IIS Manager

The first tool for administering IIS we’ll look at is IIS Manager, an MMC console that is installed in the Administrative Tools program group when IIS is installed on Windows  Server 2003. IIS Manager is a GUI tool that lets you manage FTP, SMTP, NNTP, or websites; configure Application Pools; lock down or unlock various IIS features; and so on. You can use IIS Manager to administer any number of IIS machines locally at the console or remotely over a LAN or even WAN connection (IIS Manager usually works through proxy servers). IIS Manager provides administrators with access to a wide range of IIS configuration settings including performance, security, quality of service, maintenance, and content management functions. You can use it to manually perform almost any IIS administration task (for automating sequences of administration tasks you need to use scripting).

Note 

IIS Manager was called Internet Services Manager (ISM) in previous versions of IIS.

Starting IIS Manager

You can start IIS Manager a lot of different ways:

  • Select Start | Administrative Tools | Internet Information Services (IIS) Manager.

  • Select Start | Run, type inetmgr, and click OK.

  • Select Start | Run, type %SystemRoot%\System32\inetsrv\iis.msc, and click OK. Open a command prompt, change to %SystemRoot%\System32\inetsrv as your current directory, and type inetmrg or iis.msc.

    Security Alert! 

    Like other Windows 2000 administrative tools, you must be a member of the Administrators group to use IIS Manager. You can also run IIS Manager when logged on with ordinary user credentials by using the runas command. For example, from the command line you would type runas /user:administrator_accountname “mmc %systemroot%\system32\inetsrv\iis.msc” to open IIS Manager on your machine (provided you are doing this either from a machine running Windows Server 2003 or a workstation with the Windows .NET Administration Tools Pack installed on it).

Console Tree

Like any MMC console, the IIS Manager window is divided into a left pane showing the console tree containing manageable objects and a right pane showing details about the current object selected in the left pane (see Figure 5-1). When IIS is added to a clean install of Windows Server 2003, the result is three nodes in the console tree of IIS Manager:

click to expand
Figure 5-1: IIS Manager, a Microsoft Management Console used to administer Internet Information Services

  • Application Pools Lets you assign worker processes to applications and configure worker process identity, health, recycling, and performance settings. We’ll talk more about application pools in Chapters 8, “Creating and Configuring Applications,“ and in Chapter 12, “Performance Tuning and Monitoring.”

  • Web Sites Lets you create and configure websites and virtual directories for hosting content or running dynamic applications on your server. We’ll discuss this more in Chapter 7, “Creating and Configuring Websites,” and in Chapter 8.

  • Web Service Extensions (WSE) Lets you lock down or unlock specific security features for IIS, such as whether or not ASP, ASP.NET, CGI, or ISAPI components are enabled (these are all initially in a locked-down state andmust be unlocked in order to function). We’ll examine IIS security in detail in Chapter 10, “Securing IIS.”

    Security Alert! 

    The IIS Lockdown Wizard, available as a downloadable add-on for IIS 4 and 5, has been replaced in IIS 6 with Web Service Extensions (WSE), a more granular tool for configuring IIS security.

Properties Sheets

Most nodes in the console tree have configurable settings, which you view and modify by right-clicking the node and selecting Properties from the task menu. For example, the properties sheet for the Web Sites node has nine tabs of settings you can modify (see Figure 5-2), which we will look at in detail in Chapter 7 and later chapters.

click to expand
Figure 5-2: IIS Manager uses properties sheets for configuring IIS settings.Web Connection

Task Menus

Various administrative tasks can be performed by right-clicking nodes in the console tree and selecting different options from the task menu. For example, right-clicking the root Internet Information Services node or local computer node lets you connect to another IIS machine to manage it. The local computer node also lets you back up or restore IIS configuration info, restart IIS, save configuration changes to disk, browse the home page of the default website, change the view options for the right-hand details pane, export the contents of the details pane to a text file, or open online Help to read the IIS documentation. We’ll be looking at some of these task menu options later in this chapter in the section “Basic Administration Tasks.”

Other Consoles for Administering IIS

There are other MMC consoles you can use to administer IIS that provide the same functionality as IIS Manager does. These consoles include

  • Computer Management Open this console from Administrative Tools (or by right-clicking My Computer and selecting Manage) and expand the Services And Applications node in the console tree, and you’ll see the Internet Information Services (IIS) node, which is identical in function to IIS Manager. You can also start Computer Management from the Run box or command line by making \System32 your current directory and typing compmgmt.msc.

