Managing IIS 6 in an Enterprise: A Handful of Tips & Tricks...

Introduction

Today, Wednesday afternoon in Zurich & early AM back home (i.e. Seattle), I delivered this topic of managing IIS 6.0 in an Enterprise.  This is the 2nd time I delivered this talk as I did it on Monday in Milan, Italy though I took it a bit further here in Zurich than I did in Milan.  It wasn’t on purpose other than just having more time allows me to go a step further.

What is the purpose of this talk?  Simple –

    a)  Deploying applications (like ASP.NET, ISAPI, etc.) to IIS 6.0 Servers

    b)  Managing IIS 6.0:  Tips, tricks, and much more…

    c)  Troubleshooting IIS 6.0 using tools & tracing

    d)  Disaster Recovery:  Aiming for protecting those who need to backup everything important relating to Web

This talk originally came about in a webcast I did back in April of the same title.  However, as is with any talk, this refined talk over time has produced some really useful scripts.

Deployment & Scripts

In the first section, I spend a lot of time talking about how you can deploy applications on IIS 6.0.  The scenario produced here is the following:

a)  Deploy 3 applications:  GrocerToGo, MsPetShop, and MyWebSite

b)  Isolate each in a single application pool

c)  Create each as a unique, independent website

d)  Deploy ASP.NET 1.1 & only to GrocerToGo (a ASP.NET 1.1 app)

e)  Deploy ASP.NET 2.0 & only to MsPetShop (a ASP.NET 2.0 app)

f)  Deploy an ISAPI to MyWebSite (a ISAPI extension called sleeper.dll)

g) Deploy a SSL certificate to MyWebSite as it needs to have SSL

After understanding what it is that you want to do, you can start to locate all that is necessary to do one single thing:  Automate.

In this talk, I demonstrate how I do this using a central file server.  I use a single server because it makes it easy for me to quickly and effective configure a single web farm.  In this case, fileserver with a share called webdeploy.

Script:

REM Deploy Content & Config from Remote Share
REM
REM  Connect to Remote Deployment Server (i.e. File Server)
net use s: \\fileserver\webdeploy
pause

REM Create Application Pool
adsutil create w3svc/apppools/GrocerToGo IIsApplicationPool
adsutil create w3svc/apppools/MsPetShop IIsApplicationPool
adsutil create w3svc/apppools/MyWebSite IIsApplicationPool
Pause

REM Create WebSite
iisweb.vbs /create c:\websites\grocertogo "GrocerToGo" /d grocertogo /ap GrocerToGo
iisweb.vbs /create c:\websites\mspetshop "MsPetShop" /d mspetshop /ap MsPetShop
iisweb.vbs /create c:\websites\mywebsite "MyWebSite" /d myweb /ap MyWebSite
pause

REM Copy Content
xcopy /o /x /e /h /y /c s:\*.* c:\webshare\
xcopy /o /x /e /h /y /c c:\webshare\content\grocertogo c:\websites\grocertogo
xcopy /o /x /e /h /y /c c:\webshare\content\mspetshop c:\websites\mspetshop
xcopy /o /x /e /h /y /c c:\webshare\content\mywebsite c:\websites\mywebsite
pause

REM Import Application (or Applications)
iiscnfg.vbs /import /f c:\webshare\config\grocertogo.xml /sp /LM/W3SVC/1554098620/root /dp /lm/w3svc/1554098620/root /merge
iiscnfg.vbs /import /f c:\webshare\config\mspetshop.xml /sp /lm/w3svc/220925212/root /dp /lm/w3svc/220925212/root/ /merge
iiscnfg.vbs /import /f c:\webshare\config\mywebsite.xml /sp /lm/w3svc/1179986622/root /dp /lm/w3svc/1179986622/root/ /merge
pause

REM Install & Enable ASP.NET V1.1
cd %windir%\Microsoft.NET\Framework\v1.1.4322
aspnet_regiis.exe -i -enable
REM Enable 1.1 for GrocerToGo
aspnet_regiis -s w3svc/1554098620
cd \
pause

REM Install & Enable ASP.NET V2.0
cd %windir%\Microsoft.NET\Framework\v2.0.50727
aspnet_regiis.exe -i -enable
REM Enable 2.0 for PetShop
aspnet_regiis -s w3svc/220925212
pause

