|
|
 |
 |
 |
Current Articles
| Categories
| Search
| Syndication
| Tuesday, March 28, 2006 |
 |
Real World IIS Debugging Series
By Brett Hill (brett) @ 12:10 PM :: IISFAQ Front Page :: 6 Comments :: 8572 Views
|
|
www.iiswebcastseries.com
The IIS Webcast Series team is very happy to inform everyone about this week’s very cool presentations that will be happening this week. The series is very happy to have back the talented engineers from the Microsoft.com Operations Debug Team to drill-down on the very technical topic of “Debugging in the Real-World.”
Week-long Series: Microsoft.com Operations Introdces Real World Debugging
- Monday, March 27th: Determining When you have a Problem and Beginning the Initial Debugging
Tuesday, March 28th: Debugging CLR Internals
- Wednesday, March 29th: Diagnosing Memory Leaks in ASP.NET Applications
- Thursday, March 30th: How to Tackle Problems in Dynamically Generated Assemblies
- Friday, March 31st: Debugging Without the Debugger in IIS and ASP.NET
IIS 6.0 & Windows Server 2003 R2
- Tuesday, March 28th: Rapid Deployment of Large Sharepoint Intranets and Extranets on IIS 6.0
- Thursday, March 30th: Efficient Deployment and Management of ASP.NET 2.0 Applications on IIS 6.0
|
|
|
|
|
| Wednesday, November 09, 2005 |
|
MSCOM Ops Webcast Week
By Brett Hill (brett) @ 5:09 PM :: IISFAQ Front Page :: 17 Comments :: 8909 Views
|
|
Learn IIS 6 Best Practices
Let the experts who keep www.Microsoft.com up and running, teach you their IIS 6 tricks in a five-part webcast series Nov 7-11
In the Events section (as well as in the Web Seminar section) box it will say,
MSCOM Ops Webcast Week
MSCOM Ops wants to show you how they run IIS 6 to keep www.Microsoft.com the most reliable site on the Web. The MSCOM Ops Webcast Week is a 5 day webcast series from Nov 7-11 that will cover IIS 6 Best Practices for a full range of topics including – High Availability Architecture, Configuration Management of Web Farms, Change & Release Management Strategies, Monitoring & Management of Enterprise Platforms, and Troubleshooting & Debugging Web Hosting Environments. Register at http://www.microsoft.com/windowsserver2003/iis/support/webcasts.mspx.
|
|
|
|
|
| Wednesday, April 20, 2005 |
|
|
|
| Thursday, March 31, 2005 |
|
Windows 2003 SP1 is Released
By Brett Hill (brett) @ 12:17 PM :: IISFAQ Front Page :: 10 Comments :: 10633 Views
|
|
Today, Windows Server 2003 SP1 is released. IIS is impacted in significant ways. Metabase auditing is part of the update. Also included is SSL for terminal services, which is often used to manage IIS server remotely. Additionally, and most importantly, are the event tracing capabilities. This are multiple steps involved, but you will want to check it out as this is a very poweful diagnostic tool.
http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?EventID=1032268450&Culture=en-US
Also, be sure you make a backup of your httperr(x).log files as the log file format will change. With a registry edit, you can add the Applicaiton Pool name to the log - very useful.
-brett
|
|
|
|
|
| Sunday, March 20, 2005 |
|
Recent outage
By Brett Hill (brett) @ 10:26 PM :: IISFAQ Front Page :: 7 Comments :: 9069 Views
|
|
Due to moving to Redmond from Boulder, there have been problems with IISlists.com, IISAnswers.com, and IISFaq.com. The servers are back online now and I apologize for any inconvenience.
-brett hill
|
|
|
|
|
| Tuesday, February 01, 2005 |
|
IIS Mini Quiz
By Bernard Cheah (Bernard) @ 9:40 PM :: IISFAQ Front Page :: 7 Comments :: 8819 Views
|
|
Dare to take a mini IIS quiz from the IIS Product team? you might stand a chance to win something :)
Click here for more detail...
