestarting the Migration Tool in Recovery Mode
Migrating Apache-Specific Extensions
Migrating Dynamic ContentRun Dynamic Content on a Preprocessor that Ships with IISRun Dynamic Content on a Preprocessor External to IISRewrite the Dynamic Content in ASP or ASP.NETMigrating Database Content and ConnectivityMigrating the Database ContentMigrating the Database ConnectivityObtain a Version of the Database Connectivity that Runs on IIS 6.0Convert the Dynamic Content to use Windows Database ConnectivityMigrating External ModulesObtain Version of External Module that Runs on IIS 6.0 and Windows Server 2003Convert External Modules to Run on Same Preprocessor as IIS 6.0 and Windows Sever 2003Rewrite the External Module in ASP or ASP.NET
Configuring IIS 6.0
Configuring Web Service ExtensionsConfiguring MIME TypesConfiguring Web Site PropertiesConfiguring Server Certificates for SSLBacking Up the Target Server
Enabling Client Access After Migration
Additional Resources
Related InformationRelated IIS 6.0 Help topicsRelated Windows Server 2003 Help topics
A. IIS Deployment Procedures
Assign Additional IP Addresses to a Network Adapter
Assign a Server Certificate to a Web Site
Back Up and Restore Registry Entries
Back Up and Restore the IIS Metabase
Back Up and Restore the Web Server to a File or Tape
Configure an ASP.NET Application for ASP.NET
Viewing the Script Map for an ASP.NET ApplicationConfigure an ASP.NET Application for ASP.NET
Configure Anonymous User Identity
Configure a Web Site to be FrontPage Extended
Configure Application Identity for IIS 5.0 Isolation Mode
Configure Application Isolation Modes
Configuring IIS for Worker Process Isolation ModeConfiguring IIS for IIS 5.0 Isolation Mode
Configure Application Isolation Settings for IIS 5.0 Isolation Mode
Configure Application Pool Health
Configure Application Pool Identity
Configure Application Pool Performance
Configure Application Pool Recycling
Configure FrontPage Server Roles
Configure FTP Server Authentication
Enable Anonymous FTP AuthenticationEnable Basic FTP Authentication
Configure IIS Components and Services
Configure IP Address Assigned to Web Sites
Configure IP Address and Domain Name Restrictions
Grant or deny access to resources for a group of computersConfigure Restrictions Based on Domain
Configure MIME Types
Configure NTFS Permissions
Configure the State Service on the ASP.NET State Server
Configure the Registry
Configure the Web Site Identification Number
Configure Web Server Authentication
Configure Web Service Extensions
Configure Web Site Permissions
Configure Windows Server 2003 Services
Convert Existing Disk Volumes to NTFS
Create a Service Account
Create A SQL Server Database for Storing ASP.NET Session State
Create a Virtual Directory
Create a Web Site
Debug Application Pool Failures
Determine Web Sites Uniquely Identified by IP Addresses
Disable Network Adapters
Enable ASP.NET
Enable Logging
Enable Network Adapters
Enable Security Auditing
Enable the WWW Service After Upgrade
Enable Web Site Content Auditing
Export a Server Certificate
Gather and Display WWW Service Uptime Data
Gathering WWW Service Uptime DataDisplaying WWW Service Uptime Data
Grant User Rights to a Service Account
Install a Server Certificate
Install IIS 6.0
Install Subauthentication
Isolate Applications in Worker Process Isolation Mode
Make a Service Account a Member of the Local Administrators Group
Migrate CDONTS
Modify the IIS Metabase Directly
Monitor Active Web and FTP Connections
Pause Web or FTP Sites
Pausing Web SitesPausing FTP Sites
Publish Web Site Content with FrontPage
Extending a Web sitePublishing a Web site
Remove Virtual Directories
Request a Server Certificate
Secure the Root Folder of Each Disk Volume
Secure Windows Server 2003 Built-in Accounts
Set Processor Affinity
Stop the WWW Service
Upgrade FrontPage Extended Web Sites
View Application Isolation Configuration
View Web Site and Application Process Identities
B. Changes to Metabase Properties in IIS 6.0
II. Internet Information Services (IIS) 6.0 Resource Guide
8. Introducing IIS 6.0
Internet Information Services 6.0Installing IIS as an Application ServerEnabling Web Service Extensions to Serve Dynamic Content
What's Changed
Reliability ImprovementsManageability ImprovementsMetabase ImprovementsProgrammatic Administration AdditionsLogging EnhancementsTroubleshootingSecurity ImprovementsPerformance and Scalability Improvements
IIS 6.0 Resource Guide Tools
Migration ToolsPerformance and Troubleshooting ToolsSecurity ToolsAdministration Tools
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
9. IIS 6.0 Architecture
Overview of IIS 6.0 ArchitectureIIS 6.0 Request Processing ModelsIIS 6.0 ServicesComparing Basic Functionality Between IIS 6.0 and Earlier IIS Versions
IIS 6.0 Services
World Wide Web Publishing ServiceFTP ServiceSMTP ServiceNNTP ServiceIIS Admin Service
IIS 6.0 Core Components
HTTP Protocol StackHow HTTP.sys WorksHow HTTP.sys Handles Kernel-Mode QueuingWorker ProcessesWWW Service Administration and MonitoringHTTP administrationManaging the lifetime of the worker processInetinfo.exeThe IIS MetabaseMetabase ElementsAutomatic Versioning and History
