You are previewing Internet Information Services (IIS) 7.0 Resource Kit.
O'Reilly logo
Internet Information Services (IIS) 7.0 Resource Kit

Book Description

Get the definitive reference for deploying, managing, and supporting Internet Information Services (IIS) 7.0. This official Microsoft RESOURCE KIT provides comprehensive information and resources from Microsoft IIS Team experts who know the technology best. IIS, a service within the Windows Server 2008 operating system, enables users to easily host and manage Web sites, create Web-based business applications, and extend file, print, media, and communication services to the Web. This RESOURCE KIT provides everything you need to know about IIS architecture, migrating servers and applications, capacity planning, performance monitoring, security features, top administration and troubleshooting scenarios, and IIS best practices. You also get an essential toolkit of resources on CD, including scripts, job aids, and a fully searchable eBook.

For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

Table of Contents

  1. Internet Information Services (IIS) 7.0 Resource Kit
    1. SPECIAL OFFER: Upgrade this ebook with O’Reilly
    2. A Note Regarding Supplemental Files
    3. Acknowledgments
    4. Introduction
      1. What’s New in IIS 7.0
      2. Overview of Book
      3. Document Conventions
        1. Reader Aids
        2. Sidebars
        3. Command Line Examples
      4. Companion Media
      5. Find Additional Content Online
        1. Resource Kit Support Policy
    5. I. Foundation
      1. 1. Introducing IIS 7.0
        1. Overview of IIS 7.0
        2. What’s New in IIS 7.0
          1. Core Web Server
            1. Modularity
            2. Extensibility
          2. Configuration
          3. Administration Tools
          4. Diagnostics
            1. Access to Run-Time Information
            2. Failed Request Tracing
          5. Windows Process Activation Service
          6. Application Compatibility
        3. Basic Administration Tasks
          1. Creating a Web Site
          2. Creating an Application
          3. Creating a Virtual Directory
          4. Creating an Application Pool
          5. Assigning an Application to an Application Pool
        4. IIS 7.0 Features in Windows Server 2008 and Windows Vista
        5. Summary
        6. Additional Resources
      2. 2. Understanding IIS 7.0 Architecture
        1. Overview of IIS 7.0 Architecture
        2. IIS 7.0 Core Components
          1. HTTP.sys
          2. World Wide Web Publishing Service
          3. Windows Process Activation Service
          4. Configuration Store
          5. Worker Process
        3. Request Processing in Application Pool
          1. Classic Mode
          2. .NET Integrated Mode
            1. How ASP.NET Integration Is Implemented
          3. Module Scope
          4. Module Ordering
        4. Non-HTTP Request Processing
        5. Summary
        6. Additional Resources
      3. 3. Understanding the Modular Foundation
        1. Concepts
          1. The Ideas
          2. Types of Modules
          3. Modules and Configuration
        2. Key Benefits
          1. Security
          2. Performance
          3. Extensibility
        3. Built-in Modules
        4. Summary
        5. Additional Resources
      4. 4. Understanding the Configuration System
        1. Overview of the Configuration System
          1. Configuration File Hierarchy
            1. machine.config and root web.config
            2. applicationHost.config
            3. Distributed web.config Files
            4. redirection.config
            5. administration.config
            6. Temporary Application Pool .config Files
          2. Configuration File Syntax
            1. Section Declarations
            2. Section Groups
            3. Sections
            4. Configuration Section Schema
            5. Location Tags
          3. The IIS 7.0 Configuration System and the IIS 6.0 Metabase
            1. Differences Between the IIS 7.0 Configuration System and the IIS 6.0 Metabase
            2. IIS 6.0 Metabase Compatibility
          4. IIS 7.0 and the .NET Configuration Systems
        2. Editing Configuration
          1. Deciding Where to Place Configuration
          2. Setting Configuration
            1. Setting Section Attributes
            2. Manipulating Configuration Collections
              1. Adding Items to a Collection with <add />
              2. Removing Items from a Collection with <remove />
              3. Clearing the Collection with <clear />
          3. Understanding Configuration Errors
        3. Managing Configuration
          1. Backing Up Configuration
