IIS Study Guide

 
Internet Information Server 4.0

IIS4.0 is part of the Windows NT Option Pack.

Hardware Requirements.

486/50 with 16MB RAM and 50 MB disk space required.

P90 with 32-64MB RAM and 200MB-disk space recommended.

Software Requirements

NT Server 4.0 with Service Pack 3 and IE4.01 running TCP/IP.

NT workstation and Win9x can run personal web server, which is a scaled down version of IIS.

The core components of the option Pack are:

Microsoft Certificate Server 1.0 ñ issue digital certificates for security.

Microsoft Index Server 2.0 ñ Indexes websites so clients can perform a search via a query.

Microsoft Internet Information Server 4.0 (IIS) ñ Web Server.

Microsoft Management Console 1.0 (MMC) ñ The interface used to manage IIS. This is the future of Windows NT. The console provides a shell that applications will have a snap-in for. All Back Office products will have a snap-in for the MMC.

Microsoft Site Server Express 2.0 (SSE) ñ

Content Analyzer ñ Site Mapping, link Management and verification, and content analysis.

Usage Image and report writer ñ Analyze log files.

Posting Acceptor ñ Allows users to post content via HTTP.

Microsoft Transaction Server 2.0 (MTS) ñ used for developing scalable server applications.

WWW Service - IIS4.0 supports HTTP1.1, which is the newest standard. It is faster; more secure and provides Virtual-hosting abilities. WWW Service is for publishing html pages to be viewed as graphical in a browser. IIS4.0 allows you to have unlimited virtual websites.

FTP Service ñ File Transfer Protocol. Used primarily for file copies.  IIS4.0 allows you to have unlimited virtual FTP sites.  Each virtual FTP site requires its own unique IP address.  FTP does not support the uses of host headers for virtual servers.

NNTP Service ñ Network News Transfer Protocol. Hosts electronic discussion groups. Can be secured using Secure Sockets Layer (SSL)

SMTP Service ñ Simple Mail Transfer Protocol. IIS4.0 can act as an SMTP client allowing web based applications to send and receive messages. SMTP service requires the use of the NTFS file system.

Gopher is no longer supported in IIS4.0.

IIS and Active Server Pages. ñ Server side scripting for IIS with support for Vbscript and Jscript. Programmers can write programs that the client will run using html in a browser. The programs are triggered and run on the server.

Three ways to administer IIS.

Internet services Manager snap-in for the MMC ñ The graphical interface to the IIS settings.

Internet Service Manager (HTML) ñ allows for remote configuration. SMTP and NNTP can not be administered through the web-based option.

Scripting. ñ Allows for automated administration. ActiveX scripting allows scripts using Vbscript or Jscript. Dos command scripts are also supported.

Windows Scripting Host (WSH) ñ Allows you to execute scripts on the windows desktop or command console without embedding the scripts in an html document.

Metabase.

The Metabase replaces the registry in IIS 4.0. The metabase loads in memory and stores all of the configuration data. Some of the registry keys remain for backward compatibility but most info is in the metabase. The file is metabase.bin in the Inetsrv directory, which is where IIS got installed.

Hosting multiple domains on one server.

Use unique IP addresses for reach domain
Use one IP and unique host headers for each domain
Use one IP and assign different ports to each domain.
Virtual directories ñ A web site can point at any directory on any physical hard drive on the IIS computer or on another computer in the same domain. It will appear to the surfer that that directory is the www root.

Properties

The top-level property sheet is the master properties. This is created during install and will be inherited by all sites created. If you change the master properties, all future sites will be affected but not existing.

You can change the properties for a site after creating it.

Web Site Properties - What properties can be set from each of the tabs in the MMC.

Web Site Tab

Web site ID

Description ñ the name you wish to reference the website by.
IP Address ñ Put in the IP address of your website. Use the advanced tab to change ports or use host headers.
TCP Port ñ defaults to 80 but can be changed
SSL Port ñ determines port used by the secure sockets layer.
Connections

Unlimited ñ allows an unlimited number of simultaneous connections
Limited to ñ Put in the number of simultaneous connections you want to limit to.
Connection Timeout ñ Set the length of time in seconds before disconnecting an inactive user.
Logging

W3C Extended Log File Format
NCSA Common Log File Format
ODBC Logging ñ Logs to a SQL database and is very resource intensive.
Operators Tab

Designate users to be able to administer specific websites by username or group.
Performance Tab

Bandwidth throttling ñ Limit bandwidth used by a website.
HTTP keep-alives allow clients to maintain an open server connection instead of reconnecting. Enabled by default
ISAPI Filters Tab

Used to run remote applications.
Home Directory Tab

Access permissions ñ choose read or write. Write allows upload capabilities for browsers supporting the put command.
Content Control:

Log access records visits to the directory in a log file.
Directory Browsing Allowed shows an automatically created listing of the files and subdirectories.
Index this directory tells Index Server to include the directory in a full text index.
Front Page Web will create a Microsoft Front Page web for the directory.
Application Settings

Run in separate memory space runs the application in a separate memory process from the web server.
Permissions - None doesnít allow programs or scripts to be run, Script enables a script engine to run without having execute permissions set. Execute allows scripts, .dllís and .exeís to be run.
Configuration

Application Mappings ñ map file name extensions to the applications that process the files.
Active Server Pages ñ set options tat control how ASP scripts run.
ASP debugging ñ set debugging options for ASP scripts
Other ñ use this property sheet to set or change CGI Script timeout.
Documents Tab

Enable default document ñ tells which page to show if a specific page is not requested.
Enable document footer ñ automatically insert a footer. Used to add a logo or identifying text to your pages.
Directory Security Tab

Anonymous Access and Authentication Control

Allow Anonymous Access ñ users will all log on using an anonymous or guest account. Edit will allow you to specify an account
Basic Authentication ñ User will be authenticated and password will be sent in clear text. Will only be authenticated if Allow anonymous is unchecked or NTFS Access control is restricted.
Windows NT Challenge Response - Will only be authenticated if Allow anonymous is unchecked or NTFS Access control is restricted. Non Microsoft browsers that do not support Challenge response will get access denied.
Secure Communications

Uses Key manager to create a certificate request.
IP Address and Domain Name

Granted access will grant access to all computers except the ones you specify
Deny Access will deny all computers access except the ones you specify.
HTTP Headers Tab

Enable Content Expiration ñ The browser compares the date against the expiration date and decides whether to use a cached page or request a new page.
Custom HTTP Headers send a custom HTTP header to the client browser.
Content Rating adds http headers to rate content. This can help browsers filter out objectionable content.
MIME Map configures Multipurpose Internet Mail Extensions. Set the file types that the web server returns to the browser.
Custom Errors Tab

Messages returned to browser in case of an http error. Customize page not found and other errors.