  • Application Server To open this console, first open the Manage Your Server screen from Administrative Tools. You should already have the Application Server role installed, so just click the Manage Your Application Server link and the Application Server console will open (see Figure 5-3). This console includes nodes for configuring the .NET Framework, IIS, and Component Services. You can also open the Application Server console from the Run box or command line by making \System32 your current directory and typing appsrv.msc.

    click to expand
    Figure 5-3: The Application Server console is another MMC tool for administering IIS.

You can also create your own custom IIS console by selecting Start, clicking Run,  typing mmc, and clicking OK to open a blank MMC console. Now, to add the IIS snap-in, select File | Add/Remove Snap-In | Add | Internet Information Services (IIS) | Add | Close, and then click OK. Then save your console with a friendly name and the extension .msc in Administrative tools or some other location (such as a network share that only Administrators can access). You can even e-mail this .msc file to another Administrator so they can use it on their machine.

Basic Administration Tasks

Let’s take a look now at some of the basic administration tasks you can perform using IIS Manager. I’ll focus on general tasks relating to the IIS machines themselves—-more specific tasks relating to creating and configuring websites, managing applications, performance tuning, and maintenance will be covered in later chapters.

Connecting to IIS

To use IIS Manager to administer a machine running IIS, you first have to connect to that machine. This can be done two ways:

  • Right-click the root Internet Information Services node and select Connect.

  • Right-clock the node for any connected IIS machine and select Connect.

For example, if you open IIS Manager on a machine called NEXT3678 and follow one of these procedures, the Connect To Computer dialog box appears (see Figure 5-4).

click to expand
Figure 5-4: To use IIS Manager, first connect to the computer you want to manage.

In the Computer Name box, either type the name of the computer you want to connect to if you know it, or click Browse to find it on your network. The name you enter here depends on the name resolution method you are using on your network. It can be a fully qualified domain name (FQDN) if you are using DNS, or a NetBIOS name if you are using WINS. You can also enter the IP address of the target computer if you know it. If necessary, you may need to enter suitable credentials for logging on to the target machine, for example, if it belongs to a different domain.

Clicking Browse brings up the Select Computer dialog box, which lets you specify a different location for the computer you want to connect to (Figure 5-5). In this example, I have several machines running IIS that belong to a workgroup named WORKGROUP. If I entered WANDA as the name of the computer I wanted to connect to and clicked Check Names, the response would be WORKGROUP\WANDA, indicating that machine WANDA was positively identified as belonging to workgroup WORKGROUP.

click to expand
Figure 5-5: Specifying the IIS machine you want to connect to with IIS Manager

What if you can’t remember the name of the machine you want to connect to? In that case, click Advanced to expand the Select Computer box to allow you to query your network (or Active Directory, if it is installed) to find the computer you want. Once you’ve found the name of the target machine, click OK to return to the Connect To Computer dialog box and then click OK again to connect to the machine.

Once your console tree of IIS Manager includes a second node (for WANDA in the example in Figure 5-6), you can connect to other IIS machines to administer them as well. You can also remove machines from the console tree by right-clicking them and selecting Disconnect.

click to expand
Figure 5-6: IIS Manager allows you to manage multiple IIS machines concurrently.

Note 

You can use IIS Manager to connect to and manage machines running IIS 4, 5, 5.1, and 6. You can’t use IIS Manager to administer IIS 3 machines.

Tip 

If you can’t connect to a remote IIS machine using IIS Manager, it may be that the Internet Connection Firewall (ICF) component of Windows Server 2003 was installed and enabled on that machine prior to installing IIS on the machine. In this case, you need to either remove the ICF component or configure ICF to allow clients running IIS Manager to access the machine. See the ICF documentation in the Help and Support Center for more information on configuring ICF.

Backup/Restore Configuration

When you right-click a node for a connected IIS machine in the console tree, the All Tasks option in the task menu gives you three choices. The first of these is Backup/Restore Configuration, which can be used to create a backup of the metabase on your machine. The metabase contains configuration information about the FTP and websites, and their virtual directories and files being hosted on your IIS machine. You’ll learn more about that in Chapter 14, “Working with the Metabase.” For now, I’ll show you how to back up two files on your IIS machine, the metabase (metabase.xml) and the metabase schema (mbschema.xml).

