www.it-ebooks.info
Professional
IIS 7.0
Ken Schaefer, Jeff Cochran, Scott Forsyth,
Rob Baugh, Mike Everest & Dennis Glendenning
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page iii
www.it-ebooks.info
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page ii
www.it-ebooks.info
Professional
IIS 7.0
Part I: Introduction and Deployment 1
Chapter 1: Background on IIS and New Features in IIS 7.0 . . . . . . . . . . . . . . . 3
Chapter 2: IIS 7.0 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Chapter 3: Planning Your Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Chapter 4: Installing IIS 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Part II: Administration 121
Chapter 5: Administration Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123
Chapter 6: Web-Site Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Chapter 7: Web Application Administration. . . . . . . . . . . . . . . . . . . . . . . . . 195
Chapter 8: Web Application Pool Administration . . . . . . . . . . . . . . . . . . . . . 215
Chapter 9: Delegating Remote Administration . . . . . . . . . . . . . . . . . . . . . . 253
Chapter 10: Configuring Other Services . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Part III: Advanced Administration 349
Chapter 11: Core Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Chapter 12: Core Server Extensibility. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Chapter 13: Securing the Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 425
Chapter 14: Authentication and Authorization. . . . . . . . . . . . . . . . . . . . . . . 453
Chapter 15: SSL and TLS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Chapter 16: Configuring and Load-Balancing Web Farms . . . . . . . . . . . . . . . 527
Chapter 17: Programmatic Configuration and Management. . . . . . . . . . . . . 579

Part IV: Managing and Operating IIS 7.0 623
Chapter 18: IIS and Operations Management . . . . . . . . . . . . . . . . . . . . . . . 625
Chapter 19: Monitoring and Performance Tuning. . . . . . . . . . . . . . . . . . . . . 653
Chapter 20: Diagnostics and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . 697
Appendix A: Module Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 751
Appendix B: IIS Status Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
Appendix C: WCF Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771
Appendix D: Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page i
www.it-ebooks.info
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page ii
www.it-ebooks.info
Professional
IIS 7.0
Ken Schaefer, Jeff Cochran, Scott Forsyth,
Rob Baugh, Mike Everest & Dennis Glendenning
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page iii
www.it-ebooks.info
Professional IIS 7.0
Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com
Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
ISBN: 978-0-470-09782-3
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1

Library of Congress Cataloging-in-Publication Data
Professional IIS 7 / Ken Schaefer [et al.].
p. cm.
Includes index.
ISBN 978-0-470-09782-3 (paper/website)
1. Microsoft Internet information server. 2. Web servers. I. Schaefer, Ken. II. Title: Professional Internet
Information Server 7.
TK5105.875.I57P755 2008
005.7'1376 dc22
2008001369
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted
under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis-
sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright
Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to
the Publisher for permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475
Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at
/>Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-
ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all
warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be
created or extended by sales or promotional materials. The advice and strategies contained herein may not
be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in
rendering legal, accounting, or other professional services. If professional assistance is required, the services
of a competent professional person should be sought. Neither the publisher nor the author shall be liable for
damages arising herefrom. The fact that an organization or Website is referred to in this work as a citation
and/or a potential source of further information does not mean that the author or the publisher endorses the
information the organization or Website may provide or recommendations it may make. Further, readers
should be aware that Internet Websites listed in this work may have changed or disappeared between when
this work was written and when it is read.
For general information on our other products and services, please contact our Customer Care Department