Configure IIS to support the FTP Service

By default, the FTP Service is installed with IIS. To create a new FTP site:

Start ® Programs® Windows NT 4.0 Option Pack® Microsoft Internet Information Server® Internet Service Manager, Internet Information Server Folder, highlite the computer that will host the site® Action® New FTP Site

From this point the FTP Site Wizard will guide the creation of the new site. You will be prompted to enter a name for the site, the IP address and TCP port the FTP site will use, the root folder location of the site, and the access permissions for the root folder. Access permission options are Read and/or Write. After configuration, you will need to manually start the FTP site.

When configuring FTP sites (and WWW sites as well) you have the option of applying the default site's master properties to all "child sites," or applying specific properties to specific sites. By default, the properties set at the default site level will be inherited by all sites created on that IIS server. If properties are set for a specific site, they will over-ride the defaults.

Configuration Properties

FTP Site properties - includes the description, IP Address, TCP Port, Connection Limits, Connection Timeouts, and Active Log Format.

Security Accounts - includes requirements for Anonymous Access, Password Synchronization, and authorized Operators of the site.

Messages - allows you to specify messages shown at Welcome, Exit, and Maximum Connections.

Home Directory - includes the path to the site's Home Folder, whether the location is local or a remote share on another computer, permissions to the folder (Read, Write, Log Access), and the Directory Listing Style (MS-DOS or Unix).

Directory Security - allows you to restrict access to the site based on IP Address, IP Network Address and Subnet Mask, or Domain Name. When restricting by Domain Name, DNS reverse lookup is required, which can degrade performance.

Both the FTP and WWW services support the creation of Virtual Directories and Virtual Servers. A virtual directory is one that does not exist on the same server that is hosting the site, or is not part of the home directory for that site. Virtual directories must be referenced using UNC paths. The purpose and advantage of a virtual directory is that it will appear to the user as an extension of the site. This allows the administrator to include directories that do not exist in the home folder in the site. A virtual server is created when one IIS server hosts multiple WWW or FTP sites. Virtual servers are supported through IP Address assignment, Name Resolution Systems, Internet Name Resolution, or Host Header Names. Virtual Servers will be covered later in this document.

The creation of a virtual server allows the administrator to incorporate bandwidth throttling into the administration of the site. Bandwidth throttling allows you to specify the maximum amount of bandwidth that the site has access to (in KB/s). It is set on the Performance tab of the Site Properties Page.

Configuring IIS to Support the WWW Service

Configuration of the WWW Service is similar to the FTP Service, however there are more configurable properties, and the arrangement of those properties is slightly different.

Web Site properties - identical to the FTP configurations.

Operators - only the users and groups allowed to administer the site are configured here. Operators CAN manage the properties of the site and specify security properties. Operators CANNOT change port numbers, the Site identification, the anonymous user account or password, bandwidth throttling, add virtual directories, configure ISAPI filters, or stop, pause or restart a site.

Performance Tuning - includes options to tune performance based on the # of hits per day (fewer than 10,000, fewer than 100,000, or more than 100,000), Bandwidth Throttling, and HTTP Keep-Alives. HTTP Keep-Alives allow the connection established by a user to remain open for a longer period of time. This prevents the reestablishment of a new connection for each new request and can significantly improve performance.

ISAPI Filters - allows for the addition, ordering, and priority of ISAPI (Internet Server Application Programming Interface) filters.

Home Directory - includes the path to the site's Home Folder, whether the location is local, a remote share on another computer, or a redirection to a URL, permissions to the folder (Read, Write, Log Access, Directory Browsing Enabled, Index this Directory, and FrontPage Web), and Application Settings (the starting point of a specific folder. By specifying your home folder as an application, every local directory and virtual directory contained in your site is able to participate in the application. Applications can then be run in separate memory spaces). Permissions for how applications can be accessed are also set on this tab including None, Script, and Execute.

Documents - allows you to specify the default document(s) that will be displayed if no specific document is called. Multiples are allowed and they are applied in the order they appear (in the event one is unavailable). (Document footers can also be specified on this tab).

Directory Security- allows specification of anonymous access and authentication control. Authentication options are Anonymous, Basic (clear text), or Windows NT Challenge/Response (most secure, but only supported by IE3 and later). Secure Communications are also set on this tab. Within the Secure Communications section you create and manage Key requests and Key certificates. In addition IP Address and Domain Name Restrictions are set here, identical to the FTP properties.

HTTP Headers - allows specification of content expiration, custom headers, content rating, and MIME mapping.

Custom Errors - allows the administration of error messages returned, and creation of custom error messages.

Configuring Virtual Servers to use Host Headers

When multiple servers are configured to use the same IP Address, you must provide some mechanism for determining the called site. This is accomplished through the use of Host Header Names. In order to use Host Headers, you must:

  1. Use DNS or HOSTS files for name-resolution


    2. 2. Configure Host Headers for each virtual server

    To configure a Host Header:

    Internet Service Manager® Virtual Site you want to configure® Properties® Advanced Button® Add. Complete the configuration by supplying the IP Address, TCP Port, and Host Header Name.
     
     
     
     

    Configure and Save Consoles by using the Microsoft Management Console

    Creating consoles in the MMC is very easy. Simply open the console, arrange the elements to suit your preferences, then select Console® Save As and specify the name you want to give the console. Consoles should be saved with the .MSC extension and once created, can even be emailed to other operators.

    Verify Server Settings by Accessing the Metabase

    The Metabase is basically a much quicker Registry used exclusively with IIS. Its organization is similar to the registry, and the "sensitivity and volatility" of the Metabase is identical to the NT Registry. It is not a place for the faint of heart or reckless. The Metabase maintains information and configuration parameters for computers, web sites, virtual directories, directories, ad files. The easiest way to directly manipulate the Metabase is by using the MDUtil.exe utility distributed with IIS 4. In essence, to verify the Metabase using MDUtil.exe, run the utility from a command prompt within the System32\INETSRV folder (the exact command would be mdutil enum_all>c:\metabase.txt). This will create a text dump of all the keys in the Metabase. You can then scroll through the information contained in the text file and verify configuration settings and values in the same manner as you would when working with the NT Registry. As with the NT Registry, manipulation of the IIS Metabase should be accomplished through the GUI utilities.

    Choose the Appropriate Administration Method

    There are three options:

    Internet Server Manager Snap-In - accessed through the MMC, it is the preferred method of administering IIS.

