Keep it simple stupid!
I am a firm believer in trying to keep things simpler where ever possible (but not for the sake of it) In years gone by I have heard many admins lament about the complexities of deploying IIS to work alongside third party plugins such as PHP. I can remember numerous occasions where I have wrestled with the config and “best practice”.
I am however glad to say finally Microsoft have taken notice of this and produced a very simple and effective deployment toolkit.
The Microsoft Web Platform Installer (now in version 3.0)
I have recently deployed an IIS7.0 server that required PHP and MySQL using this tool and I am very happy with the results!
I know generally any system admin will avoid “wizards” as it were but in this instance it is time well saved!
Using PowerShell to add IP addresses to IIS7’s FTP IPv4 Address and Domain Restrictions
Today I was configuring a new FTP server based on IIS7 (well, 7.5 technically as it’s a Server 2008 R2 host), and I wanted an easy way to add and remove allowed IP addresses based on either an XML config file or a CSV import. Customers’ IP addresses are added or removed regularly, but I didn’t want to have to update their details twice, once on the server and once in the documents.
Configuring Server 2008 R2 Core Series: Installing and Managing IIS
So, you’ve installed a new server with Server 2008 R2 Core – what next? Logging on, you’re presented with a shiny command prompt, you can run notepad or regedit…but aside from that, where do you go from there? In the next few series of posts I’ll hopefully point out the basics, and some not so basics!
In this post, I’m covering Installing the IIS web server (and a few useful bits) and managing it from the IIS Management Snap-in.
Installing the basic IIS installation
Installing optional components in Server 2008 R2 Core is handled by two commands, OCList and OCSetup. OCList, as the name suggests, lists the optional components and their status, installed or not installed. It’s a long list, so I recommend issuing the command with the “|more” pipe:
oclist | more
The output looks something like this:
OCSetup will accept any one, or multiple, of the roles listed in OCList as an argument to install. It’s recommended you use the command with “start /w” preceding so that the command prompt will wait for the installation to finish before continuing.
To install the basic IIS web server install, use
start /w ocsetup IIS-WebServerRole
As far as I can see, this installs the roles:
In order to get .Net functioning and allow remote management, you’ll also need the following components installed, a registry key added and the Web Management Service Started (in order):
start /w ocsetup WAS-NetFxEnvironment start /w ocsetup IIS-ISAPIExtensions start /w ocsetup IIS-ISAPIFilter start /w ocsetup IIS-NetFxExtensibility start /w ocsetup IIS-ASPNET start /w ocsetup IIS-ManagementService reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WebManagement\Server /v EnableRemoteManagement /t REG_DWORD /d 1 net start wmsvc
You should now be able to manage your IIS server via the IIS Management Console on a Windows Server 2008 or Windows 7 PC with Remote Server Administration Tools installed.
You can also manage IIS through a PowerShell addin, if you run powershell.exe on your Server Core installation, then import the WebAdministration Module:
C:\Users\Administrator>powershell Windows PowerShell Copyright (C) 2009 Microsoft Corporation. All rights reserved. PS C:\Users\Administrator> Import-Module WebAdministration PS C:\Users\Administrator> Get-Command -PsSnapin WebAdministration CommandType Name Definition ----------- ---- ---------- Cmdlet Add-WebConfiguration Add-WebConfiguration [-Filte... Cmdlet Add-WebConfigurationLock Add-WebConfigurationLock [-F... Cmdlet Add-WebConfigurationProperty Add-WebConfigurationProperty... Cmdlet Backup-WebConfiguration Backup-WebConfiguration [-Na... Alias Begin-WebCommitDelay Start-WebCommitDelay Cmdlet Clear-WebConfiguration Clear-WebConfiguration [-Fil... Cmdlet Clear-WebRequestTracingSettings Clear-WebRequestTracingSetti... Cmdlet ConvertTo-WebApplication ConvertTo-WebApplication [[-... Cmdlet Disable-WebGlobalModule Disable-WebGlobalModule [-Na... Cmdlet Disable-WebRequestTracing Disable-WebRequestTracing [[... Cmdlet Enable-WebGlobalModule Enable-WebGlobalModule [-Nam... Cmdlet Enable-WebRequestTracing Enable-WebRequestTracing [[-... Alias End-WebCommitDelay Stop-WebCommitDelay Cmdlet Get-WebAppDomain Get-WebAppDomain [-InputObje... Cmdlet Get-WebApplication Get-WebApplication [[-Name] ... Cmdlet Get-WebAppPoolState Get-WebAppPoolState [[-Name]... Cmdlet Get-WebBinding Get-WebBinding [[-Name] <Str... Cmdlet Get-WebConfigFile Get-WebConfigFile [[-PSPath]... Cmdlet Get-WebConfiguration Get-WebConfiguration [-Filte... Cmdlet Get-WebConfigurationBackup Get-WebConfigurationBackup [... Cmdlet Get-WebConfigurationLocation Get-WebConfigurationLocation... Cmdlet Get-WebConfigurationLock Get-WebConfigurationLock [-F... Cmdlet Get-WebConfigurationProperty Get-WebConfigurationProperty... Cmdlet Get-WebFilePath Get-WebFilePath [[-PSPath] <... Cmdlet Get-WebGlobalModule Get-WebGlobalModule [[-Name]... Cmdlet Get-WebHandler Get-WebHandler [[-Name] <Str... Cmdlet Get-WebItemState Get-WebItemState [[-PSPath] ... Cmdlet Get-WebManagedModule Get-WebManagedModule [[-Name... Cmdlet Get-WebRequest Get-WebRequest [-InputObject... Cmdlet Get-Website Get-Website [[-Name] <String... Cmdlet Get-WebsiteState Get-WebsiteState [[-Name] <S... Cmdlet Get-WebURL Get-WebURL [[-PSPath] <Strin... Cmdlet Get-WebVirtualDirectory Get-WebVirtualDirectory [[-N... Function IIS: set-location IIS: Cmdlet New-WebApplication New-WebApplication [-Name] <... Cmdlet New-WebAppPool New-WebAppPool [-Name] <Stri... Cmdlet New-WebBinding New-WebBinding [[-Name] <Str... Cmdlet New-WebFtpSite New-WebFtpSite [-Name] <Stri... Cmdlet New-WebGlobalModule New-WebGlobalModule [-Name] ... Cmdlet New-WebHandler New-WebHandler [-Name] <Stri... Cmdlet New-WebManagedModule New-WebManagedModule [-Name]... Cmdlet New-Website New-Website [-Name] <String>... Cmdlet New-WebVirtualDirectory New-WebVirtualDirectory [-Na... Cmdlet Remove-WebApplication Remove-WebApplication [-Name... Cmdlet Remove-WebAppPool Remove-WebAppPool [-Name] <S... Cmdlet Remove-WebBinding Remove-WebBinding [-Protocol... Cmdlet Remove-WebConfigurationBackup Remove-WebConfigurationBacku... Cmdlet Remove-WebConfigurationLocation Remove-WebConfigurationLocat... Cmdlet Remove-WebConfigurationLock Remove-WebConfigurationLock ... Cmdlet Remove-WebConfigurationProperty Remove-WebConfigurationPrope... Cmdlet Remove-WebGlobalModule Remove-WebGlobalModule [-Nam... Cmdlet Remove-WebHandler Remove-WebHandler [-Name] <S... Cmdlet Remove-WebManagedModule Remove-WebManagedModule [-Na... Cmdlet Remove-Website Remove-Website [-Name] <Stri... Cmdlet Remove-WebVirtualDirectory Remove-WebVirtualDirectory [... Cmdlet Rename-WebConfigurationLocation Rename-WebConfigurationLocat... Cmdlet Restart-WebAppPool Restart-WebAppPool [[-Name] ... Cmdlet Restart-WebItem Restart-WebItem [[-PSPath] <... Cmdlet Restore-WebConfiguration Restore-WebConfiguration [-N... Cmdlet Select-WebConfiguration Select-WebConfiguration [-Fi... Cmdlet Set-WebBinding Set-WebBinding [[-Name] <Str... Cmdlet Set-WebConfiguration Set-WebConfiguration [-Filte... Cmdlet Set-WebConfigurationProperty Set-WebConfigurationProperty... Cmdlet Set-WebGlobalModule Set-WebGlobalModule [-Name] ... Cmdlet Set-WebHandler Set-WebHandler [-Name] <Stri... Cmdlet Set-WebManagedModule Set-WebManagedModule [-Name]... Cmdlet Start-WebAppPool Start-WebAppPool [[-Name] <S... Cmdlet Start-WebCommitDelay Start-WebCommitDelay [-Verbo... Cmdlet Start-WebItem Start-WebItem [[-PSPath] <St... Cmdlet Start-Website Start-Website [[-Name] <Stri... Cmdlet Stop-WebAppPool Stop-WebAppPool [[-Name] <St... Cmdlet Stop-WebCommitDelay Stop-WebCommitDelay [[-PSPat... Cmdlet Stop-WebItem Stop-WebItem [[-PSPath] <Str... Cmdlet Stop-Website Stop-Website [[-Name] <Strin...
