Login :: Register
General Topics
HostedbyMaximumASP170x35
2005 IIS MVPs
Other IIS Sites
Microsoft Sites
Subscribe to the IIS Answers Newsletter  Subscribe to the IIS Answers Newsletter 

Subscribe to one of the best sources of information about IIS on the net. Written by Brett Hill, IIS MVP and Steve Schofield ASP.net MVP with a lot of help from the IIS community, the weekly newsletter contains useful tips, the latest news, and links of interest to those who administer IIS and related technologies. You'll recieve no spam and it's free. You can find more information and archives at http://www.iisanswers.com/newsletter Also available in RSS at http://lyris.iislists.com/read/rss?forum=iisanswers&rev=0.92

Subscribe

IIS FAQ Recent Articles and News

Current Articles | Categories | Search | Syndication

Wednesday, May 24, 2006
www.iis.net
By Bernard Cheah (Bernard) @ 1:46 AM :: IISFAQ Front Page :: 7 Comments :: 10020 Views

A brand new IIS community portal by Microsoft, try it out @ www.iis.net

Tuesday, March 28, 2006
Real World IIS Debugging Series
By Brett Hill (brett) @ 12:10 PM :: IISFAQ Front Page :: 6 Comments :: 8764 Views

www.iiswebcastseries.com

 The IIS Webcast Series team is very happy to inform everyone about this week’s very cool presentations that will be happening this week.  The series is very happy to have back the talented engineers from the Microsoft.com Operations Debug Team to drill-down on the very technical topic of “Debugging in the Real-World.”

 Week-long Series:  Microsoft.com Operations Introdces Real World Debugging

  •    Monday, March 27th:  Determining When you have a Problem and Beginning the Initial Debugging
       Tuesday, March 28th:  Debugging CLR Internals
  •    Wednesday, March 29th:   Diagnosing Memory Leaks in ASP.NET Applications
  •    Thursday, March 30th:  How to Tackle Problems in Dynamically Generated Assemblies
  •    Friday, March 31st:  Debugging Without the Debugger in IIS and ASP.NET

 IIS 6.0 & Windows Server 2003 R2

  •    Tuesday, March 28th:  Rapid Deployment of Large Sharepoint Intranets and Extranets on IIS 6.0
  •    Thursday, March 30th:  Efficient Deployment and Management of ASP.NET 2.0 Applications on IIS 6.0
Wednesday, November 09, 2005
MSCOM Ops Webcast Week
By Brett Hill (brett) @ 5:09 PM :: IISFAQ Front Page :: 17 Comments :: 9110 Views

Learn IIS 6 Best Practices
Let the experts who keep www.Microsoft.com up and running, teach you their IIS 6 tricks in a five-part webcast series Nov 7-11

 

In the Events section (as well as in the Web Seminar section) box it will say,

 

MSCOM Ops Webcast Week

MSCOM Ops wants to show you how they run IIS 6 to keep www.Microsoft.com the most reliable site on the Web.  The MSCOM Ops Webcast Week is a 5 day webcast series from Nov 7-11 that will cover IIS 6 Best Practices for a full range of topics including – High Availability Architecture, Configuration Management of Web Farms, Change & Release Management Strategies, Monitoring & Management of Enterprise Platforms, and Troubleshooting & Debugging Web Hosting Environments.  Register at http://www.microsoft.com/windowsserver2003/iis/support/webcasts.mspx.

 

Monday, June 06, 2005
Server Performance Advisor from Microsoft
By Brett Hill (brett) @ 1:49 PM :: IISFAQ Front Page :: 7 Comments :: 10193 Views

Have you seen this? It's really worth checking out.

http://www.microsoft.com/downloads/details.aspx?FamilyID=61a41d78-e4aa-47b9-901b-cf85da075a73&displaylang=en

-brett

Thursday, May 05, 2005
IIS Request Processing Graphic
By Brett Hill (brett) @ 9:27 PM :: IISFAQ Front Page :: 5 Comments :: 9820 Views

Very nice flow diagram of a request moving the IIS.

http://www.adopenstatic.com/faq/IISRequestProcessing.aspx.

Thanks to Raymon at Micron for the link.