          2. Using Configuration History
          3. Exporting and Importing Configuration
          4. Delegating Configuration
            1. Delegation Settings in the IIS Manager
            2. Default Settings for Delegated Configuration
            3. Directly Configuring Delegation
            4. Additional Configuration for Remote Administration
            5. Granular Configuration Locking
              1. lockAttributes, lockAllAttributesExcept
              2. lockElements, lockAllElementsExcept
              3. lockItem
          5. Sharing Configuration Between Servers
            1. Enabling Shared Configuration
            2. How Shared Configuration Works
              1. Step 1: Preparing for Shared Configuration
              2. Step 2: Export the Configuration Files
              3. Step 3: Enable Shared Configuration
            3. Shared Configuration Considerations
        4. Summary
        5. Additional Resources
    6. II. Deployment
      1. 5. Installing IIS 7.0
        1. Planning the Installation
          1. Installation Scenarios for IIS 7.0
            1. Static Content Web Server (Default Installation)
            2. ASP.NET
            3. Classic ASP
            4. FastCGI Server Workload
            5. IIS Managed Modules and .NET Extensibility Server Workload
            6. IIS Full Install
            7. Server Core Web Edition Server Workload
              1. Installing IIS 7.0 on Server Core Web Edition
          2. Ways to Install IIS 7.0
          3. Using Server Manager
            1. Preparing Local User Administrator Security
            2. Installing IIS 7.0 Using Server Manager
          4. Using Package Manager
          5. Using ServerManagerCMD
          6. Unattended Answer Files
          7. Sysprep/New Setup System
          8. Auto-Installs
          9. Windows Server 2008 Setup for Optional Features
        2. Post Installation
          1. Folders and Content
          2. Registry
          3. Services
          4. Validation
            1. WebUI
            2. Users and Groups Provided in Windows Server 2008
        3. Troubleshooting Installation
          1. Event Logs
          2. IIS 7.0 Log
          3. Other Related Logging Options
        4. Removing IIS 7.0
          1. The User Interface in Windows Server 2008 and Windows Vista
          2. Command Line Method
            1. Using Package Manager
            2. Using ServerManagerCMD
        5. Summary
        6. Additional Resources
    7. III. Administration
      1. 6. Using IIS Manager
        1. Overview of IIS Manager
        2. Starting IIS Manager
        3. IIS Manager User Interface
          1. Navigation Toolbar
          2. Connections Pane
            1. Creating New Connections
          3. Workspace
            1. Features View
              1. Home Page
              2. Page Layouts
            2. Content View
          4. Actions Pane
        4. Understanding Features
          1. Feature to Module Mapping
          2. Where the Configuration Is Written
          3. Feature Scope
        5. IIS 7.0 Manager Customization and Extensibility
        6. Remote Administration
        7. Summary
        8. Additional Resources
      2. 7. Using Command Line Tools
        1. Using Command Line Management Tools
        2. Appcmd.exe
        3. Getting Started with Appcmd
          1. Appcmd Syntax
          2. Supported Objects
          3. Getting Help
          4. Understanding Appcmd Output
          5. General Parameters
          6. Using Range Operators
          7. Avoiding Common Appcmd Pitfalls
        4. Using Basic Verbs: List, Add, Set, Delete
          1. Using the List Command to List and Find Objects
          2. Using the Add Verb to Create Objects
          3. Using the Set Verb to Change Existing Objects
          4. Using the Delete Verb to Remove Objects
        5. Working with Configuration
          1. Viewing Configuration with the List Config Command
          2. Setting Configuration with the Set Config Command
            1. Setting Configuration Attributes
            2. Managing Configuration Collections
          3. Managing Configuration Delegation
          4. Managing Configuration Backups
        6. Working with Applications, Virtual Directories, and Application Pools
        7. Working with Web Server Modules
        8. Inspecting Running Worker Processes and Requests
          1. Listing Running IIS Worker Processes
          2. Listing Currently Executing Requests
        9. Working with Failed Request Tracing
          1. Turning on Failed Request Tracing
          2. Creating Failed Request Tracing Rules
          3. Searching Failed Request Tracing logs
        10. Microsoft.Web.Administration