    Internet Server Manager (HTML) - also accessed through the MMC. It allows administration over the Internet using HTML. Note: When using this method, you should use SSL services for optimum security.

    Windows Scripting Host (WSH) - used to execute scripts from a command line using Wscript (scripting for the Windows desktop) or Cscript (scripting from a console prompt). WSH allows automation of administrative tasks through the creation of scripts.
     
     
     
     

    Install and Configure the Certificate Server

    Certificate Server can only be installed by selecting the Custom Setup option during installation of the Option Pack. During Certificate Server setup, you will be prompted for the location of a shared folder for Data Storage (C:\Inetpub), the Database Location (C:\WINNT\System32\Certlog), and a Log Location (C:\WINNT\System32\Certlog). You must then provide identification information for your Certificate Server including, CA Name, Organization, Organizational Unit, Locality, State, Country, and CA Description.

    Install and Configure the SMTP Service

    SMTP installation is only available through the Custom Setup option of the Option Pack. The configurable properties are:

    SMTP Site - options for the Description of the site, IP Address, TCP Ports (incoming and outgoing, the default being 25), Connection Limits, Connection Timeouts, Connection Limits per Domain, and Active Log Format.

    Operators - allows you to specify the authorized Operators of the Service.

    Messages - allows Message Limits by Maximum Message Size and Maximum Session Size (the message size can exceed the maximum until the point that it exceeds the session size, in which instance he connection will be closed), Maximum Number of Outbound Messages per Connection, Maximum Recipients per Message (if either are exceeded a new connection is opened to handle the overage), Account to send Non-Delivery Reports to, and the location of the Badmail Directory.

    Delivery - allows specification for Maximum Retries (default of 48) and the Retry Interval (in minutes) for both the Local and Remote Queue. You can also set the Maximum Hop Count, a Masquerade Domain, the FQDN, and designate a Smart Host (another SMTP server through which all mail from this site will be routed, typically used to specify the SMTP host of your ISP). From the Delivery tab, you can also set that Direct Delivery should be attempted before sending to a Smart Host, and that DNS Reverse Lookup be performed on all incoming messages.

    Directory Security - In addition to Anonymous Access, Secure Communications, and IP Address and Domain Name restrictions identical to the WWW Service, this tab also allows the configuration of Relay Restrictions, which allow you to specify which IP Addresses are allowed relay access to this site.

    Install and Configure the NNTP Service

    NNTP installation is only available through the Custom Setup option of the Option Pack. The configurable properties are:

    News Site - allows for the Description, Path Header (the string that will be displayed in the path line of each news posting), IP Address, TCP port (default is 119), SSL port (563), Connection Limits, Connection Timeouts, and Active Log Format.

    Security Accounts - allows for Anonymous Access and authorized Operators.

    NNTP Settings - allows for Allow Client Posting, Post Size Limit, Connection Size Limit (the size of all posts a single client can post within a single session), Allow Servers to PULL Articles from this Newsgroup, Allow Control Messages, IPAddress of the SMTP Server for Moderated Groups, Default Moderator Domain, and the Administrator's Email Account.

    Home Directory - allows for designating a LOCAL or REMOTE SHARE directory that is the home directory, Access Restrictions of Allow Posting and Restrict Newsgroup Visibility, Content Control of Log Access and Index News Content, and Secure Communications (SSL).

    Directory Security - allows for Anonymous Access, Secure Communications, and IP Address and Domain Name restrictions identical to the WWW Service.

    Groups - allows for the addition modification, and deletion of newsgroups.

    Customize the Installation of Microsoft Site Server Express Content Analyzer

    From the View Menu, select Program Options to access these five tabs:

    General - allows you to specify the path to IE, or an inferior browser (such as Netscape), Synchronize WebMap to Browser Location, and Change Columns based on Object Type in the Results Window.

    Helpers - allows you to configure Content Analyzer to launch a helper application to view or edit any of the defined file types. Up to 9 helpers can be identified for each file type.

    Proxy - allows for configuration of a Proxy Server.

    Cyberbolic - allows for the configuration of the behavior of the cyberbolic view in Webmaps.

    Passwords - allows you to tell Site Server Express the passwords for sites you will be accessing.

    Customize the Installation of Microsoft Site Server Express Usage Import and Report Writer

    I assume Microsoft is referring to setting up the proper log format and configuring the parameters for that log. However, be familiar with using Usage Import to log information and Report Writer to analyze those logs. These topics will be covered later in this document.

    Log File Formats

    Microsoft IIS Log File Format - uses a predefined ASCII, comma-delimited format. Logs User's IP Address, UserName, Date and Time (local), HTTP or FTP status code, Bytes Received, Bytes Sent, Elapsed connection time, Actions performed, Source or Target file uploaded or downloaded.

    NCSA Common Log File Format - uses a predefined ASCII, space-delimited format. Logs Remote Host Name, UserName, Date (local), Time (local), Request Type, Http Status Code, Bytes received by server.

    ODBC Logging - allows you to log to an ODBC compliant database such as SQL. You must create an ODBC database that contains the following fields: ClientHost, Username, LogTime, Service, Machine, ServerIP, ProcessingTime, BytesRecvd, BytesSent, ServiceStatus, Win32Status, Operation, Target, Parameters. Then you must configure the ODBC logging properties (such as DSN, Table, etcÖ) through the ODBC applet in control panel.

    W3C Extended Log File Format - uses a customizable ASCII, space-delimited format. Loggable fields are Date, Time (GMT), Client IP Address, UserName, Service Name (internet Service client is using), Server Name, Server IP, Server Port, Method (Get, Put, etcÖ), URI Stem (the type of resource being accessed), URI Query, HTTP Status, Win32 Status, Bytes Sent, Bytes Received, Time Taken, Protocol Version, User Agent (browser type), Cookie, Referrer.

    Log File Properties

    If you are using Microsoft IIS Log File Format, NCSA Common Log File Format, or W3C Extended Log File Format, there are general properties that you can configure with regard to the log period and the location of the log file.

    Log Period Options

    Start Log Daily, Weekly or Monthly. In addition, the log file size can be set to unlimited, or to start a new log file when a predetermined threshold size is reached.

    Log File Directory

    By default is C:\WINNT\System32\LogFiles, but can be customized.

    Create and Share Directories with Appropriate Permissions. Tasks Include Setting Directory-Level Permissions and Setting File-Level Permissions.