REM Add Sleeper.dll to Extensions List (ISAPI Extension)
iisext /addfile c:\websites\mywebsite\sleeper.dll 1 Sleeper 0 Sleeper

REM Enable Scripts & Executables (for ISAPI) using AccessFlags
adsutil set w3svc/1179986622/root/AccessFlags 517

REM Import SSL Certificates (if necessary)
REM IIsCertDeploy already added to Path
iiscertdeploy.vbs -c c:\webshare\ssl\grocertogocert.pfx -i w3svc/1179986622 -p 1 -q on
pause

REM Clean up
net use s: /delete

Managing IIS 6.0 Tips & Tricks

In this section of the talk, I do a couple of key things.  I demonstrate how to enable granular compression, enable Centralized W3C Logging, as well as enable IIS Metabase Auditing.  Furthermore, I spend a little bit of time suggesting that customers enable a few log file extended properties:  Time-taken, Referrer, Site name.  I used the User Interface, IIS Manager, to enable these features.  Thus, they will not be included here in this blog.  Maybe later… :)

Enable Granular Compression:  (for default.html in the /protected/default.html location of the metabase)

cscript adsutil.vbs set w3svc/<sitename>/root/protected/default.html DoStaticCompression 1

Enable W3C Centralized Logging:

cscript adsutil.vbs set w3svc/CentralW3CLoggingEnabled 1 (i.e. True)

Enable IIS Metabase Auditing:

cscript iiscnfg.vbs /enableaudit / /r

NOTE:  Ensure that, in Local Security Policy, you have enabled Success & Failure auditing.

Troubleshooting

In this section, I talk about several tools that are built-in as well as new tools released as IIS Diagnostics Tools.  In particular, AuthDiag, SSLDiag, and IIS Request Viewer.  In subsequent presentations, we talk about Log Parser & DebugDiag.

Disaster Recovery:  Turn-key Backups & Restores

In this section, I spend some time making sure htat customres understand what is defined as “turn-key.”  Turn Key simply means just like you start your car, you simply make one action and the rest of the work is done for you.  I use some different items to ensure that I successfully backup the key datapoints.  A key understanding here is that this is a way to quickly transform a typical, IIS-installed system into your application server ready to start taking load.  This does not replace doing tape backups and ensuring that you protect your investment.  However, IIS 6.0 can be quickly backed up and\or restored to the appropriate web server using very little work in a backup\restore batch file.

REM Backup to Remote Share (WebBackup.bat)
REM Connect to Remote Backup Server
net use s: \\fileserver\WebBackups
pause
 
REM Get SSL Certificate
iiscertdeploy -e s:\ssl\GrocerToGoCert.pfx -p 1 -i w3svc/1179986622 -q on
pause

REM Backup IIS Metadata
iisback /backup /b MyMetaBackup /e BackupPass /overwrite
xcopy %windir%\system32\inetsrv\metaback\MyMetaBackup.MD0 s:\config\ /y
xcopy %windir%\system32\inetsrv\metaback\MyMetaBackup.SC0 s:\config\ /y
pause

REM Copy Content & Export App...
xcopy /o /x /e /h /y /c c:\websites\*.* s:\Content\
pause

REM Delete connection to Remote Backup Server
net use s: /delete /y

Restore:

REM Restore from Remote Share (Recovery.bat)

REM Connect to Remote Deployment Server
net use s: \\fileserver\WebBackups
pause

REM Restore Website
xcopy /o /x /e /h /y /c s:\config\*.* %windir%\system32\inetsrv\metaback
iisback /restore /b MyMetaBackup /e BackupPass
pause

REM Restore Content
xcopy /o /x /e /h /y /c s:\Content\*.* c:\websites\
pause

REM Restore SSL Certificates
iiscertdeploy.vbs -c s:\ssl\grocertogocert.pfx -i w3svc/1179986622 -p 1 -q on
pause

REM Delete Connection to Remote Backup Server
new use s: /delete /y

Summary:

I will soon spend some time and make sure that I put all these in a convienant location for download.  However, until then, you can use this as a reference. 

Again, a lot of this was covered in a webcast so feel free to download and reference it.

Thanks,

~Chris