May 2005 - Posts
Another useful tool to complete your IIS troubleshooting kits :) A must HAVE for IIS admins.
---
**Microsoft releases Debug Diagnostics 1.0 - Release Candidate 1**
Microsoft is working diligently on a new tool designed to make the life easier for IIS administrators and developers who are tasked with solving complex problems such as crashes, hangs, or memory leaks. The tool, called Debug Diagnostics 1.0, is the next generation debugging utility that extends on the functionality of previous tools such as IIS Debug Toolkit 1.1, Debug Matrix, and IIS State. This tool will be the only fully supported tool for debugging applications that run on IIS upon release and is supported on the IIS 4.0, 5.0, 5.1, and 6.0 platforms.
To join the beta and provide invaluable feedback to the designers,
please do the following -
1. Go to http://beta.microsoft.com
2. Login in with your passport id.
3. Login using the guest ID "DebugDiag" (it's case sensitive)
4. Click on the "IIS Debug Diagnostic Tool" link.
5. On the left hand side expand survey and select "IIS Debug Diagnostic Tool Nomination Form"
Note: if the customer only wants DebugDiag and doesn't want to sign up for the beta they can do this by selecting "Click here to download IIS Debug Diagnostic Tool" from the File Downloads section.
*You may be prompted to install an activeX control
This tool is also receiving full support via newsgroups which are available by doing the following -
To access WebNews newsgroups:
1. Connect to http://webnews.microsoft.com
3. For account name, enter "<Your Beta ID>"
4. Enter your Newsgroup Password (if you do not have a Newsgroup password - you can create it on BetaPlace by selecting Modify Your Info from the top navigation bar). Click OK.
5. Select the Program Name or particular newsgroup on the left pane to access.
To provide bug and customer feedback, please open bugs via the beta.microsoft.com using your Microsoft Passport. It would be incredibly powerful for us to get your feedback and make a true difference in your lives and Microsoft's.
---
Microsoft releases WBH ver 3.5. Get it here.
Just learned about this cool new feature included with W2k3 SP1. On top of centralized binary logging, you will now get centralized w3c logging! To enable it,
adsutil.vbs set w3svc/CentralW3CLoggingEnabled true
This will give you centralized text format logging for all website! Cool huh ?
Here's the sample log entries:
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status
2005-05-25 21:52:36 127.0.0.1 GET /iisstart.htm - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 200 0 0
2005-05-25 21:54:17 127.0.0.1 GET /aspnet_client - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 403 14 5
2005-05-25 21:55:55 127.0.0.1 GET /aspnet_client - 801 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.4322) 301 0 0
Take note that:
a) you can't customize the log filed ! as it's w3c format (without certain fields like cs-refer, cs-version, etc)
b) there's no site id or website identifier in the log! In the above log sample, the 2nd and 3rd requests is actually to two different websites (I used port 801 in another website). With no site id logged, it might be difficult to analyze each website activities in this centralized format.
And finally, here's the official detail from Microsoft about W3C centralized logging.
Updated 27/05/05 3pm.
Thanks to Matt, I was wrong :) you can configure what fields to be logged. Do this at Web Sites, right mouse - properties - at the 'Enable logging' section, click properties, then click on Advanced tab, select the desire fields.
I blogged about wildcard host header a while ago, and recently I read couple of postings regarding wildcard host header + SSL support. Wildcard SSL cert is supported by Microsoft, starting with IIS 5 (I think it works with IIS4 as well, but not tested). It works with the concept of a wildcard CN or common name as stated in this KB (Accepted wildcards used by server certificates for server authentication). The catch here is that each wildcard SSL cert is bind to a unique IP address, and it's not really working with host header. why? coz it just can't! due to the host header info is part of the encrypted data as describe in this KB (HTTP 1.1 host headers are not supported when you use SSL). So, just to be clear so that you are not confused. IIS supports both technologies in a 'way' but not mixing both as one feature that IIS supports.
In short, you can have host header + SSL for a specific website. On the other hand, for wildcard SSL site, you basically don't need host header already as the SSL binding is tight to the website IP address. Now, how can you have host header with SSL in IIS website ? (take note - this is normal host header, not wildcard)
Step 1: Get a wildcard SSL cert. Many commercial CA like Verisign, Thwate, etc support wildcard SSL cert. Just ensure that you are specifying *.yourdomain.com as the common name of the cert.
Step 2: Install the wildcard SSL cert to the website.
Step 3: Configure SSL port. Use SecureBindings metabase key. E.g.
cscript.exe adsutil.vbs set /w3svc/websiteID/SecureBindings "ip.ip.ip.ip:443:header.yourdomain.com"
Take note that, we specify the host header value in SecureBindings settings. So how about wildcard host header + SSL? well, I haven't tested this. But I would assume that it will work if you have 'blank' host header + wildcard * DNS A record + a wildcard SSL cert that bind to that specific IP address.
Say, you have 2 domains. You config will look something like this
Site 1: fa.com
host header
SSL Cert: *.fa.com
IP/Port: 192.168.10.1:80
SSL IP/Port: 192.168.10.1:443
Site 2: fb.com
SSL Cert: *.fb.com
host header
IP/Port: 192.168.10.2:80
SSL IP/Port: 192.168.10.2:443
hence, with wildcard dns entry for fa.com domain. A http query (e.g. iis.fa.com) to fa.com will be served at port 80, while https://ssl.fa.com will be taken care by port 443 + the *.fa.com wildcard cert.