    When assigning security with respect to IIS, keep a few basic concepts in mind. The IIS server MUST be installed on top of NT 4. This dictates that a Domain must be created (or the IIS server added to an existing Domain). One of the most basic concepts of a Domain environment is that ALL users must have an account (or access to an account) in the Domain to access the resources it holds. As we know, everyone means everyone, including users who access our resources (Web sites) over the Internet. Therefore, they must have access to a Domain account. IIS accomplishes this through the creation of the IUSR-computername account. This account is used to allow anonymous access to resources in the Domain. Treat the IUSR account as any other user account within your domain. You can assign NT permissions to the IUSR account directly, or by including the account in groups to which you have already assigned appropriate permissions. With respect to the Internet, Intranets and extranets, assign permissions exactly as you would to any Domain resource, by placing users into global groups, global groups into local groups, and assigning permissions to the local group. This NEVER changes, and if followed correctly, can make your administrative responsibilities much more manageable.

    The introduction of the IIS permissions into the mix actually enhances security by providing another layer of verification. Remember that in any instance where two different types of permissions are assigned, the most restrictive will always be applied. This encompasses the combination of Share and NTFS, Share and IIS, and IIS and NTFS. ALWAYS use NTFS whenever possible. Always rename the IUSR and Administrator accounts. Always use shifts and special characters in passwords, and make the passwords as long as possible.

    Create and Share Local and Remote Virtual Directories with Appropriate Permissions. Tasks include Creating a Virtual Directory and Assigning an Alias, Setting Directory-Level Permissions, and Setting File-Level Permissions

    Simply stated, a virtual directory is a directory that appears to reside on the same server as the home directory, when in fact it does not. This allows the load of a Web site to be spread over multiple servers. However, without proper planning, the use of virtual directories can actually degrade performance. Methodic planning and testing is absolute.

    To create a virtual directory:

    Select the Web or FTP site that the directory will be added to, then from the Action button select New, Virtual Directory, and follow the prompts presented by the wizard. You will be prompted for a Name for the virtual directory, and the path to its location.

    For a LOCAL virtual directory, supply the FULL path to the folder (root\Files\Shareware)

    For a REMOTE virtual directory, supply the path in UNC form (\\computername\sharename)

    For a Redirected URL, use a valid destination URL (http://www.dwood.com)

    Permissions are assigned to virtual directories through the Directory tab of the virtual directory's property sheets. The Directory tab addresses such issues as Access Permissions (Read or Write), Content Control (Log Access, Directory Browsing Allowed, Index this Directory), and Application Settings including Application Permissions (None, Script, Execute). Remember that if you are using NTFS, the MOST RESTRICTIVE permission will be applied, so set the virtual directory permissions accordingly.

    Create and Share Virtual Servers with Appropriate Permissions. Tasks Include Assigning IP Addresses.

    Any server that hosts multiple Web sites simultaneously is known as a virtual server. As we know, each site on the WWW must have a unique IP address. This creates a problem in terms of hosting more than one site from the same computer, as without some other form of resolution, a unique connection to the Internet would be required for each Web site. IIS addresses this problem through the use of Host Header Names.

    Each Web site has a unique, three-part identity that it uses to receive and respond to requests:

    IP Address, Port Number, Host Header Name

    An alias is simply a name given to a virtual directory by which clients can access the directory. This eliminates the need for clients to connect using the full UNC path to the directory.

    By assigning unique port numbers and host header names to a single IP address, the ability to host multiple sites from a single server is accomplished. However, only HTTP 1.1 compliant browsers support the use of host headers so it is likely that not all of your clients will be able to reach your sites as easily as you would like.

    To configure a virtual server using host headers:

    1. Right click the site that will be the virtual server and select Properties

    2. Select the Add button in the Multiple Identities dialog box

  2. Enter the TCP Port, IP Address and Host Header Name
When creating virtual servers it is imperative that you set permissions appropriately before allowing access to the sites from the Internet. Consider authentication requirements, the use of SSL and certificates, logging, and other security concerns in the context of the purpose of the site. Will it be used for information only? As a support site? To purchase items from the internet? As an Intranet? The answers to these questions will dictate much of how your security should be defined. Remember the old adage "better safe than sorry."

Write Scripts to Manage the FTP Service or the WWW Service

1-800-I DONT CODE. Ok, if this shows up on the exam (and I doubt it will) I'm sending up the sacrificial lamb. I'm an engineerÖnot a programmer. Sorry folks!

Manage a Web Site by using Content Analyzer. Tasks include Creating, Customizing, and Navigating WebMaps; Examining a Web Site by using the Various Reports Provided by Content Analyzer; and Tracking Links by using a WebMap

Much of the configuration we addressed earlier in this document will aid greatly in the analysis of sites using Content Analyzer. WebMaps can be created from URLs or from files.

WebMaps from URLs - select the New Map command. Content Analyzer will then explore the site (up to 100 pages), create a map, and generate reports that give summary information about the target. From the Options Button on the New Map dialog box, you can set other parameters such as a different Page Limit, Extend or Restrict the Domains and/or Site paths to be mapped, where the map will begin and end, and the agent that will be used to explore the site (Microsoft, Mozilla 2.0, or Mozilla 3.0) Robot Protocol parameters.

WebMaps from Files - select File, New, Map from File from the Content Analyzer menu bar. In the Domain and Site Root text box, enter the domain and root directory for the site. If there are CGI scripts in the site, enter their location in the CGI Bin Directory box, then click OK and Content Analyzer will begin the mapping process. To change any of the default mapping options, click the options button from the New Map dialog box.

Content Analyzer contains two views: Tree and Cyberbolic. Navigation is fairly straightforward.

Generate Reports from the Tools menu of the WebMap screen, then select Generate Site Reports. Using the Site Report, you can view your site's configuration through:

Object Statistics - the number of resources your site is using.

Status Summary - the number of local and remote objects. This also specifies whether links are valid or invalid.

Map statistics - define a time stamp for the map, the number of levels explored, and the average number of links per page.

Server Summary - an overview of the Web site.

Configure Microsoft SMTP Service to Host Message Traffic

By default, SMTP is configured to handle mail for one default domain. You can add aliases to the service so that SMTP can handle mail destined for those names. There are two types of domains:

1. Local domains route mail to the drop directory on the local host. Use this option when you need to specify another domain name for your mail server.

  1. Remote domains route mail to other SMTP hosts. Use this option when you need to override your site' authentication, encryption, and smart host settings for a specific domain.
To create a new domain:

1. Right click the SMTP Service and select New, Domain

2. Select Remote or Local and enter the FQDN for the new domain

3. Then Right click on the new domain and select Outbound Security

4. Configure authentication and encryption settings and click OK

Configure NNTP Service to Host a Newsgroup

Configuration has been covered earlier in this document.

