Internet Information Services (IIS) 6.0 Resource Kit - S3 Tech Training

echinoidqueenServers

Dec 4, 2013 (3 years and 11 months ago)

20,102 views

PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2004 by Microsoft Corporation
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or
by any means without the written permission of the publisher.
Library of Congress Cataloging-in-Publication Data
Internet Information Services (IIS) 6.0 Resource Kit / the Microsoft IIS Team.
p. cm.
Includes index.
ISBN 0-7356-1420-2
1.Microsoft Internet information server.2.Microsoft Windows server.3.
Internet--Computer programs.4.Web servers.I.Microsoft IIS Team.
TK5105.875.I57I5565 2003
005.7'13769--dc21 2003056127
Printed and bound in the United States of America.
1 2 3 4 5 6 7 8 9 QWE 8 7 6 5 4 3
Distributed in Canada by H.B. Fenn and Company Ltd.
A CIP catalogue record for this book is available from the British Library.
Microsoft Press books are available through booksellers and distributors worldwide. For further informa-
tion about international editions, contact your local Microsoft Corporation office or contact M icrosoft
Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send
comments to rkinput@microsoft.com.
Active Directory, ActiveX, BizTalk, FrontPage, JScript, Microsoft, Microsoft Press, MS-DOS, MSDN,
NetMeeting, Outlook, SharePoint, Verdana, Visual Basic, Visual C++, Visual C#, Visual Studio, Win32,
Windows, Windows Media, Windows NT, and Windows Server are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries. Other product and
company names mentioned herein may be the trademarks of their respective owners.
The example companies, organizations, products, domain names, e-mail addresses, logos, people,
places, and events depicted herein are fictitious. No association with any real company, organization,
product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Acquisitions Editor:Martin DelRe
Project Editor:Maureen Williams Zimmerman
Body Part No. X08-22441
INTRODUCTION ..........................................................................................................xxxiii
PART I Deploying Internet Information Services (IIS) 6.0 ..............................................................1
CHAPTER 1 Overview of Deploying IIS 6.0 ...................................................................3
CHAPTER 2 Deploying ASP.NET Applications in IIS 6.0 ...........................................17
CHAPTER 3 Securing Web Sites and Applications ...................................................41
CHAPTER 4 Ensuring Application Availability .........................................................105
CHAPTER 5 Upgrading an IIS Server to IIS 6.0 .......................................................135
CHAPTER 6 Migrating IIS Web Sites to IIS 6.0 .......................................................195
CHAPTER 7 Migrating Apache Web Sites to IIS 6.0 ...............................................267
APPENDIX A IIS Deployment Procedures ................................................................313
APPENDIX B Changes to Metabase Properties in IIS 6.0 ......................................403
PART II Internet Information Services (IIS) 6.0 Resource Guide .............................................407
CHAPTER 8 Introducing IIS 6.0 ................................................................................409
CHAPTER 9 IIS 6.0 Architecture...............................................................................419
CHAPTER 10 Running IIS 6.0 as an Application Server .........................................457
CHAPTER 11 Working with the Metabase ..............................................................513
CHAPTER 12 Managing a Secure IIS 6.0 Solution .................................................565
CHAPTER 13 Optimizing IIS 6.0 Performance ........................................................623
CHAPTER 14 Web Server Scalability .......................................................................723
CHAPTER 15 Configuring Internet Sites and Services ...........................................783
CHAPTER 16 IIS 6.0 Administration Scripts, Tips, and Tricks ...............................833
CHAPTER 17 Analyzing Log Files .............................................................................877
CHAPTER 18 Troubleshooting IIS 6.0 ......................................................................905
Contents at a Glance
Appendix C Common Administrative Tasks ............................................................987
Appendix D Unattended Setup ...............................................................................1033
Appendix E Using FrontPage 2002 Server Extensions ........................................1043
Appendix F IIS 6.0 Performance Counters ............................................................1059
Appendix G IIS 6.0 Event Messages ......................................................................1089
Appendix H Centralized Binary Log File Format ...................................................1113
Appendix I IPv6 and IIS 6.0.....................................................................................1127
GLOSSARY..................................................................................................................1145
INDEX..........................................................................................................................1171


INTRODUCTION...........................................................................................................xxxiii

Resource Kit Compact Disc
......................................................................................................
xxxiv
Document Conventions
................................................................................................................
xxxv
Support Policy
....................................................................................................................................
xxix
PART I Deploying Internet Information Services (IIS) 6.0.............................................................1

CHAPTER 1 Overview of Deploying IIS 6.0

..................................................................3

Overview of Deploying an IIS 6.0 Web Server
.........................................................................
4
Process for Deploying an IIS 6.0 Web Server

......................................................5
Deploying a New IIS 6.0 Web Server

.............................................................7

Upgrading and Migrating a Server to IIS 6.0

.................................................8

Overview of IIS 6.0
..............................................................................................................................
9
IIS 6.0 Benefits and Features

..............................................................................9
Internet and Intranet Applications on IIS 6.0

...................................................11
Determining Application Compatibility with IIS 6.0
............................................................
11
Moving from IIS 5.0 Isolation Mode to Worker Process Isolation Mode
...................
12
Reviewing Application Isolation Modes

............................................................12
Benefits of Moving to Worker Process Isolation Mode

....................................13
Security Enhancements

..............................................................................13

Performance and Scaling Enhancements

.................................................14

Availability Enhancements

..........................................................................14

CHAPTER 2 Deploying ASP.NET Applications in IIS 6.0

..........................................17

Overview of Deploying ASP.NET Applications in IIS 6.0
...................................................
18
Process for Deploying ASP.NET Applications in IIS 6.0

...................................19
Deploying the Web Server
............................................................................................................
21
Installing Windows Server 2003

......................................................................22
Installing and Configuring IIS 6.0