within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.
Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Wrox Programmer to Programmer, and related
trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the
United States and other countries, and may not be used without written permission. All other trademarks
are the property of their respective owners. Wiley Publishing, Inc., is not associated with any product or
vendor mentioned in this book.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not
be available in electronic books.
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page iv
www.it-ebooks.info
About the Authors
Ken Schaefer is a systems engineer consultant for global systems integrator Avanade. Avanade is a joint
partnership between Microsoft and Accenture and focuses on enterprise projects across the Microsoft
product stack. Ken has worked with IIS for around 10 years and has been a Microsoft MVP for IIS since
2003. He has presented at numerous Microsoft Tech.Ed events across the United States, Australia, and
Asia; written articles for Microsoft TechNet; and spent countless hours talking about IIS at other events,
user group meetings, and road shows. He is currently an MCSE, MCDBA, MCTS, and holds a Masters in
Business and Technology from UNSW. When he isn’t thinking about IIS, Ken can usually be found tin-
kering with Active Directory, Operations Manager, SQL Server, Windows Media Center, Virtual PC…
Thank you, Julia, Sebastien, and Theo for putting up with the trials, tribulations, and late nights involved in writ-
ing a book, again. This would not have been possible without your love and support.
As the lead author, on behalf of all the authors, I’d like to thank Bob Elliot and John Sleeva and the rest of the team
from Wiley for their never-ending patience whilst we put this book together.
Jeff Cochran is a Senior Network Specialist for the City of Naples, Florida, and has been employed in
the computer networking industry for nearly two decades. Beginning with computer bulletin boards on
a Commodore 64 in the early 1980s, he has worked with nearly every method of communication via
computer since. In the early 1990s, he started the first commercial ISP in Southwest Florida, using
Windows NT 3.51 systems for mail, web, and FTP servers.
Jeff is married to Zina, a self-employed graphic designer, and spends his free time remodeling a 1950s
home in Naples. Although most of his personal hobbies revolve around computers, he enjoys

Geocaching and collecting pinball machines, and is still addicted to Age of Empires.
Writing for this book, I must thank members of the IIS team, especially Chris, Carlos, Alexis, Mai-lan, Faith,
Robert, Anil, Bilal, Eric, and Thomas. I also thank my coauthors for their suggestions and insight.
To Zina, without whom there would be no reason to write.
Scott Forsyth works for ORCS Web, Inc. as the Director of IT. ORCS Web is a Microsoft Certified Partner
offering web hosting services utilizing the IIS platform for hosting of ASP.NET, SharePoint, SQL Server,
Exchange and other technologies. He is a Microsoft MVP for ASP.NET, an ASP Insider and has multiple
MCP certifications.
Scott is married and has two kids, Joel and Alisha, who don’t work with IIS yet but do spend countless
hours on the computer. When he's not in front of a computer, Scott leads a youth group at his local
church, plays the drums and enjoys playing table tennis.
For my wife, Melissa, and my children, Joel and Alisha, who patiently support me in work and writing.
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page v
www.it-ebooks.info
Rob Baugh is the VP of IT for Anres Technologies. He has been in the IT field since 1999 and has worked
with IIS the entire time. He has multiple Microsoft Certified Professional certifications.
Rob is married to Stacy and they have one daughter, Emily. His passion (when away from computers) is
scuba diving, so he recently relocated to Merida, Mexico to be closer to the blue waters of the Caribbean.
Thanks to my ever faithful bride, Stacy, for supporting me throughout the many late nights spent writing.
Mike Everest has had an interest in computing from the time he first laid eyes on a PC at high school in
1978. He operated a series of Bulletin Board Systems throughout the 1980s while completing his under-
graduate studies and experimenting with early Internet technologies.
Mike began working with web servers in the early 1990s and established the first commercial web host-
ing platform in his regional hometown of Geelong, Australia. Since then, specializing in Internet infra-
structure, hosting services, and ISP systems, he has participated in establishing and developing no fewer
than seven technology companies, sold two, and maintains an ongoing interest in three.
Mike is delighted to have had the opportunity to contribute to this book and is more than happy to
receive comments, questions, and criticisms from readers.
Special thanks to all of the IIS 7.0 team at Microsoft, for without such an excellent product we would have nothing
to write about.

Dennis Glendenning (MA, MBA, MCSA+Msg, MCSE, PMP) is a Principal Systems Engineer with
Avanade, where he provides design and delivery leadership for large-scale technology integration proj-
ects. Dennis’s background includes graduate training, professional certifications, and a blend of technical
and project management experience that spans more than 15 years. In addition to delivering technology
architectures for Fortune 500 companies, Dennis has led several eCommerce infrastructure teams to lever-
age IIS in the public safety, insurance, and financial industries. Although he travels the United States for
work, Dennis lives in Cleveland, Ohio with his wife and two children, and he revels in hiking, history,
great speeches, and epic FPS PC games. Dennis can be reached at
I would like to thank Ken Schaefer for offering the opportunity to contribute and for coordinating many tasks
among the authors. John Sleeva has my thanks for doing a fantastic job editing, with much of the quality of my
contributions due to John’s terrific advice. Finally, Greg Molnar also has my gratitude, for giving support and
accommodations, advice, and friendship during this project.
To my lovely wife and new mother, Melissa Jean, and to our amazing children, Jessica and Nicolas: May you see,
do, and love all that life promises.
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page vi
www.it-ebooks.info
Executive Editor
Robert Elliott
Development Editor
John Sleeva
Technical Editor
Pierre Greborio
Production Editor
Daniel Scribner
Copy Editor
Catherine Caffrey
Editorial Manager
Mary Beth Wakefield
Production Manager
Tim Tate