-brett

Sunday, May 01, 2005
Brettblog
By Brett Hill (brett) @ 4:03 AM :: IISFAQ Front Page :: 4 Comments :: 8538 Views

FYI: I've opened a blog at IISanswers.com. You can find it at http://iisanswers.com/brettblog

-brett

Tuesday, April 26, 2005
IIS WebCasts Consolidated
By Brett Hill (brett) @ 11:50 AM :: IISFAQ Front Page :: 5 Comments :: 9116 Views

You can find the IIS webcasts now in one place: www.iiswebcastseries.com . You'll find these an incredible resource with hard to find details about important topics. Check it out.

-brett

 

Wednesday, April 20, 2005
IIS 7 Details
By Brett Hill (brett) @ 11:48 AM :: IISFAQ Front Page :: 4 Comments :: 10676 Views

If your're intrested in IIS 7 details, see http://blog.coryisakson.com/.

-brett hill

 

Thursday, March 31, 2005
Windows 2003 SP1 is Released
By Brett Hill (brett) @ 12:17 PM :: IISFAQ Front Page :: 10 Comments :: 10840 Views

Today, Windows Server 2003 SP1 is released. IIS is impacted in significant ways. Metabase auditing is part of the update. Also included is SSL for terminal services, which is often used to manage IIS server remotely. Additionally, and most importantly, are the event tracing capabilities. This are multiple steps involved, but you will want to check it out as this is a very poweful diagnostic tool.

http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032268450&Culture=en-US

Also, be sure you make a backup of your httperr(x).log files as the log file format will change. With a registry edit, you can add the Applicaiton Pool name to the log - very useful.

-brett

Sunday, March 20, 2005
Recent outage
By Brett Hill (brett) @ 10:26 PM :: IISFAQ Front Page :: 7 Comments :: 9244 Views

Due to moving to Redmond from Boulder, there have been problems with IISlists.com, IISAnswers.com, and IISFaq.com. The servers are back online now and I apologize for any inconvenience.

-brett hill

 

Tuesday, February 01, 2005
IIS Mini Quiz
By Bernard Cheah (Bernard) @ 9:40 PM :: IISFAQ Front Page :: 7 Comments :: 9035 Views

Dare to take a mini IIS quiz from the IIS Product team? you might stand a chance to win something :)
Click here for more detail...
-------------------

Update: 21/2/05
The IIS team has removed the posting at their blog site http://weblogs.asp.net/iishints, hope you had win something :)  For those who missed it, here's the question list at my blog.

Saturday, January 29, 2005
Update to Web Folders allows HTTPS
By Brett Hill (brett) @ 2:31 PM :: IISFAQ Front Page :: 3 Comments :: 10819 Views

Microsoft has released an update to “web folders” for all OSs. It fixes a couple of problems as detailed in http://support.microsoft.com/default.aspx?scid=kb;en-us;892211. In addition, the update provides SSL and unspecified “security enhancements”. Don't you love it when the enhancements are so good they are worth mentioning but not good enough to say what they are? That aside, providing SSL with web folders is a big deal as that has not been available when using XP and 2003 Server and the web client service (ie, not a web folder created with IE). The full story on Web Folders and WebDAV/FPSE is a long one but this update does help to unravel the problem by providing equivalent functionality across all platforms.

http://www.microsoft.com/downloads/details.aspx?FamilyID=17C36612-632E-4C04-9382-987622ED1D64&displaylang=en

-brett

Friday, January 28, 2005
MySQL worm hits
By Brett Hill (brett) @ 9:06 PM :: Security Bulletins :: 2 Comments :: 9238 Views

A worm that attacks MySQL installations, which includes a great many IIS servers, has been discovered. http://it.slashdot.org/article.pl?sid=05/01/27/1546222&from=rss for a place to start.