......................................................................23
Contents
vi Contents
Enabling ASP.NET in the Web Service Extensions List....................................23
Installing ASP.NET Applications
...................................................................................................
24
Creating Web Sites and Virtual Directories for each ASP.NET Application.....25
Creating Web Sites and Home Directories.................................................25
Creating Virtual Directories..........................................................................26
Copying ASP.NET Application Content...............................................................27
Enabling Common Storage for ASP.NET Session State..................................28
Selecting the Method for Maintaining and Storing ASP.NET Session State
...........
28
Configuring Out-of-Process Session State with the ASP.NET State Service
...........
31
Configuring Out-of-Process Session State with SQL Server......................32
Configuring Encryption and Validation Keys...............................................32
Configuring ASP.NET Applications to Use the Appropriate Session State 33
Securing the ASP.NET Session State Connection String...........................35
Completing the ASP.NET Application Deployment
..............................................................
36
Ensuring the Security and Availability of ASP.NET Applications......................37
Verifying That the ASP.NET Applications Were Deployed Successfully...........38
Backing Up the Web Server...............................................................................39
Enabling Client Access
.......................................................................................39
Additional Resources
.......................................................................................................................
40
CHAPTER 3 Securing Web Sites and Applications
.................................................43
Overview of the Securing Web Sites and Applications Process
....................................
44
Process for Securing Web Sites and Applications............................................45
Reducing the Attack Surface of the Web Server
.................................................................
48
Enabling Only Essential Windows Server 2003 Components and Services..50
Enabling Only Essential IIS Components and Services...................................61
Enabling Only Essential Web Service Extensions.............................................70
Enabling Only Essential MIME Types.................................................................72
Configuring Windows Server 2003 Security Settings.....................................73
Preventing Unauthorized Access to Web Sites and Applications
.................................
75
Storing Content on a Dedicated Disk Volume..................................................76
Setting IIS Web Site Permissions.......................................................................77
Setting IP Address and Domain Name Restrictions.........................................79
Setting NTFS Permissions..................................................................................79
Isolating Web Sites and Applications
........................................................................................
81
Evaluating the Effects of Impersonation on Application Compatibility...........83
Identifying the Impersonation Behavior for ASP Applications
...................84
Contents vii
Selecting the Impersonation Behavior for ASP.NET Applications.............84
Configuring Web Sites and Applications for Isolation.....................................85
Configuring User Authentication
.................................................................................................
87
Configuring Web Site Authentication.................................................................89
Selecting a Web Site Authentication Method.............................................89
Configuring the Web Site Authentication Method......................................91
Configuring FTP Site Authentication..................................................................92
Encrypting Confidential Data Exchanged with Clients
......................................................
92
Using SSL to Encrypt Confidential Data............................................................94
Using IPSec or VPN with Remote Administration.............................................95
Maintaining Web Site and Application Security
...................................................................
96
Obtaining and Applying Current Security Patches............................................98
Enabling Windows Server 2003 Security Logs...............................................100
Enabling File Access Auditing for Web Site Content......................................101
Configuring IIS Logs..........................................................................................101
Reviewing Security Policies, Processes, and Procedures.............................103
Additional Resources
....................................................................................................................
106
CHAPTER 4 Ensuring Application Availability.......................................................109
Overview of the Ensuring Application Availability Process
...........................................
110
Process for Ensuring Application Availability..................................................111
Establishing Application Availability Goals
..........................................................................
113
Setting Service Availability Goals.....................................................................114
Setting Request-Handling Goals......................................................................115
Configuring IIS 6.0 for Optimum Availability
.......................................................................
117
Isolating Applications........................................................................................118
Determining the Application Isolation Needs of Your Server..................119
Creating Application Pools and Assigning Applications to Them............119
Recycling Worker Processes............................................................................120
Recycling by Elapsed Time........................................................................123
Recycling by Number of Requests............................................................123
Recycling at Scheduled Times...................................................................124
Recycling on a Virtual-Memory Threshold................................................124
Recycling on a Used-Memory Threshold...................................................124
Tuning Performance.........................................................................................125
Configuring Idle Time-out for Worker Processes......................................126
Configuring a Request Queue Limit..........................................................126
viii Contents
Configuring Web Gardens..........................................................................127
Setting Processor Affinity on Servers with Multiple CPUs.......................128
Managing Application Pool Health...................................................................129
Configuring Worker Process Pinging.........................................................129
Configuring Rapid-Fail Protection for Worker Processes.........................130
Configuring the Startup Time Limit for Worker Processes......................131
Configuring the Shutdown Time Limit for Worker Processes..................131
Enabling Debugging for Application Pool Failures...................................131
Configuring Application Pool Identity...............................................................132
Testing Applications for Compatibility
...................................................................................
133
Testing Applications for Compatibility with IIS 6.0........................................134
Testing Applications for Functional Compatibility with IIS 6.0
......................135
Additional Resources
....................................................................................................................
137
CHAPTER 5 Upgrading an IIS Server to IIS 6.0
.....................................................139
Overview of Upgrading an IIS Server to IIS 6.0
..................................................................
140
Process for Upgrading an IIS Server to IIS 6.0...............................................141
Preparing to Upgrade
....................................................................................................................
145
Determining Compatibility with Windows Server 2003
.................................147
Identifying and Compensating for Changes to IIS6.0...................................148
Ensuring That the WWW Service is Enabled After Upgrade....................149
Compensating for Changes to IIS Components.......................................149
Determining Application Compatibility with Worker
Process Isolation Mode....................................................................................151
Evaluating the Benefits of Worker Process Isolation Mode....................152
Evaluating Application Changes Required for
Worker Process Isolation Mode.................................................................155
Evaluating Management and Provisioning Script
Changes Required for Worker Process Isolation Mode...........................156
Verifying Application Compatibility with Worker
Process Isolation Mode in a Lab...............................................................157
Determining Application Compatibility with the .NET Framework.................157
Performing the Upgrade
...............................................................................................................
158
Backing Up the Server......................................................................................160
Verifying That Clients Are Not Accessing Web Sites......................................160
Preventing the WWW Service from Being Disabled......................................161
Modifying the Registry or Unattended Setup Script.................................161
Running the IIS Lockdown Tool.................................................................162
Contents ix
Upgrading the Server to IIS 6.0.......................................................................164
Verifying That the Operating System Upgrade Was Successful...................165
Backing Up the IIS 6.0 Metabase....................................................................165
Converting to Worker Process Isolation Mode
...................................................................
166
Documenting the Current Application Isolation Settings..............................168
Configuring IIS 6.0 to Run in Worker Process Isolation Mode.......................169
Configuring Application Isolation Settings in Worker
Process Isolation Mode....................................................................................169
Example: Converting to Worker Process Isolation Mode..............................171
Configuring IIS 6.0 Properties
