This chapter covered the interrelation of DNS, DHCP, and Active Directory in the SBS environment. Because DNS and Active Directory are so interdependent, the network settings of all systems in the SBS network must be configured correctly for workstations to participate in the local domain as well as access the Internet. The DHCP Server service will pass on the necessary information to client workstations when the SBS server is configured correctly. The nslookup command can be used to troubleshoot DNS lookup issues internally and on the Internet. The Netlogon service ties Active Directory together with DNS, and removing the databases while restarting the service can easily clear up corruption within the Netlogon databases. The neTDiag and dcdiag commands are useful tools in diagnosing network and Active Directory issues.
Best Practice Summary
Chapter 6. Internet Information Services
IN THIS CHAPTER
When the World Wide Web was first introduced in the early 1990s, many people scoffed at the idea that others would want to look for information using such a graphics-heavy environment. Today, companies that do not have visually interesting websites often get overlooked by potential customers. The Web has changed significantly during its existence, and the servers that host the Web have as well.
When Microsoft first released its Internet Information Server (IIS), it lagged significantly behind other well-established server products. With each release of IIS, Microsoft has significantly improved the product, and it now ranks among the top web server products used by major web hosting facilities and direct providers alike.
IIS and Small Business Server
Many technologies included with SBS 2003 are web driven, so a good understanding of Internet Information Services (IIS) is important to successfully maintain an SBS server. This chapter provides a high-level overview of the makeup of IIS, identifies the key services that are dependent on IIS, provides instructions for how to modify IIS settings and create new websites, and offers troubleshooting techniques for resolving IIS problems quickly.
SBS Web Technologies
One of the first steps in the SBS deployment process is a web-driven processthe Connect Computer Wizard. This is just one of the many components of SBS that rely heavily on IIS. Table 6.1 lists some of the other commonly used features of SBS that are driven by IIS.
IIS by itself is a complex application and becomes even more complex when the SBS technologies are added into its configuration. The remainder of this section provides an overview of the different components that make up IIS and how those components are used to provide basic web services.
SBS 2003 uses IIS version 6, which was introduced with the released of the Windows 2003 server series. IIS 6 has some significant changes in its default install over IIS 5. Whereas IIS 5 was configured to be ready to serve any type of web information right out of the box, a focus on server and web security by the development team at Microsoft provided a default configuration that is very "locked down" in IIS 6. Another difference is that the configuration file for IIS 6, the metabase, is now a human-readable XML document instead of the corruption-prone binary file used by previous versions. The interface for managing IIS 6 is also different from its predecessors as will be evident when the IIS Management Console is opened by anyone familiar with earlier versions.
In SBS 2003, a shortcut to the IIS Management Console is located in the Administrative Tools folder of the Start menu. The management interface is broken down into three main parts, described in the following sections.
The first folder you see under the SBS server in the IIS Management Console is Application Pools. When you expand this folder, you see the application pool instances configured by default in IIS. Each pool is a process that runs in a separate program space, so that if a particular application pool runs into a problem and crashes or stops responding, only the web components tied to that pool are affected.
Figure 6.1 shows the standard application pools for SBS in the IIS Management Console. Under the DefaultAppPool entry, you can see the different websites or virtual directories managed by that pool process. In this configuration, if the ExchangeApplicationPool pool process were to crash, the Default Web Site (run by the Root application), Backup, Monitoring, and Remote virtual directories would continue to run without interruption.
Figure 6.1. A standard SBS installation has five application pools defined, each with multiple nodes.
Each application pool process runs under a specific account on the server. This account is configured in the Properties page under the Identity tab as shown in Figure 6.2. Not all application pools run under the same account. The DefaultAppPool runs as the Network Service account, whereas the ExchangeApplicationPool runs as the Local System account.
Figure 6.2. The Default Application Pool runs as the Network Service account.
In general maintenance, a system administrator will hardly ever review the status or configuration of the application pool instances. The settings of the application pool instances should not be modified without good reason because a misconfiguration of the application pool instance will render the web services that run in that application pool unusable.
The next folder under the server icon is the Web Sites folder. This is where the main website configuration information is viewed or modified. IIS 6 allows multiple websites to be run on a single server. Each site can contain multiple directories beneath it, and those directories can be file system directories based on the file location of the site, or they can be virtual directories, which appear as though they are part of the file system hierarchy but are actually in a different location on the file system. The settings configured in each website are applied to each directory or virtual directory underneath the site, unless specific settings are modified at that level. Figure 6.3 shows the standard layout for the Default Web Site configuration with an SBS installation.
Figure 6.3. The Default Web Site contains a number of directories and virtual directories.
Each website listed under the Web Sites section must be uniquely identifiable by the IIS server in some way. SBS uses a combination of IP address and host header to identify which website should process the incoming web request. Ideally, a separate IP address would be used for each site, but because SBS relies on a single IP address for each NIC, IIS must rely on host headers to differentiate between sites.
Web Service Extensions
The last folder under the server icon is the Web Service Extensions folder. This area lists all the web service extensions installed as well as their current status. As shown in Figure 6.4, some services are Allowed, and some are Prohibited. The biggest change from IIS 5 to IIS 6 is that the WebDAV service extension is Prohibited by default. This change is another in the long line of security improvements that Microsoft made with this version of the web server.
Figure 6.4. The WebDAV web service extension is prohibited by default, as are other web service components.