-brett

 

Wednesday, January 19, 2005
Log Parser 2.2 finally released
By Brett Hill (brett) @ 11:12 PM :: IISFAQ Front Page :: 2 Comments :: 9833 Views

The long awaited, much heralded release of Log Parser 2.2 has arrived. Get it and be amazed.

http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en

-brett

Friday, December 24, 2004
Installing PHP on IIS
By Brett Hill (brett) @ 2:17 PM :: IISFAQ Front Page :: 6 Comments :: 11505 Views

The topic of installing PHP on IIS came up on our bulletin board and one post included a link to this “how to” article on installing PHP on IIS. It could come in handy for those intrested in using PHP with IIS.

http://www.peterguy.com/php/install_IIS6.txt

 

Friday, December 17, 2004
IIS 6 Management system released with source code.
By Brett Hill (brett) @ 5:57 PM :: IISFAQ Front Page :: 4 Comments :: 11960 Views

DiIWM (Di IIs Web Manager) is a web application written in VB.NET to manage IIS6.0. Both WMI and ADSI is used. DiIWM can connect and manage local and remote IIS. DiIWM also provides an assembly (Di) written in C# to manage IIS6.0.

Development Status: 4 - Beta

Tuesday, November 16, 2004
New Microsoft Web Hosting Tools Released
By Brett Hill (brett) @ 12:11 PM :: Tools :: 0 Comments :: 10304 Views

Microsoft has released Version 3.0 of its web hosting tools. You have to be a member of the hosting program to access the tools. This and other tools to come in the area are part of an effort by Microsoft to more effectively support IIS as a web hosting platform.

http://www.microsoft.com/serviceproviders/hosting/default.asp

Monday, November 15, 2004
IIS 6 Peformance Paper - Worth the read
By Brett Hill (brett) @ 9:40 PM :: IISFAQ Front Page :: 1 Comments :: 10919 Views

Papers from Microsoft are often hit and miss. Some are stellar and some are overbroad overviews filled with marketing jargon. This one, however, is well worth the read. He's an excerpt from Web and Application Server Infrastructure - Performance and Scalability http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/iis6perf.mspx

COM+ General

With the new IIS 6.0 architecture, it is important to question some of the existing guidelines where COM+ is concerned. A major consideration is that, before Windows Server 2003, COM+ application components were configured (by default) to run out-of-processes from the caller. The default for COM+ applications is for them to run as Server Applications, executing in a DLLHost.exe process called into from the object instantiate, or over DCOM.

The performance downside of doing this for every method call, is that there are extra threads running on the system, and every call to a method must be marshaled across process boundaries. This is not noticeable on a small implementation with low request/transaction rates, but on a high volume, large multiprocessor, this kind of overhead can greatly decrease the overall scalability of the system.

Therefore, on Windows Server 2003, it is best to change the default configuration for a COM+ Server Application to Library Application to aid scalability of the calling per use of that application

Wednesday, November 03, 2004
Dept of Homeland Security "Significanlty Deficient"
By Brett Hill (brett) @ 11:46 AM :: IISFAQ Front Page :: 10 Comments :: 9410 Views

This bulletin from the SANS security newsletter. Aren't these guys supposed to show the way?

-brett

--DHS Security Audit Finds Problems

(28 October 2004)

The Homeland Security Department's inspector general has released a report detailing the results of a security audit conducted in accordance with the Federal Information Security Management Act. The report says that while DHS has made some improvements, "[w]e recommend that DHS continue to consider its information systems security program a significant deficiency." Of significant concern is the CIO's lack of authority to manage department-wide information technology programs and spending.

http://www.fcw.com/fcw/articles/2004/1025/web-dhsig-10-28-04.asp


Passphrase rather than passwords
By Brett Hill (brett) @ 9:46 AM :: IISFAQ Front Page :: 2 Comments :: 9313 Views

For almost 2 years, I've been lecurting about using passphrases instead of passwords. This is not my idea, I picked it up from some Microsoft guys and now there are some good articles coming out about it. Check out:

http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint091004.mspx

http://www.microsoft.com/technet/security/secnews/articles/itproviewpoint100504.mspx

Monday, October 18, 2004
Download IISLogs Lite version available (Free version)
By Steve Schofield (steve) @ 3:38 PM :: Custom Articles :: 2 Comments :: 11539 Views

IISLogs is excited to announce the release of IISLogs Lite version. This is a free stand-alone EXE that will ZIP and/or Delete original log files for one specific directory (I.E. -- C:\Windows\System32\Logfiles\W3svc1).  Other features include using IISLogsGUI for configuration, email reporting, alternative file ZIP file location and more.   IISLogs Lite is the same technology used in our full product line.  IISLogs Lite is perfect for someone who has a single domain or evaluating IISLogs ZIP capabilities.  IISLogs Lite can be deployed in a production environment, also can be deployed to more than one machine.  We ask however that only one instance is installed per machine; this is the only licensing restriction.  Feel free to email info@iislogs.com with any questions about IISLogs Lite.