...................................................................................................
172
Enabling the WWW Service..............................................................................174
Configuring Web Service Extensions...............................................................174
Configuring MIME Types...................................................................................176
Modifying References to IIS 6.0 Metabase Properties..................................176
Upgrading FrontPage Extended Web Sites.....................................................177
Determining Whether to Run the IIS Lockdown Tool and UrlScan................177
Making Security-Related Configuration Changes...........................................178
Enabling Essential IIS Components and Services....................................178
Removing Unnecessary IIS Virtual Directories.........................................179
Configuring the Anonymous User Identity................................................180
Configuring IIS 6.0 to Host ASP.NET Applications
............................................................
180
Configuring IIS 6.0 to Use the Correct Version of the .NET Framework........182
Configuring the .NET Framework.....................................................................182
Reviewing How ASP.NET Applications Run In
Each Application Isolation Mode.....................................................................183
Migrating Machine.config Attributes to IIS 6.0
Metabase Property Settings.............................................................................185
Migrating Recycling-Related Attributes.....................................................187
Migrating Performance-Related Attributes...............................................188
Migrating Health-Related Attributes..........................................................190
Migrating Identity-Related Attributes........................................................192
Completing the Upgrade
..............................................................................................................
194
Verifying That the Web Sites and Applications Run Properly.........................196
Backing Up the Server......................................................................................197
Enabling Client Access.....................................................................................197
Additional Resources
....................................................................................................................
198
x Contents
CHAPTER 6 Migrating IIS Web Sites to IIS 6.0.....................................................199
Overview of Migrating IIS Web Sites to IIS 6.0
..................................................................
200
Process for Migrating IIS Web Sites to IIS 6.0................................................201
Preparing for Migration
................................................................................................................
206
Identifying Which Web Site and Application Components to Migrate...........208
Determining Compatibility with Windows Server￿ 2003...............................209
Determining Application Compatibility with Worker
Process Isolation Mode....................................................................................210
Evaluating the Benefits of Worker Process Isolation Mode....................212
Evaluating Application Changes Required
for Worker Process Isolation Mode...........................................................214
Evaluating Management and Provisioning Script
Changes Required for Worker Process Isolation Mode
...........................215
Verifying Application Compatibility with Worker
Process Isolation Mode in a Lab...............................................................216
Determining Application Compatibility with the .NET Framework.................217
Selecting a Migration Method..........................................................................218
Identifying the Role of the IIS 6.0 Migration Tool...........................................219
Migration Tasks That Are Automated by the IIS 6.0 Migration Tool.......219
Migration Tasks That Must Be Completed Manually...............................220
Deploying the Target Server
.......................................................................................................
223
Installing Windows Server￿ 2003.....................................................................225
Installing and Configuring IIS 6.0....................................................................225
Migrating Web Sites with the IIS 6.0 Migration Tool
.......................................................
226
Installing the IIS 6.0 Migration Tool.................................................................228
Verifying That Clients Are Not Accessing Web Sites......................................228
Running the IIS 6.0 Migration Tool..................................................................230
Verifying That the IIS 6.0 Migration Tool Ran Successfully...........................231
Migrating Additional Web Site Content...........................................................232
Migrating Content Located Outside the Home
Directory of the Web Site..........................................................................232
Migrating Content Located in Virtual Directories.....................................233
Modifying IIS 6.0 Metabase Properties That Reference
the Systemroot Folder......................................................................................233
Migrating Web Sites Manually
..................................................................................................
235
Verifying That Clients Are Not Accessing Web Sites
Before a Manual Migration..............................................................................237
Contents xi
Creating Web Sites and Virtual Directories.....................................................237
Creating Web Sites and Home Directories on the Target Server............237
Creating Virtual Directories........................................................................238
Migrating Web Site Content.......................................................................239
Configuring Web Site Application Isolation Settings.....................................240
Documenting the Current Application Isolation
Settings on the Source Server...................................................................240
Configuring Application Isolation Settings in IIS 5.0 Isolation Mode......241
Configuring Application Isolation Settings in
Worker Process Isolation Mode.................................................................242
Configuring IIS 6.0 Properties
...................................................................................................
244
Configuring IIS 6.0 Properties That Reference Local User Accounts............246
Configuring Web Service Extensions...............................................................247
Configuring MIME Types...................................................................................248
Migrating Server Certificates for SSL..............................................................249
Migrating FrontPage Users and Roles.............................................................250
Configuring IIS 6.0 to Host ASP.NET Applications..........................................251
Configuring IIS to Use the Correct Version of the .NET Framework........251
Configuring the .NET Framework...............................................................252
Reviewing How ASP.NET Applications Run in Each
Application Isolation Mode........................................................................252
Migrating Machine.config Attributes to IIS 6.0 Metabase
Property Settings........................................................................................254
Determining Whether to Run the IIS Lockdown Tool and UrlScan................255
Performing Application-Specific Migration Tasks
.............................................................
256
Modifying Application Code for Compatibility with
Windows Server 2003 and IIS 6.0..................................................................258
Modifying References to Windows Platform Components
and APIs No Longer Supported in Windows Server 2003.......................258
Modifying References to IIS 6.0 Metabase Properties............................258
Modifying Applications To Be Compatible with Worker
Process Isolation Mode..............................................................................259
Installing Additional Software Required by Applications................................259
Migrating MTS Packages, COM Objects, and COM+ Applications.................260
Modifying ODBC Data Connection Strings and DSNs....................................261
Creating IP Addresses That Are Used by Applications....................................262
Creating Users and Groups That Are Used by Applications...........................262
Creating Registry Entries for Applications.......................................................263
xii Contents
Completing the Migration
............................................................................................................
264
Verifying That the Web Sites and Applications Migrated Successfully.........266
Backing Up the Target Server..........................................................................267
Enabling Client Access.....................................................................................267
Additional Resources
....................................................................................................................
268
CHAPTER 7 Migrating Apache Web Sites to IIS 6.0.............................................271
Overview of Migrating Apache Web Sites to IIS 6.0
........................................................
272
Process for Migrating Apache Web Sites to IIS 6.0........................................273
Preparing for Migration
................................................................................................................
276
Determining Web Site Compatibility with IIS 6.0............................................277
Determining Web Site Compatibility with Worker
Process Isolation Mode....................................................................................279
Identifying the Role of the Migration Tool.......................................................280
Selecting a Migration Tool Installation Option................................................281
Source Server Installation Option.............................................................283
Target Server Installation Option...............................................................284
Intermediate Computer Installation Option..............................................284
Deploying the Target Server
.......................................................................................................
285
Installing Windows Server￿ 2003.....................................................................286
Installing IIS 6.0................................................................................................287
Configuring the FTP Service.............................................................................288