Application Isolation Modes
Worker process isolation modeIIS 5.0 isolation modeChoosing an Application Isolation ModeApplications that cannot run in worker process isolation modeApplications that require special handling to run in worker process isolation modeApplication Isolation Mode DefaultsApplication Isolation Mode FunctionsHTTP SSL (HTTPFilter)IIS 6.0 Identity vs. IIS 5.0 IdentityWorker Process Isolation ModeBenefits of Using Worker Process Isolation ModeFeatures of Worker Process Isolation ModeMultiple Application PoolsApplication Pool Health MonitoringWorker Process RecyclingRapid-Fail ProtectionOrphaning Worker ProcessesWeb GardensProcessor AffinityIdle TimeoutApplication Pool IdentityHow Application Pools WorkRequest Processing in Worker Process Isolation ModeIIS 5.0 Isolation ModeApplication Isolation in IIS 5.0 Isolation ModeSecurity ConsiderationsPerformance ConsiderationsRequest Processing in IIS 5.0 Isolation Mode
How ASP.NET Works with IIS 6.0
ASP.NET Request Processing ModelASP.NET processModel Configuration SettingsWhen Different Versions of ASP.NET Share the Same Application Pool
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help Topics
10. Running IIS 6.0 as an Application Server
Introduction to Running an Application Server
Configuring an Application Server Role
Technologies Offered in the Application ServerBenefits of Enabling ASP.NETBenefits of Installing FrontPage Server ExtensionsPreparing to Install IIS 6.0Avoid installing IIS on a domain controllerVerify that all disk volumes on your application servers use NTFSInstalling IIS 6.0
Enabling Dynamic Content
Configuring an Application Isolation Mode
Choosing an Application Isolation ModeEvaluating the Capabilities of the Two Application Isolation ModesBenefits of Worker Process Isolation ModeIsolation Options in IIS 5.0 Isolation ModeEvaluating Application RequirementsGuidelines for Optimizing Application PerformanceApplications That Cannot Run in Worker Process Isolation ModeSecurity Considerations When Choosing an Application Isolation ModePerformance Considerations When Choosing an Application Isolation ModeConfiguring an Application Isolation ModeSetting Isolation for Applications Running in IIS 5.0 Isolation Mode
Creating Application Pools
Guidelines for Creating Application PoolsConfiguring Application Pools
Ensuring Application Health in Worker Process Isolation Mode
Monitoring Application Pool HealthUsing an ISAPI Extension That Declares Itself UnhealthyEnabling DebuggingEnsuring Application Pool HealthRecycling Worker ProcessesHow Worker Process Recycling WorksWhen and How to Use Worker Process RecyclingLogging Worker Process Recycling EventsConfiguring Rapid-Fail ProtectionConfiguring Rapid-Fail Protection from the Command Line
Managing Resources in Worker Process Isolation Mode
Configuring Web GardensConfiguring Idle Timeout for a Worker ProcessConfiguring Shutdown and Startup Time LimitsEnabling CPU MonitoringEvent loggingShut down the unhealthy application pool (also includes event logging)Obtaining more detailed CPU monitoringEnabling CPU Monitoring by Using IIS ManagerEnabling CPU Monitoring from the Command LineSet the CPU LimitSet the CPU Reset IntervalSet the CPU ActionAssigning Processor Affinity
Running Web Applications
Enhancements to ISAPI SupportUsing HSE_REQ_EXEC_URL to Call Other URLS on the ServerUsing HSE_REQ_VECTOR_SEND to Consolidate Multiple BuffersUsing HSE_REQ_REPORT_UNHEALTHY to Recycle a Worker ProcessUsing HSE_REQ_SEND_CUSTOM_ERROR to Send Custom Error MessagesUsing the New Unicode ServerSupportFunctionsUsing ASP in IIS 6.0Improvements to the ASP Programming EnvironmentCOM+ Services in ASPApartment model selectionSide-by-side assemblies Side-by-sideCOM+ partitionsCOM+ trackerNew Metabase Properties for ASPSecurity and Performance Enhancements in ASPASP Metabase Properties No Longer in Use in IIS 6.0Setting Application MappingsBenefits of Using Wildcard Application Mappings Instead of ISAPI FiltersRequest Handling with Wildcard Application MappingsInserting Wildcard Application Mappings
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
11. Working with the Metabase
Overview of the IIS 6.0 MetabaseIIS 6.0 Metabase FeaturesThe metabase schema can be modified by an administratorThe metabase is 100 percent compatible with IIS 5.0 metabase APIsMetabase performance and scalability are improvedThe metabase incorporates rich functionalityBenefits of Plaintext XML FilesMetabase files can be edited directly by using common text editorsImproved metabase corruption recovery and troubleshootingImproved metabase backup and restore capabilitiesMetabase TerminologyKeys and LocationsXML Terminology Related to IIS
Metabase Structure
The Local Machine NamespaceProperty InheritanceHierarchical Relationship of KeysInheritanceThe Metabase SchemaCollectionsPropertiesFlagsRemaining Collections
Metabase Security
File-Level SecurityEncrypted PropertiesChecklist: Metabase Security
Backing Up and Restoring the Metabase
