Chapter 2 - Core IIS Administration

Core Internet Information Services (IIS) administration tasks concern connecting to servers, managing services, and saving metabase configurations. In IIS, you connect to individual servers and manage their IIS components through the Internet Information Services snap-in or the Internet Services Manager. A single IIS server can be used to host multiple resources. World Wide Web and File Transfer Protocol (FTP) resources are referred to as Web sites and FTP sites, respectively. Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP) resources are referred to as SMTP virtual servers and NNTP virtual servers, respectively.

Sites and virtual servers are server processes that have their own configuration information, which can include IP addresses, port numbers, and authentication settings. To perform most administration tasks with sites and servers, you'll need to log on to the IIS server using an account that has administrator privileges. Nonadministrators designated as IIS operators can manage individual sites and virtual servers as well. Detailed information on security and operators can be found in Chapter 5, "Managing Web Server Security."

On This Page

Working with IIS and URLs Internet Information Services Snap-In Essentials Managing IIS Services Configuring IIS Backup and Recovery

Working with IIS and URLs

Most administrators don't understand the actual underpinnings of IIS. Yet to really understand how IIS works, you have to understand the architecture and the basic techniques for accessing documents on the Internet. The sections that follow examine IIS architecture and document access using Uniform Resource Locators (URLs).

Understanding the IIS Architecture

You can think of IIS as a layer over the operating system in which, in most cases, you may need to perform a system-level task before you perform an IIS task. This is true in several key areas:

• Directories Web sites, virtual servers, and other resources use the Microsoft Windows 2000 file and directory structure. Before you create IIS resources, such as sites or virtual servers, you should ensure that any necessary directories have been created.

• Permissions Windows 2000 permissions determine whether users can access files and directories. Before users can access files and directories, you must ensure that the appropriate users and groups have access at the operating system level. After you set operating system (OS)-level permissions, you must set IIS-specific security permissions.

Windows services and processes are other areas in which Windows 2000 and IIS are tightly integrated. Figure 2-1 provides a conceptual overview of the service and process relationships. Each IIS service runs under an instance of SVCHOST.EXE. The service host process controls all resources of the same type running on a server. Because of this, Windows 2000 uses the service host to manage all instances of a specific resource, such as a Web or FTP site, running on a server. For example, if you start or stop the World Wide Web Publishing Service, you are controlling all Web sites running on the server through the related service host process. See the "Managing IIS Services" section of this chapter for details.

Figure 2-1: Conceptual view of the IIS architecture.

Because the IIS structure is layered, starting or stopping an IIS virtual server doesn't directly affect the service host. Instead, Windows 2000 uses an intermediary to control the service host for you. This intermediary is the InetInfo process. A single instance of INETINFO.EXE is used to manage the service hosts as well as Internet server application program interface (ISAPI) applications that run within the IIS process context. When you control IIS services individually, Windows 2000 controls the service host through InetInfo. InetInfo also makes it possible to manage all IIS resources running on a server. You can, for example, issue a restart command in the Internet Information Services snap-in that restarts IIS completely. See the "Starting, Stopping, and Restarting All Internet Services" section of this chapter for more details.

ISAPI applications are a key part of the IIS architecture. ISAPI applications are server-based applications that run on IIS Web sites. As Figure 2-2 shows, the dynamic-link library (DLL) host (DLLHOST.EXE) is used to manage out-of-process ISAPI applications. Any pooled ISAPI applications running on the server run within the context of a single instance of DLLHOST.EXE. In contrast, isolated ISAPI applications run within the context of separate DLL host processes.

Figure 2-2: IIS and ISAPI application architecture.

Understanding URLs

To retrieve files from IIS servers, clients must know three things: the address of the server, where on the server the file is located, and which protocol to use to access and retrieve the file. Normally, this information is specified as a URL. URLs provide a uniform way of identifying resources that are available using Internet Protocols (IPs). The basic mechanism that makes URLs so versatile is their standard naming scheme.