Download IISLogs Lite version
http://iislogs.com/forum/eval2.aspx

Setup & Configuration of  IISLogs Lite version
http://www.iislogs.com/help/configure_iislogs_lite_version.htm

IISLogs Discussion Board
http://www.iislogs.com/forum/default.aspx?f=12

Wednesday, October 13, 2004
*** SECURITY ALERT ***
By Bernard Cheah (Bernard) @ 1:10 AM :: Security Bulletins :: 0 Comments :: 9855 Views

It's patch day again, October security bulletin is out ! few are directly related to IIS:
MS04-030 - Affected components: WebDAV
                 IIS versions:
IIS5.0, IIS5.1 and IIS6.0
                 XP Pro SP2 (IIS5.1) not affected.
  

MS04-035 - Affected components: SMTP
                 IIS versions:
IIS6.0
                 W2K (IIS 5.0) and NT4.0 (IIS4.0) are not affected, however the vulnerability will exists if you deploy Microsoft Exchange Server 2003 Routing Engine component on Windows Server 2000.
   
MS04-036 - Affected components: NNTP
                 IIS versions:
IIS4.0, IIS5.0 and IIS6.0
                 W2k Pro (IIS5.0) and XP Pro (IIS5.1) are not affected as NNTP component is not available.

Wednesday, October 06, 2004
*** SECURITY ALERT ***
By Brett Hill (brett) @ 1:49 PM :: Security Bulletins :: 0 Comments :: 9485 Views

************************

* IIS Answers Bulletin

* Update on ASP.net vulnerability
* Immediate action required

**************************

Information in this bulletin was posted to the IISlists by:
Scott Forsyth
Microsoft MVP - ASP/ASP.NET
ASPInsider Member - MCP
http://www.orcsweb.com/

**************************
Microsoft just released a server-wide fix now. For anyone that hasn't applied the global.asax fix or that has a whole server to patch, this is your solution.

http://www.microsoft.com/security/incident/aspnet.mspx

The install is quick and easy. It will add a http module to the GAC and add a reference to it in machine.config. No reboot is required and it's almost always less than 10 seconds to install. Since there is a change to machine.config, your InProc session variables will be lost during the install but other than that it's virtually seamless. It will update all version of ASP.NET on the server that it is installed on.

As with the other fix, it should be installed on all operating systems.

Tuesday, September 28, 2004
Troubleshooting IIS SMTP
By Bernard Cheah (Bernard) @ 2:53 AM :: IISFAQ Front Page :: 2 Comments :: 21712 Views

If you have been using IIS SMTP, you will notice that it is actually quite hard to troubleshoot SMTP related issues. Ranging from event id 4000, to mail stuck in pickup, queue and bad mail folders. Normally, I would suggest users to try the following:
XFOR: How to Test Outbound Mail Flow With a File in the Pickup Folder
http://support.microsoft.com/?id=297700

The above simply test the basic function of SMTP. Just create a plain text file with the specified format. If SMTP is working, the mail will be delivered. Now, normally when mails get stuck in the server, it is mostly due to DNS issue. Meaning the SMTP component can't resolve the recipient's email domain MX record....