Serve up a .NET page, to taste
Not that you’d doubt me (!) but there’s one last thing to do – prove it worked. Fortunately, there’s an easy way to do that. I borrowed the code from www.codefixer.com to create a little “hello world” page. Since the default website is c:\inetpub\wwwroot\ I saved the page there as default.aspx and fired up my browser – et voila!
BlogEngine.Net 1.6 is released – and I’ve upgraded! Also migrated to IIS 7
I’ve just upgraded to BE.Net 1.6, and I thought I’d migrate to GoDaddy’s IIS 7 servers at the same time. The theory is that this would be a an easy migration and I’d have the weekend to iron out any bugs. Not so.
After testing on my local IIS 7 and working perfectly, I uploaded the updates to my live blog and hit the “Migrate to IIS 7” button, which promises it will be completed in 24h. I received the “update your DNS” email, and duly updated my A records to the new server, and the transfer seems to be ok – aside from the fact that viewing any specific post causes an error – I’m guessing with the permissions of the App_Data folder. The catch being that I can’t access my IIS settings until GoDaddy have completed their 24h migration process.
It’s now been more than 72 hours since I kicked of the migration and still I cannot access and fix the IIS permissions issue which is dogging my blog. I’ve emailed twice and am still waiting for some resolution. Perhaps I won’t be renewing this year?
MOSS 2007 – Alternate Access Mapping authentication fails
If you have an Alternate Access Mapping configured for a MOSS 2007 site with Integrated Authentication you might find that you get prompted for the DOMAIN\UserName and Password. After 3 attempts you get to a HTTP 401 error.
This can be resolved by following the steps in MS KB 896861
Outlook Web Access over SSL using Forms Based Authentication AND Integrated Authentication
Outlook Web access is a fantastic tool for our company, providing on-the-go
access to people's mailboxes – which is of course secured by SSL and uses Forms
Based Authentication. Internally, we have an intranet portal that allows us to
access the various systems – one of which is OWA. One of the stipulations for
this internal portal is that it is all Single Sign On using NTLM authentication
– integrated authentication. This is where the problem lies because enabling OWA
with Forms Based Authentication over SSL disables Integrated Authentication. So
our choice is to have users enter their credentials twice (not acceptable) or to
disable FBA and have external users log on with the annoying pop-up.
You can create a copy of the /Exchange and /Public Virtual Directories and
configure them to use Integrated Authentication. You can also restrict access to
them by IP…here's how:
I'm assuming you've already set up OWA with SSL on your Exchange server. If you need to do that, try How
do I configure OWA to use SSL? at Daniel Petri's site
- Log onto your Exchange Server, and open up the IIS control panel. Locate
your /Exchange and /Public virtual directories.
- Right click /Exchange, select "All Tasks" and then "Save Configuration to a
- Go through the dialogue, save to a file and if you're worried about security, add a password.
- Once you're done, right click any white space in the root web site (or the exchange web site) and select "New", then select "Virtual Directory (from file)…"
- You will be presented with the "Import Configuratio" dialogue, click "Browse…" and select the file you've just created. Click "Read File" and select the Exchange location underneath
- Click "OK" and you'll be asked to provide a new name, or replace the existing Virtual Directory – select create a new one and put an appropriate name (I uses ExchangeIA)
- Now, this step is optional, but read on anyway because you might want to think about it. I only want to allow people on my network to access this using Integrated Authentication, no one else, so I am going to restrict access to the Virtual Directory that I've just created to my IP subnet. To do this right click the newly created Virtual Directory (ExchangeIA) and select the "Directory Security" tab. Under "IP address and domain name restrictions" click "Edit". Now select "Denied access" to deny anyone other than the exceptions, then click "Add.." and enter the details of your network to allow those computers access.
- Now head back to step 1 and repeat for the /Public folder, if Integrated Authentication is required for Public Folders.
Restoring the ASP.NET tab in IIS
If you've logged onto the properties for your IIS install and found that the ASP.NET tab has mysteriously disappered, you can try a couple of things.
Firstly, try re-registering ASP.NET with IIS using the ASPNET_REGIIS.exe located in the .NET installation folder:
Chances are though, that it won't work, and that you can try and number of command using aspnet_regiis.exe or even uninstalling and reinstalling .NET and you won't actually fix the problem. (Note: on x64 systems this could be a different problem, Google again with x64!)
This was solved by switching a flag (Enable32BitAppOnWin64) to false in the IIS metabase:
cscript.exe adsutil.vbs set W3SVC/AppPools/Enable32BitAppOnWin64 FALSE
You should then be able to see the ASP.NET tab restored in the site properties.