Backing Up the MetabasePortable BackupNon-portable BackupThe Metabase History FeatureHistory FolderConfiguring the Metabase History FeatureNaming the Metabase History FilesMetabase Version NumbersHistoryMajorVersionNumber PropertyMinor Version NumberNaming the History FilesMetabase Error FilesRestoring the MetabaseRestoring the Metabase from History FilesRestoring the Metabase from Backup FilesSSL CertificatesRestoring a Section of the Metabase
Editing the Metabase
Best Practices for Maintaining Metabase IntegrityConfiguring the MetabaseAbout the IIS ABOsMetabase Storage LayerAdding Comments to the MetabaseEditing Metabase PropertiesGeneral Notes for Editing the MetabaseChanging Schema-Defined or Out-of-Schema PropertiesStarting or Stopping IISEditing the MetaBase.xml File While IIS Is RunningThe Edit-While-Running ProcessSimultaneous UpdatesEnabling Edit-While-RunningWriting the In-Memory Metabase and Schema to DiskWriting the In-Memory Metabase to DiskWriting the In-Memory Schema to Disk
Metabase Import and Export
Specifying Metabase Elements for Import or ExportImporting and Exporting a Metabase ElementBefore exporting a metabase elementBefore importing a metabase elementSetting Inherit and Merge FlagsExporting Lower-Level Child keysImporting and Exporting Metabase Elements with IIS ManagerMoving Sites and Applications to Another ComputerMetabase Import/Export BehaviorMachine-Specific and System-Specific Information
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
12. Managing a Secure IIS 6.0 Solution
What's ChangedIIS Installs in a Locked-Down ModeIIS Lockdown Tool Capabilities Are Built-inRestrictive MIME Types Reduce the Attack Surface of IISAdding MIME TypesAllowing All ExtensionsMultiple Worker Processes Affect ISAPI Filter Status DisplayASP-Related Security ChangesASP and ASP.NET Are Disabled by DefaultParent Paths Are Disabled by DefaultGlobal.asa Events Are Run As Anonymous UserSecurity-Related Changes in AuthenticationAnonymous Password Synchronization is Disabled by DefaultAdvanced Digest Authentication Requires Windows Server 2003.NET Passport Authentication Requires LocalSystem User Account RightsKerberos Authentication Requires SPNs for Multiple Worker ProcessesUsing Setspn.exeForcing NTLMSecurity-Related Changes in Access ControlAccess Is Restricted for ExecutablesAccess Is Restricted for Nondefault Identities for CGI Processes
Automatic Installation of Security Patches
Authentication
Anonymous AuthenticationBasic AuthenticationLogon TypesToken Cache Security ConsiderationsDigest AuthenticationRequirements for Digest AuthenticationAdvanced Digest AuthenticationRequirements for Advanced Digest AuthenticationIntegrated Windows AuthenticationClient Authentication ProcessKerberos and Service RegistrationUNC AuthenticationConstrained DelegationDeciding Whether to Use Constrained DelegationConfiguring Constrained Delegation for IIS.NET Passport Authentication
Access Control
How Access Control WorksNTFS PermissionsAccess Control ListsACL ToolsCaclsXcacls.exeIIS Default ACLsMetabase ACLsWeb Site PermissionsIIS and Built-in AccountsLocalSystemNetwork ServiceLocal ServiceIIS_WPGIUSR_ComputerNameIWAM_ComputerNameASPNETConfiguring Application Pool IdentityURL AuthorizationUsing URL AuthorizationEnabling the Wildcard Script Map
Encryption
SSL and CertificatesManaging Certificates ProgrammaticallyServer-Gated CryptographyCryptographic Service ProviderClient Certificate MappingDirectory Service MappingOne-to-One MappingMany-to-One Mapping
TCP/IP Port Filtering
Creating an IPSec Policy to Restrict PortsExample: Creating an IPSec Policy
Secure Code
MIME Types
Inheritance and Merge BehaviorMerge considerations
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
13. Optimizing IIS 6.0 Performance
Overview of Performance Monitoring and TuningUsing Performance Tools to Obtain a BaselineSystem MonitorPerformance Logs and AlertsTask ManagerEvent Tracing with Log Manager and Trace ReportNetwork MonitorMonitoring with Performance CountersComponents of a counter pathSampling methods for countersCounters Provided by Windows and by IISSuggested Performance Counters to WatchSetting Up MonitoringViewing Counter Data in the Performance ConsoleUsing the Predefined System Overview LogCollecting Useful Data
Managing Network Activity
Estimating Bandwidth Requirements and Connection SpeedBrowser Download TimeServer-Side Request ProcessingPerceived Delay, Acceptable Delay, and Site PerformanceMonitoring Network ActivityBandwidth and CapacityMonitoring Data Transmission Rates at Different OSI LayersCounters for Monitoring Data Transmission Rates at the Application LayerAnalyzing the dataCounters for Monitoring Data Transmission Rates at the Transport and Network LayersAnalyzing the dataCounters for Monitoring Data Transmission Rates at the Data-Link LayerAnalyzing the dataMonitoring File and Message TransfersAnalyzing the DataMonitoring TCP ConnectionsAnalyzing the DataAdministering Network ResourcesLimiting Connections to Manage ResourcesEnabling HTTP Keep-Alives to Keep Connections OpenSetting Connection Timeouts to