URL schemes name the protocol the client will use to access and transfer the file. Clients use the name of the protocol to determine the format for the information that follows the protocol name. The protocol name is generally followed by a colon and two forward slashes. The information after the double slash marks follows a format that depends on the protocol type referenced in the URL. Here are two general formats:

protocol://hostname:port/path_to_resource

protocol://username:password@hostname:port/path_to_resource

Host name information used in URLs identifies the address to a host. Though host names can be provided in several different formats, including NetBIOS names, the most commonly used format is the fully-qualified domain name (FQDN). Common domain names for Web servers begin with www, such as https://www.microsoft.com/, which identifies the Microsoft Web Server in the commercial domain. Domains you can specify in your URLs include these:

• .com Commercial sites

• .edu Education sites

• .gov Nonmilitary government sites

• .mil Military sites

• .net Network sites

• .org Organizational sites

Port information used in URLs identifies the port number to be used for the connection. Generally, you don't have to specify port numbers in your URLs unless the connection will be made to a port other than the default. As shown in Table 2-1, port 80 is the default port for Hypertext Transfer Protocol (HTTP). Let's assume you request a URL on a server using the following URL:

https://www.microsoft.com/docs/my-yoyo.htm/

Port 80 is assumed as the default port value. On the other hand, if you wanted to make a connection to port 8080, you'd need to type in the port value, such as:

https://www.microsoft.com:8080/docs/my-yoyo.htm/

Table 2-1 Default Ports for IIS Resources

Protocol	Default Port
FTP	21
SMTP	25
HTTP	80
NNTP	119
HTTPS	443

The final part of a URL is the path to the resource. This path generally follows the directory structure from the server's home directory to the resource specified in the URL.

URLs for FTP can also contain a username and password. Username and password information allow users to log on to an FTP server using a specific user account. For example, the following URL establishes a connection to the Microsoft FTP server and logs on using a named account:

ftp://sysadmin:rad$4@ftp.microsoft.com/public/download

Here, the account logon is sysadmin, the password is rad$4, the server is ftp.microsoft.com, and the requested resource is public/download.

If a connection is made to an FTP server without specifying the username and password, the FTP client (or Web browser) will assume that the user wants to establish an anonymous session. In this case, the following default values are assumed: anonymous for username and the user's e-mail address as the password.

URLs can use uppercase and lowercase letters, the numerals 0–9, and a few special characters, including these:

• Asterisk (*)

• Dollar sign ($)

• Exclamation point (!)

• Hyphen (-)

• Parentheses (left and right)

• Period (.)

• Plus sign (+)

• Single quotation mark (')

• Underscore (_)

You are limited to these characters because other characters used in URLs have specific meanings, as shown in Table 2-2.

Table 2-2 Special Characters in URLs

Character	Meaning
:	The colon is a separator. It separates the protocol from the rest of the URL scheme, the host name from the port number, and the username from the password.
//	The double slash marks indicate that the protocol uses the format defined by the Common Internet Scheme Syntax.
/	The slash is a separator and is used to separate the path from host name and port. The slash is also used to denote the directory path to the resource named in the URL.
%	The percent sign identifies an escape code. Escape codes are used to specify special characters in URLs that otherwise have a special meaning or are not allowed.
@	The at symbol is used to separate username and/or password information from the host name in the URL.
?	The question mark is used in the URL path to specify the beginning of a query string. Query strings are passed to Common Gateway Interface (CGI) scripts. All the information following the question mark is data the user submitted and is not interpreted as part of the file path.
+	The plus sign is used in query strings as a placeholder between words. Instead of using spaces to separate words the user has entered in the query, the browser substitutes the plus sign.
=	The equal sign is used in query strings to separate the key assigned by the publisher from the value entered by the user.
&	The ampersand is used in query strings to separate multiple sets of keys and values.
^	The carat is reserved for future use.
{}	Braces are reserved for future use.
[]	Brackets are reserved for future use.