To create a newsgroup:

  1. Right click on the NNTP server you want to add the newsgroup to and select Properties
  2. From the Groups tab, select Create New Newsgroup
  3. Type the name for this newsgroup in the Newsgroup text box. Also type any desired description.
  4. Specify whether the newsgroup is read-only.
  5. Specify if the newsgroup is to be moderated. If so, configure the moderation parameters.
NNTP expiration policies dictate how long articles will be kept, and how large the entire newsgroup can be. The absolute maximum size is 500MB.

When the NNTP service is paused, existing connections continue to be serviced.

Configure Certificate Server to Issue Certificates

Configuration has been covered earlier in this document.

To create a certificate request file:

  1. Run the IIS Key Manager from the Internet Service Manager.
  2. Use Key Manager to generate a key pair and certificate request.
  3. Run CertReq to submit the certificate request to MS Certificate Server and obtain the certificate.
  4. Install the certificate by copying and pasting the contents as directed.

 
 
 
 

Configure Index Server to Index a Web Site

Basic configuration of Index Server has already been covered in this document.

Index Server works in a fairly simple manner. Initially it creates a catalog of all the words in all the documents on your site. Contained in the catalog is a dictionary style entry for each word with a list of all the documents that contain that word. When a query is run, Index Server returns the list of all the documents that contain the word(s). Index Server searches only the virtual directories you specify, which by default is the entire site. If you have virtual directories that you do not want indexed, you should be sure to remove the "Index this Directory" property from that site's Home Directory tab. If your server hosts more than one site, you will want to create separate indexes for each site so that documents from one site don't show up in a query performed on the other.

When indexing a document, Index Server initially builds a word list, which is stored in RAM. When the word list becomes large enough, it is merged into a structure called a shadow index (this is called a shadow merge). The shadow index is stored on the hard drive. Shadow indexes are NOT compressed as they are optimized for speed. Occasionally, Index Server will combine shadow indexes together in a process called an annealing merge. The process of combining all the shadow merges together is called a master merge and results in a compressed structure called a master index, which is very fast to search. After a master merge the shadow indexes are deleted, and the process begins again. This process of multiple merges makes Index Server's response time the fastest possible while making query results as accurate as possible.

To create a new catalog:

  1. Start, Programs, Option Pack, Index Server, Index Server Manager.
  2. Right click Index Server on Local Machine and select Stop.
  3. Right click Index Server on Local Machine and select New, Catalog.
  4. Name the catalog.
  5. Browse to the location of the site you want to index and click OK.
  6. Right click the new catalog and select Properties, Web, Generation, then click OK.
  7. Right click the new catalog again and select New, Directory, then browse to the default directory for the site (this will add the directory to the catalog).
  8. Right click Index Server on Local Machine and select Start to begin indexing the site.
File Types associated with Index Server:

Query Forms - usually HTML files - the forms to input the data on which a query will be run.

.idq - Internet Data Query Files - the actual query file (script)

.ida - Internet Database Administration files - the file that returns the query result to the browser

.htx - HTML extension files - focus on "overall houskeeping" of Index Server instead of the actual queries.

Manage MIME Types

Multipurpose Internet Mail Extensions - basically identify the type of file binary data is contained in. Think of MIME mappings as file associations. They identify what type of file this is, and can help identify what application should be used to open the file.

To configure MIME mappings for your IIS Server:

  1. From the IS Manager, right click the IIS server you wish to configure.
  2. Select Properties
  3. Click File Types in the Computer MIME Maps Section of the Properties dialog box.
  4. Click New Type and enter the extension associated with the file.
  5. In the Content Type (MIME) Dialog box, enter the MIME type followed by the filename extension in the form mime_type / filename_extension
Manage the FTP Service

Managing the FTP Service involves setting the configuration parameters previously discussed to accomplish such objectives as limiting connections, timeouts, log formats, setting custom messages, directory listing styles, creating sites, testing sites, coordinating NTFS permissions, creating virtual directories and other general administrative duties. Another rather important consideration is the possibility of virtual servers and bandwidth throttling.

Also, remember that properties set on a specific site override the global properties.

Manage the WWW Service

Managing the WWW Service involves setting the configuration parameters previously discussed to accomplish such objectives as Operators, performance tuning, bandwidth throttling, HTTP Keep-Alives, ISAPI Filters, Home Directory parameters (including access permissions and content control, application settings, content location), default documents, Anonymous access and Authentication Control, SSL, IP and Domain Name Restrictions, HTTP headers (including content expiration, custom HTTP headers, content rating, and MIME mappings), Custom Errors, and configuration of virtual directories, virtual servers, and host headers.

The administration of security is of paramount importance in regard to the WWW Service. Another rather important consideration is the possibility of virtual servers and bandwidth throttling. Also, remember that properties set on a specific site override the global properties.

Configure IIS to Connect to a Database. Tasks Include Configuring ODBC

Connection to databases is accomplished through MDAC 1.5 (Microsoft Data Access Components). It contains:

ActiveX Objects (ADO)

Remote Data Services (RDS)

Object Linking and Embedding (OLE)

Open Database Connectivity (ODBC) Driver Manager

ODBC Drivers for Microsoft Access, Microsoft SQL Server, and Oracle

In addition IIS also offers legacy support through:

Advanced Data Connector (ADC)

Joint Engine Technology (Jet) through Data Access Objects (DAO)

Remote Data Objects (RDO)

Internet Database Connector (IDC)/Internet Database Query (IDQ)

Of these ADO is the most dynamic and flexible model available. Essentially a collection of ActiveX objects, it is designed to seamlessly integrate with Active Server Pages.

The ODBC Drivers essentially pass data from the Web application to an ODBC compliant database. The drivers require a DSN (Data Source Name) which can be specified as SYSTEM (all logged on users are allowed access to the database), or USER (limits connectivity with the database to s specific user with appropriate security credentials), or FILE (a text file lists multiple users who have access to the database).

To configure ODBC:

  1. From the ODBC Control Panel Applet, System DSN tab, click Add.
  2. Select the database driver for your database in the Create New Data Source Dialog Box, then click finish. (This method should allow all connected users access to the database).
With respect to SQL you should be aware that there are two options for connecting to a remote server, Named Pipes and TCP/IP Sockets. Using Named Pipes, authentication is accomplished through NT's NetLogon Service. This creates the possibility that a user connecting to a remote SQL server may be denied access due to the lack of an appropriate account in the SAM database of the interactive computer. With TCP/IP Sockets, authentication is performed through SQL Server authentication.