Performing the Migration
............................................................................................................
288
Installing the Migration Tool
.............................................................................289
Installing the Migration Tool on Computers Running Linux....................290
Installing the Migration Tool on Computers Running Windows..............290
Configuring the Target Server for Migration.............................................291
Verifying that Clients Are Not Accessing Web Sites.......................................292
Migrating Web Site Content.............................................................................292
Migrating Web Site Configuration....................................................................294
Recovering from an Interruption in the Migration Process...........................295
Determining Cause of and Resolving Errors.............................................296
Restarting the Migration Tool in Recovery Mode.....................................296
Migrating Apache-Specific Extensions
..................................................................................
296
Migrating Dynamic Content..............................................................................298
Migrating Database Content and Connectivity
...............................................300
Migrating the Database Content...............................................................300
Contents xiii
Migrating the Database Connectivity........................................................301
Migrating External Modules.............................................................................302
Configuring IIS 6.0
..........................................................................................................................
304
Configuring Web Service Extensions...............................................................305
Configuring MIME Types...................................................................................307
Configuring Web Site Properties......................................................................307
Configuring Server Certificates for SSL...........................................................308
Backing Up the Target Server..........................................................................309
Enabling Client Access After Migration
.................................................................................
310
Additional Resources
....................................................................................................................
311
APPENDIX A IIS Deployment Procedures
..............................................................313
Assign Additional IP Addresses to a Network Adapter.............................315
Assign a Server Certificate to a Web Site.................................................315
Back Up and Restore Registry Entries......................................................316
Back Up and Restore the IIS Metabase....................................................317
Back Up and Restore the Web Server to a File or Tape..........................318
Configure an ASP.NET Application for ASP.NET.......................................321
Configure Anonymous User Identity..........................................................323
Configure a Web Site to be FrontPage Extended.....................................324
Configure Application Identity for IIS 5.0 Isolation Mode........................325
Configure Application Isolation Modes.....................................................326
Configure Application Isolation Settings for IIS 5.0 Isolation Mode.......327
Configure Application Pool Health.............................................................328
Configure Application Pool Identity...........................................................329
Configure Application Pool Performance..................................................330
Configure Application Pool Recycling........................................................332
Configure FrontPage Server Roles............................................................334
Configure FTP Server Authentication........................................................335
Configure IIS Components and Services..................................................337
Configure IP Address Assigned to Web Sites...........................................338
Configure IP Address and Domain Name Restrictions............................338
Configure MIME Types...............................................................................343
Configure NTFS Permissions.....................................................................345
Configure the State Service on the ASP.NET State Server......................347
Configure the Registry................................................................................347
Configure the Web Site Identification Number........................................349
Configure Web Server Authentication.......................................................350
xiv Contents
Configure Web Service Extensions............................................................352
Configure Web Site Permissions...............................................................354
Configure Windows Server 2003 Services...............................................356
Convert Existing Disk Volumes to NTFS....................................................357
Create a Service Account...........................................................................358
Create A SQL Server Database for Storing ASP.NET Session State.......360
Create a Virtual Directory...........................................................................361
Create a Web Site.......................................................................................362
Debug Application Pool Failures................................................................363
Determine Web Sites Uniquely Identified by IP Addresses.....................364
Disable Network Adapters.........................................................................365
Enable ASP.NET..........................................................................................366
Enable Logging...........................................................................................367
Enable Network Adapters..........................................................................368
Enable Security Auditing............................................................................368
Enable the WWW Service After Upgrade..................................................370
Enable Web Site Content Auditing............................................................370
Export a Server Certificate.........................................................................372
Gather and Display WWW Service Uptime Data......................................374
Grant User Rights to a Service Account....................................................377
Install a Server Certificate.........................................................................379
Install IIS 6.0...............................................................................................381
Install Subauthentication...........................................................................381
Isolate Applications in Worker Process Isolation Mode...........................382
Make a Service Account a Member of the
Local Administrators Group.......................................................................384
Migrate CDONTS.........................................................................................384
Modify the IIS Metabase Directly..............................................................385
Monitor Active Web and FTP Connections................................................386
Pause Web or FTP Sites.............................................................................388
Publish Web Site Content with FrontPage................................................390
Remove Virtual Directories........................................................................393
Request a Server Certificate......................................................................394
Secure the Root Folder of Each Disk Volume..........................................394
Secure Windows Server 2003 Built-in Accounts......................................395
Set Processor Affinity.................................................................................396
Contents xv
Stop the WWW Service...............................................................................398
Upgrade FrontPage Extended Web Sites..................................................398
View Application Isolation Configuration..................................................399
View Web Site and Application Process Identities...................................400
APPENDIX B Changes to Metabase Properties in IIS 6.0
....................................403
PART II Internet Information Services (IIS) 6.0 Resource Guide ...........................................407
CHAPTER 8 Introducing IIS 6.0..............................................................................409
Internet Information Services 6.0
...........................................................................................
410
What’s Changed
..............................................................................................................................
411
Reliability Improvements..................................................................................411
Manageability Improvements..........................................................................412
Security Improvements.....................................................................................413
Performance and Scalability Improvements...................................................414
IIS 6.0 Resource Guide Tools
....................................................................................................
415
Additional Resources
....................................................................................................................
417
CHAPTER 9 IIS 6.0 Architecture
............................................................................419
Overview of IIS 6.0 Architecture
...............................................................................................
420
IIS 6.0 Services
................................................................................................................................
424
IIS 6.0 Core Components
............................................................................................................
427
HTTP Protocol Stack
.........................................................................................427
Worker Processes.............................................................................................428
WWW Service Administration and Monitoring................................................429
Inetinfo.exe........................................................................................................430
The IIS Metabase..............................................................................................431
Application Isolation Modes
.......................................................................................................
432
Choosing an Application Isolation Mode