-------------------
Update: 21/2/05
The IIS team has removed the posting at their blog site http://weblogs.asp.net/iishints, hope you had win something :) For those who missed it, here's the question list at my blog.
|
|
|
|
|
| Saturday, January 29, 2005 |
|
|
|
| Wednesday, January 19, 2005 |
|
|
|
| Friday, December 24, 2004 |
|
|
|
| Friday, December 17, 2004 |
|
|
|
| Tuesday, November 16, 2004 |
|
|
|
| Monday, November 15, 2004 |
|
IIS 6 Peformance Paper - Worth the read
By Brett Hill (brett) @ 9:40 PM :: IISFAQ Front Page :: 1 Comments :: 10729 Views
|
|
Papers from Microsoft are often hit and miss. Some are stellar and some are overbroad overviews filled with marketing jargon. This one, however, is well worth the read. He's an excerpt from Web and Application Server Infrastructure - Performance and Scalability http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/webapp/iis/iis6perf.mspx
COM+ General
With the new IIS 6.0 architecture, it is important to question some of the existing guidelines where COM+ is concerned. A major consideration is that, before Windows Server 2003, COM+ application components were configured (by default) to run out-of-processes from the caller. The default for COM+ applications is for them to run as Server Applications, executing in a DLLHost.exe process called into from the object instantiate, or over DCOM.
The performance downside of doing this for every method call, is that there are extra threads running on the system, and every call to a method must be marshaled across process boundaries. This is not noticeable on a small implementation with low request/transaction rates, but on a high volume, large multiprocessor, this kind of overhead can greatly decrease the overall scalability of the system.
Therefore, on Windows Server 2003, it is best to change the default configuration for a COM+ Server Application to Library Application to aid scalability of the calling per use of that application
|
|
|
|
|
| Wednesday, November 03, 2004 |
|
Dept of Homeland Security "Significanlty Deficient"
By Brett Hill (brett) @ 11:46 AM :: IISFAQ Front Page :: 10 Comments :: 9215 Views
|
|
This bulletin from the SANS security newsletter. Aren't these guys supposed to show the way?
-brett
--DHS Security Audit Finds Problems
(28 October 2004)
The Homeland Security Department's inspector general has released a report detailing the results of a security audit conducted in accordance with the Federal Information Security Management Act. The report says that while DHS has made some improvements, "[w]e recommend that DHS continue to consider its information systems security program a significant deficiency." Of significant concern is the CIO's lack of authority to manage department-wide information technology programs and spending.
http://www.fcw.com/fcw/articles/2004/1025/web-dhsig-10-28-04.asp
|
|
|
|
|
| Wednesday, October 13, 2004 |
|
*** SECURITY ALERT ***
By Bernard Cheah (Bernard) @ 1:10 AM :: Security Bulletins :: 0 Comments :: 9665 Views
|
|
It's patch day again, October security bulletin is out ! few are directly related to IIS:
MS04-030 -Â Affected components:Â WebDAV
                IIS versions: IIS5.0, IIS5.1 and IIS6.0
                XP Pro SP2 (IIS5.1) not affected. Â
MS04-035 - Affected components: SMTP
                IIS versions: IIS6.0
                 W2K (IIS 5.0) and NT4.0 (IIS4.0) are not affected, however the vulnerability will exists if you deploy Microsoft Exchange Server 2003 Routing Engine component on Windows Server 2000.
