Vous êtes sur la page 1sur 37

O F F I C I A L

M I C R O S O F T

L E A R N I N G

P R O D U C T

6427A
Configuring and Troubleshooting Internet Information Services in Windows Server 2008 Companion Content

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein. 2008 Microsoft Corporation. All rights reserved. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.

Product Number: 6427A Released: 12/2007

Configuring an IIS 7.0 Web Server

1-1

Module 1
Configuring an IIS 7.0 Web Server
Contents:
Module Reviews and Takeaways 2

1-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. 4. What is the benefit of a modular architecture? Describe various scenarios in which organizations may benefit from implementing IIS on Windows Server Core. Which installation method can be used with scripting? Which workloads are not available on Windows Server Core?

Configuring IIS 7.0 Web Sites and Application Pools

2-1

Module 2
Configuring IIS 7.0 Web Sites and Application Pools
Contents:
Module Reviews and Takeaways 2

2-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. 4. What is the benefit of the unified request pipeline? What are application pools? How do you remove an application pool? If an application pool is stopped, what response will clients receive?

Configuring IIS 7.0 Application Settings

3-1

Module 3
Configuring IIS 7.0 Application Settings
Contents:
Module Reviews and Takeaways 2

3-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. How can you improve the user experience when a problem is encountered? What are application settings and how are they used? If an application is completely self-contained and does not need to access external information, what is the best setting for its .NET trust level?

Configuring IIS 7.0 Modules

4-1

Module 4
Configuring IIS 7.0 Modules
Contents:
Module Reviews and Takeaways 2

4-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. 4. 5. What typically generates the response to the client; native modules, managed modules, ISAPI filters, or handlers? Do both, native modules and managed modules need to be added to the <globalModules> configuration section of the applicationHost.config? Native module files have what type of file extension? When would you use the precondition variable? You need a new managed module build by the development team. What programming language would you recommend that they use for creating the module?

Common Issues related to a particular technology area in the module


Identify the causes for the following common issues related to a particular technology area in the module and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module. Issue If you do not see the module on the Modules page, it has not been enabled. Troubleshooting tip To enable the module, you must open the Configure Native Modules dialog box, select the check box of the module, and then click OK.

Real-world Issues and Scenarios


1. Trey Research wants to deploy a new Web site but they want to make it exclusively for the use of its remote researchers. What security measures would you put in place? Would you remove any of the native modules that are installed by default? How would you remove the modules? Deploy security and authentication on the Web server. Remove the anonymous authentication module by editing the applicationHost.config.

Best Practices related to a particular technology area in this module


Supplement or modify the following best practices for your own work situations: Directly editing applicationHost.config offers greater control and is preferred over using the IIS Manager tool. Typically this is a more reliable method, and offers you more flexibility over how to manage and configure native modules. Make sure you are set up with Administrator credentials before you attempt to uninstall a native module by removing the entries from the <globalModules> and <modules> sections. Because the <globalModules> configuration section is only settable at the server level, you must be an administrator to uninstall a module.

Configuring IIS 7.0 Modules

4-3

Tools
Tool IIS Manager Microsoft Visual C# Express Notepad Use for Configuring modules Where to find it Administrative tools

Editing code for managed Free download modules Editing applicationHost.config Accessories

Securing the IIS 7.0 Web Server and Web Sites

5-1

Module 5
Securing the IIS 7.0 Web Server and Web Sites
Contents:
Module Reviews and Takeaways 2

5-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
After reviewing your Web server logs you notice some suspicious requests employing non-ASCII characters. What security feature could you employ in response to this particularly hazard? Which user is assigned access to files when you allow anonymous access? A developer wants to deploy an application, authenticating users using the new Passport system. Which Authentication method would you recommend? A developer wants to add a shopping component to a Web site. What would you do to ensure confidence and security for users to enter their credit card numbers into a Web form?

Common Issues related to a particular technology area in the module


Identify the causes for the following common issues related to a particular technology area in the module and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module. Issue Anonymous users gaining access to protected content Active Server Pages not running Troubleshooting tip Check to make sure that Anonymous Authentication is set to Disabled. Check to make sure that ASP content is activated in the ISAPI and CGI restrictions.

Real-world Issues and Scenarios


1. The intranet server for Humongous Insurance hosts content that is available to all employees. The Human Resources department has requested that addition content needs to be added that should be viewed only by members of the Human Resources group. What security feature could you employ in to restrict access to this content?