Save ResourcesMonitoring with Counters to Evaluate Connection LimitsSetting Connection Timeouts by Using IIS ManagerSetting Connection Timeouts by Editing the MetabaseSetting connection timeoutsSetting request timeoutsSetting response timeoutsReference to Default Time-out SettingsUsing HTTP Compression for Faster DownloadsHow HTTP Compression WorksDetermining Whether HTTP Compression Will Improve PerformanceChoosing Compression OptionsEnabling Global HTTP CompressionConfiguring HTTP Compression at Specific Metabase LevelsSpecifying File Types and Compression Schemes by Editing the MetabaseSpecifying the Location and Size of the Compression Directory for Static CompressionChanging the location of the compression directorySetting a size limit for the compression directoryDisabling HTTP Compression for Requests That Come Through Certain Proxy ServersThrottling Bandwidth to Manage Service AvailabilityDetermining When and Where to Use Bandwidth ThrottlingEnabling Bandwidth ThrottlingUsing Other Features to Enhance PerformanceUsing Web Gardens to Enhance PerformanceConserving Processor Resources by Using Idle TimeoutEnabling CPU Monitoring to Conserve Processing TimeObtaining more detailed CPU monitoring
Controlling Memory Usage
Minimum Memory Requirements for IIS 6.0Memory Management and Memory Allocation in Windows Server 2003Monitoring Overall Server MemoryMonitoring Available MemoryMonitoring PagingMonitoring the File System CacheMonitoring the Size of the Paging FilesMonitoring the IIS 6.0 Working SetMonitoring Disk I/OOptimizing Memory UsageImprove Data OrganizationIncrease the Efficiency of High-Traffic Web SitesTry Disk Mirroring or StripingAdd or Enlarge Paging FilesRetime the IIS Object CacheChange the Balance of the File System Cache to the IIS 6.0 Working SetLimit ConnectionsLimit the Queue Length for Application PoolsAdjust Resource Allocation in WindowsLimit Performance Logging
Preventing Processor Bottlenecks
Identifying Processor BottlenecksMonitoring Processor ActivityAnalyzing Processor Activity DataOptimizing Processor ActivityMonitoring ConnectionsOptimizing ConnectionsMonitoring ThreadsMonitoring Threads and Context SwitchesMonitoring Interrupts and Deferred Procedure CallsOptimizing Thread ValuesImproving Processor PerformanceUpgrade the L2 cacheAdd network adaptersUpgrade network adaptersUpgrade to a multiprocessor computerAssign processor affinity to better use CPU cachingLimit connectionsAdjust the maximum number of threadsRedesign the Web site
Improving Application Performance
Testing Applications with Stress ToolsMeasuring Performance by Using a Stress ClientUsing WCAT as a Stress ClientEstimating Baseline Performance for ApplicationsMonitoring and Tuning ApplicationsMonitoring Applications That Use the WWW ServiceMonitoring ASP PerformanceAnalyzing the DataTuning ASP Metabase SettingsAppAllowDebuggingAspBufferingOnAspProcessorThreadMaxAspQueueConnectionTestTimeAspRequestQueueMaxAspScriptEngineCacheMaxAspScriptFileCacheSizeAspDiskTemplateCacheDirectoryAspSessionTimeout and AspSessionMaxAspTrackThreadingModelCacheISAPIMonitoring ASP.NET PerformanceUseful Counters for Monitoring ASP.NET ApplicationsUseful Counters for Troubleshooting ASP.NET Performance Problems
Balancing Performance and Security
Configuring ServerCacheTime for SSL SessionsTesting How Security Features Affect PerformanceMeasuring Security Overhead by Using a Stress ClientTracking Anonymous and Nonanonymous RequestsWatching 404 Not-Found ErrorsAnalyzing Security Data and Planning UpgradesUpgrade or add processorsAdd memoryUse custom hardware
Optimizing Performance Through Design
Optimizing Application Design and AdministrationUpgrading Hardware to Improve Application PerformanceOptimizing Application DesignOptimizing the Design of ASP ApplicationsOptimizing Network Administration and DesignCreating a More Efficient Web SiteObtaining a Page-Load Performance ProfileOptimizing a Page-Load Performance ProfileVerify That HTTP Keep-Alives Are EnabledSet HTTP CompressionSet Expiration Dates on FilesIdentify Slow-Loading FilesRemove Unneeded File ContentMeasure File Quantity and SizeDetermine Your Port UsageControl Screen RefreshesBest Practices for Creating Efficient SitesUse design elements judiciouslyEnsure that developers design scripts and code that load quicklyTest load times for your pagesPartnering with Other Groups to Improve Performance
Additional Resources
Related IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
14. Web Server Scalability
Scaling IIS 6.0Scalability Features in IIS 6.0Worker process isolation modeOn-demand process startHTTP Keep-AlivesWeb gardensProcessor affinityIdle timeout for worker processesBandwidth throttlingHTTP compression64 GB cache capacityCentralized binary loggingScalability Features in Windows Server 2003Kernel-mode driver64-bit supportWSRMDFSFRS
Improving IIS 6.0 Scalability and Availability with Network Load Balancing