To make URLs even more versatile, you can use escape codes to specify characters in URLs that are either reserved or otherwise not allowed. Escape codes have two components: a percent sign and a numeric value. The percent sign identifies the start of an escape code. The number following the percent sign identifies the character being escaped. The escape code for a space is a percent sign followed by the numeral 20 (%20). You can use this escape code in a URL as shown in the following example:

https://www.microsoft.com/docs/my%20party%20hat.htm/

Internet Information Services Snap-In Essentials

IIS is a Microsoft Management Console snap-in for managing IIS resources in Windows domains. You'll use this tool to perform routine administration tasks, such as starting Internet services, starting individual sites, and restarting services remotely.

Note: Internet Services Manager provides a browser-based interface for managing Web and FTP resources. The tool has many of the same features as the Internet Information Services snap-in. For details on starting and using this tool, see the "Web Administration Techniques" section of Chapter 1, "Overview of Microsoft Web Services."

Starting and Using the Internet Information Services Snap-In

IIS is accessible in several locations. You can access the snap-in through a preconfigured console by clicking Start, pointing to Programs, pointing to Administrative Tools, and then selecting Internet Services Manager. Or you can access the snap-in through Computer Management. In Computer Management, click the plus sign (+) next to Services And Applications, and then select Internet Information Services.

Figure 2-3 shows the main window for the Internet Information Services snap-in. The snap-in automatically connects to local IIS installations (if available). You can connect to one or more remote computers as well. Each additional computer to which you connect has a separate node that you can use to manage its resources.

Figure 2-3: Use the Internet Information Services snap-in to manage Web, FTP, SMTP, and NNTP resources.

When you select the Internet Information Services node in the left pane, the right pane displays a summary of current computer connections. The connection summary provides the following information:

• Connection Type Type of network connection as either Transmission Control Protocol/Internet Protocol (TCP/IP) or User Datagram Protocol (UDP).

• Status Status of the computer, such as unavailable or restarting.

• Computer Name of the computer to which you are connected.

• Local States whether you are connected to a local or remote IIS installation. If the field value is set to Yes, you are connected to a local IIS installation. Otherwise, you are connected to a remote installation.

When you select a computer node in the left pane, the right pane displays an overview of IIS resources on the computer. The resource overview provides:

• Description Basic description of site or virtual server assigned through the Properties dialog box.

• State Status of the site or virtual server, such as running, stopped, paused, or unknown.

• Host Header Name Host name passed in the HTTP header to clients (if applicable).

• IP Address IP address of the site or virtual server. Incoming IP traffic is mapped by port and IP address to a specific site or virtual server instance. The value All Unassigned allows the HTTP, FTP, SMTP, or NNTP protocol to respond on all unassigned IP addresses that are configured on the server.

• Port Port number that the site or virtual server listens on. Default ports for FTP, SMTP, HTTP, and NNTP are 21, 25, 80, and 119, respectively.

• Status Additional status information for the site or virtual server.

When you access Internet Information Services through Computer Management, as shown in Figure 2-4, you'll have a slightly different display and behavior than a standard console. When first accessed, the Internet Information Services snap-in automatically connects to local IIS installations (if available). You can connect to a different computer by right-clicking the Computer Management node, selecting Connect To Another Computer, and then following the prompts.

Figure 2-4: Computer Management can be used to access Internet Information Services and Indexing Service.

Connecting To Other Servers

Most of the time, you'll manage IIS installations from your desktop system. When you do this, you'll need to establish a remote connection to the server you want to manage. The steps for establishing remote connections are as follows:

1. Start the Internet Information Services snap-in.

2. In the left pane, right-click Internet Information Services, and then select Connect. The Connect To Computer dialog box is displayed.