Best Practices Related to Securing Web Servers and Web Sites


Supplement or modify the following best practices for your own work situations: Allowing all unspecified extensions is a security risk, because your Web server could become susceptible to computer viruses or worms that exploit these technologies. To reduce this risk, you should allow only those specific ISAPI extensions or CGI files that you need to run on your Web server. The domain name restrictions rules restrict access by domain name. This rule significantly affects server performance because it requires a DNS lookup for every request. Employ minimal install to install only the bare minimum number of components. With fewer components installed, there is a much smaller surface area available to attackers and there are fewer things to manage and maintain. Deploy HTTP request filtering to monitor all incoming URLs and suppress certain strings before they were processed. This allows Web server administrators to do things like block certain executables, create hidden directories unreachable with HTTP, and set limits for connections, among others. Restrict directory browsing to prevent snooping of your Web server content.

Securing the IIS 7.0 Web Server and Web Sites

5-3

Locate the log file on a secure, reliable drive and should be stored in a directory other than systemroot. Monitor and manage the maximum number of log files to keep and the maximum size of the log files.

Tools
Tool IIS Manager Notepad Notepad Use for Editing security configuration Editing config files Viewing log files Where to find it Administrative Tools Accessories Accessories

Configuring Delegation and Remote Administration

6-1

Module 6
Configuring Delegation and Remote Administration
Contents:
Module Reviews and Takeaways 2

6-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. What are the steps in configuring the Web management service? What files are involved in delegated administration? What are some best practices for feature delegation?

Common Issues related to configuring feature delegation and remote administration.


Identify the causes for the following common issues related to configuring feature delegation and remote administration and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module. Issue Self-signed certificates Troubleshooting tip Self-signed certificates usually produce a non-critical error because they are not issued by a certification authority that is recognized by the remote client. The remote management service uses TCP port 8172 by default. Even though HTTPS is the protocol used for remote management, any firewalls between the Web server and the remote administrator will need to permit port 8172, or the port configured in the remote management settings. Delegated administrations must be able to modify the Web.config file for their Web site or application. Configuration file settings inherit from parent to child file from machine.config down to the last Web.config file (if any) and the effective configuration is calculated for a given path. Any setting at a lower level in the hierarchy will override a parent setting defined in a file above the current level.

Firewall ports

File permissions on Web.config

Configuration file conflicts

Real-world Issues and Scenarios


1. 2. A hosting provider wants to delegate site management to each customer for that customer's site. A corporate Web server hosts multiple departmental sites. The server administrator wants to delegate limited access to departmental site managers. What access should be delegated? What access should not be delegated? What are the access requirements in your environment?

Best Practices related to configuring feature delegation and remote administration.


Supplement or modify the following best practices for your own work situations: Back up configuration files before modifying them. Give only the needed level of access.

Configuring Delegation and Remote Administration

6-3

Don't change the system account. Don't make delegation more restrictive after initial configuration.

Using Command-line and Scripting for IIS 7.0 Administration

7-1

Module 7
Using Command-line and Scripting for IIS 7.0 Administration
Contents:
Module Reviews and Takeaways 2

7-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. 4. 5. 6. What are the different tools available for IIS 7.0 administration? How can you use scripts to simplify IIS 7.0 administration? What are the benefits of PowerShell? What things can you do with AppCmd.exe? What is Microsoft.Web.Administration and how can it be used? What are some examples of tasks you can perform using WMI?

Tuning IIS 7.0 for Improved Performance

8-1

Module 8
Tuning IIS 7.0 for Improved Performance
Contents:
Module Reviews and Takeaways 2

8-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review Questions
1. 2. 3. What is the difference between compression and caching and how do they interact? What impact do the various performance settings have on CPU usage, memory usage, disk i/o, and network bandwidth? What options do you have for ensuring that an application does not monopolize resources?