Security Alert! 

Not all IIS configuration settings are stored in the metabase. A small but significant portion of it is stored in the Registry, and the Backup/Restore Configuration option I discuss here backs up only the metabase, not the Registry. Because of this, this option isn’t meant as a replacement for a full backup of operating system files and system state information, which you should do regularly as part of your disaster recovery plan.

To manually back up the metabase using IIS Manager, right-click the IIS server whose configuration you want to back up. Select All Tasks | Backup/Restore Configuration to display the Configuration Backup/Restore dialog box (see Figure 5-7). This dialog box displays all the previously created backups, including the initial configuration backup (see the “Initial Configuration Backup” sidebar later in the chapter) and various other automatic backups created by IIS. For example, when you reboot your server, IIS automatically makes several backups of the metabase; and when you create a new website, a metabase backup is automatically performed a short time later.

click to expand
Figure 5-7: Backing up the IIS metabase and schema

Now click Create Backup and type a name for your configuration backup (see Figure 5-8). You can optionally enter a password to secure your backup. The advantage of doing this is that a password-protected backup can be restored to a different IIS machine if necessary, while a backup not protected with a passwordcan be restored only on the machine on which the backup was created.


Figure 5-8: Creating a password-protected backup that is machine independent

Your new backup should show up in the list on the Configuration Backup/Restore dialog box, along with a version number. These version numbers start from zero and increment for each backup given the same name. For example, in Figure 5-8, the name given to the configuration backup is NewBackup and the version number assigned is zero. If you performed a second backup and gave it the same name, it would be version number 1 (if you gave the backup a different name, versioning would start from zero for that name).

The actual backup files are located in the folder %Systemroot%\System32\ inetserv\MetaBack and are identified by the following file extensions:

  • .md0 for the metabase backup file

  • .sc0 for the metabase schema backup file

We’ll look more at backing up and restoring the metabase in Chapter 13, “Maintenance and Troubleshooting,” and in Chapter 14.

Finally, in IIS 6 you can even back up portions of the metabase corresponding to the configuration for individual websites, FTP sites, or application pools, something we’ll examine further in Chapter 7.

Tip 

It’s a good idea to make a password-protected backup of your IIS configuration every time you make a significant change to your IIS machine, such as creating a new website or configuring quality- of-service settings. This way, you can restore your configuration to another IIS machine should the metabase on the first one become corrupt.

start sidebar
Initial Configuration Backup

As a safety precaution, an initial backup of metabase configuration settings is made automatically when IIS is installed. This configuration backup is stored in the folder %SystemRoot%\System32\inetsrv\MetaBack, and its purpose is to provide you with a way of restoring IIS in an emergency to its state immediately after installation. You might do this for example if your metabase became hopelessly corrupt. This allows you to get IIS working again without uninstalling and then reinstalling its various components. The file extensions for the initial configuration backup are .md1 and .sc1, and version number 1 is assigned to the backup. In addition, this initial configuration backup is not password protected, and therefore can only be used on the machine it was created on. As a result, it's a good idea to make an additional password-protected configuration backup immediately after installing and configuring IIS on a machine. This allows you to restore the configuration to a different system if IIS stops working on your original machine.

end sidebar

Restart IIS

If things seriously go wrong with IIS, you can restart IIS to try and get your sites and applications working again. This is a last-ditch solution, however, as restarting IIS has some negative consequences:

  • Any data being held in memory by IIS applications is lost.

  • Any users connected to IIS have their sessions terminated.

  • Any sites or applications still running are unavailable until restart is complete.

IIS may have various services running depending on which components have been installed. Table 5-1 lists the various Windows Server 2003 services that support IIS, the component DLL used to implement each service, and the host process within which the DLL runs.

Table 5-1: IIS Services and Their Component DLLs and Host Processes

Name of Service

Component DLL

Host Process

WWW Service

iisw3adm.dll

svchost.exe

FTP Service

ftpsvc.dll

inetinfo.exe

SMTP Service

smtpsvc.dll

inetinfo.exe

NNTP Service

nntpsvc.dll

inetinfo.exe

IIS Admin Service

iisadmin.dll

inetinfo.exe

Note 

Before restarting IIS, make sure you back up your IIS configuration information as described in the preceding section to ensure against loss of important configuration data on the machine.

