Server: Microsoft-IIS/7.0\r\n

Just got this from Jerry's blog, MS04-025 is out ! Dealing with 3 IE exploits:
-Navigation Method Cross-Domain vulnerability
-Malformed BMP File Buffer Overrun vulnerability
-Malformed Gif File Double Free vulnerability

More detail (KB):
867801 - MS04-025: Cumulative security update for Internet Explorer

Couple of interesting resources for you to add on to your reading list:
1) PatchManagenement.org just added new RSS feed for their moderated mailing list. This is a site talk focus on patch management policy and pratices. From small size few ten workstations deployment to huge enterprise corporation involving hundreds of servers and thousand of workstations. It also features patch management software review and product comparision. This site is brought to you by Shavlik, the same people that developed HFNetChk and used by Microsoft.

2) Robert Hensing from Microsoft PSS Security Team start blogging.... read here.

3) Do you hate IE ? IE Sux ? Well, you can express your view directly to the product team at their team blog. It's a hot zone, only 9 postings todate but a massive of 871 comments has be posted. If you have something to said about IE, talk to the team !!!

Microsoft just released an updated version of IIS 6.0 Migration tool - version 1.1. Previous version 1.0 was released at 24th April, Version 1.0 was bundled with IIS 6.0 Reskit Tool as well. Here's the KB content installed together with this version. Note the KB 839721 is NOT online at support.microsoft.com yet.

----
Title: IIS6 Migration Tool version 1.1

The information in this article applies to:
       - IIS6 Migration Tool 1.0

SYMPTOMS
==========
A new Version of the IIS6 Migration Tool is released to corrects the following problems.

1- Cannot spawn new worker processes during the migration.
If the Migration is performed to a live poduction IIS6 server, existing sites may not serve properly until the migration completes. This behavior was because the migration tool locks the metabase during the migration. In the new version the migration tool does not lock the metabase and hence existing sites on the destination server will continue to serve during the migration.

2- Permissions of the AdminACL for the W3SVC/ in the IIS 6.0 metabase are incorrect after migration.
The migration tool did not migrate the AdminACL correctly for the W3SVC/. This resulted to web applications not funtioning on the target IIS 6 server. Users may get "500 Internal Server Error" when browsing the migrated ASP web application or "Server Application is Unavailable" when browsing the migrated ASP.NET application.

3- Migration Tool does not migrate nested applications correctly.
The migration tool did not migrate nested application properly. The AppRoot metabase key is migrated as (/LM/W3SVC//Root/....) instead of (/LM/W3SVC//Root/....) which resulted to web application not bering served.  Users may get "500 Internal Server Error" when browsing the migrated ASP web application or "Server Application is Unavailable" when browsing the migrated ASP.NET application.  

RESOLUTION
===========
A new version of the IIS6 Migration Tool (version 1.1) has been released to address the above issues.

More Information:
=============
- If you are migrating from NT4 with FPSE 98, and you choose to migrate with /fpse switch, it is possible that the Server Extensions will not function properly on IIS6 as they were on IIS4. The only recommended workaround  is to upgrade to FPSE 2000 or FPSE 2002 on the source (NT4) before you migrate.
 
- The migration can be performed for only one individual site at a time, if you want to migrate the entire IIS server, you may want to put all the migration commands in a batch or script file.

- Files that are located in a directory structure that exceeds MAX_PATH are not migrated. The migration tool will error out with "Access Denied" and stops the migration.

- If you migrate the same site twice and the administrators group does not have full control permission on the source content, the migration tool will error out the second time with an "Access Denied" error. To workaround this, you can either give the administrators group full control on the source content or delete the content on the destination server before you run the migration the second time.

Please refer to the IIS 6.0 Migration Tool User Guide for usage and documentation.
--------

Host Header ? what is it ? This is a very common question in IIS discussion groups. Host header is the Name (either NetBIOS or FQDN) that associated to a website in IIS, it is used to host multiple websites using 1 IP address running on default port 80. Websites in IIS can be distinguished using three unique identifiers. These unique identifiers include:
Host Header Name
IP Address
Port Number

You can have multiple websites running on IIS as long as either of the above three identifiers is unique. For example:
Host Header - www.a.com
IP Address - 192.168.10.10
Port Number - 80

Host Header - www.b.com
IP Address - 192.168.10.10
Port Number - 80

Host Header -
IP Address - 192.168.10.11
Port Number - 80

and many more...  detail steps ? refer MS KBs...
IIS 6.0 - 324287 HOW TO: Use Host Header Names to Configure Multiple Web Sites in Internet Information Services 6.0
IIS 5.0 - 308163 How To Use Host Header Names to Configure Multiple Web Sites in Internet Information Services 5.0
            190008 HOW TO: Use Host Header Names to Host Multiple Sites from One IP Address in IIS 5.0
IIS 4.0 - The steps are similar to IIS 5.0, or you can refer this article at IISFAQ.com.