  Â
MS04-036 - Affected components: NNTP
                IIS versions: IIS4.0, IIS5.0 and IIS6.0
                 W2k Pro (IIS5.0) and XP Pro (IIS5.1) are not affected as NNTP component is not available.
|
|
|
|
|
| Wednesday, October 06, 2004 |
|
*** SECURITY ALERT ***
By Brett Hill (brett) @ 1:49 PM :: Security Bulletins :: 0 Comments :: 9291 Views
|
|
************************
* IIS Answers Bulletin
* Update on ASP.net vulnerability
* Immediate action required
**************************
Information in this bulletin was posted to the IISlists by:
Scott Forsyth
Microsoft MVP - ASP/ASP.NET
ASPInsider Member - MCP
http://www.orcsweb.com/
**************************
Microsoft just released a server-wide fix now. For anyone that hasn't applied the global.asax fix or that has a whole server to patch, this is your solution.
http://www.microsoft.com/security/incident/aspnet.mspx
The install is quick and easy. It will add a http module to the GAC and add a reference to it in machine.config. No reboot is required and it's almost always less than 10 seconds to install. Since there is a change to machine.config, your InProc session variables will be lost during the install but other than that it's virtually seamless. It will update all version of ASP.NET on the server that it is installed on.
As with the other fix, it should be installed on all operating systems.
|
|
|
|
|
| Tuesday, September 28, 2004 |
|
Troubleshooting IIS SMTP
By Bernard Cheah (Bernard) @ 2:53 AM :: IISFAQ Front Page :: 2 Comments :: 21502 Views
|
|
If you have been using IIS SMTP, you will notice that it is actually quite hard to troubleshoot SMTP related issues. Ranging from event id 4000, to mail stuck in pickup, queue and bad mail folders. Normally, I would suggest users to try the following:
XFOR: How to Test Outbound Mail Flow With a File in the Pickup Folder
http://support.microsoft.com/?id=297700
The above simply test the basic function of SMTP. Just create a plain text file with the specified format. If SMTP is working, the mail will be delivered. Now, normally when mails get stuck in the server, it is mostly due to DNS issue. Meaning the SMTP component can't resolve the recipient's email domain MX record....
|
| Read More.. |
|
|
|
|
| Monday, September 20, 2004 |
|
|
|
| Wednesday, September 01, 2004 |
|
|
|
| Tuesday, August 31, 2004 |
|
Microsoft releases Authentication Diagnostics Tool
By Brett Hill (brett) @ 6:42 PM :: IISFAQ Front Page :: 1 Comments :: 11599 Views
|
|
Security problems relating to authentication and access control problems are costing Microsoft customers a lot of time and money. The product group took that action from their meetings and embarked on building a tool that will help aid our customer’s in resolving these problems much faster.
The Authentication and Access Control Diagnostics (AuthDiag) tool offers many IIS administrators and developers the ability to determine why authentication (native to IIS – not forms based) is failing or why access checks are returning failure result.
|
| Read More.. |
|
|
|
|
| Wednesday, August 25, 2004 |
|
|
|
| Thursday, August 19, 2004 |
|
Announcing IISLogs Beta Program - The 1st managed solution for IISLogs!
By Steve Schofield (steve) @ 11:45 PM :: Custom Articles :: 3 Comments :: 10317 Views
|
|
IISLogs Beta Component is Released
Http://iislogs.com
Steve Schofield (ASP.Net MVP, IISAnswers newsletter co-editor, formerly of ASPFree.com fame) has launched http://iislogs.com. IISLogs is a component 100% written using the Microsoft .NET Framework. It's developed to help effectively manage all log files related to Microsoft Internet Information Server 5.0 and 6.0. No more writing and supporting your own custom scripts. Never worry about managing your logfiles again!
There are two products to chose from, (Stand-alone EXE or A Windows Service version). IISLogs is developed to automatically compress, copy and remove log files on a scheduled basis. In keeping with best practices for a secure IIS server, IISLogs by default runs in a low privileged account (LOCAL SERVICE) and does NOT require administrative privileges! Very easy to configure, get started recovering disk space today! Download evaluation copy today. As a service to IISFAQ readers, you can join the beta program!
|
|
|
|
|
| Monday, August 09, 2004 |
|
IIS WebCasts - August 2004
By Bernard Cheah (Bernard) @ 11:06 PM :: IISFAQ Front Page :: 8 Comments :: 9791 Views
|
|
UrlScan 2.5 and IIS 6.0 (Level 200)
Wednesday, August 11, 2004 11:30 AM - Wednesday, August 11, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
The UrlScan security tool goes hand-in-hand with IIS 4.0, 5.0, and 5.1, but how does the latest version of the tool apply to IIS 6.0? Join this webcast and find out!