          1. Creating Sites with MWA
          2. Creating Application Pools with MWA
          3. Setting Configuration
        11. Windows PowerShell and IIS 7.0
        12. WMI Provider
        13. IIS 7.0 Configuration COM Objects
        14. Summary
        15. Additional Resources
      3. 8. Remote Administration
        1. The IIS Manager
        2. Web Management Service
          1. Installation
          2. WMSvc Configuration
            1. Configuring the Service Startup Type to Automatic
            2. Enable Remote Connections, SSL Certificate, and IP Configuration
            3. IPv4 Address Restrictions
            4. Connection Authentication Options
              1. Windows Credentials
              2. IIS Manager Credentials
          3. Managing Remote Administration
            1. Managing Users and Permissions
              1. Windows Credentials
              2. IIS Manager Credentials
              3. Using Windows PowerShell to Manage IIS Users and Permissions
            2. Feature Delegation
              1. Delegation States
          4. Using Remote Administration
          5. Troubleshooting
            1. Unable to Connect to the Remote Server
            2. (401) Unauthorized
          6. Logging
            1. Analyzing Remote Administration Logs by Using Log Parser
              1. Summary of Status Codes
              2. Number of Requests per User
              3. Number of Times a Module Has Been Used
              4. List the Number of Delegated Calls for Each Site
        3. Summary
        4. Additional Resources
      4. 9. Managing Web Sites
        1. Web Sites, Applications, Virtual Directories, and Application Pools
          1. Web Sites
          2. Applications
          3. Virtual Directories
          4. Application Pools
        2. Administrative Tasks
          1. Adding a New Web Site
          2. Configuring a Web Site’s Bindings
          3. Limiting Web Site Usage
          4. Configuring Web Site Logging and Failed Request Tracing
          5. Starting and Stopping Web Sites
        3. Managing Virtual Directories
          1. Adding a New Virtual Directory
            1. Configuring Access Credentials for the Virtual Directory
            2. Creating Virtual Directory with AppCmd
          2. Configuring Virtual Directories
          3. Searching Virtual Directories
        4. Managing Remote Content
          1. Configuring the Application to Use Remote Content
          2. Selecting the Security Model for Accessing Remote Content
          3. Configuring Fixed Credentials for Accessing Remote Content
          4. Granting Access to the Remote Content
        5. Summary
        6. Additional Resources
      5. 10. Managing Applications and Application Pools
        1. Managing Web Applications
          1. Creating Web Applications
          2. Listing Web Applications
        2. Managing Application Pools
          1. Application Pool Considerations
          2. Adding a New Application Pool
          3. Managing Application Pool Identities
            1. Security Account Changes in IIS 7.0
            2. Configuring Application Pool Identity
          4. Advanced Application Pool Configuration
            1. Enabling User Profile Loading
            2. Monitoring Application Pool Recycling Events
        3. Managing Worker Processes and Requests
          1. Monitoring Worker Processes and Requests
        4. Summary
        5. Additional Resources
      6. 11. Hosting Application Development Frameworks
        1. IIS as an Application Development Platform
          1. Adding Support for Application Frameworks
          2. Supported Application Frameworks
        2. Hosting ASP.NET Applications
          1. Understanding the Integrated and Classic ASP.NET Modes
          2. Running Multiple Versions of ASP.NET Side by Side
          3. Installing ASP.NET
            1. Installing ASP.NET 2.0
            2. Installing ASP.NET 1.1
          4. Deploying ASP.NET Applications
            1. Creating an IIS Application
            2. Selecting the Right Application Pool for the Required ASP.NET Version and Integration Mode
            3. Migrating ASP.NET 2.0 Applications to Use Integrated Mode
            4. Taking Advantage of ASP.NET Integrated Mode
          5. Additional Deployment Considerations
            1. Breaking Changes in ASP.NET 2.0 Integrated Mode
            2. Hosting ASP.NET Applications on Remote UNC Shares
        3. Hosting ASP Applications
          1. Installing ASP
          2. Deploying ASP Applications
          3. Additional Deployment Considerations
            1. Enabling Script Errors to Be Shown
            2. Parent Paths Disabled by Default