3. In the Computer Name field, type the name of the computer to which you want to connect, and then click OK. You can also type the server's IP address or fully qualified domain name.

Starting, Stopping, and Restarting All Internet Services

As discussed earlier in the chapter, Windows 2000 uses the INETINFO.EXE process to manage all Internet Information Services. InetInfo is able to do this because it tracks all IIS resources running on a computer and can issue commands to these resources. As an administrator, you can control InetInfo through the Internet Information Services snap-in or the IISRESET command-line utility.

If you want to start, stop, or restart all of your Internet services from within the Internet Information Services snap-in, follow these steps:

1. In the Internet Information Services snap-in, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed under "Connecting To Other Servers," and then select it.

2. Click Action and then select Restart IIS. This displays the Stop/Start/Reboot dialog box, shown in Figure 2-5.

   

   Figure 2-5: Stop, start, and restart all Internet services.

   Use the selection menu to perform the following tasks:

   • Start Internet Services Attempts to start any IIS services that are stopped.

   • Stop Internet Services Attempts to stop all IIS services that are running, paused, or in an unknown state.

   • Reboot Attempts to restart the operating system on the server, just as if you had chosen Shutdown from that system's Start menu and selected the Restart option.

   • Restart Internet Services Attempts to stop and then restart IIS services. Also attempts to resolve potential problems with runaway processes or hung applications.

3. Click OK.

The sequence of tasks for the Restart Internet Services option is important to understand. The Restart Internet Services option performs the following tasks:

1. Stops all IIS services running on the computer, including World Wide Web Publishing Service, FTP Publishing Service, NNTP service, SMTP service, and IIS Admin Service.

2. Attempts to resolve potential problems with runaway processes or hung applications by stopping all Dr. Watson (DRWTSN32.EXE), Microsoft Transaction Server (MTX.EXE), and DLL Host (DLLHOST.EXE) processes.

3. Starts all IIS services and then starts DLL hosts as necessary.

You can also use the IISRESET command-line utility to start, stop, and restart Internet services. To start any IIS services that are stopped on the local computer, type the following command:

IISRESET /START

To stop all IIS services that are running, paused, or in an unknown state on the local computer, type the following command:

IISRESET /STOP

To stop and then restart IIS services on the local computer, type the following command:

IISRESET /RESTART

You can also control IIS services on remote computers. To do this, use the following syntax:

IISRESET [COMPUTERNAME] [COMMAND]

For example, type:

IISRESET ENGSVR01 /RESTART

Table 2-3 provides a listing of all switches for the IISRESET command-line utility. Rebooting computers is covered in the "Rebooting IIS Servers" section of this chapter.

Table 2-3 IISRESET Switches Defined

Switch	Definition
/DISABLE	Disables restarting of IIS services on the local system.
/ENABLE	Enables restarting of IIS services on the local system.
/NOFORCE	Does not forcefully terminate IIS services if attempting to stop them gracefully fails.
/REBOOT	Reboots the local or designated remote computer.
/REBOOTONERROR	Reboots the computer if an error occurs when starting, stopping, or restarting IIS services.
/RESTART	Stops and then restarts all IIS services. Attempts to resolve potential problems with runaway processes or hung applications.
/START	Starts all IIS services that are stopped.
/STATUS	Displays the status of all IIS services.
/STOP	Stops all IIS services that are running, paused, or in an unknown state.
/TIMEOUT:val	Specifies the time-out value (in seconds) to wait for a successful stop of IIS services. On expiration of this time-out, the computer can be rebooted if the /REBOOTONERROR parameter is specified. With /STOP and /RESTART, an error is issued. The default value is 20 seconds for restart, 60 seconds for stop, and 0 seconds for reboot.

Starting, Stopping, and Pausing Individual Resources

You can control individual sites and virtual servers much like you do other server resources. For example, if you are changing the configuration of a site or performing other maintenance tasks, you may need to stop the site, make the changes, and then restart it. When a site is stopped, the site doesn't accept connections from users and cannot be used.