Further, if SQL's Integrated or Mixed security features are implemented on a remote server, you must use Basic authentication, as NT cannot forward Windows NT Challenge/Response credentials from an IIS server to a remote computer.

Configure IIS to integrate with Index Server. Tasks Include Specifying Query Parameters by Creating the .idq file, and Specifying how thee Query Results are Formatted and Displayed to the User by Creating the .htx file

YeahÖ..RightÖ.uhmÖ.is this the MCSE??? One more lamb, coming right up!

Configure IIS to Support Server-Side Scripting

Server-Side Scripting refers to the process of building a dynamic Web page at the server, based on the request from a client (browser) or a server-side include. There are 3 primary processes that IIS supports to accomplish server-side scripting; Active Server Pages (ASP), Common Gateway Interfaces (CGIs), and Internet Server Application Programming Interface (ISAPI). One major advantage of server-side scripting is that the client requesting the document cannot read the scripts themselves. They are stored and executed on the server and only the output is sent to the requesting browser.

Active Server Pages - a multilanguage environment that allows JScript, VBScript (the default primary scripting language), and ActiveX controls to be used in parallel to expand dynamic HTML. An engine processes ASP scripting on the Web server, creating an HTML page that is sent to the browser. IIS 4.0 includes the following new features to enhance ASP:

Microsoft Script Debugger - improves ASP debugging.

Transactional Scripting - Creates a transaction of the script, reducing failure or corruption from incomplete events.

HTTP 1.1 Protocol support.

Support for Internet Explorer Channels and Webcasting.

Script in .asp files is not event driven. Therefore, syntax and runtime errors are caught immediately.

Creation of ASP files is extremely simple. Simply add scripts to any HTML file you like, rename the file with the .asp extension, then save the file in a directory that has either the Script or Execute permission applied.

ASP files have the advantage of being able to run in a separate memory space, thereby improving the stability of the server in the event of an ASP crash.

Common Gateway Interface - the first and oldest method of building dynamic Web pages. They are basically written with no regard for the operating system involved. CGIs are run in a separate memory space, consume more system resources than ASPs, and process more inefficiently as the number of sessions increases. IIS supports CGI right out of the box, however:

  1. Neither NT Server nor IIS supplies any default CGI scripting language. For any language that will be supported, an interpreter must be installed (PERL is the most commonly used language for CGI construction).
  2. The ScriptMap Registry key AND the Metabase must reflect the registration of the scripting language application.
  3. The first line passed in the CGI script must be the translated path identifying the NT filing system location of the CGI executable. The second line is the executable parameters and/or switches.
To configure IIS for CGI support:
  1. Create a directory to hold the scripts or use the default CGI-BIN directory.
  2. Keep executable files in a separate directory from content files.
  3. Install a script interpreter to support script execution.
  4. Ensure that the script file directory has either Script or Execute Permission applied. Executables require the Execute Permission.
  5. Mark the Script Interpreter files as Script Engines to ensure proper execution.
  6. Create the Application Mapping between the script file extension and the script interpreter.
  7. Set appropriate NTFS permissions for the directories that contain the Interpreter and those that will be accessed by the CGI.
  8. Ensure that the CGI will access only directories that are safe for them to read.
Configure IIS to run ISAPI Applications

ISAPI is far superior to CGI in terms of lower overhead, faster loading, and better scalability. ISAPIs can run as much as 20 times faster than CGIs. ISAPIs are divided into two types:

  1. ISAPI Extensions - loaded when called by an application. In the form of DLLs, ISAPIs can be run in or out of process. One disadvantage of ISAPI extensions is that they execute only once regardless of the number of client requests. This means that failure of the ISAPI will disrupt all sessions that are actively calling it, and the failure could also cause the server to crash or lock.
  2. ISAPI Filters - loaded with the server, and ALWAYS run in process. Can be used to customize and enhance the services provided by the server. ISAPI Filters are driven by Web server events rather than by client requests (as is the case with ISAPI extensions). Filters respond when the Web server receives an HTTP request. You can set ISAPI Filters for every Web site (the Global filters) or for specific sites. If both Global and Site filters are installed, the two filter lists are merged for the site.
To add filters, from the ISAPI Filters Tab of the Properties page of the Web Site or Web Server (Global), Add, enter the name of the filter, the DLL executable, and evaluate the order in which filters will load. Note: When adding filters to a site, the global filters will not be displayed, even though they will be applied. When adding or modifying Global filters, you must stop and restart the Web server to load the filters. However, filters added at the site level are effected immediately. Global filters are run before Site filters. Filters can also be cached from the Configuration button of the Virtual Directory, Home Directory, or Directory tab of the Web site's Property Pages.

To Install a DLL - (configuring IIS for ISAPIs)

  1. In Internet Server Manager, select the Web site or the starting-point of the directory of an application.
  2. Right click and select Properties, then the Home Directory, Virtual Directory, or Directory Tab.
  3. Click on Configuration, then App Mappings tab.
  4. Add the extension and file pathname, than click OK.
Maintain a Log for Fine-Tuning and Auditing Purposes. Tasks include importing Log Files into Usage Import and Report Writer database, Configuring the Logging Features of the WWW Service, Configuring the Logging Features of the FTP Service, Configuring the Usage Import and Report Writer to Analyze Logs created by the WWW or FTP Services, and Automating the use of Usage Import and Report Writer

Much of the information needed to complete these tasks involves a thorough understanding of the Log file formats. They have been adequately discussed earlier in this document, however there are some specifics we should look at.

Log files are imported into Usage Import through its own Server Manager utility. In order to import data through the Usage Import Server Manager Utility, you must configure three levels of the log import:

  1. Log Data Source - the Log file format you specified when enabling logging on the site.
  2. Server - most Log files contain data on multiple servers.
  3. Site
Configuration of Usage Import
  1. Start, Programs, Option Pack, Site Server Express, Usage Import. At this point you may see a message indicating that Server Manager must be configured. Ensure that this has been done.
  2. Specify the type of Log you will import. Server Manager will then prompt you to configure the Server Type (FTP or WWW), any directory index files that will be included, IP Address if the computer is multihomed, Local time zone and domain name.
3. Specify the location of the Log file you want to import, then select File, Start Import.

To run any of the 21 Predefined Reports in Report Writer

  1. Start, Programs, Option Pack, Site Server Express, Report Writer, Open One of Your Own Reports, click the name of the predefined report, click OK.
2. Click File, Create Report, specify a Report Name, and Format (HTML, Word, Excel), Click OK.

To Automate the Use of Usage Import and Report Writer

The scheduler utility in Site Server Express is used to automate Site Server Express events.