Effectively Using IIS Diagnostics Tools (Level 200)
Wednesday, August 18, 2004 11:30 AM - Wednesday, August 18, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
Enhance your ability to diagnose and troubleshoot problems within the IIS core server by using several versatile tools developed by the IIS team. SSLDiag, AuthDiag, IIS Debug Toolkit, and WFetch can save administrators hours of painful research and diagnostics work.
Using AuthDiag to Diagnose Problems with Authentication and Authorization in IIS (Level 200)
Wednesday, August 25, 2004 11:30 AM - Wednesday, August 25, 2004 1:00 PM (GMT-08:00) Pacific Time (US & Canada)
Learn how to use the Authentication and Access Control (AuthDiag) tool to help simplify the diagnostic process for logon failures and "Access Denied" errors (401.1 and 401.3) on servers running IIS version 4.0, 5.0, 5.1, or 6.0.
|
|
|
|
|
| Monday, July 26, 2004 |
|
IIS and ASP.net Application Extensions
By Brett Hill (brett) @ 12:46 PM :: Custom Articles :: 1 Comments :: 18692 Views
|
|
When you look at the application mappings on an IIS server, it is not obvious what functions the extensions server. Nevertheless, it is a “best practice” to remove the extensions that you do not require.
In particular when ASP.net is installed, the .net application mappings are added to IIS presuming the web server is being used for application development. The function of ASP.net file extensions are not obvious and it is quite a task to figure out what each of them do. You will want to remove most of the extensions on a productions server.
Use this list to guide your selection. If you aren't sure if an application mapping is in use on your server, I would suggest you use the Log Parser tool to parse your live IIS logs looking for the extension.
Thanks to Rich Durso for this list.
|
| Read More.. |
|
|
|
|
| Friday, July 23, 2004 |
|
Fix for Compressions Errors in IIS 6
By Brett Hill (brett) @ 5:06 PM :: IISFAQ Front Page :: 9 Comments :: 11194 Views
|
When using compression on IIS 6, you may get scripting errors or access violations. A publicly released patch is available. This is the kind of thing that can give you fits if you don't know about it.
831464 FIX: IIS 6.0 compression corruption causes access violations
|
|
|
|
|
|
|
|
|
Date: Friday, April 23, 2004
Time: 11:30 AM- 1:00 PM Pacific Time (GMT-8, US & Canada)
This session reviews the evolution of Internet Information Services (IIS) to its current iteration -- version 6.0 -- and how IIS 6.0 has measured up to customer expectations since its release in April 2003. IIS 6.0 built on a new architecture, but this architecture has a few areas where improvements can be built-in. The system administration capabilities include a new Edit-While-Running feature but the metabase has a difficult to read XML schema. The scalability lacks a clear path above 8 processors and IIS needs to optimize performance in this area. Up to, and including all of these, IIS 6.0 is a new and revolutionary product. This session will cover the delta between what was delivered and what has been learned and help you our customer know the areas where Microsoft needs to build for future IIS versions.
http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032243866&Culture=en-US |
|
With Visual Studio.NET you can't create a custom IIS virtual directory with exactly the settings you want when you want to add a Web Application to a solution. I found myself dealing with this inconvenience so often, I finally decided to do something about it. I created an Addin solution that will pop up a form, allow you to choose (and even create) a physical folder, set the various properties for your VRoot that you would normally be required to do separately from the IIS Management Console, and then when you are ready to add your new web application, all you need to do is change the default "WebApplication1" to the name of your new VRoot, and you are "good to go".
http://www.eggheadcafe.com/articles/20040112.asp More... |
|
IIS has a SMTP Server, but not a POP3 Server. Companies have been led to believe they need MS Exchange Server, when in fact they don't. If your companies needs are modest, you may only need a POP3 Server.
