Server: Microsoft-IIS/7.0\r\n

It's out ! Get it now ! Also don't forget the...
- Windows Server 2003 Service Pack 1 Product Overview Guide
- Windows Server 2003 Service Pack 1 list of updates
- Windows Server 2003 Service Pack 1 list of updates (security)

And Yes - IIS 6 did get a lot of attention this round :) some fixes are of course released individually before SP1. However, the famous JetDB issue KB 838306  is not included :(  Anyway - here's the complete list of updates related to IIS

823544 MD_ETAG_CHANGENUMBER metabase property is not honored in Internet Information Services version 6.0
823596 IIS Admin Service quits unexpectedly without generating an error message
823700 FIX: Your computer may run slowly when you use Active Directory Service Interfaces scripts in a program to administer IIS on a computer that is running Windows Server 2003, Windows 2000, or Windows XP
824322 ASP file cache is deleted after a network error
824330 FIX: IIS 6.0 does not return AUTH_TYPE for Integrated security
824446 A Common Gateway Interface (CGI) program may not work correctly if a multi-byte character set string is entered in the HTTP Cookie Header field
826007 You may receive a "The IIS Admin scripts only support IIS 6.0" error message when you run the Iisback.vbs script in IIS 6.0
826270 FIX: You cannot suppress the default FTP banner for the FTP service
826410 You cannot disable the logging of successful requests in IIS 6.0
826756 FIX: The Response.BinaryWrite method fails when you use it to send files that are larger than 20 MB
827991 FIX: "HTTP error 401.1 - Unauthorized: Access is denied due to invalid credentials" error message if the Basic authentication Default Domain property is set to a backward slash character (\) in IIS
828086 FIX: You cannot rename a file after you upload the file to an FTP server
828869 The IIS worker process recycles when you use the Server.Execute method
828970 Problems decoding client certificate attributes of type CERT_RDN_UTF8_STRING
829010 FIX: Query strings cannot be appended to a default document for a Web application
830219 FIX: Extending the metabase schema may result in corrupt custom properties
830520 Two authentication prompts when you use an ISAPI filter for authentication
832139 FIX: IIS 6.0 serves stale content if your Web site has both an IP address and host headers set
833734 FIX: You experience various problems when you use the Password Change pages in IIS 6.0
834027 PRB: Disconnected TCP session after chunked transfer response in IIS 6.0
834141 FIX: IP address is revealed in the content-location field in the TCP header in IIS 6.0
836533 You receive a "The security context is invalid" error message when you call or create an out-of-process component
838790 FIX: You receive a 403.2 error message when you use an ISAPI extension .dll file as a default document
839003 FIX: "Automation Error, object is not registered" error message when an ASP page calls COM objects that are running in a COM+ package on IIS 6.0
841460 You may experience performance problems when you use the URL authorization feature of IIS 6.0
867755 Content in Web pages does not appear as expected, or you receive script error messages, after you turn on dynamic HTTP compression for Web sites that use ISAPI filters in Internet Information Services 6.0
867776 FIX: Memory leaks may occur in ASP transactional pages that create COM objects in Internet Information Services (IIS) 6.0
872953 FIX: HTTP headers are set incorrectly when the AddHeader function or the SetHeader function is called in IIS 6.0
883489 You receive an "Access is denied" error message when you connect to a Web site after you modify permissions in the metabase in IIS 6.0
883661 The ILogPlugin::QueryExtraLoggingFields method returns incorrectly formatted data in IIS 6.0
883944 Web requests may not obtain the correct security context on a server that is running Windows Server 2003
884503 FIX: You cannot configure CGI wildcard application mapping in IIS 6.0 in Windows Server 2003
886695 You receive an "Error 1053: The service did not respond to the start or control request in a timely fashion" error message when a service that uses the local system account tries to start on a Windows Server 2003-based computer
886810 The values in the Request.ClientCertificate object are not displayed correctly in IIS 6.0
892499 FIX: Some virtual directory configuration information may be lost and event ID 51260 may be logged on your computer that is running Internet Information Services 6.0
892988 An access violation may occur when you use an ISAPI filter in IIS 6.0

Finally, in SP1 - you will get the all new IIS metabase auditing feature (blogged by Ken) + changes in the HTTP.sys and as usual - The top 10 reasons why you need SP1.