Read More..
Monday, September 20, 2004
30,000 Zombie PC's created daily
By Brett Hill (brett) @ 6:36 PM :: IISFAQ Front Page :: 2 Comments :: 9078 Views

Thousands of zombie PCs created daily

 
17:19 20 September 04
NewScientist.com news service
 

The rate at which persoal computers are being hijacked by hackers rocketed in the first half of 2004, reveals a new report. An average of 30,000 computers per day were turned into enslaved “zombies”, compared with just 2000 per day in 2003.

http://www.newscientist.com/news/news.jsp?id=ns99996420

Wednesday, September 01, 2004
Microsoft Releases Port Reporter Tool
By Brett Hill (brett) @ 1:08 PM :: IISFAQ Front Page :: 3 Comments :: 10261 Views

Microsoft has released yet another in a series of useful tools. The Port Reporter Tool runs as a service on XP, 2000, and 2003 and logs TCP and UPD activity. This log could be quite useful for studies, foresnics, troubleshooting, and intrusion detection. Check it out.

http://support.microsoft.com/default.aspx?scid=kb;en-us;837243

Tuesday, August 31, 2004
Microsoft releases Authentication Diagnostics Tool
By Brett Hill (brett) @ 6:42 PM :: IISFAQ Front Page :: 1 Comments :: 11801 Views

Security problems relating to authentication and access control problems are costing Microsoft customers a lot of time and money.  The product group took that action from their meetings and embarked on building a tool that will help aid our customer’s in resolving these problems much faster.

The Authentication and Access Control Diagnostics (AuthDiag) tool offers many IIS administrators and developers the ability to determine why authentication (native to IIS – not forms based) is failing or why access checks are returning failure result.

Read More..
Monday, August 30, 2004
Complete Walkthrough of the IIS Lockdown Tool
By Brett Hill (brett) @ 12:20 AM :: Custom Articles :: 3 Comments :: 11755 Views

This is actually a section from a module of the IIS 5 FastTrack Training found at www.iistraining.com. In this paper, you will find the complete details about the actions of the IIS Lockdown tool, what it does and doesn't do including undocumented details. It includes tips on how to use the tool, troubleshoot, and reverse actions without having to completely undo the tool. There are a lot of misconceptions about the IIS Lockdown tool that this paper will hopefully clarifly.

You'll find it a http://www.iisanswers.com/articles/IIS_Lockdown/IISLockdown.htm

Wednesday, August 25, 2004
A Very Brief History of Internal IIS Compression
By Brett Hill (brett) @ 6:42 PM :: IISFAQ Front Page :: 7 Comments :: 14122 Views

Tad Fleshman from Port80 software (makers of serveral useful IIS utilities) recently posted this article to the IIS 5 discussion list (iislists.com). Considering that Port80 is deeply involved with compression technology, it is no surprise to find Tad's summary concise and to the point with some good tips for any IIS admin considering compression.

Read More..
Thursday, August 19, 2004
Announcing IISLogs Beta Program - The 1st managed solution for IISLogs!
By Steve Schofield (steve) @ 11:45 PM :: Custom Articles :: 3 Comments :: 10478 Views

IISLogs Beta Component is Released
Http://iislogs.com

Steve Schofield (ASP.Net MVP, IISAnswers newsletter co-editor, formerly of ASPFree.com fame) has launched http://iislogs.com.  IISLogs is a component 100% written using the Microsoft .NET Framework. It's developed to help effectively manage all log files related to Microsoft Internet Information Server 5.0 and 6.0. No more writing and supporting your own custom scripts. Never worry about managing your logfiles again! 

There are two products to chose from, (Stand-alone EXE or A Windows Service version).  IISLogs is developed to automatically compress, copy and remove log files on a scheduled basis.  In keeping with best practices for a secure IIS server, IISLogs by default runs in a low privileged account (LOCAL SERVICE) and does NOT require administrative privileges!  Very easy to configure, get started recovering disk space today!  Download evaluation copy today. As a service to IISFAQ readers, you can join the beta program!

Tuesday, August 10, 2004
Foundstone Releases SSL Analysis Tool - SSLDigger
By Brett Hill (brett) @ 6:01 PM :: Tools :: 0 Comments :: 10406 Views

While most Web-dependent organizations use SSL (secure socket layer), many mistakenly believe their Web applications and data are more secure than they really are. Not all SSL ciphers protect data equally, and many IT organizations have not improved their SSL quality despite the availability of higher standards developed over the years.

http://www.foundstone.com/index.htm?subnav=services/navigation.htm&subcontent=/services/overview_s3i_des.htm