This POP3 server is perfect for small to medium sized companies that want to take control of their email environment, but without the complexities, cost and frustration of expensive solutions like MS Exchange Server. You must have MS Internet Information Server (IIS) installed and the SMTP Service installed and working correctly.
http://dev.midar.com/Support/Articles/POP3/default.asp More... |
|
IISPassword brings the ease and power of Apache’s htaccess to Microsoft IIS. No longer is there a need for system user accounts and complex access permissions for maintaining a secure, password protected web site.
IISPassword uses Basic HTTP Authentication for password protecting web sites on IIS, just like htaccess works on Apache. That makes your password protected Apache web site compatible with IIS, and vice versa.
A powerful and intuitive interface makes it possible to password protect a web site in just moments. More advanced settings provide options such as user group management and protection of certain file types.
http://www.troxo.com/products/iispassword/ More... |
|
Version 3.4 of IIS State has been released - this tool allows you to look into the process (e.g. InetInfo.exe) and dumps out all of the running threads. For each thread, it will attempt to identify what type of thread is running. If the thread is an ASP worker thread, then it will attempt to identify the page the is executing. Very useful for debugging Hangs/Crashes, or 100% CPU issues.
- Changes to version 3.4
- Added additional .Net heuristics to improve likelihood of dumping managed threads
- Clarify "Possible ASP Page"/"Page Not Found" Messages
- Updated IIS6/Jet bug message to reflect KB Article
For more details and to download version 3.4 click here... |
|
|
 |
Version 3.3.1 of IIS State has been released - this tool allows you to look into the process (e.g. InetInfo.exe) and dumps out all of the running threads. For each thread, it will attempt to identify what type of thread is running. If the thread is an ASP worker thread, then it will attempt to identify the page the is executing. Very useful for debugging Hangs/Crashes, or 100% CPU issues.
- New to version 3.3.1
- Fix a regression causing a dump file to not be created correctly.
- New to version 3.3
- Updated heuristics to detect a hang in the Jet ODBC driver and provide a suggested workaround (use Jet OLEDB).
- Updated heuristics to identify Unhandled Exception Filter hangs. These hangs can only occur while the process is crashing. IISState will recognize the hung thread and attempt to identify the thread that crashed.
- Modified dump file format to include more information.
- Fixed a regression in the Summary generation that caused the Summary to not print and IISState to incorrectly terminate the process being debugged.      Â
For more details and to download version 3.3.1 click here... |
|
Performance Starts at the Web Server
By Port80 Software
This paper outlines a common sense, cost-effective approach to lowering total cost of ownership and improving Web site and Web application performance according to two simple principles:
- Send as little data as possible
- Send it as infrequently as possible
We will explore "best practice" strategies that can be systematically employed in Web front-end source code and at the origin server in order to achieve performance improvements. These basic strategies, which all avoid expensive hardware solutions in favor of software and business process enhancements, include:Â
- Code optimization
- Cache control
- HTTP compression
http://www.port80software.com/support/articles/webperformance |
|
Many businesses have the need or requirement to host multiple Web applications on a single Web server. In such circumstances, the features of Microsoft Windows Server 2003 and Internet Information Services (IIS) 6.0 can help create effective boundaries between applications. This allows Web administrators to secure the resources for one application from being accessed by other applications and to implement performance and reliability features built in to the operating system and IIS 6.0. When designing Microsoft .NET Framework applications, isolation and reliability can be taken a step further through the use of isolated application design and side-by-side assemblies. This paper presents an overview of the benefits, methods, technologies, and considerations involved in configuring isolated applications.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsserver2003/plan/appisoa.asp |
|
Computer security has become increasingly important to businesses and other organizations. As the value and importance of data stored on computers grows, so does the cost when critical data or systems are damaged, stolen, or compromised. Microsoft is committed to meeting our customers' needs for increased information systems security. This paper describes Microsoft's ongoing commitment to improving the security of its products, and how that commitment has driven security improvements in Internet Information Services (IIS) 6.0. IIS 6.0 is a powerful Web server service that helps provide a reliable, manageable, scalable, and secure Web application infrastructure.