  1. In Usage Import select Tools, Scheduler
  2. Right click on All Jobs and Select New Job, Check the Active box.
  3. Specify the periodicity and time for the task to occur, click OK
  4. Right click on New Job and select New Task, select Import Log File
  5. Enter Log Data Source and Log Path along with any other relevant information and click OK.
  6. Repeat the Process for Report Writer.
Monitor Performance of Various Functions by Using Performance Monitor. Functions Include HTTP and FTP Sessions

Relevant Counters for IIS Global Object

Cache Hits - The number of times a file or folder requested could be serviced from memory.

Cache Hits % - Ratio of requests as a percentage of those serviced from the cache.

Cache Misses

Cached File Handles - The number of file handles allocated for IIS.

Current Blocked Async I/O Requests - The number of requests that are refused due to bandwidth throttling limitations.

Objects - The number of objects being cached by IIS.

Relevant HTTP Counters (associated with the Web Service Object)

Bytes Received/Sec

Bytes Sent/Sec

Bytes Total/Sec

Current Blocked Async I/O Requests

Current Connections

Files/Sec - The speed at which files are transferred by the Web Service.

Maximum Connections - The maximum number of concurrent connections since the Web Service was started.

Not Found Errors/Sec - The errors per second that are mainly generated from HTTP 404 error codes (requested document not available).

Relevant FTP Counters (associated with the FTP Service Object)

Bytes Received/Sec

Bytes Sent/Sec

Bytes Total/Sec

Current Connections

Maximum Connections

Analyze Performance. Performance Issues include Identifying Bottlenecks, Identifying Network-Related Performance Issues, Identifying Disk-Related Performance Issues, and Identifying CPU-Related Performance Issues

This is fairly fundamental information and can be found elsewhere at http://www.dwood.com. Specifically look for the documents pertaining to Performance Monitor, NT Server 4.0, and NT Server 4.0 in the Enterprise.

Optimize Performance of IIS

Basic Recommendations include:

  1. Analyze Bandwidth Limits
  2. Analyze Connection Limits
  3. Set memory intensive ISAPI and Active Server processes to run in their own memory space.
  4. Upgrade your Internet connection to an appropriate bandwidth.
  5. Replace or convert CGI applications to ASPs or ISAPIs.
  6. Logically organize your data so that related documents are kept on the same logical disk.
  7. Optimize application code, including performance-testing code, not inserting comment information, and avoiding interspersing HTML and Script code.
  8. Avoid large numbers of graphics, or complex graphics on Web pages.
  9. Implement RAID solutions.
  10. Enable HTTP Keep-Alives to optimize bandwidth.
  11. Do not require SSL on folders that do not require high security.
  12. Use reverse lookup with DNS only when needed.
Optimize Performance of Index Server

Relevant Performance Monitor Counters

# of Documents Filtered

Files to be Filtered

Index Size

Merge Process - If a merge is occurring, progress is indicated. A reading of 100 indicates the merge is complete.

Persistent Indexes - The number of indexes stored on the hard disk. Ideally 1.

Running Queries

Total # of Documents - How many objects are currently indexed by the system.

Unique Keys - How many unique words have been identified by the index.

Wordlists - How many temporary word lists have been created. After 14-20 word lists are created they are shadow-merged into a persistent index.

Index Server can also be optimized by using a web browser and opening the Index Server Manager (HTML) Page from the NT Option Pack, Index Server, Index Server Manager Menu. Cache and Index statistics will be displayed.

Other basic Recommendations include:

  1. Move a catalog to a different hard disk than the corpus.
  2. Implement RAID.
  3. Add RAM.
  4. Create multiple catalogs if you don't need the ability to query everything at once.
  5. Narrow the scope of your queries by eliminating unnecessary virtual directories from the index.
  6. Change the time that the daily master merge occurs.
  7. Set Index Server to filter only files with known file types.
Optimize Performance of Microsoft SMTP Service

Relevant Counters for SMTP Service (associated with the SMTP Server Object)

Local Queue Length

Remote Queue Length

Inbound Connections Current

Other Basic Recommendations include:

  1. Disable logging (as a last resort).
  2. Increase the maximum number of messages per connection in the SMTP Service. You can also decrease the retry interval for local and remote mail delivery.
  3. Turn off reverse DNS lookup for incoming messages.
Optimize Performance of Microsoft NNTP Service

Relevant Counters for NNTP Service (associated with the NNTP Server Object)

Bytes Total/Sec

Current Connections

Maximum Connections

On the NNTP Server Commands Object: Logon Attempts and Failures

Other Basic Recommendations include:

  1. Limit the number of simultaneous connections.
  2. Decrease the connection timeout.
  3. Disable logging (as a last resort).
Interpret Performance Data

I assume this refers to the ability to interpret the data collected and presented through Performance Monitor, Content Analyzer, Usage Import, Report Writer, and any other utilities at your disposal. Those issues have been addressed or are self-evident.

Optimize a Web Site by Using Content Analyzer

With the exception of the ReMap Site command (on the Mapping menu), and the Compare and Update command, this has been addressed as well. Refer back to the topics pertaining to the use and configuration of Usage Import, Report Writer, and Content Analyzer.

Note: The Compare and Update command is especially useful for comparing changes to a site, and locating orphaned objects.

Resolve IIS Configuration Problems

Fairly basic stuff here folks:

  1. Does the computer work? No, really?
  2. Is NT installed correctly so that all of the components are in working order?
  3. Are you running Service Pack 3 or later?
  4. Do you have enough hard space?
  5. Do you have enough RAM?
  6. Be certain that your computer meets all of the minimum requirements to install and run IIS 4.0
Resolve Security Problems

Again, fairly basic stuff here. Along with the usual NT security issues, check the following areas:

  1. Logon Access and Authentication. Have you set the Anonymous access or authentication methods correctly?
  2. Access control. Have you set up any IP Address or Domain Name restrictions?
  3. Do you have permission conflicts that are overriding the desired effect?
  4. If the problem pertains to Scripts, ASPs, CGIs or ISAPIs, have you set the Script or Execute Permission on the folder containing the files or scripts?

 
 

Some Common Problems and Solutions

Unable to submit a certificate request to the Certificate Server - Is Certificate Server installed and running?

Can't require SSL - Do you have an installed, signed certificate? Have you set NT Challenge/Response as the authentication method (required for SSL)?

Unable to audit - Are you using NTFS? Have you enabled auditing in User Manager and set it up in NT Explorer?

Users cannot logon using Basic authentication, but are able to using NT Challenge/Response - Basic authentication must be enabled for users to log on using a specific account without using MSCHAP. In a multi-domain environment, the default domain configured for Basic authentication must be the domain from which all Basic users will be authenticated.