            3. Hosting ASP Applications on Remote UNC Shares
        4. Hosting PHP Applications
          1. Deploying PHP Applications
            1. Installing FastCGI
            2. Installing PHP
            3. Deploying PHP Applications
            4. Creating a FastCGI Handler Mapping for PHP
          2. Additional Deployment Considerations
            1. Configuring PHP Execution Identity
            2. Hosting PHP Applications on Remote UNC Shares
            3. Ensuring Availability of PHP Applications
        5. Techniques for Enabling Application Frameworks
          1. Enabling New Static File Extensions to Be Served
          2. Deploying Frameworks Based on IIS 7.0 Native Modules
          3. Deploying Frameworks Based on ASP.NET Handlers
          4. Deploying Frameworks Based on ISAPI Extensions
          5. Deploying Frameworks That Use FastCGI
            1. Modifying FastCGI Application Settings
            2. Ensuring Availability of FastCGI Applications
          6. Deploying Frameworks That Use CGI
        6. Summary
        7. Additional Resources
      7. 12. Managing Web Server Modules
        1. Extensibility in IIS 7.0
          1. IIS 7.0 Extensibility Architecture at a Glance
          2. Managing Extensibility
        2. Runtime Web Server Extensibility
          1. What Is a Module?
            1. The Request Processing Pipeline
            2. Differences Between Managed (.NET) and Native (C++) Modules
          2. Installing Modules
            1. Installing Native Modules
            2. Uninstalling Native Modules
            3. Installing Managed Modules
            4. Deploying Assemblies Containing Managed Modules
              1. Deploying the Module Assembly at the Server Level
              2. Deploying the Module Assembly with the Application
            5. Uninstalling Managed Modules
            6. Understanding Module Preconditions
            7. Installing Modules for x64 Environments
          3. Common Module Management Tasks
            1. Controlling What Modules Are Enabled
            2. Enabling Managed Modules to Run for All Requests
            3. Controlling Module Ordering
            4. Adding Handler Mappings
            5. Types of Handler Mappings
          4. Using IIS Manager to Install and Manage Modules
          5. Using IIS Manager to Create and Manage Handler Mappings
          6. Using Appcmd to Install and Manage Modules
            1. Installing and Uninstalling Modules
            2. Enabling and Disabling Modules
            3. Examining Enabled Modules
          7. Creating and Managing Handler Mappings
            1. Adding a Handler Mapping
            2. Editing a Handler Mapping
            3. Deleting a Handler Mapping
            4. Adding Entries to the ISAPI CGI Restriction List (Formerly Web Service Restriction List)
          8. Securing Web Server Modules
            1. Taking Advantage of Componentization to Reduce the Security Surface Area of the Server
            2. Understanding and Reducing the Privilege of Code that Runs on Your Server
            3. Locking Down Extensibility
        3. Summary
        4. Additional Resources
      8. 13. Managing Configuration and User Interface Extensions
        1. Administration Stack Overview
        2. Managing Configuration Extensions
          1. Configuration Section Schema
          2. Declaring Configuration Sections
          3. Installing New Configuration Sections
          4. Securing Configuration Sections
            1. Controlling Configuration Delegation
            2. Protecting Sensitive Configuration Data
        3. Managing Administration Extensions
          1. How Administration Extensions Work
          2. Installing Administration Extensions
          3. Securing Administration Extensions
        4. Managing IIS Manager Extensions
          1. How IIS Manager Extensions Work
          2. Installing IIS Manager Extensions
          3. Securing IIS Manager Extensions
        5. Summary
        6. Additional Resources
      9. 14. Implementing Security Strategies
        1. Security Changes in IIS 7.0
          1. Reducing Attack Surface Area
            1. Installing the Minimal Required Set of Web Server Features
            2. Enabling Only the Required ISAPI Filters
            3. Enabling Only the Required ISAPI Extensions
            4. Enabling Only the Required CGI Programs
            5. Enabling Only the Required FastCGI Programs
          2. Reducing the Application’s Surface Area
            1. Enabling Only the Required Modules
            2. Configuring the Minimal Set of Handler Mappings
            3. Setting Web Site Permissions
            4. Configuring Minimal Sets of MIME Types