An alternative to stopping a site or virtual server is to pause it. Pausing a resource prevents new client connections but doesn't disconnect current connections. When you pause a site or virtual server, active clients can continue to retrieve documents, work with messages, and perform other tasks. No new connections are accepted, however.

To start, stop, or pause a site or virtual server, complete the following steps:

1. Start the Internet Information Services snap-in.

2. In the left pane, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed under "Connecting To Other Servers," and then select it.

   Right-click the site or virtual server you want to manage. You can now do the following:

   • Select Start to start the site or virtual server.

   • Select Stop to stop the site or virtual server.

   • Select Pause to pause the site or virtual server. After you pause a site or virtual server, click Pause again when you want to resume normal operations.

Note: Groups of sites or virtual servers running under the same IIS service are controlled through their master process. For example, the master process for all virtual Web servers running on a computer is the World Wide Web Publishing Service. Stopping this service stops all Web sites using the process, and all connections to these sites are disconnected immediately. Starting this service restarts all Web sites that were running when the World Wide Web Publishing Service was stopped. To learn how to control IIS services, see the "Managing IIS Services" section of this chapter.

Rebooting IIS Servers

The Internet Information Services snap-in and IISRESET utility have extensions that allow you to reboot local and remote computers. To use these extensions, you must have installed IIS on the computer and you must be a member of a group that has the appropriate user rights. To reboot a local system, you must have the right to shut down the system. To reboot a remote system, you must have the right to force shutdown from a remote system. You should only reboot an IIS server if the restart IIS procedure fails.

You reboot an IIS server with the snap-in by completing the following tasks:

1. In the Internet Information Services snap-in, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed in the "Connecting To Other Servers" section of this chapter, and then select it.

2. Click Action and then select Restart IIS. This displays the Stop/Start/Reboot dialog box, shown previously in Figure 2-5.

3. Choose the Reboot option on the selection menu and then click OK.

4. A system shutdown message is sent to the target computer. This message explains that the computer is being shut down in 30 seconds. After completing the shutdown process, the system will reboot.

To reboot a computer using IISRESET, type the following command:

IISRESET [COMPUTERNAME] /REBOOT

For example, type:

IISRESET ENGSVR01 /REBOOT

If users are performing tasks that need to be exited gracefully, you should set a time-out value for services and processes to be stopped. By default, the time-out is 0 seconds, which forces immediate shutdown and tells Windows 2000 not to wait for services to be shut down gracefully. You could set a time-out value of 60 seconds when rebooting engsvr01 as follows:

IISRESET ENGSVR01 /REBOOT /TIMEOUT:60

Managing IIS Services

Each IIS server in the organization relies on a set of services for publishing pages, transferring files, and more. To manage IIS services, you'll use the Services node in the Computer Management console, which is started as follows:

1. Choose Start, point to Programs, point to Administrative Tools, and then select Computer Management.

2. Right-click the Computer Management entry in the console tree and, from the shortcut menu, select Connect To Another Computer. You can now choose the IIS server whose services you want to manage.

3. Expand the System Tools node by clicking the plus sign (+) next to it, and then choose Services.

Figure 2-6 shows the Services view in the Computer Management console. The key fields of this dialog box are used as follows:

• Name The name of the service.

• Description A short description of the service and its purpose.

• Status The status of the service as started, paused, or stopped. (Stopped is indicated by a blank entry.)

• Startup Type The startup setting for the service.

  

  Figure 2-6: Use the Services node to manage IIS services.

  Note: Automatic services are started at bootup. Manual services are started by users or other services. Disabled services are turned off and cannot be started.

• Log On As The account the service logs on as. The default in most cases is the local system account.

Core IIS Services

Table 2-4 provides a summary of services essential to normal IIS operations. Note that the services available on a particular IIS server depend on its configuration. Still, this is the core set of services that you'll find on most IIS servers.