.........................................................433
Application Isolation Mode Defaults.........................................................434
Application Isolation Mode Functions.......................................................435
Worker Process Isolation Mode.......................................................................436
Benefits of Using Worker Process Isolation Mode
.................
436
Features of Worker Process Isolation Mode
.....................
437
How Application Pools Work
..................................
440
Request Processing in Worker Process Isolation Mode
............
441
IIS 5.0 Isolation Mode......................................................................................446
Application Isolation in IIS 5.0 Isolation Mode.........................................446
Request Processing in IIS 5.0 Isolation Mode.........................................447
How ASP.NET Works with IIS 6.0
.............................................................................................
452
xvi Contents
Additional Resources
....................................................................................................................
454
CHAPTER 10 Running IIS 6.0 as an Application Server.......................................457
Introduction to Running an Application Server
.................................................................
458
Configuring an Application Server Role
................................................................................
459
Technologies Offered in the Application Server.............................................459
Benefits of Enabling ASP.NET
....................................................................461
Benefits of Installing FrontPage Server Extensions.................................462
IIS 6.0...............................................................................................................462
Installing IIS 6.0................................................................................................464
Enabling Dynamic Content
.........................................................................................................
465
Configuring an Application Isolation Mode
..........................................................................
467
Choosing an Application Isolation Mode
.........................................................468
Evaluating the Capabilities of the Two Application Isolation Modes......468
Evaluating Application Requirements.......................................................470
Security Considerations When Choosing an Application
Isolation Mode............................................................................................472
Performance Considerations When Choosing an
Application Isolation Mode........................................................................473
Configuring an Application Isolation Mode.....................................................474
Setting Isolation for Applications Running in IIS 5.0
Isolation Mode
............................................................................................476
Creating Application Pools
..........................................................................................................
477
Guidelines for Creating Application Pools.......................................................478
Configuring Application Pools..........................................................................479
Ensuring Application Health in Worker Process Isolation Mode
................................
480
Monitoring Application Pool Health.................................................................480
Using an ISAPI Extension That Declares Itself Unhealthy
........................483
Enabling Debugging...................................................................................483
Ensuring Application Pool Health..............................................................484
Recycling Worker Processes............................................................................484
How Worker Process Recycling Works......................................................485
When and How to Use Worker Process Recycling...................................486
Logging Worker Process Recycling Events...............................................487
Configuring Rapid-Fail Protection....................................................................488
Managing Resources in Worker Process Isolation Mode
.............................................
490
Configuring Web Gardens................................................................................490
Configuring Idle Timeout for a Worker Process..............................................492
Contents xvii
Configuring Shutdown and Startup Time Limits.............................................493
Enabling CPU Monitoring..................................................................................494
Assigning Processor Affinity.............................................................................497
Running Web Applications
..........................................................................................................
499
Enhancements to ISAPI Support......................................................................500
Using ASP in IIS 6.0..........................................................................................502
Improvements to the ASP Programming Environment............................502
Security and Performance Enhancements in ASP...................................506
Setting Application Mappings..........................................................................508
Additional Resources
....................................................................................................................
511
CHAPTER 11 Working with the Metabase
............................................................513
Overview of the IIS 6.0 Metabase
...........................................................................................
514
IIS 6.0 Metabase Features...............................................................................515
Metabase Terminology.....................................................................................517
XML Terminology Related to IIS.................................................................518
Metabase Structure
.......................................................................................................................
520
Property Inheritance.........................................................................................522
The Metabase Schema....................................................................................524
Collections..................................................................................................524
Properties....................................................................................................525
Flags............................................................................................................526
Remaining Collections...............................................................................526
Metabase Security
.........................................................................................................................
527
File-Level Security.......................................................................................527
Encrypted Properties..................................................................................528
Checklist: Metabase Security....................................................................529
Backing Up and Restoring the Metabase
............................................................................
531
Backing Up the Metabase................................................................................531
The Metabase History Feature.........................................................................533
Configuring the Metabase History Feature...............................................534
Naming the Metabase History Files..........................................................534
Metabase Error Files..................................................................................537
Restoring the Metabase...................................................................................537
Restoring the Metabase from History Files..............................................538
Restoring the Metabase from Backup Files.............................................540
Restoring a Section of the Metabase.......................................................541
Editing the Metabase
....................................................................................................................
541
xviii Contents
Best Practices for Maintaining Metabase Integrity..................................542
Configuring the Metabase................................................................................542
Editing Metabase Properties............................................................................545
Editing the MetaBase.xml File While IIS Is Running.......................................547
The Edit-While-Running Process...............................................................547
Simultaneous Updates...............................................................................550
Enabling Edit-While-Running.....................................................................550
Writing the In-Memory Metabase and Schema to Disk................................552
Writing the In-Memory Metabase to Disk.................................................553
Writing the In-Memory Schema to Disk....................................................555
Metabase Import and Export
.....................................................................................................
556
Importing and Exporting Metabase Elements with IIS Manager
.............559
Moving Sites and Applications to Another Computer..............................560
Metabase Import/Export Behavior............................................................562
Machine-Specific and System-Specific Information................................562
Additional Resources
....................................................................................................................
564
CHAPTER 12 Managing a Secure IIS 6.0 Solution...............................................565
What’s Changed
..............................................................................................................................
566
IIS Installs in a Locked-Down Mode..........................................................567
Restrictive MIME Types Reduce the Attack Surface of IIS......................568
Multiple Worker Processes Affect ISAPI Filter Status Display.................570
ASP-Related Security Changes..................................................................571
Security-Related Changes in Authentication............................................572
Security-Related Changes in Access Control............................................575
Automatic Installation of Security Patches
.........................................................................
576
Authentication
..................................................................................................................................
577
Anonymous Authentication..............................................................................578