        2. Configuring Applications for Least Privilege
          1. Use a Low Privilege Application Pool Identity
          2. Set NTFS Permissions to Grant Minimal Access
          3. Reduce Trust of ASP.NET Applications
          4. Isolating Applications
        3. Implementing Access Control
          1. IP and Domain Restrictions
          2. Request Filtering
            1. Setting Request Limits
            2. Configuring Allowed Extensions
            3. Configuring Hidden URL Segments
            4. Configuring Denied URL Sequences
          3. Authorization
          4. NTFS ACL-based Authorization
          5. URL Authorization
            1. Using URL Authorization to Restrict Access
            2. Creating URL Authorization Rules
            3. Using ASP.NET Roles with URL Authorization
          6. Authentication
          7. Anonymous Authentication
          8. Basic Authentication
          9. Digest Authentication
          10. Windows Authentication
            1. Configuring Windows Authentication
          11. Client Certificate Mapping Authentication
          12. IIS Client Certificate Mapping Authentication
            1. Creating One-to-One Certificate Mappings
            2. Creating Many-to-One Certificate Mappings
          13. UNC Authentication
          14. Understanding Authentication Delegation
        4. Securing Communications with Secure Socket Layer (SSL)
          1. Configuring SSL
          2. Requiring SSL
          3. Client Certificates
        5. Securing Configuration
          1. Restricting Access to Configuration
            1. Setting Permissions on Configuration Files
            2. Understanding Configuration Isolation
            3. Setting Permissions for Shared Configuration
          2. Securing Sensitive Configuration
            1. Using Configuration Encryption to Store Configuration Secrets
            2. Selecting Encryption Providers
            3. Limitations of Storing Secrets in Configuration
            4. Limiting Access to Configuration from Managed Code in Partial Trust Environments
          3. Controlling Configuration Delegation
            1. Controlling Which Configuration Is Delegated
        6. Summary
        7. Additional Resources
    8. IV. Troubleshooting and Performance
      1. 15. Logging
        1. What’s New?
          1. IIS Manager
          2. The XML-Based Logging Schema
          3. Centralized Logging Configuration Options
          4. SiteDefaults Configuration Options
          5. Disable HTTP Logging Configuration Options
          6. Default Log File Location
          7. Default UTF-8 Encoding
          8. New Status Codes
          9. Management Service
        2. Log File Formats That Have Not Changed
        3. Centralized Logging
          1. W3C Centralized Logging Format
          2. Centralized Binary Logging Format
        4. Remote Logging
          1. Setting Up Remote Logging by Using the IIS Manager
          2. Setting Up Remote Logging by Using Appcmd
          3. Remote Logging Using the FTP 7.0 Publishing Service
          4. Custom Logging
        5. Configuring IIS Logging
          1. IIS Manager
          2. Appcmd
          3. Advanced Appcmd Details
        6. HTTP.sys Logging
        7. Application Logging
          1. Process Recycling Logging
          2. ASP
          3. ASP.NET
          4. IIS Events
        8. Folder Compression Option
        9. Logging Analysis Using Log Parser
        10. Summary
        11. Additional Resources
      2. 16. Tracing and Troubleshooting
        1. Tracing and Diagnosing Problems
          1. Installing the Failed Request Tracing Module
          2. Enabling and Configuring FRT
            1. Tracing a Specific Error Code
            2. Configuring FRT by Using Appcmd
          3. Reading the FRT Logs
          4. Integrating Tracing and ASP.NET
            1. Capturing ASP.NET Trace Output with FRT
            2. Instrumenting ASP.NET Applications for Tracing
          5. Taking Performance into Consideration
        2. Troubleshooting
          1. Applying a Methodology
          2. Using Tools and Utilities
            1. Using net start and sc query
            2. Using ping
            3. Using PortCheck
            4. Using tasklist and netstat
            5. Using WFetch 1.4
            6. Using Appcmd
            7. Using Process Monitor
            8. Using IIS Manager
            9. Using Event Viewer
            10. Using FRT
            11. Using Reliability and Performance Monitor
            12. Using Network Monitor
          3. Troubleshooting HTTP
            1. Understanding Friendly Errors, Custom Errors, and Detailed Errors
            2. Checking the Logs