Table 2-4 Core IIS Services

Name	Description
Event Log	Logs event informational, warning, and error messages issued by IIS and other applications
FTP Publishing Service	Provides services for transferring files using FTP and also allows administration of an FTP server
IIS Admin Service	Allows administration of IIS through the Internet Information Services snap-in
Indexing Service	Indexes the contents and properties of files, providing quick access to files through a flexible query language
Network News Transport Protocol (NNTP)	Provides network news services and allows administration of NNTP servers through the Internet Information Services snap-in
Simple Mail Transfer Protocol (SMTP)	Provides mail transfer services and allows administration of SMTP sites through the Internet Information Services snap-in
World Wide Web Publishing Service	Provides services for transferring files using HTTP, and also allows administration of an HTTP server

Starting, Stopping, and Pausing IIS Services

As an administrator, you'll often have to start, stop, or pause IIS services. IIS services are managed through the Computer Management console or through the Services utility. When you manage IIS services at this level, you are controlling all sites or virtual servers that use the service. For example, if a computer publishes three Web sites and you stop the World Wide Web Publishing Service, all three Web sites are stopped and are inaccessible.

To start, stop, or pause services in the Computer Management console, follow these steps:

1. Right-click the Computer Management entry in the console tree and, from the shortcut menu, select Connect To Another Computer. You can now choose the IIS server whose services you want to manage.

2. Expand the System Tools node by clicking the plus sign (+) next to it, and then choose Services.

3. Right-click the service you want to manipulate, and then select Start, Stop, or Pause as appropriate. You can also choose Restart to have Windows stop and then start the service after a brief pause. Additionally, if you paused a service, you can use the Resume option to resume normal operation.

Tip When services that are set to Start automatically fail, the status is listed as blank, and you'll usually receive notification in a pop-up dialog box. Service failures can also be logged to the system's event logs. In Windows 2000, you can configure actions to handle service failure automatically. For example, you could have Windows 2000 attempt to restart the service for you. See the "Configuring Service Recovery" section of this chapter for details.

Configuring Service Startup

Essential IIS services are configured to start automatically and normally shouldn't be configured with another startup option. That said, if you are troubleshooting a problem, you might want to start a service manually. You may also want to disable a service so that its related virtual servers don't start. For example, if you move an SMTP virtual server to a new server, you may want to disable the SMTP service on the original IIS server. In this way, the SMTP service isn't used but could be turned on if necessary (without having to re-install SMTP support).

Configure service startup as follows:

1. In the Computer Management console, connect to the IIS server whose services you want to manage.

2. Expand the Services And Applications node by clicking the plus sign (+) next to it, and then select Services.

3. Right-click the service you want to configure, and then choose Properties.

4. In the General tab, use the Startup Type selection list to choose a startup option, as shown in Figure 2-7. Select Automatic to start services at bootup. Select Manual to allow the services to be started manually. Select Disabled to turn off the service.

5. Click OK.

Figure 2-7: For troubleshooting, you may want to change the service startup option.

Configuring Service Recovery

Windows services can be configured to take specific actions when a service fails. For example, you could attempt to restart the service or reboot the server. To configure recovery options for a service, follow these steps:

1. From the Computer Management console, connect to the computer whose services you want to manage.

2. Expand the Services And Applications node by clicking the plus sign (+) next to it, and then select Services.

3. Right-click the service you want to configure, and then choose Properties.

   Select the Recovery tab, as shown in Figure 2-8. You can now configure recovery options for the first, second, and subsequent recovery attempts. The available options are:

   • Take No Action

   • Restart The Service

   • Run A File

   • Reboot The Computer

4. Configure other options based on your previously selected recovery options. If you elected to restart the service, you'll need to specify the restart delay. After stopping the service, Windows 2000 waits for the specified delay before trying to start the service. In most cases, a delay of 1–2 minutes should be sufficient.