Confuse ? .... :)
From time to time, you will get this error msgs when browsing ASP pages on both IIS 5 and IIS 6. In IIS 5, you might be able to fix it with this kb Cache ISAPI Application Option Causes ASP to Return Error. However, I have seen many times that this KB didn't solve the problem and you continue to get the above error msgs. Especially with IIS 6. The possible cause for this is vbscript.dll reference in registry got messed up and you need to re-register it. Try - regsvr32 %windir%/system32/vbscript.dll.
Having problem installing IIS with SP2? Keep getting file not found dialog box? No matter, which source installation CD or path you browse to, the system still claims that it can't copy the file? Well, try this new KB.
You may receive the "Setup cannot copy the file staxmem.dll" error message when you try to install IIS on a computer that is running Windows XP Professional with SP2
http://support.microsoft.com/?id=894351
I know this is late.... been busy! haven't touch my Xbox for months since I joined this new company! I even got games that still sitting inside the DHL delivery box :( Anyway, just go time to catch up with my favorite game console news! the Xbox 360, with 3 x 3.2GHz, damn! it's almost 10GHz if you add it all up. Read the complete factsheet here... and I believe the price will be rocket high when it is out.... I still can't get enough from my current Xbox yet! and typically console life is similar with Windows OSes... around 5yrs. So, I would guess that I will be getting my Xbox 360 somewhere in 2007/8 :) Just hope that this time, my wife don't always hide the power cord :p.
From time to time, I do google searching on myself :) Nothing in specific, just like to see what kind of search result I might get. Last week, a poster ping me and ask me about one particular result with the URL link “blurchu(dot)blogspot(dot)com”.... (sorry, I don't want to hyperlink it, coz it might 'conflict' with my search result). Anyway, it just happen that's there's a guy with my same nickname and staying in Malaysia :) He is some student studying in one of the local college. Funny right? that's google! Anyway, just want to tell you that, the url link is NOT me.
Last week I came across this article - 21 Things IIS 6.0 Migration Tool Doesn't Do, a pretty comprehensive article illustrating things that you can't do with the migration tool. If I might add a few more points:
- The migration tool doesn't take care of IIS FTP, SMTP and NNTP as well.
- During my last test with ver 1.0, it only support 1 site at a time, so with 200sites, you need to run it 200 times. Of coz, you can script it with its command line interface.
So with so many limitations what can the migration do? Well, here's a list of tasks that tells you what it did! Pretty limited, right? And here's the limitations that published by Microsoft. Honestly, this tool is suitable for small size migration, somewhere from 1 to 15sites. It's more than that I would suggest you get some third party tools like IIS Export, etc.
Is it possible? Yes, and Chris Adam got a solution for you in this month IIS Insider.
Important note: This is not supported by Microsoft, do this at your own risk.
Tool: Metabase Explorer from IIS 6.0 Resource Kit
Step 1: User Account Management
a) Create special user group for non local admin users. E.g. WebOperator
b) Place the desire users in this WebOperator user group.
c) Add WebOperator group to the IIS_WPG local group.
Step 2: Grant Basic Metabase Access
a) Run Metabase Explorer, right click COMPUTER node property, and select permissions.
b) Grant WebOperator group - READ permission.
c) Click on LM (Local Machine) node, right click, and select permissions.
d) Grant WebOperator group - READ permission
e) Click on W3SVC node, right click, and select permissions.
f) repeat step (b) and grant the permission.
g) Expand W3SVC node, repeat step (b) for App Pools, Filters and Info nodes.
Step 3: Grant Special User WebSite Access
a) Run Metabase Explorer, navigate to desire website node, and select permissions.
b) Grant the specific user account - FULL CONTROL permission.
c) Exit Metabase Explorer.
Note: If the user need to create new application or modify application pool configuration, grant the user FULL Control on the App Pool node.
Step 4: Create new customize IIS MMC
a) Click the Start menu, and then click Run.
b) Type Mmc.exe and then click OK.
c) In the MMC, click the File menu, then click Add/Remove Snap-in.
d) Click Add, and then select the Internet Information Services snap-in.
e) Click Add, click Close, and then click OK to return to the main MMC window.
f) Click the File menu, then click Options, select any of the User modes, and then click OK.
h) Click the File menu, click Save, and enter a relevant name for the new IIS MMC.
Step 5: Testing
a) Login as the user, fire up the customize IIS MMC
b) Try to administrative the website which the user has granted FULL CONTROL.
Note: if you are experiencing 'Access Denied' related error messages, most likely are due to permission settings in the above steps. Re-login as local admin and verify your configuration.
Good luck !
Well, there are no new KBs for IIS this month :) As most of the fixes and details are covered in W2k3 SP1 - IIS related post.
Formal IIS MVP, now the Server Evangelist @ Microsoft has started a blog few days ago. The blog posts will be IIS related of course, try it !
New IIS webcasts series URL - www.iiswebcastseries.com
Using Microsoft Operations Manager (MOM) Web Sites and Services Management Pack with IIS (Level 200)
Are poor response times or unavailable applications costing your enterprise hundreds to thousands of dollars in lost revenue? You need the recently released MOM Management Pack. This management pack helps administrators and developers find out about problems before they affect clients, by mimicking the client experience with Web applications and Web Services. In this webcast, you will learn how the MOM Management Pack works and watch demos that show how it can help you maintain application health.
Understanding Exchange Outlook Web Access and IIS 6.0 (Level 200)
Outlook Web Access (OWA) is a popular way for clients to access their mailboxes. OWA, which is part of Exchange, runs as a virtual directory or server in IIS 6.0. In this webcast, you will learn how IIS and Exchange work together to build this infrastructure and how Exchange 2003 uses several key ISAPI extensions.