Vice President and Executive Group Publisher
Richard Swadley
Vice President and Executive Publisher
Joseph B. Wikert
Project Coordinator, Cover
Lynsey Stanford
Proofreaders
Christopher M. Jones, Kate Reilly,
Corina Copp, Jeremy Bagai
Indexer
Robert Swanson
Compositors
Craig Thomas, Craig Woods
Happenstance Type-O-Rama
Credits
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page vii
www.it-ebooks.info
97823ffirs.qxd:WroxPro 2/4/08 9:23 AM Page viii
www.it-ebooks.info
Contents
Introduction xxiii
Part I: Introduction and Deployment 1
Chapter 1: Background on IIS and New Features in IIS 7.0 3
IIS Versions 1.0 to 4.0 4
IIS 5.0 and 5.1 4
IIS 6.0 5
Secure by Default 5
Request Processing 5
Additional Features 6
IIS 7.0 Versions 7

IIS 7.0 Features 8
Integrated Request Pipeline 9
Configurability 11
Componentization 14
Security 14
IIS Administration Tools 19
Diagnostics 23
Compatibility 23
Additional Features 25
Summary 26
Chapter 2: IIS 7.0 Architecture 27
IIS 4.0 and Previous Versions 27
Inetinfo.exe 28
ISAPI versus CGI 29
Active Server Pages 30
IIS 5.0 30
Application Protection 30
IIS 6.0 31
Http.sys 31
IIS Admin Service 32
Web Administration Service 32
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page ix
www.it-ebooks.info
x
Contents
Worker Process 33
Application Pools 33
IIS 7.0 Architecture 34
Integrated Pipeline Mode 35
Extensibility and Modularity 37

IIS Manager Extensibility 38
Metabase — Going, Going, Gone! 38
WAS and the Worker Process 41
Windows Server 2008 Architecture 41
Server Core 42
Virtualization 42
Failover Clustering 43
WCF 43
BitLocker Encryption 44
Network Access Protection 44
Summary 44
Chapter 3: Planning Your Deployment 47
Windows 2008 Server Deployment Planning 47
Windows Server 2008 Requirements 48
32 Bit or 64 Bit? 48
Which Server Edition? 49
Upgrade or New Installation? 52
Planning Your Hardware 53
Planning Your Network 54
Planning Your Security 59
Planning Backup and Recovery 64
IIS 7.0 Deployment Planning 65
IIS 7.0 Requirements 66
Installation Decisions 66
Planning for IIS-Specific Security 66
Planning Development Environments 68
Planning Production Environments 69
Shared Configuration 69
Content Replication 70
Application Deployment Planning 70

Automation and Deployment Tools 71
Windows Deployment Services 71
Volume Activation 72
Capacity Planning 72
Traffic 72
WCAT 73
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page x
www.it-ebooks.info
xi
Contents
IIS 7.0 Request Tracing 73
Scalability 74
Application Capacity Planning 74
Summary 75
Chapter 4: Installing IIS 7.0 77
Clean Installation 78
With Windows Server 2008 Installation 78
From DVD to an Existing Server 85
Upgrade Installation 90
In-Place Upgrade 90
Migration Upgrade 94
Adding Features to an Existing Installation 95
Installing New Features 96
Configuring and Testing New Features 96
Automated Installation and Configuration 102
Server Core Command-Line Installation 102
Pkgmgr.exe 103
Unattended Installations Using Pkgmgr.exe 104
Installation Using Windows Deployment Services 107
Hosting Service Recommendations 107