Basic Authentication.........................................................................................578
Digest Authentication.......................................................................................580
Advanced Digest Authentication......................................................................581
Integrated Windows Authentication................................................................583
UNC Authentication..........................................................................................584
Constrained Delegation.............................................................................585
.NET Passport Authentication..........................................................................588
Access Control
..................................................................................................................................
588
NTFS Permissions
.............................................................................................590
Contents xix
Access Control Lists...................................................................................590
Web Site Permissions.......................................................................................593
IIS and Built-in Accounts..................................................................................594
Configuring Application Pool Identity........................................................596
URL Authorization.............................................................................................601
Using URL Authorization............................................................................604
Encryption
..........................................................................................................................................
605
SSL and Certificates.........................................................................................606
Managing Certificates Programmatically..................................................606
Server-Gated Cryptography........................................................................611
Cryptographic Service Provider.................................................................612
Client Certificate Mapping.........................................................................612
TCP/IP Port Filtering
......................................................................................................................
613
Creating an IPSec Policy to Restrict Ports.......................................................616
Secure Code
......................................................................................................................................
620
MIME Types
.......................................................................................................................................
620
Additional Resources
....................................................................................................................
621
CHAPTER 13 Optimizing IIS 6.0 Performance......................................................623
Overview of Performance Monitoring and Tuning
............................................................
624
Using Performance Tools to Obtain a Baseline..............................................624
System Monitor..........................................................................................625
Performance Logs and Alerts....................................................................625
Task Manager.............................................................................................626
Event Tracing with Log Manager and Trace Report.................................626
Network Monitor.........................................................................................627
Monitoring with Performance Counters..........................................................627
Counters Provided by Windows and by IIS...............................................628
Suggested Performance Counters to Watch............................................629
Setting Up Monitoring.......................................................................................632
Viewing Counter Data in the Performance Console.................................632
Using the Predefined System Overview Log.............................................633
Collecting Useful Data......................................................................................633
Managing Network Activity
.........................................................................................................
634
Estimating Bandwidth Requirements and Connection Speed......................635
Monitoring Network Activity.............................................................................639
Monitoring Data Transmission Rates at Different OSI Layers................640
Monitoring File and Message Transfers...................................................644
xx Contents
Monitoring TCP Connections.....................................................................645
Administering Network Resources..................................................................647
Limiting Connections to Manage Resources............................................648
Enabling HTTP Keep-Alives to Keep Connections Open..........................650
Setting Connection Timeouts to Save Resources....................................650
Using HTTP Compression for Faster Downloads......................................654
Throttling Bandwidth to Manage Service Availability...............................663
Using Other Features to Enhance Performance......................................666
Controlling Memory Usage
..........................................................................................................
668
Monitoring Overall Server Memory..................................................................669
Monitoring Available Memory....................................................................669
Monitoring Paging......................................................................................670
Monitoring the File System Cache............................................................670
Monitoring the Size of the Paging Files....................................................672
Monitoring the IIS 6.0 Working Set...........................................................672
Optimizing Memory Usage...............................................................................674
Preventing Processor Bottlenecks
..........................................................................................
679
Identifying Processor Bottlenecks
...................................................................679
Monitoring Processor Activity....................................................................680
Monitoring Connections.............................................................................683
Monitoring Threads....................................................................................684
Improving Processor Performance..................................................................688
Improving Application Performance
.......................................................................................
690
Testing Applications with Stress Tools............................................................690
Measuring Performance by Using a Stress Client....................................691
Using WCAT as a Stress Client..................................................................692
Estimating Baseline Performance for Applications..................................693
Monitoring and Tuning Applications................................................................693
Monitoring Applications That Use the WWW Service...............................694
Monitoring ASP Performance....................................................................695
Tuning ASP Metabase Settings.................................................................696
Monitoring ASP.NET Performance.............................................................699
Balancing Performance and Security
....................................................................................
702
Configuring ServerCacheTime for SSL Sessions............................................702
Testing How Security Features Affect Performance.......................................704
Measuring Security Overhead by Using a Stress Client
...........................705
Contents xxi
Tracking Anonymous and Nonanonymous Requests.....................................706
Watching 404 Not-Found Errors......................................................................708
Analyzing Security Data and Planning Upgrades............................................708
Optimizing Performance Through Design
............................................................................
709
Optimizing Application Design and Administration........................................710
Creating a More Efficient Web Site..................................................................713
Obtaining a Page-Load Performance Profile............................................713
Optimizing a Page-Load Performance Profile...........................................715
Best Practices for Creating Efficient Sites................................................718
Partnering with Other Groups to Improve Performance.................................720
Additional Resources
....................................................................................................................
721
CHAPTER 14 Web Server Scalability.....................................................................723
Scaling IIS 6.0
..................................................................................................................................
724
Scalability Features in IIS 6.0..........................................................................725
Scalability Features in Windows Server 2003................................................727
Improving IIS 6.0 Scalability and Availability with Network Load Balancing
........
729
IIS Responses to Load-Balanced Application Pool Behaviors.......................730
Preserving Session State in Network Load Balancing
Web Server Clusters.........................................................................................733
Preserving Session State with ASP Web Applications in
Network Load Balancing............................................................................734
Preserving Session State with ASP.NET Web Applications in
Network Load Balancing............................................................................735
Improving Scalability by Optimizing IIS 6.0 Queues
........................................................
737
TCP/IP Queue....................................................................................................738
Kernel Request Queue.....................................................................................738
ASP Request Queue..........................................................................................739
Tuning AspProcessorThreadMax...............................................................741
Tuning AspRequestQueueMax..................................................................742