http://www.microsoft.com/windowsserver2003/techinfo/overview/iisenhance.mspx
also see
Innovations in Internet Information Services Let You Tightly Guard Secure Data and Server Processes
http://msdn.microsoft.com/msdnmag/issues/02/09/securityiniis60/default.aspx |
|
With IIS 6.0 Manager for Windows XP, administrators can remotely manage an IIS 6.0 server from a Windows XP Professional workstation. This tool only installs a snap-in for Microsoft Management Console and its associated DLLs and documentation; it does not install the complete IIS 6.0 server on your local computer.
- This tool is available only in English. When installed on non-English editions of Windows XP, IIS 6.0 Manager, documentation, folders, and shortcuts appear as English-only.
- After installation, IIS 6.0 Manager and IIS 5.1 Manager coexist in separate directories on the same computer.
- Start the IIS 6.0 Manager after installation from the administrative tools folder in the Control Panel, not from the Computer Management console. If the IIS 5.1 Manager is also installed, it will appear in the Computer Management console, not the IIS 6.0 Manager.
http://www.microsoft.com/downloads/details.aspx?familyid=f9c1fb79-c903-4842-9f6c-9db93643fdb7&displaylang=en |
|
| The Microsoft Windows 2000 Scripting Guide provides a comprehensive overview of the scripting technologies included in the Microsoft® Windows® 2000 operating systems. This book is designed to teach you basic concepts underlying Microsoft scripting technologies such as Microsoft® Visual Basic® Scripting Edition (VBScript), Windows Script Host (WSH), Active Directory Service Interfaces (ADSI), and Windows Management Instrumentation (WMI). The Scripting Guide also includes hundreds of pre-written scripts that enable you to perform important system administration tasks. These scripts can be used as-is, or you can use the information included in the step-by-step instructions to modify them to meet your unique needs. Available as a book or for free online:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scriptcenter/scrguide/sagsas_overview.asp |
|
|
Deploying Internet Information Services (IIS) 6.0 - Free from Microsoft
This book provides prescriptive, task-based, and scenario-based guidance to help you design an IIS 6.0 solution and then deploy that solution — be it a new installation, upgrade, or migration — within your organization.
http://www.microsoft.com/downloads/details.aspx?FamilyID=f31a5fd5-03db-46d2-9f34-596edd039eb9&DisplayLang=en
IIS6 Administration by Mitch Tulloch
Mitch Tulloch's previous book Administering IIS4 was the top book in the Windows NT Bestsellers List on Amazon for over a year. His new book IIS6 Administration is not a revision of his earlier one but a completely new book that covers everything a sysadmin needs to know to deploy, configure, manage, maintain, tune, and troubleshoot IIS on the Windows Server 2003 platform.
http://www.amazon.com/exec/obidos/ASIN/0072194855/mtitenterprises/104-7142524-8334329
IIS6 Programming Handbook - Wrox Press
This small 240 page book covers the key areas of interest for web developers who use Windows servers who want to get started with IIS6. These include;
New request Architecture, Security changes, ISAPI changes, COM+ Services, XML Metabase
Quality of service, HTTP Compression, Performance, IPv6 support ,FTP Restart, Logging
Unicode support, New ISAPI support functions, Persisted template cache
http://www.amazon.com/exec/obidos/tg/detail/-/1861008392/ |
|
|
|