Ensuring Web Site Availability with Web Farms

9-1

Module 9
Ensuring Web Site Availability with Web Farms
Contents:
Module Reviews and Takeaways 2

9-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review questions
1. Question: Explain some of the actions that may be taken to validate that a Web server backup was completed successfully? Answer: 2. Question: Explain some of the advantages of using IIS on a DFS-enabled share. Answer: 3. Question: Explain the benefits of using shared configurations in a IIS 7.0 Web server enterprise. Answer: 4. Question: Explain what happens if the file server with the configuration files goes down, but the Web servers remain functional. Answer: 5. Question: Explain some of the advantages of using Network Load Balancing clusters. Answer:

Common Issues in Configuring Shared Configuration and Network Load Balancing


Identify the causes for the following common issues related to a particular technology area in the module and fill in the troubleshooting tips. For answers, refer to relevant lessons in the module. Issue Shared configuration export fails Shared configuration fails NLB fails Troubleshooting tip Make sure the UNC share is configured properly Make sure you are using the correct password Make sure servers have correct IP configuration and are on the same subnet.

Real-world Issues and Scenarios


1. Margie's Travel is experiencing expanded growth in use of their Web site. In order to meet that demand they decide to add additional Web servers in a Network Load Balancing configuration. How would you recommend to do this? Adventure Works wants to expand their server reliability so they decided to deploy shared configurations for their Web servers. What would be the best way of deploying this?

2.

Best Practices for Shared Configurations and Network Load Balancing


Supplement or modify the following best practices for your own work situations: Before you enable shared configuration o o Make sure that all the servers have the same components. Verify each machine using Role Manager or registry query.

Ensuring Web Site Availability with Web Farms

9-3

Before you install a new component in a shared configuration network o o o If it writes to the applicationHost.config, you can't install it with shared config enabled. Take servers offline and update separately. Configure servers as needed before enabling shared config.

Secure the Network Load Balancing systems o o o The NLB subnet must be physically protected from intrusion to avoid interference from unauthorized heartbeat packets. Administration tools that administer NLB clusters can be run from remote workstations. Ensure that the applications are run from trusted computers. Consistently install the same set of modules

Tools
Tool IIS Manager NLB Manager Use for Managing IIS Server Managing NLB Where to find it Administrative Tools Administrative Tools

Troubleshooting IIS 7.0 Web Servers

10-1

Module 10
Troubleshooting IIS 7.0 Web Servers
Contents:
Module Reviews and Takeaways 2

10-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Module Reviews and Takeaways


Review questions
1. 2. What is the difference between custom errors and detailed errors? Why are configuration issues difficult to diagnose?

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

R-1

Resources
Contents:
Microsoft Learning Technet and MSDN Content Communities 2 3 6

R-2

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Microsoft Learning
This section describes various Microsoft Learning programs and offerings. Microsoft Skills Assessments Describes the skills assessment options available through Microsoft. Microsoft Learning Describes the training options available through Microsoft face-to-face or self-paced. Microsoft Certification Program Details how to become a Microsoft Certified Professional, Microsoft Certified Database Administrators, and more. Microsoft Learning Support o o To provide comments or feedback about the course, send e-mail to support@mscourseware.com. To ask about the Microsoft Certification Program (MCP), send e-mail to mcphelp@microsoft.com

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

R-3

Technet and MSDN Content


IIS 7.0: Create a Web Site Add a Web Application Logging Site Activity (IIS 6.0) Best Practices for Delegating Active Directory Administration: Chapter 6 - Managing Microsoft Certificate Services and SSL: IIS 7.0: Create an Application Pool IIS 7.0: Create a Tracing Rule for Failed Requests IIS 7.0: Configuring Application Settings in IIS 7.0 IIS 7.0: Configuring Authentication in IIS 7.0 IIS 7.0: Configuring Connection Strings in IIS 7.0 IIS 7.0: Configuring HTTP Compression in IIS 7.0: IIS 7.0: Configuring ISAPI Filters in IIS 7.0: IIS 7.0: Configuring Machine Keys in IIS 7.0 IIS 7.0: Configuring .NET Globalization Settings in IIS 7.0 IIS 7.0: Configuring .NET Compilation Settings in IIS 7.0 IIS 7.0: Configuring Output Caching in IIS 7.0: IIS 7.0: Configuring Pages and Controls in IIS 7.0 IIS 7.0: Configuring Providers in IIS 7.0 IIS 7.0: Configuring SMTP E-mail in IIS 7.0 Configuring Session State in IIS 7.0: Configuring .NET Trust Levels in IIS 7.0: IIS 7.0: Configure Web Server Security IIS 7.0: Configure a Web Server to Serve Content Create a Dfs Node: Deploying Windows 2000 with IIS 5.0 for Dot Coms: Best Practices: Deploying and Configuring Internet Information Services (IIS) 6.0 with Remotely Stored Content on UNC Servers and NAS Devices: IIS 7.0: Edit a Custom HTTP Error Response IIS 7.0: Enable or Disable Logging How Network Load Balancing Technology Works: IIS 7.0: Installing IIS 7.0 IIS Security: IIS 7.0: Configuring Authentication in IIS 7.0