IIS Responses to Load-Balanced Application Pool BehaviorsIIS Response When a Load-Balanced Application Pool Enters Rapid-Fail ProtectionIIS Response When a Load-Balanced Application Pool Exceeds a Configured CPU ThresholdIIS Response When a Load-Balanced Application Pool Is Disabled by an Administrator or an Administrator Shuts Down the WWW ServiceIIS Response When the Kernel-Mode Request Queue Is FullPreserving Session State in Network Load Balancing Web Server ClustersPreserving Session State with ASP Web Applications in Network Load BalancingPreserving Session State with ASP.NET Web Applications in Network Load Balancing
Improving Scalability by Optimizing IIS 6.0 Queues
TCP/IP QueueKernel Request QueueASP Request QueueTuning AspProcessorThreadMaxTuning AspRequestQueueMaxAdditional Metabase PropertiesAspQueueTimeoutAppPoolQueueLengthASP.NET Request QueuesASP.NET CountersRequest ExecutionRequests QueuedRequests RejectedRequest Wait TimeASP.NET Application CountersRequests ExecutingRequests In Application QueuePipeline Instance CountRegistry Entries for Thread Pool QueuingMaxPoolThreadsPoolThreadLimit
Improving Scalability by Optimizing IIS 6.0 Caches
URI CacheToken CacheFile CacheHTTP.sys Response CacheHTTP.sys Cache CountersEvents and Conditions That Disable HTTP.sys Response CachingASP CachingASP Template CachingScript Engine CachingSetting the ASP Cache Metabase Property and Registry EntryAspScriptFileCacheSizeDisableLazyContentPropagationGlobal IIS Caching Registry EntriesDisableMemoryCacheMemCacheSizeObjectCacheTTL
ISP Scaling — Strategies for Hosting Thousands of Sites
Shared Static HostingAdminister IIS by using command-line administration scripts or batch filesCreate a logical folder structureUse host header names to create multiple sites on one serverPut all static sites in one application poolRun all static sites with the same anonymous user accountRecycle the application pool worker process (optional)Monitor startup timesMonitor performanceEnable centralized binary loggingPartition log files on multiple disksShared Static and Dynamic HostingSeparate static and dynamic content sites in different application poolsSet content quotas for sitesConsider enabling Quality of Service (QoS) features for sites that are resource-intensiveConfigure one unique anonymous user per siteDevelop processes for handling service packs, security patches, and hotfixesFor ASP content, allow ASP pages to run on MTA instead of STAIf you need to set up more than 60 application pools where each pool is running as a unique identity on a server, change the UseSharedWPDesktop registry keyIf IIS is spinning up too many worker processes and your server is running out of resources, set a maximum number of concurrent worker processesLocate misbehaving applications and isolate them in their own application poolDedicated HostingConfigure one unique application pool per Web siteConfigure one unique anonymous user per siteConfigure one unique user to run as the process identity of the application pool
Improving Scalability Through UNC–Based Centralized Content Storage
Caching UNC–based FilesLast-Modified CachingASP Change-Notification CachingUNC–based Caching ConsiderationsMaxMpxCtMaxWorkItemsMaxCmdsUNC–based Caching ScenariosScenario 1: Wide Content, Low TrafficScenario 2: Wide Content, High TrafficScenario 3: Narrow Content, High TrafficUNC AuthenticationConstrained Delegation for UNC File Content
Case Study: Scaling an ASP.NET Web Application on IIS 6.0
Capacity PlanningPreparing to TestInterpreting Test DataTuning Production ServersUse RAIDDelete unused default documentsShut down unused servicesChange file and printer sharing defaultsScaling UpScaling Out
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Tools
15. Configuring Internet Sites and Services
DNS OverviewNamespace Planning for DNSRegistering a DNS Domain Name
Configuring Web Sites
Creating and Setting Up Web SitesHome DirectoriesVirtual DirectoriesWebDAV Publishing DirectoriesMaking the WebDAV Publishing Directory Available to UsersEnabling WebDAV RedirectorConfiguring Web Site PropertiesModifying the Default Web SiteModifying Default Web Site Identity SettingsModifying the Default Authentication MethodModifying the Default Physical File LocationEnabling and Configuring Log File FormatsSpecifying the Application PoolExtending Web Sites with FrontPage 2002 Server ExtensionsRedirecting RequestsRedirecting to Dynamic ContentSecuring Web SitesSecuring WebDAV Publishing DirectoriesSetting the Client Authentication MethodConfiguring Access ControlHosting Multiple Web Sites on the Same ServerPort-Based RoutingIP-Based RoutingHost-Header RoutingHost-Header Routing and SSL
Configuring FTP Sites
Installing the FTP ServiceConfiguring FTP Site PropertiesConfiguring Site MessagesSetting the Directory Output StyleSetting the Authentication MethodSetting the Passive Connection Port RangeSecuring FTP SitesCreating Additional FTP SitesHosting Multiple FTP Sites with FTP User IsolationDo Not Isolate Users ModeIsolate Users ModeIsolate Users Using Active Directory ModeUser Home DirectoriesConfiguring Isolate Users Using Active Directory Mode
Configuring the NNTP Service