   

   Figure 2-8: Services can be configured to automatically recover in case of failure.

5. Click OK.

When you configure recovery options for critical services, you may want Windows 2000 to try to restart the service on the first and second attempts and then reboot the server on the third attempt.

Configuring IIS Backup and Recovery

The sections that follow address techniques you can use to back up and recover IIS servers. These are the most important operations you'll perform as a Web administrator.

Storing a Server's Configuration

When you back up an IIS server, you need to look at the IIS configuration as well as the system configuration. This means you must:

1. Save the IIS configuration to a metadata file anytime you change the properties of the IIS installation, and maintain several configuration backups as an extra precaution.

2. Periodically back up the server using a comprehensive backup procedure, such as the one outlined in Chapter 14, "Data Backup and Recovery," of the Windows 2000 Administrator's Pocket Consultant.

Backing up an IIS server using this technique gives you several recovery options:

• Recover the IIS configuration settings for sites and virtual servers using the IIS configuration backup you've created.

• Recover a corrupted IIS installation by re-installing IIS and recovering the last working IIS configuration.

• Restore the server, its data files, and its IIS configuration by recovering the system from archives.

• Perform a partial server restore to retrieve missing or corrupted files from archives.

IIS configuration backups contain metadata that describes the configuration settings used by Internet sites and virtual servers. IIS uses the metadata to restore values for all resource properties, including security settings, virtual directory options, and ISAPI application configurations. IIS also uses this information to maintain the run state of sites and virtual servers. So, if you save the IIS configuration and then restore the configuration at a later date, the IIS configuration settings are restored and the IIS resources are returned to their original state (running, paused, stopped, and so on) as well.

I recommend that you create an IIS configuration backup every time you make IIS configuration changes and before you make major changes that affect the availability of resources. IIS configuration backups are saved with the .md0 file extension in the %SystemRoot%\system32\intsrv\MetaBack directory. Md0 indicates that the file contains metadata. The typical backup file is smaller than 200 KB.

IIS configuration backups can help you in many situations. You can use them to

• Recover deleted resources References to all site and virtual server instances running on the server are stored with the configuration backup. If you delete a site or virtual server, you can restore the necessary resource references.

• Restore site or server properties All configuration settings of sites and virtual servers are stored in the configuration backup. If you change properties, you can recover the previous IIS settings from backup.

• Recover ISAPI application configuration ISAPI application settings, including App Mappings, App Options, Process Options, and App Debugging, are stored with the configuration backup. If you change the ISAPI application settings, you can recover the ISAPI application configuration.

• Recover Web and FTP master service properties Master service properties and other top-level IIS settings are stored in configuration backups. This means you can recover default settings for new Web and FTP sites, bandwidth throttling settings, and Multipurpose Internet Mail Extensions (MIME)-type mappings. You cannot, however, recover master properties for server extensions.

• Rebuild a damaged IIS installation If the IIS installation gets corrupted and you cannot repair it through normal means, you can rebuild the IIS installation. You do this by uninstalling IIS, re-installing IIS, and then using the configuration backup to restore the IIS settings. See the "Rebuilding Corrupted IIS Installations" section of this chapter for details.

If you were to open a backup file in a text editor, you would find that it contains metabase keys and paths that are specific to the current server installation. The significance of this is that the metabase keys and paths allow you to restore IIS settings in the Windows registry without having to manipulate the registry directly. Registry settings are machine- and instance-specific. This means you cannot restore configuration settings to other machines and you cannot restore configuration settings after re-installing the operating system.

Creating IIS Configuration Backups

Each IIS server has a configuration that must be backed up to ensure that IIS can be recovered in case of problems. To back up the IIS configuration, follow these steps:

1. In the Internet Information Services snap-in, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed under "Connecting To Other Servers," and then select it.