Additional Metabase Properties................................................................742
ASP.NET Request Queues................................................................................743
ASP.NET Counters......................................................................................743
ASP.NET Application Counters...................................................................744
Registry Entries for Thread Pool Queuing.......................................................745
Improving Scalability by Optimizing IIS 6.0 Caches
.........................................................
745
URI Cache..........................................................................................................746
Token Cache......................................................................................................747
xxii Contents
File Cache..........................................................................................................748
HTTP.sys Response Cache...............................................................................750
HTTP.sys Cache Counters..........................................................................750
Events and Conditions That Disable HTTP.sys Response Caching.........751
ASP Caching......................................................................................................753
ASP Template Caching
...............................................................................753
Script Engine Caching................................................................................756
Setting the ASP Cache Metabase Property and Registry Entry...............757
Global IIS Caching Registry Entries.................................................................758
ISP Scaling — Strategies for Hosting Thousands of Sites
.............................................
759
Shared Static Hosting.......................................................................................760
Shared Static and Dynamic Hosting
................................................................761
Dedicated Hosting............................................................................................764
Improving Scalability Through UNC–Based Centralized Content Storage
............
764
Caching UNC–based Files................................................................................765
Last-Modified Caching...............................................................................765
ASP Change-Notification Caching.............................................................766
UNC–based Caching Considerations..............................................................767
UNC–based Caching Scenarios.......................................................................769
Scenario 1: Wide Content, Low Traffic......................................................769
Scenario 2: Wide Content, High Traffic.....................................................770
Scenario 3: Narrow Content, High Traffic.................................................771
UNC Authentication..........................................................................................772
Constrained Delegation for UNC File Content................................................773
Case Study: Scaling an ASP.NET Web Application on IIS 6.0
.....................................
774
Capacity Planning.............................................................................................774
Preparing to Test........................................................................................775
Interpreting Test Data................................................................................776
Tuning Production Servers...............................................................................777
Scaling Up..........................................................................................................778
Scaling Out........................................................................................................779
Additional Resources
....................................................................................................................
780
CHAPTER 15 Configuring Internet Sites and Services.........................................783
DNS Overview
...................................................................................................................................
784
Configuring Web Sites
..................................................................................................................
785
Creating and Setting Up Web Sites
.................................................................785
Contents xxiii
Home Directories........................................................................................786
Virtual Directories.......................................................................................786
WebDAV Publishing Directories.................................................................787
Configuring Web Site Properties......................................................................788
Modifying the Default Web Site.................................................................789
Redirecting Requests.................................................................................790
Securing Web Sites...........................................................................................792
Securing WebDAV Publishing Directories.................................................792
Hosting Multiple Web Sites on the Same Server............................................794
Port-Based Routing....................................................................................795
IP-Based Routing........................................................................................795
Host-Header Routing..................................................................................796
Configuring FTP Sites
....................................................................................................................
797
Installing the FTP Service.................................................................................797
Configuring FTP Site Properties.......................................................................798
Securing FTP Sites............................................................................................800
Creating Additional FTP Sites...........................................................................801
Hosting Multiple FTP Sites with FTP User Isolation........................................801
Configuring the NNTP Service
...................................................................................................
809
Installing the NNTP Service and Setting Up NNTP Virtual Servers................810
Configuring NNTP Virtual Server Properties....................................................811
Securing NNTP Virtual Servers.........................................................................812
Creating and Managing Newsgroups..............................................................814
Creating Newsgroups.................................................................................814
Moderating Newsgroups............................................................................816
Managing Newsgroup Messages..............................................................816
Limiting Newsgroup Enumeration.............................................................819
Managing Sessions....................................................................................819
Using Control Messages............................................................................820
Rebuilding the NNTP Service...........................................................................822
Backing Up and Restoring an NNTP Virtual Server........................................823
Enabling and Managing Newsfeeds................................................................823
Configuring the SMTP Service
...................................................................................................
826
Installing the SMTP Service and Creating an SMTP Virtual Server...............827
Configuring an SMTP Virtual Server as a Smart Host....................................828
Securing SMTP Virtual Servers........................................................................828
Organizing Messages Using SMTP Domains..................................................830
xxiv Contents
Additional Resources
....................................................................................................................
831
CHAPTER 16 IIS 6.0 Administration Scripts, Tips, and Tricks.............................833
Creating and Configuring a Site Programmatically
..........................................................
834
Setting Up and Configuring DNS......................................................................835
Creating Directories..........................................................................................836
Adding Temporary Content
...............................................................................837
Creating Web Sites...........................................................................................838
Providing Additional Host Headers............................................................838
Installing and Setting Up FrontPage 2002 Server Extensions......................840
Creating FTP Sites.............................................................................................843
Setting Up FTP Virtual Directories.............................................................843
Setting ACLs......................................................................................................845
Including Verification and Error Checking.......................................................846
The Complete Batch File..................................................................................847
Creating a Web Site from a Template
...................................................................................
849
Managing IIS 6.0 Programmatically by Using ADSI
.........................................................
850
IIS ADSI Objects................................................................................................851
IIS ADSI Security
...............................................................................................851
Adsutil.vbs IIS Administration Utility................................................................852
Managing IIS 6.0 Programmatically by Using WMI
..........................................................
856
IIS WMI Provider.........................................................................................857
Object Hierarchy in IIS WMI Provider........................................................859
Sample WMI Scripts...................................................................................860
Managing Server Certificates Programmatically
..............................................................
862
Managing Server Certificates by Using IISCertObj..........................................862
Extracting Server Certificate Information with a CAPICOM-Based Script.....869
Managing IIS 6.0 Remotely
........................................................................................................
870
Scheduling IIS 6.0 Backups
.......................................................................................................