Stopping and starting IIS services is usually done differently from other Windows Server 2003 services, which are generally started and stopped using the Services node in Computer Management (though you can use this method with IIS also). To restart IIS, right-click the server you want to manage in IIS Manager and select All Tasks | Restart IIS. A dialog box will appear offering you several restart options including

  • Restart IIS

  • Restart Server

  • Stop IIS

  • Start IIS

The last two options give you more control over the restart process. When you select Stop IIS, the operating system attempts to perform a smooth shutdown of IIS services and allots up to 5 minutes (300 seconds) for shutdown to finish (if this time is exceeded, a forced shutdown of these services occurs). Alternatively, you can click End Now to force a shutdown of IIS immediately if needed, but the smooth shutdown approach usually takes only a few seconds to complete. Afterward, a red X will appear over the Web Sites node in IIS Manager to indicate IIS is stopped. You can then restart IIS by selecting All Tasks | Restart IIS and choosing the Start IIS option. Alternatively, you can start IIS by starting any individual website on your machine (though this leaves all other websites stopped).

If you select the Restart Server option, you are given five minutes to save your work and close any open files or running applications before reboot occurs, and you can’t stop the shutdown process.

Tip 

If you make configuration changes for a site or application and the changes don’t seem to take effect immediately, try restarting IIS. See also the upcoming section “Save Configuration to Disk.”

Note 

You can also restart the IIS Admin Service from the command line using the IISReset command and the World Wide Web Publishing Service (WWW Service) using the Net Start command.

Automatic Restart

Windows Server 2003 automatically restarts services like IIS under certain conditions, for example,

  • When the IIS Admin Service (inetinfo.exe) abnormally terminates

  • When an IIS DLL running within inetinfo.exe abnormally terminates

  • When the WWW Service or its host process svchost.exe abnormally terminates

If you want to disable this automatic restart feature, open Computer Management, select the Services node, and open the properties sheet for the IIS Admin Service. Select the Recovery tab and note that this service is configured to run the iisreset /start command should the service terminate unexpectedly (see Figure 5-9). To disable automatic restart, change the list box settings for First Failure, Second Failure, and Subsequent Failures from Run A Program to Take No Action and click OK.

click to expand
Figure 5-9: Configuring the automatic restart feature of the IIS Admin service

Note 

You can similarly disable automatic restart for the WWW Service.

Save Configuration To Disk

If you made changes to the configuration of IIS or sites and applications running on it, you can force them to be written to the metabase immediately by selecting All Tasks | Save Configuration To Disk. Whenever you make a change to IIS and it doesn’t seem to take effect, try this approach and see if it helps. Note that you can also perform this action from the command line using a script.

Server Properties

If you right-click an IIS server node in IIS Manager and select Properties, the properties sheet for that server opens (see Figure 5-10). Changes made here affect your entire IIS machine, and you may be prompted to restart IIS after you make changes to this properties sheet. Let’s examine the settings you can modify here.

click to expand
Figure 5-10: Server properties sheet in IIS Manager

Enable Direct Metabase Edit

Enabling this check box allows you to directly edit the XML metabase while IIS is running using a text editing tool like Notepad.

UTF-8 Logging

IIS usually writes its log files using the local character set (typically ASCII). By enabling this feature, IIS will write its log in UTF-8 instead. UTF-8 is an ASCII-preserving encoding method that is part of the Unicode 3 standard and is described in RFC 2279.

MIME Types

Here you can define and modify the global MIME map for IIS, which defines which kinds of file types (based on file extensions) that IIS can serve to requesting HTTP clients. You’ll see later that you can also define a MIME map at the level of individual websites and virtual directories, but any changes made here affect all sites and directories running on your machine (if you make a change that conflicts with a lower level, you are prompted whether to override the lower setting and have it inherit the setting made here). I’ll defer discussion of MIME maps until Chapter 7, when I talk about administering websites.

Security Alert! 

There is one significant change to MIME maps between this version and earlier versions of IIS. In IIS 5, if a client requested a file having an extension that had no corresponding MIME type associated with it in the MIME map, the file would be served to the client using the application/octet-stream MIME type. In IIS 6, however, if a client requests a file type that has no MIME type defined on the server, the request is rejected and a 404.3 error is served to the client instead.




IIS 6 Administration
IIS 6 Administration
ISBN: 0072194855
EAN: 2147483647
Year: 2003
Pages: 131
Authors: Mitch Tulloch

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net