2. Click Action and then select Backup/Restore Configuration. This displays the Configuration Backup/Restore dialog box, shown in Figure 2-9.

   

   Figure 2-9: Use Configuration Backup/Restore to create, restore, and delete IIS configuration backups.

3. Click Create Backup, select a name for your backup file, and then click OK. IIS creates the backup file. By default, this file is stored in the %SystemRoot%\System32\Inetsrv\MetaBack directory.

4. Click Close.

Restoring IIS from Backup Configurations

You can restore IIS from backup configuration files. When you do this, the previous property settings and state are restored. Recovering the configuration won't repair a corrupted IIS installation. To repair a corrupted installation, you should follow the technique outlined in the "Rebuilding Corrupted IIS Installations" section of this chapter.

Restoring IIS from a backup configuration causes Windows 2000 to stop and then restart IIS services. Once you've notified users that IIS resources will be unavailable for several minutes, you can restore the IIS configuration by completing the following steps:

1. In the Internet Information Services snap-in, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed under "Connecting To Other Servers," and then select it.

2. Click Action and then select Backup/Restore Configuration. This displays the Configuration Backup/Restore dialog box shown in Figure 2-9.

3. The Backups panel shows the configuration backups that are available for the computer. Select a backup file and then click Restore. When asked whether or not you'd like to restore your configuration settings, click Yes.

Rebuilding Corrupted IIS Installations

A corrupt IIS installation can cause problems with your IIS sites and virtual servers. Resources may not run. IIS may not respond to commands. IIS may freeze intermittently. To correct these problems, you may need to rebuild the IIS installation. Rebuilding the IIS installation is a lengthy process that requires a complete outage of IIS sites and virtual servers. The outage can last from 5–15 minutes, or more.

Caution: IIS configuration backups are machine- and instance-specific. You cannot restore configuration settings to other machines and you cannot restore configuration settings after re-installing the operating system.

You rebuild a corrupt IIS installation by completing the following steps:

1. Log on locally to the computer on which you want to rebuild IIS. Make sure you use an account with Administrator privileges.

2. Click Start, point to Settings, and then click Control Panel.

3. Double-click Add/Remove Programs. This displays the Add/Remove Programs dialog box.

4. Start the Windows Components Wizard by clicking Add/Remove Windows Components.

5. In the Components list, clear the Internet Information Services check box, and then click Next. After Setup makes the configuration changes you requested, click Next again, and then click Finish.

6. In the Add/Remove Programs dialog box, click Add/Remove Components. This restarts the Windows Component Wizard.

7. Re-install IIS by selecting the Internet Information Services check box. If necessary, click Details, and then select IIS subcomponents.

8. When you are ready to continue, click Next. After Setup re-installs IIS, click Next again, and then click Finish.

9. Click Close to close the Add/Remove Programs dialog box, and then start the Internet Information Services snap-in.

10. In the Internet Information Services snap-in, right-click the local computer entry in the left pane, and then select Backup/Restore Configuration.

11. In the Configuration Backup dialog box, select the backup file that contains the correct IIS settings, and then click Restore.

12. When prompted, select Yes to confirm your decision to restore the IIS settings. After the IIS configuration has been restored, click Close to return to the Internet Information Services snap-in.

Deleting Backup Configurations

Over time, you'll gather quite a collection of IIS configuration backups. If you find that you don't need old backups anymore, you can delete them using the Configuration Backup dialog box. To do this, complete the following steps:

1. In the Internet Information Services snap-in, select the icon for the computer you want to work with. If the computer isn't shown, connect to it as discussed under "Connecting To Other Servers," and then select it.

2. Click Action and then select Backup/Restore Configuration.

   The Backups panel shows the configuration backups that are available for the computer. Select the backup file or files you want to delete, and then click Delete. When asked whether or not you'd like to delete the files, click Yes.

   The backup files are permanently deleted. You cannot recover the files from the Recycle Bin.

Click to order