Now, you are 50% done with the above. To complete the configuration, you need to work with Name resolution, in short is how do get those host name works. You need to ensure when users query those host name it will returns the correct IP address that you setup. So you can either have DNS resolution or via a host file. And you can either have your own DNS or using your existing one, bottom line is to get the name resolution works and users get the correct IP address. Read
IIS 6.0 - 324260 How To Configure DNS Records for Your Web Site in Windows Server 2003
IIS 5.0 - 315982 HOW TO: Configure DNS Records for Your Web Site in Windows 2000
IIS 4.0 - 172953 How to Install and Configure Microsoft DNS Server.

If you don't have any DNS server, you can use the following article which utilizing HOSTS file to facilitate Intranet name resolution. 228760 - How to Use a HOSTS File to Test a Site that Uses Host Headers on an Intranet

Next, after you configured host header, you can not browse to that specific site with its IP address, this is because IIS don't know which site to display. You will get a 'No website is configured for this address' in your browser, refer
300238 - Error Message: "No Web Site Is Configured At This Address" When Using Host Headers

From time to time, I get questions like “How do configure Host Header with FTP ?“ Well, the answer is NO. FTP doesn't support host header concept. You are advised to use virtual directory + proper NTFS configuration to achieve the same purposes. However, the name resolution will only have ONE name. To create multiple ftp site, the only unique identifiers are IP and Port. Now, we know Host Header doesn't click with FTP, SSL is another implementation that doesn't click with host header, refer
187504 - HTTP 1.1 Host Headers Are Not Supported When You Use SSL

Months ago I blogged about this with useful links about MSF. I did plan to take the exam end of this year after I completed my thesis, which still on going. But today, I got to learn about the current 074-100 MSF Practitioner Exam expired yesterday ! The new exam 07-031 will be out this Nov 2004 :(

Arggggggghhhhhhhhhh.... Lucky I haven't started any revision on the course yet :)  Anyway, with strong relationship together with VS 2005 Team System, MSF v4 will be out soon. I still can't find any official page at Microsoft.com yet, but here's a posting in MSF newsgroup.

----------
Exam 074-100 (MSF Practitioner Exam) is retiring today, July 28th

The current MSF Practitioner Exam (074-100) will retire today on July 28, 2004.  In order to be eligible to teach course 1846A after December 31, 2004, you will be required to pass the new MCP Exam 070-301 in addition to becoming an MCT with MSF competency.    

The MSF Practitioner "endorsement" will expire on December 31st 2004. This means an MSF Practitioner will no longer be able to deliver course 1846a through Certified Partners for Learning Solutions after Dec 31st, unless they upgrade with (pass) the new exam.

Any one planning to deliver MSF training to customers after December 31st 2004 is encouraged to start working towards MCP certification and passing the new MSF exam.  
 
New Exam 070-301(Managing, Organizing, and Delivering IT Projects by Using the Microsoft® Solutions Framework 3.0) available
We are pleased to announce that a new MCP Exam, 070-301, will be introduced in November 2004, as an elective exam for the MCSD and MCSE tracks.  This exam is 070-301: Managing, Organizing, and Delivering IT Projects by Using the Microsoft® Solutions Framework 3.0

Many of you already have experience in applying MSF in IT projects. This new exam evaluates experience and application of MSF in real-world scenarios. The MSF team has received consistent feedback from many MSF Practioners expressing dissatisfaction about passing 74-100 and the results not appearing on their MCP transcript.  We are addressing the dissatisfaction issue by launching this new exam 70-301. The new exam will leverage Microsoft Learning infrastructure and program to facilitate, MCP transcripts & reporting, and provide industry recognition.

When will the 070-301 exam be offered? The MCP Beta Exam period for 070-301 is scheduled for August 25th-Sep 8th.We will be offering the new exam (at the beta stage) to all existing MSF Practioners for free and an invitation will be forthcoming soon.
 
Will there be a refresher exam based on MSF v4.0 and Visual Studio 2005?
MSF will be a competency in the MCT 2005 program. MSF4.0 exam plans will be announced in the Visual Studio 2005 release timeframe, mid 2005.
----------

Note, v4 will only be out together with VS 2005, which is targated at 2005. Looks like it is better to put on hold this paper till then :).
For more information about MSF and Team System, try http://www.microsoft.com/msf/ which is redirected to MSDN Visual Studio site.

It appears that there are some problems with IIS 4.0 in the recent Security Bulletin (July) MS04-021 updated 21/7/04 (IIS Redirection Vulnerability). According to the  873041 that IIS may not response after the patch and you will get
FAULT ->68c16296 39b8ac010000     cmp     [eax+0x1ac],edi        ds:000001ac=????????
in Drwtsn32.log. To date, I have yet to see any actual symptom described in the KB, except this one.
Dr. Watson Log -“The exception generated was c0000005 at address 68c16296 (HTTP_REQ_BASE::OnCompleteRequest”

In other case, I have seen two posts in public newsgroups relating to problems after install the patch. the error:
Event Log - “Error 0126: The specified module could not be found.”
The above error apply to both w3svc and msftpsvc.