R-4

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

IIS 7.0: Configure Web Server Security IIS 7.0: Edit a Managed Module IIS 7.0: Enable Trace Logging for Failed Requests IIS 7.0: Configure Request-Processing for a Web Server: IIS 7.0: ISAPI and CGI Restrictions Feature Requirements IIS 7.0: Allow a Windows User or Windows Group to Connect to a Site or an Application IIS 7.0: Specify an Identity for an Application Pool IIS 7.0: Configure Basic Authentication IIS 7.0: Configuring ISAPI Filters in IIS 7.0: IIS 7.0: Configuring ISAPI and CGI Restrictions in IIS 7.0: IIS 7.0: Configuring Handler Mappings in IIS 7.0 IIS 7.0: Configuring Managed Modules IIS 7.0: Configuring URL Authorization Rules in IIS 7.0: IIS 7.0: Edit Registration for a Native Module IIS 7.0: Register and Enable a Native Module on a Web server: IIS 7.0: Remove a Registered Native Module from a Site or an Application: IIS 7.0: Remove a Managed Module IIS 7.0: Output Caching Feature Requirements: Improving IIS 6.0 Scalability and Availability with Network Load Balancing (IIS 6.0): Introduction to IIS 7.0 Architecture ISAPI and CGI restrictions page Logging Site Activity (IIS 6.0): IIS 7.0: Managing Applications in IIS 7.0 IIS 7.0: Managing Application Pools in IIS 7.0 IIS 7.0: Monitor Activity on a Web Server IIS 7.0: Managing Virtual Directories in IIS 7.0 Network Load Balancing: Frequently Asked Questions for Windows 2000 and Windows Server 2003 Network Load Balancing Best practices Network Load Balancing Troubleshooting IIS 7.0: Optimize IIS Performance Overview of IIS 6.0 Architecture (IIS 6.0): Overview of the Distributed File System Solution in Microsoft Windows Server 2003 R2: Piping and the Pipeline in Windows PowerShell:

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

R-5

Rename an Application Pool RPC over HTTP Authentication and Security Server Consolidation Scenario Server Manager SSL and Certificates (IIS 6.0) IIS 7.0: Start or Stop an Application Pool Troubleshooting Service Not Available Errors Troubleshooting 400.x Errors Using Web Farm Technology to Provide High Availability for Message Queuing: What can I do with PowerShell: A Task-Based Guide to Windows PowerShell Cmdlets: What Is Network Load Balancing? Windows PowerShell Owner's Manual: Windows PowerShell: Now Part of Windows Server 2008 Windows PowerShell: Simple Commands. Powerful Administration: Windows Server Backup: Windows Server 2008 Backup and Recovery Step-by-Step Guide: Windows Server Resource Kit

MSDN
IIS 7.0 Beta: modules Element (IIS Settings Schema): IIS 7.0 Beta: system.webServer Section Group (IIS Settings Schema): How to Create a Windows PowerShell Cmdlet: Using WMI to Configure IIS: IIS Logging Overview

R-6

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

Communities
This section describes the various Microsoft communities that may be of use to Internet Information Services in Windows Server 2008 Communities

Configuring and Troubleshooting Internet Information Services in Windows Server 2008

R-7

Send Us Your Feedback


You can search the Microsoft Knowledge Base for known issues at Microsoft Help and Support before submitting feedback. Search using either the course number and revision, or the course title. Note Not all training products will have a Knowledge Base article if that is the case, please ask your instructor whether or not there are existing error log entries.

Courseware Feedback
Send all courseware feedback to support@mscourseware.com. We truly appreciate your time and effort. We review every e-mail received and forward the information on to the appropriate team. Unfortunately, because of volume, we are unable to provide a response but we may use your feedback to improve your future experience with Microsoft Learning products.

Reporting Errors
When providing feedback, include the training product name and number in the subject line of your email. When you provide comments or report bugs, please include the following: Document or CD part number Page number or location Complete description of the error or suggested change

Please provide any details that are necessary to help us verify the issue.

Important All errors and suggestions are evaluated, but only those that are validated are added to the product Knowledge Base article.