872
Restarting and Alternatives to Restarting IIS 6.0
.............................................................
874
Additional Resources
....................................................................................................................
875
CHAPTER 17 Analyzing Log Files...........................................................................877
New in Logging
.................................................................................................................................
878
Log File Formats in IIS
..................................................................................................................
879
W3C Extended Log File Format........................................................................882
W3C Extended Log File Examples.............................................................884
Substatus Error Codes...............................................................................888
Contents xxv
NCSA Common Log File Format.......................................................................888
NCSA Common Log File Example..............................................................889
IIS Log File Format............................................................................................890
IIS Log File Example...................................................................................891
ODBC Logging...................................................................................................892
Centralized Binary Logging...............................................................................893
HTTP.sys Error Log Files
...............................................................................................................
896
Configuring HTTP.sys Error Logging.................................................................897
Log File Format for HTTP.sys Error Logging....................................................899
HTTP.sys Reason Phrases.........................................................................900
HTTP.sys Error Log File Examples.............................................................902
Custom Logging Modules
............................................................................................................
902
Additional Resources
....................................................................................................................
904
CHAPTER 18 Troubleshooting IIS 6.0....................................................................905
Overview of Troubleshooting IIS 6.0
.......................................................................................
906
Troubleshooting Methodology.........................................................................906
Tools for Troubleshooting IIS 6.0
.............................................................................................
910
WFetch...............................................................................................................910
File Monitor and Registry Monitor...................................................................911
IIS 6.0 Enterprise Tracing for Windows...........................................................912
Network Monitor...............................................................................................916
System Monitor.................................................................................................918
HRPlus...............................................................................................................918
Microsoft Debugging Tools for Windows.........................................................919
IIS Fundamentals
............................................................................................................................
919
HTTP Protocol Basics........................................................................................919
HTTP Connection Management.................................................................921
HTTP Authentication...................................................................................921
IIS Service Startup............................................................................................922
HTTP Request Walkthrough.............................................................................925
Common Request Operations...................................................................925
Requests for Static Content......................................................................926
Requests Handled by ISAPI Extensions....................................................926
CGI Requests..............................................................................................926
Common Troubleshooting Tasks
.............................................................................................
927
Disabling HTTP Friendly Error Messages in Internet Explorer.......................927
Generating an HTTP Request...........................................................................927
xxvi Contents
Checking Basic Functionality with Test Request Files...................................928
Browsing with Different Host Name Styles.....................................................931
Using Substatus and Win32 Errors in W3C Extended Logging.....................932
Configuring the WWW Service to Log Worker Process Recycling Events.....933
Checking NT System and Application Event Logs..........................................934
Checking the HTTP Error Log
...........................................................................934
Checking the IIS Logs.......................................................................................934
Restarting IIS Services.....................................................................................935
Restarting a Web Site................................................................................935
Recycling an Application Pool....................................................................936
Stopping an Application Pool.....................................................................936
Restarting the WWW Service.....................................................................936
Identifying Worker Process Process ID............................................................937
HTTP Status Codes
.........................................................................................................................
938
HTTP 1xx-2xx — Informational and Success Codes........................................938
HTTP 3xx — Redirection Codes........................................................................939
301-Permanent Redirect...........................................................................939
302-Object Moved......................................................................................939
304-Not Modified.......................................................................................939
307-Temporary Redirect............................................................................939
Courtesy Redirects.....................................................................................940
HTTP 40x — Client Error Codes........................................................................940
HTTP 400-Cannot Resolve the Request...................................................941
HTTP 401.x-Unauthorized..........................................................................942
401.1 and 401.2-Authentication Problems.............................................943
HTTP 403.x-Forbidden...............................................................................950
HTTP 404.x-File or Directory Not Found...................................................951
HTTP 5xx Server Error Codes...........................................................................954
HTTP 500.x — Internal Server Error Codes...............................................955
503-Service Unavailable............................................................................958
Other HTTP.sys Error Log Errors.......................................................................959
Troubleshooting Configuration Problems
............................................................................
960
Preserving the Integrity of XML in the IIS Metabase......................................960
Troubleshooting Problems with UNC Content.................................................960
Accessing and Executing Remote Content...............................................961
Troubleshooting File Caching Problems...................................................963
Contents xxvii
Troubleshooting Performance Problems with UNC Content...................965
Troubleshooting IIS Manager and UNC Content Problems.....................966
Troubleshooting Errors That Occur When UNC Content
Is Under High Load.....................................................................................967
Troubleshooting Logging Problems...........................................................970
Troubleshooting HTTP.sys Problems
......................................................................................
972
Configuring the IP Inclusion List................................................................972
Troubleshooting HTTP.sys Communication Problems.............................974
Troubleshooting Miscellaneous Problems............................................................974
Metabase Site IDs Are Unexpected Numbers..........................................974
Anonymous Users Performance Counters in IIS 6.0................................975
CGI Processes Will Not Start......................................................................975
Clients Cannot Connect to the Server.......................................................976
Client Requests Error Out or Time Out......................................................977
Advanced Troubleshooting.....................................................................................978
Troubleshooting with a Debugger....................................................................978
Troubleshooting Low CPU Hangs.....................................................................979
Troubleshooting High CPU Hangs....................................................................979
Troubleshooting Crashes.................................................................................980
Troubleshooting Memory Problems.................................................................980
IIS 6.0 Debugging Features.............................................................................980
Enabling Debugging...................................................................................981
Limitations of Health Detection.................................................................982
Additional Resources..............................................................................................983
APPENDIX C Common Administrative Tasks........................................................987
Overview of Common Administrative Tasks..........................................................988
Important First Tasks in IIS 6.0..............................................................................990
Starting IIS Manager.........................................................................................991