If you have any problem with IIS 4.0 after install the patch from MS04-021, Please review the KB stated above and contact Microsoft PSS for the fix.

Just read this from Yamaken's blog :) Nope... I don't read Japanese, but I can recognize some of those Chinese characters, and Top 75 tools is in English. Anyway, here's the tool list, let see how many I have...
-Ethereal
-SuperScan
-Almost everything from sysinternals.com
-Wfetch
-Zone Alarm
-IP-Tools
-MBSA
-hfnetchk
-Online DNS / WhoIS queries sites
-Grisoft antivirus
-IP calculator
-Urlscan
-All Windows Operating system's Reskit

Not many from the list :) but good enough to secure my job.

From Microsoft ...
a) What's NLB ?
Network Load Balancing is a clustering technology offered by Microsoft as part of all Windows 2000 Server and Windows Server 2003 family operating systems. NLB uses a distributed algorithm to load balance network traffic across a number of hosts, helping to enhance the scalability and availability of mission critical, IP-based services, such as Web, Virtual Private Networking, Streaming Media, Terminal Services, Proxy, etc. It also provides high availability by detecting host failures and automatically redistributing traffic to operational hosts.

b) Cluster and NLB difference ?
A server cluster (MSCS) is a collection of servers that together provide a single, highly available platform for hosting applications. Applications can be failed over to ensure high availability in the event of planned downtime due to maintenance or unplanned downtime due to hardware, Operating System or application failures. Server clusters provide a highly available platform for applications such as SQL Server, Exchange Server data stores, file and print servers, etc. Server clusters are used for stateful applications that rely on some state context from one request to the next.

Network Load Balancing (NLB) clusters dynamically distribute the flow of incoming TCP and UDP traffic among the cluster nodes according to a set of traffic-handling rules. NLB clusters provide a highly available and scalable platform for applications such as IIS, ISA server, etc. NLB is used for stateless applications; i.e. those that do not build any state as a result of a request.

NLB and server clusters compliment each other in complex architectures: NLB is used for load balancing requests between front-end web servers while server clusters provide high availability for backend database access.

c) Can I mix NT4.0 WLBS, W2K WLBS and W2K3 NLB together ?
Yes, mixing Windows NT 4.0 WLBS, Windows 2000 NLB and Windows Server 2003 is supported. There is no additional work needed and the heartbeat packets from NLB in Windows Server 2003 are backward compatible with WLBS on Windows NT 4.0 and Windows 2000 NLB. However, you can't utilize new features offered by W2K3 NLB.


Click here for complete Microsoft NLB FAQ.

Hope this is not too late, just read this at www.asp.net. From the source..

”On July 16, 2004, the Microsoft Root Server-Gated Cryptography (SCG) Authority will expire. This internal CA cross-certifies the thawte Server CA, which provides SGC Secure Sockets Layer (SSL) certificates for browsers. SGC technology allows most 40- or 56-bit browsers to use 128-bit encryption when connecting to a Web server that has an SGC digital certificate installed...”

You should upgrade your browser to latest version and get one with 128-bit SSL support.

Please read Microsoft Security Bulletin Summary for July 2004:
Critical - 2
Important - 4
Moderate - 1

Specific to IIS 4.0 -
IIS Redirection Vulnerability - MS04-021
KB Articles - 841373

Disaster Recovery and IIS 6.0: Metabase Backups in a Nutshell (Level 200)
Join this webcast to hear about the metabase backup and restore process for IIS 6.0. Learn how you can efficiently recover from a disaster and then use IIS Manager and command-line tools to restore the metabase.

Managing IIS 6.0 (Level 200)
Learn about the new features of IIS 6.0, including the HTTP request-processing architecture and application isolation capabilities. This session also includes new features of FTP and how to manage IIS by editing the metabase and using template configurations.

The Ins and Outs of Centralized Binary Logging in IIS 6.0 (Level 300)
The HTTP.sys component of Windows Server 2003 introduces a new centralized binary logging method. Because centralized binary logging cannot be enabled with IIS Manager, how do you enable and use it? Listen in to learn more.

Running IIS Web Farms: Tips and Tricks (Level 300)
Learn the best practices for running Internet Information Services (IIS) 6.0 Web farms from one of the top five most-visited sites in the world, www.microsoft.com. This session explains the IT infrastructure and operational processes used by Microsoft.com, reveals tips and tricks, and shows the gains they achieved in performance, reliability, security, manageability, and bandwidth cost savings by migrating to IIS 6.0.