Installing the NNTP Service and Setting Up NNTP Virtual ServersVirtual ServersFile and Message TypesVirtual DirectoriesConfiguring NNTP Virtual Server PropertiesSecuring NNTP Virtual ServersConfiguring Access-Related SettingsAuthenticationCertificateConnectionSetting Post and Connection LimitsAssigning Administrative CredentialsCreating ACLsCreating and Managing NewsgroupsCreating NewsgroupsModerating NewsgroupsManaging Newsgroup MessagesSetting Expiration PoliciesSetting Expiration Policies Using Rexpire.vbsDeleting Messages Using Rcancel.vbsLimiting Newsgroup EnumerationManaging SessionsManaging Sessions Using Rsess.vbsUsing Control MessagesGenerating Control MessagesRestricting Access to Control MessagesRebuilding the NNTP ServiceBacking Up and Restoring an NNTP Virtual ServerEnabling and Managing NewsfeedsEnabling NewsfeedsAdding, Deleting, and Modifying Newsfeeds
Configuring the SMTP Service
Installing the SMTP Service and Creating an SMTP Virtual ServerDefault SettingsConfiguring an SMTP Virtual Server as a Smart HostSetting Delivery PropertiesSecuring SMTP Virtual ServersConfiguring Access-Related SettingsAuthenticationCertificate and CommunicationConnectionRelayLimiting Administrative AccessSetting Messages LimitsOrganizing Messages Using SMTP DomainsOrganizing Messages Using Local DomainsOrganizing Messages Using Remote Domains
Additional Resources
Related InformationRelated Windows Server 2003 Help Topics
16. IIS 6.0 Administration Scripts, Tips, and Tricks
Creating and Configuring a Site ProgrammaticallyVariablesSetting Up and Configuring DNSCreating DirectoriesCreating Directories RemotelyAdding Temporary ContentAdding Temporary Content RemotelyCreating Web SitesCreating Web Sites RemotelyProviding Additional Host HeadersProviding Additional Host Headers RemotelyInstalling and Setting Up FrontPage 2002 Server ExtensionsInstalling FrontPage 2002 Server Extensions LocallySecurity Considerations for Installing FrontPage 2002 Server Extensions RemotelyCreating FTP SitesSetting Up FTP Virtual DirectoriesSetting Up FTP RemotelySetting ACLsRecommended and Inherited ACLsSetting ACLs RemotelyIncluding Verification and Error CheckingThe Complete Batch File
Creating a Web Site from a Template
Managing IIS 6.0 Programmatically by Using ADSI
IIS ADSI ObjectsIIS ADSI SecurityAdsutil.vbs IIS Administration UtilityParameters for Adsutil.vbsCommands for Adsutil.vbs
Managing IIS 6.0 Programmatically by Using WMI
IIS WMI ProviderAdvantages of Using the IIS WMI ProviderComparing the IIS WMI Provider with the IIS ADSI ProviderObject Hierarchy in IIS WMI ProviderWMI Class TypesWMI Element ClassesWMI Setting ClassesWMI Association ClassesSample WMI ScriptsEnumerating Virtual DirectoriesRecycling Application Pools
Managing Server Certificates Programmatically
Managing Server Certificates by Using IISCertObjSetting IISCertObj PropertiesApplying IISCertObj MethodsCopyExportGetCertInfoImportImportToCertStoreIsExportableIsInstalledMoveRemoveCertSample Server Certificate Management ScriptsImporting server certificates to multiple serversSaving backup copies of server certificates in a central archiveCopying a server certificate from an existing server to a new serverExtracting Server Certificate Information with a CAPICOM-Based ScriptRegistering CAPICOM.dll
Managing IIS 6.0 Remotely
Scheduling IIS 6.0 Backups
Backing Up IIS ContentBacking Up IIS Configuration
Restarting and Alternatives to Restarting IIS 6.0
Automatic RestartWorker Process Isolation Mode
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help Topics
17. Analyzing Log Files
New in LoggingEvents Are Logged by HTTP.sysSubstatus Error Code LoggingCentralized Binary LoggingHTTP.sys Error LoggingRemote Logging
Log File Formats in IIS
UTF-8 Format for Non-English Languages and SecurityLog File Locations and ACLsW3C Extended Log File FormatW3C Extended Log File ExamplesExample of an Intranet SiteExample of an Internet SiteExample of an FTP SiteSubstatus Error CodesNCSA Common Log File FormatNCSA Common Log File ExampleIIS Log File FormatIIS Log File ExampleODBC LoggingCentralized Binary LoggingWhen to Use Centralized Binary LoggingCentralized Binary Logging File Format
HTTP.sys Error Log Files
Common HTTP.sys Error Log File EntriesConfiguring HTTP.sys Error LoggingRegistry ParametersLog File Format for HTTP.sys Error LoggingHTTP.sys Reason PhrasesConnection_Abandoned_By_AppPoolConnection_DroppedVarious connection time-out errorsVarious errorsInternalN/IAll 503 errorsVersion_N/SHTTP.sys Error Log File Examples
Custom Logging Modules
Custom Logging Considerations
Additional Resources
Related InformationRelated Help TopicsRelated Tools
18. Troubleshooting IIS 6.0
Overview of Troubleshooting IIS 6.0Troubleshooting MethodologyPhase 1: DiscoveryInterview the user who reported the problemExamine the recordsPhase 2: PlanningPhase 3: Problem ReproductionPhase 4: Problem IsolationPhase 5: Analysis
Tools for Troubleshooting IIS 6.0
WFetchFile Monitor and Registry MonitorTips for Using File Monitor and Registry Monitor for TroubleshootingIIS 6.0 Enterprise Tracing for WindowsNetwork MonitorTips for Using Network Monitor for TroubleshootingSystem MonitorHRPlusMicrosoft Debugging Tools for Windows