            3. Troubleshooting Common HTTP Problem Scenarios
              1. Troubleshooting Static and Dynamic Content Problems
              2. Troubleshooting UNC Access Errors
              3. Troubleshooting 503 Service Unavailable Errors
              4. Troubleshooting Firewall Problems
              5. Troubleshooting Parent Path Problems
              6. Troubleshooting Specific Status Codes
        3. Solving Common Specific Issues
          1. IIS 6.0 Administration Tools Not Installed
          2. SSl Not Enabled
          3. Unexpected Recycling
          4. Crashes
          5. Unable to Reach Web Site
          6. Authentication Errors
          7. Slow Responses or Server Hanging
        4. Summary
        5. Additional Resources
      3. 17. Performance and Tuning
        1. Striking a Balance Between Security and Performance
          1. How to Measure Overhead
          2. Authentication
          3. SSL
        2. The Impact of Constrained Resources
        3. Processor
          1. What Causes CPU Pressure?
          2. Throttling
          3. CPU Counters to Monitor
          4. Impact of Constraints
          5. Countermeasures
        4. Memory
          1. What Causes Memory Pressure?
          2. Memory Counters to Monitor
          3. Impact of Constraints
          4. Countermeasures
        5. Hard Disks
          1. What Causes Hard Disk Pressure?
          2. Hard Disk Counters to Monitor
          3. Impact of Constraints
          4. Countermeasures
        6. Network
          1. What Causes Network Pressure?
          2. Network Counters to Monitor
          3. Impact of Constraints
          4. Countermeasures
          5. Application-Level Counters
        7. 64-Bit Mode vs. 32-Bit Mode
        8. Configuring for Performance
          1. Server Level
          2. IIS
          3. Optimizing for the Type of Load
            1. Load
            2. Required Availability
            3. Performance Requirement
            4. Type of Content
          4. Server-Side Tools
            1. HTTP.sys Cache
            2. User-mode Caching
            3. Compression
            4. Application Pools
            5. NLB
          5. Application
            1. Identifying and Isolating Bottlenecks
            2. Best Practices
        9. Performance Monitoring
          1. WCAT
          2. Reliability And Performance Monitor
          3. FRT
          4. Event Viewer
          5. System Center Operations Manager 2007
        10. Scalability
          1. During Design
            1. Understanding the Application’s Nature
            2. User Base
          2. Scale Up or Out
            1. Web Farms
            2. Web Gardens
            3. Hardware Upgrade
            4. NLB
        11. Summary
        12. Additional Resources
    9. V. Appendices
      1. A. IIS 7.0 HTTP Status Codes
      2. B. IIS 7.0 Error Messages
        1. HTTP Errors in IIS 7.0
        2. <httpErrors> Configuration
          1. Substatus Codes
          2. A Substatus Code Example
        3. Language-Specific Custom Errors
        4. Custom Error Options
          1. Execute a URL
          2. Redirect the Request
      3. C. IIS 7.0 Modules Listing
        1. Native Modules
        2. Managed Modules
      4. D. Modules Sequence
      5. E. IIS 7.0 Default Settings and Time-Outs/Thresholds
        1. ASP.NET
        2. IIS
          1. Failed Request Tracing Rules
          2. IPv4 Address and Domain Restrictions
          3. Output Caching
          4. Worker Processes (Server Level Only)
        3. Management
          1. IIS Manager Permissions
          2. IIS Manager Users
        4. Application Pool Defaults
      6. F. IIS 7.0 and 64-Bit Windows
        1. Windows Server 2008 x64
          1. Configuring a 32-Bit Application on 64-Bit Microsoft Windows
            1. Using IIS Manager
            2. Using the Command Line
            3. Configuration Changes
      7. G. IIS Manager Features to Configuration References
        1. ASP.NET
        2. IIS
        3. Management
      8. H. IIS 6.0 Metabase Mapping to IIS 7.0
      9. I. IIS 7.0 Shared Hosting
        1. Implementing Process Gating
          1. Using the Command Line
          2. Configuration Changes
        2. Enabling Dynamic Idle Threshold
          1. Using the Command Line
          2. Configuration Changes
      10. J. Common Administrative Tasks Using IIS Manager
    10. K. About the Authors
      1. Michael Volodarsky
      2. Olga Londer
      3. Brett Hill
      4. Bernard Cheah
      5. Steve Schofield
      6. Carlos Aguilar Mares
      7. Kurt Meyer
      8. Tito Leverette
    11. L. System Requirements
    12. Index
    13. SPECIAL OFFER: Upgrade this ebook with O’Reilly