Users from outside your firewall are unable to access Web sites on non-standard port addresses - Your firewall must be configured to pass specific non-standard port numbers.

Users are confronted with a logon prompt even when they want to logon anonymously - Logging on without a logon prompt or MSCHAP requires that Anonymous Authentication be enabled.

Users report that they are presented a logon prompt when they attempt to access the site, but access is still denied after entering an account name and password - You must specify an account for the users if anonymous authentication is disabled.

You can't log on to the IIS Administrative Web site - You must have MSCHAP enabled to use the Administrative Web pages.

The anonymous user cannot access any files - Has the anonymous account been created and configured properly in the Web site's Authentication Properties? Does the anonymous user have the Log on Locally right? Has the anonymous account's password expired? (Ensure that it is set to never expire). Ensure that password synchronization is enabled.

Browsers other than Internet Explorer are unable to access your Web site - Inferior browsers (like Netscape) require Basic authentication to be authenticated as anything other than an anonymous user.

Users can't access Web site data stored on an UNC share - Are Share Permissions set correctly? Is an account name and password established for Web site access to the share?

Resolve Resource Access Problems

See above. Sorry, I got a little ahead of myself J

Resolve Index Server Query Problems

Queries return files that shouldn't be returned - This problem can be caused by incorrect NTFS Permissions or by filtering files of all types when filtering should be restricted to known types. Also, ensure that you have separate catalogs for each separate site.

Queries don't return files that they should - The catalog may be restricted to certain directories. NTFS permissions can also have this affect.

Queries take too long to fulfill - Forcing Master merges to occur more often may help. You may also have too many users. Create more catalogs if possible. Move data to another server. Upgrade hardware. Remove "intense" applications such as SQL or Exchange.

Queries timeout or fail to return data - If the server is overloaded, this is an indication of an approaching failure. Other causes could be network connectivity or corrupted Index Server files. Try reinstalling Index Server.

Resolve Setup Issues when Installing IIS on an NT 4.0 Server Computer

In addition to the issues already discussed check the following:

  1. Any Alpha or Beta versions of IIS 4.0 must be removed prior to installing IIS 4.0 final.
  2. The NetLogon, Server, Computer Browser and Workstation Services must be running on the computer.
  3. ODBC connection errors will occur if there are any other applications using the ODBC connector. Stop the offending applications, complete installation of IIS, and then restart the other applications.
ODBC Connection Errors

ODBC Error #1

Microsoft OLE DB Provider for ODBC Drivers error "80004005" [Microsoft] [ODBC Microsoft Access Driver] The Microsoft Jet database engine cannot open file "(unknown)". It is already opened exclusively by another user, or you need permission to view its data.

Cause - the user account (usually IUSR) does not have sufficient access rights. Check NTFS and Share Permissions.

ODBC Error #2

Microsoft OLE DB Provider for ODBC Drivers error "800004005" [Microsoft] [ODBC Driver Manager] Data source not found and no default driver specified.

Cause - GLOBAL.ASA file was not properly executed. Check that the file is in the Application Root for IIS, and that users have Execute permission for this folder.

ODBC Error #3

Microsoft OLE DB Provider for ODBC Drivers error "800004005" [Microsoft] [ODBC Microsoft SQL Driver] Logon Failed

Cause - The SQL server denied access to the account attempting to access the SQL server. Check that the SQL and NT account passwords match, and that the IIS connection to the SQL server maps the user's name properly.

ODBC Error #4

Microsoft OLE DB Provider for ODBC Drivers error "800004005" [Microsoft] [ODBC Microsoft Access 97 Driver] Couldn't use "(unknown)"; file already in use.

Cause - The database file you are attempting to access is configured for single-user use only, and the file is already open.

ODBC Error #5

Microsoft OLE DB Provider for ODBC Drivers error "800004005" [Microsoft] [ODBC Microsoft SQL Driver] [dbnmpntw] ConnectionOpen (create file)

Cause - Usually caused by incorrect permissions being applied. Very common if the path is remote and you are attempting to access it via an UNC path, particularly with the IUSR account. The IUSR account is local to the computer. One solution is to create the account on the remote computer that contains the remote database. The usernames and passwords must be identical.

Use a WebMap to Find and Repair a Broken Link

Almost too simple. Search the map visually. Use the Update and Compare command, or from the WebMap window, select Tools, Quick Search, Broken Links.

Resolve WWW Service Problems

Common Problems and Solutions

  1. You have configured the WWW Service to use a port other than port 80.
  2. You have configured the WWW Service to use SSL, and the client is not configured to use SSL, or does not have the correct digital certificate for authentication.
  3. The maximum number of connections has been exceeded.
  4. The connection timeout value has been set too low.
  5. Correct permissions have not been applied to the WWW objects that users need to access.
  6. A valid default document has not been defined.
  7. Access control has been set and the user cannot access resources. This could result from the authentication method used, SSL being enabled, or IP Address restrictions.
  8. You have used file types that do not have valid MIME mappings defined.
  9. Unable to locate your Web server - No DNS entry.
10. Can't create a virtual site - You must specify a unique port number, IP Address, or Host Header for the Web site.

11. Can't require SSL - You must have a valid certificate installed to require SSL.

12. Can't select another IP Address - You must configure multiple IPs in the Network Applet of Control Panel.

  1. Can't find server by another name - No DNS entry.
  2. Browser won't find virtual site - Browser must support Host Headers, or you must use a CGI/ISAPI workaround. If you are using a port other than port 80, the port MUST be referenced in the URL.
  3. Browsers with multimedia plug-ins or ask if you want to save the file to disk rather than displaying the data - a MIME type must be defined for the data types other than those already defined in the IIS default setup
  4. Site has moved and browsers can't find it - You can redirect browsers to the new location of a Web site using the URL option in the Home Directory tab of the Web site's Property sheet.
Resolve FTP Service Problems

Common Problems:

  1. Is the IIS installation complete, uncorrupted, and running?
  2. For directory or access related problems, are directory permissions set appropriately on both the home directory and the directory in question?
  3. Are the permissions and rights for the IUSR account (especially the right to log on locally) set correctly?
  4. After adding a virtual directory, have you stopped and started the FTP Service?
  5. For custom client connections, have you set the directory listing style to Unix?
  6. If certain clients can't attach to your FTP Site running on a non-standard port, are the clients capable of attaching to an FTP server that is not running on port 21? Are they specifying the correct port number in the URL?
  7. Has the maximum number of connections been reached?
  8. Are there any IP Address or Domain name restrictions in place?
go to the TOP