IIS Fundamentals
HTTP Protocol BasicsHTTP Connection ManagementHTTP AuthenticationIIS Service StartupHTTP.sysIIS Admin ServiceWWW ServiceWorker Process StartupHTTP Request WalkthroughCommon Request OperationsRequests for Static ContentRequests Handled by ISAPI ExtensionsCGI Requests
Common Troubleshooting Tasks
Disabling HTTP Friendly Error Messages in Internet ExplorerGenerating an HTTP RequestChecking Basic Functionality with Test Request FilesStatic Content Test Request FileASP Test Request FileASP.NET Test Request FileTesting Simple Object CreationTesting Application Code Outside of IISBrowsing with Different Host Name StylesUsing Substatus and Win32 Errors in W3C Extended LoggingConfiguring the WWW Service to Log Worker Process Recycling EventsChecking NT System and Application Event LogsChecking the HTTP Error LogChecking the IIS LogsRestarting IIS ServicesRestarting a Web SiteRecycling an Application PoolStopping an Application PoolRestarting the WWW ServiceIdentifying Worker Process Process ID
HTTP Status Codes
HTTP 1xx-2xx — Informational and Success CodesHTTP 3xx — Redirection Codes301-Permanent Redirect302-Object Moved304-Not Modified307-Temporary RedirectCourtesy RedirectsHTTP 40x — Client Error CodesHTTP 400-Cannot Resolve the RequestHTTP 401.x-Unauthorized401.1 and 401.2 — Authentication ProblemsInitial IsolationMultiple Authentication MethodsLogonMethod Default Has ChangedNo Authentication Methods Selected (AuthFlags=0)Anonymous Accounts (IUSR_ComputerName) Attempting Sub-authentication Logon Receive the 401.1 Error: Logon FailedNon-Anonymous authenticationBasic authenticationIntegrated Windows authenticationHTTP 403.x-ForbiddenHTTP 404.x-File or Directory Not Found404.1-Web Site Not Accessible on the Requested Port404.2-Lockdown Policy Prevents This Request404.3-MIME Map Policy Prevents This Request405-HTTP Verb Used to Access This Page Is Not Allowed407-Initial Proxy Authentication Required by the Web Server413-Request Entity Is Too Large414-Request URL Is Too Large and Therefore Unacceptable on the Web ServerHTTP 5xx Server Error CodesHTTP 500.x — Internal Server Error Codes500.11 and 500.12-Application State Issues500.13-Web Server Too Busy500.16-UNC Authorization Credentials Are Incorrect500.17 and 500.18-IIS URL Authorization Issues503-Service UnavailableOther HTTP.sys Error Log Errors
Troubleshooting Configuration Problems
Preserving the Integrity of XML in the IIS MetabaseTroubleshooting Problems with UNC ContentAccessing and Executing Remote ContentLogging OnAccessing the Remote ServerExecuting the Remote ContentWorking in a Domain EnvironmentWorking in a Workgroup EnvironmentTroubleshooting File Caching ProblemsASP and Static File Caching ChangesTroubleshooting Problems with Stale ContentTroubleshooting Performance Problems with UNC ContentTroubleshooting IIS Manager and UNC Content ProblemsTroubleshooting Errors That Occur When UNC Content Is Under High LoadModifying the MaxUserPort Registry EntryChecking the File Server SettingModifying the Work Item ConfigurationTroubleshooting Logging ProblemsLogging Security ConfigurationConfiguration processEvent ID 15000, 15001, and 15003Event ID 15002 and Event ID 15004Logging Headers"…" Present in Log FilesUTF-8 Logging Problems
Troubleshooting HTTP.sys Problems
Configuring the IP Inclusion ListEvent ID 15014Event ID 15015Troubleshooting HTTP.sys Communication Problems
Troubleshooting Miscellaneous Problems
Metabase Site IDs Are Unexpected NumbersAnonymous Users Performance Counters in IIS 6.0CGI Processes Will Not StartClients Cannot Connect to the ServerClient Requests Error Out or Time Out
Advanced Troubleshooting
Troubleshooting with a DebuggerTroubleshooting Low CPU HangsTroubleshooting High CPU HangsTroubleshooting CrashesTroubleshooting Memory ProblemsIIS 6.0 Debugging FeaturesEnabling DebuggingLimitations of Health Detection
Additional Resources
Related InformationRelated IIS 6.0 Help TopicsRelated Windows Server 2003 Help TopicsRelated Tools
C. Common Administrative Tasks
Overview of Common Administrative Tasks
Important First Tasks in IIS 6.0
Starting IIS ManagerStarting and Stopping Services and SitesSaving Your Configuration to DiskIf You Receive an Error Stating That IISReset Is DisabledStarting or Stopping IIS Services and SitesEnabling and Disabling Dynamic ContentEnabling ASP PagesInstalling and Enabling ASP.NETCreating a Web Site or an FTP SiteCreating Virtual Directories
Tasks New to IIS 6.0
Creating and Isolating ApplicationsCreating Application PoolsConfiguring RecyclingBacking Up and Restoring the MetabaseSaving and Copying Site Configurations
Security-Related Tasks