Does IIS support wildcard host header ? Can I capture and redirect *.mydomain.com to one web site ? 
The answer is Yes/No. Yes, because you are able to redirect *.mydomain.com to one web site. No, because the magic is in DNS and not IIS.

Here's how you do it:
At IIS MMC, configure a web site with NO host header, then assign an IP address to the site. (if you have one IP address in the box, then you can skip this). With this, the web site will bound to the specific IP and will listen to all HTTP requests send to the IP, and you are done :) 

Next step is to make sure your name resolution works for the wildcard query and reply with the correct IP address. If you using Microsoft DNS service, it won't allow you to create a '*' A record (assuming you already created the domain zone in DNS MMC), you need to do the following:

a) Navigate to %windir%\system32\dns\
b) Find the zone file. E.g. mydomain.com.dns, open it with Notepad
c) Add an entry. E.g.
    *     A    IP.IP.IP.IP
d) Save the zone data file
e) Reload the zone data in DNS MMC.

Take note that by doing this, all * will response to the IP that you configured earlier. E.g. abc.mydomain.com, www.mydomain.com, K2k.mydomain.com and etc.

To verify that it is working, try ping utility
Ping (insert anything here).mydomain.com .. and you should get replies from IP.IP.IP.IP

Then try browsing, http://(insert anything here).mydomain.com/, you should get the same web page that you have configured.

Typically, you will encounter this error with XP Pro IIS 5.1. As usual, there's way to solve it, however the root cause of this is still unknown :)

Anyway, you will get this in event log:
Event Type: Warning
Event Source: W3SVC
Event Category: None
Event ID: 36
Description:
The server failed to load application '/LM/W3SVC/1/ROOT. The error was 'Class not registered'.

So, what do you do ? This problem is related to Component Services, and when you open Component Services MMC, you will most probably  get  Error Code 8004E00F COM + was unable to talk to Microsoft Distributed Transaction Coordinator. So, fix the COM+ services first by using the following KB.
PRB: Cannot Expand "My Computer" in Component Services MMC Snap-In
http://support.microsoft.com/?id=301919

If the above didn't solve it, and you still receive the 'Class not registered' error message, then you need to recreate the IIS packages in COM+, try

a) Delete IIS related package in Component Services MMC
• IIS In-Process Applications
• IIS Out-of-Process Pooled Applications
• IIS Utilities

b) Open command prompt, navigate to %windir%\system32\inetsrv folder, and enter (case sensitive)
c:\winnt\system32\inetsrv\>rundll32 wamreg.dll, CreateIISPackage
then
c:\winnt\system32\inetsrv\>regsvr32 asptxn.dll

c) Enter IISRESET at command prompt to restart IIS services, then re-open Component Services MMC to verfiy the IIS packages are recreated.



Updated: 11th May 2005:
If you got this while trying to fix the component services.
Error Code = 0x80040206
Non expected internal error
Not enable to register COM+ events classes.

Try regsvr32 %windows%/system32/ole32.dll, then retry the kb to fix the component services.

886662 BUG: Microsoft Office Word 2003 stops responding when you try to open a Word 2003 document in Internet Information Server 4.0
892988 An access violation may occur when you use an ISAPI filter in IIS 6.0
892499 FIX: Some virtual directory configuration information may be lost and event ID 51260 may be logged on your computer that is running Internet Information Services 6.0
311699 The default document is displayed in the Web browser of a user who is denied access to the default document file after you configure client certificate mappings on a computer that is running Internet Information Services 6.0

Just to update everyone :)  I have been very busy with my new job. I'm with Intel now :)  schedule is pack! only manage to get online this week. Still trying to catch up with newsgroup postings. Currently, up north in Penang island, will return to KL after 3 months.  Some other updates:

- No NEW security bulletins for March 2005 :)  refer Jerry's security weblog. Take note, though there's no NEW bulletin, there are two revised bulletins.

- Asia MVP Summit 2005 @ Singapore in April - I'll be there.... do let me know if you want to meet up. Now, looking for sponsor !!!!

- Port80 software offer new services - IIS Mechanics :)  do let me know if you engage with them... and by the way do visit Port80's team blog.

- A case study by Microsoft IT on Windows 2003 SP1 deployment. Short and simple guide for those that planning to role up SP1 soon.

MVP Insider !!

I got picked for March 2005 :)