Cross Scripting Attack fixed for Outlook Web Access 5.5
By Brett Hill (brett) @ 3:28 PM :: Security Bulletins :: 0 Comments :: 10507 Views
Microsoft announced a fix for a cross scripting attack that could potentially yield the user's security context to an attacker. The vulnerability affects Exchange 5.5 on IIS 4 or IIS 5.  Exchange 2000 or 2003 is not affected. See http://www.microsoft.com/technet/security/bulletin/MS04-026.mspx for details.
Monday, August 09, 2004
IIS WebCasts - August 2004
By Bernard Cheah (Bernard) @ 11:06 PM :: IISFAQ Front Page :: 8 Comments :: 9966 Views

UrlScan 2.5 and IIS 6.0 (Level 200)
Wednesday, August 11, 2004 11:30 AM - Wednesday, August 11, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
The UrlScan security tool goes hand-in-hand with IIS 4.0, 5.0, and 5.1, but how does the latest version of the tool apply to IIS 6.0? Join this webcast and find out!

Effectively Using IIS Diagnostics Tools (Level 200)
Wednesday, August 18, 2004 11:30 AM - Wednesday, August 18, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
Enhance your ability to diagnose and troubleshoot problems within the IIS core server by using several versatile tools developed by the IIS team. SSLDiag, AuthDiag, IIS Debug Toolkit, and WFetch can save administrators hours of painful research and diagnostics work.

Using AuthDiag to Diagnose Problems with Authentication and Authorization in IIS (Level 200)
Wednesday, August 25, 2004 11:30 AM - Wednesday, August 25, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
Learn how to use the Authentication and Access Control (AuthDiag) tool to help simplify the diagnostic process for logon failures and "Access Denied" errors (401.1 and 401.3) on servers running IIS version 4.0, 5.0, 5.1, or 6.0.

Thursday, July 29, 2004
IIS 6.0 Migration Tool V1.1
By Bernard Cheah (Bernard) @ 3:30 AM :: Tools :: 8 Comments :: 12280 Views
Microsoft just released an updated version of IIS 6.0 Migration tool - version 1.1. Previous version 1.0 was released at 24th April bundled in IIS 6.0 Reskit Tool.

Source: Bernard Cheah's IIS
Blog
Monday, July 26, 2004
IIS and ASP.net Application Extensions
By Brett Hill (brett) @ 12:46 PM :: Custom Articles :: 1 Comments :: 18992 Views
When you look at the application mappings on an IIS server, it is not obvious what functions the extensions server. Nevertheless, it is a “best practice” to remove the extensions that you do not require.

In particular when ASP.net is installed, the .net application mappings are added to IIS presuming the web server is being used for application development. The function of ASP.net file extensions are not obvious and it is quite a task to figure out what each of them do. You will want to remove most of the extensions on a productions server.

Use this list to guide your selection. If you aren't sure if an application mapping is in use on your server, I would suggest you use the Log Parser tool to parse your live IIS logs looking for the extension.

Thanks to Rich Durso for this list.

Read More..
Friday, July 23, 2004
21 Tasks when Migrating to IIS 6 - by Brett Hill
By Brett Hill (brett) @ 5:12 PM :: Custom Articles :: 2 Comments :: 12620 Views

This new article lists 21 things to do when you migrate IIS 5 applications to IIS 6. The list includes several “gotchas” that can be difficult to troubleshoot if overlooked as well as some best practices for configuring IIS 6. If you need a shortcut to avoiding problems during your migration, this is it.

http://www.iisanswers.com/IIS6_Tasks.htm


Fix for Compressions Errors in IIS 6
By Brett Hill (brett) @ 5:06 PM :: IISFAQ Front Page :: 9 Comments :: 11359 Views
When using compression on IIS 6, you may get scripting errors or access violations. A publicly released patch is available. This is the kind of thing that can give you fits if you don't know about it.

831464 FIX: IIS 6.0 compression corruption causes access violations

White Paper - Installing AWStats on IIS 6.0 - the Definitive Guide
By Brett Hill (brett) @ 5:01 PM :: Tools :: 1 Comments :: 14646 Views


More Stuff

 This site and its contents are Copyright 1999-2004 by IISFAQ Microsoft Corporation in no way endorses or is affiliated with IISFAQ