Setting Web Site AuthenticationConfiguring Anonymous AuthenticationConfiguring Basic AuthenticationConfiguring Digest AuthenticationConfiguring the Realm NameConfiguring Advanced Digest AuthenticationEnabling Digest authentication and Configuring the Realm NameSetting the UseDigestSSP Metabase PropertyConfiguring Integrated Windows AuthenticationEnabling .NET Passport AuthenticationSetting FTP Site AuthenticationEnabling Anonymous FTP AuthenticationEnabling Basic FTP AuthenticationObtaining and Backing Up Server CertificatesIssue your own server certificateObtain a server certificate from a certification authorityControlling Access to ApplicationsSecuring Your Files with NTFS PermissionsSecuring Your Web Site with Web PermissionsRestricting Access to Your Web Site by Using IP Addresses
Tasks for Managing Servers and Applications
Using Host Header Names to Host Multiple Web SitesRedirecting Web SitesAssigning Resources to Applications
Tasks for Administering Servers
Administering Servers from the Command LineSupported Command-Line ScriptsAdsutil.vbs IIS Administration UtilityAdministering Servers Remotely
D. Unattended Setup
Creating an Answer File
Installing IIS 6.0 with the Operating System
Installing IIS 6.0 After the Operating System
E. Using FrontPage 2002 Server Extensions with IIS 6.0
Overview of FrontPage 2002 Server ExtensionsWhy Use FrontPage 2002 Server Extensions?FrontPage Server Extensions Terminology
Preparing to Extend Web Sites
Installing and Enabling FrontPage Server ExtensionsIIS 6.0 Application Isolation ModesInstalling FrontPage 2002 Server ExtensionsEnabling Web Service ExtensionsTo enable Web service extensionsCreating Web Sites to Extend as Virtual ServersSecuring FrontPage 2002 Server ExtensionsUser AuthenticationFile System Security
Extending and Configuring Web Sites
Extending Web sitesTo extend a Web site by using the Server Administration pagesConfiguring Extended Web SitesConfiguring Web SitesUsing Command-Line Tools
Configuring Advanced Security and Customization
Using Roles to Manage User RightsAuthenticating Users Separately for Each Extended Web SiteConnecting Web Sites to UNC Network Shares
F. IIS 6.0 Performance Counters
Web Service Counters for the WWW Service
Web Service Cache Counters for the WWW Service
FTP Service Counters
Internet Information Services Global Counters
SNMP Counters
SNMP FTP Service CountersSNMP HTTP Service Counters
Active Server Pages Performance Counters
ASP.NET Performance Counters
ASP.NET CountersASP.NET Applications Performance Counters
G. IIS 6.0 Event Messages
Event Logging Overview
WWW Service Events
WWW Service Worker Process Events
ASP Events and Errors
AspLogErrorRequestsAspErrorsToNTLogASP EventsASP Errors
FTP Service Events
WWW Service Performance Counter Events
H. Centralized Binary Log File Format
Centralized Binary LoggingFile NamesRecord OrderRecord TypesHeader RecordFile FootersInline RecordsUnique identifier for URLsIP address typeCache or User-Mode RequestCache-Hit RecordCache-Miss RecordLog File Index Mapping RecordCache Flushes
I. IPv6 and IIS 6.0
Summary of Protocol Changes from IPv4 to IPv6
Comparing IPv4 and IPv6 Addresses
Comparing Address FormatsCompressing Zeros in IPv6 Addresses to the Double-Colon FormatUnderstanding PrefixesComparing Address TypesUnicast AddressesTypes of Transition IPv6 AddressesIPv4-compatible addressesIPv4-mapped addresses6to4 addressesGlobal Addresses
How IIS 6.0 Supports IPv6
Differences in IIS Functionality Between IPv4 and IPv6Using the IPv6-Aware ISAPI Server VariablesHow Installing IPv6 Affects Web Browser Use and Client Connectivity
Securing IPv6 Networks
General Recommendations for Securing IPv6 NetworksSecuring with IPSec on IPv6 Networks
Installing or Removing IPv6
Additional Resources
Related InformationRelated Windows Server 2003 Help TopicsRelated Tools
Glossary
19. Minimum System Requirements
Index
SPECIAL OFFER: Upgrade this ebook with O’Reilly

Content preview from Internet Information Services (IIS) 6 Resource Kit

Security-Related Tasks

IIS 6.0 and Windows Server 2003 provide several ways to help secure your application servers and their content. This section provides information about the following security-related topics:

Setting Web site authentication. Set up Web site authentication for your Web sites.
Setting FTP site authentication. Set up FTP site authentication to validate users who request access to your FTP sites.
Obtaining and backing up server certificates. Set up Secure Sockets Layer (SSL) certification on your sites. SSL certificates enable Web servers and users to authenticate each other before establishing a connection.
Controlling access to applications. Reduce the attack surface of your applications with permissions and restrictions; control ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Internet Information Services (IIS) 7.0 Resource Kit

Publisher Resources

ISBN: 0735614202Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Internet Information Services (IIS) 6 Resource Kit

by The Microsoft IIS Team

Security-Related Tasks

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

More than 5,000 organizations count on O’Reilly

Julian F.

Addison B.

Amir M.

Mark W.

You might also like

Internet Information Services (IIS) 7.0 Resource Kit

Internet Information Services (IIS) 7.0 Administrator’s Pocket Consultant

Windows Server® 2008 Active Directory® Resource Kit

Professional IIS 7.0

Publisher Resources