Directory Structure 108
Web Server Accounts and Application Pools 110
Configuring Shared Hosting with Managed Code 110
Shared Configuration 117
Installing IIS 7.0 on Windows Vista 119
IIS 7.0 Support 119
IIS 7.0 Installation 119
Summary 120
Part II: Administration 121
Chapter 5: Administration Tools 123
Key Characteristics 123
IIS Manager 124
Appearance 124
Feature Scopes 125
Features View 126
Content View 129
Feature Delegation 129
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xi
www.it-ebooks.info
xii
Contents
IIS Manager Extensibility 130
Configuration Settings 130
Configuration File Hierarchy 130
Configuration Levels 131
Location Tags 131
Configuration File Structure 132
Configuration Schema 133
Locking and Unlocking Sections 136
Command-Line Management 137

Using AppCmd.exe 138
Getting Help 138
Using the list Command 141
AppCmd.exe Attributes and Values 144
Managing Objects with add, delete, and set 144
Determining Which Attributes Are Associated with an Object 145
Controlling Object State 146
Backing Up and Restoring 148
Setting the Configuration 149
Locking and Unlocking the Configuration 155
Piping with XML 155
Web Management Service and Remote Administration 156
Summary 156
Chapter 6: Web-Site Administration 157
Web Sites, Applications, and Virtual Directories 158
Web Sites 158
Applications 159
Virtual Directories 159
Creating a New Web Site 159
Creating a Web Site Using IIS Manager 159
Creating a New Application Pool for Your Site 161
Creating a Web Site Using AppCmd 162
Creating a Web Site Using Microsoft.Web.Administration 165
Changes to the applicationHost.config File 166
Configuring Logging 167
Enabling Logging 167
Configuring Host Headers 174
Administering Applications 178
Adding Applications Using IIS Manager 178
Adding Applications Using AppCmd 179

Adding Applications Using Microsoft.Web.Administration 180
Deleting Applications Using IIS Manager 180
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xii
www.it-ebooks.info
xiii
Contents
Deleting Applications Using AppCmd 180
Deleting Applications Using Microsoft.Web.Administration 181
Administering Virtual Directories 181
Creating Virtual Directories Using IIS Manager 181
Creating Virtual Directories Using AppCmd 183
Adding Virtual Directories Using Microsoft.Web.Administration 183
Removing Virtual Directories 184
Authentication 184
Configuring Compression 185
Configuring Default Document Settings 187
Configuring MIME Settings 188
Adding MIME Types 188
Editing MIME Types 189
Removing MIME Types 189
Basic Administration Tasks 190
Configuring Default Options for IIS 190
Starting and Stopping Services and Web Sites 190
Enabling Dynamic Content — ASP.NET and Classic ASP 192
Isolating Applications 192
Summary 193
Chapter 7: Web Application Administration 195
Application Administration 195
ASP 196
ASP.NET 196

IIS 6.0 and Previous Architecture 197
IIS 7.0 Architecture 197
IIS 7.0 and ASP.NET Modules 198
ISAPI 208
CGI 210
FastCGI 210
Installing PHP 211
Installing QDig 211
Installing FastCGI Module 211
Enabling FastCGI for Use with PHP 211
Windows Process Activation Service 212
Summary 213
Chapter 8: Web Application Pool Administration 215
A Background of Web-Site Separation 215
Defining Applications 216
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xiii
www.it-ebooks.info
xiv
Contents
Comparing Virtual Directories to Applications 218
Understanding the w3wp.exe Process 220
Recycling Application Pools 221
Web Gardens 222
Working with Application Pools 224
Creating Application Pools 225
Managing Settings 226
Assigning Applications and Sites to Application Pools 230
Specifying the .NET Framework Version 234
Specifying the Managed Pipeline Mode 236
Managing Active Application Pools 240

Application Pool Security 245
Application Pool Configuration Isolation 246
Application Pool SID Injection 246
Site Anonymous User 247
Noteworthy Advanced Settings 248
Bitness 248
CPU Limits 248
Processor Affinity 249
Application Pool Users 249
Network Service Account 250
Local Service Account 251
Local System Account 251
Custom User Account 251
Summary 252
Chapter 9: Delegating Remote Administration 253
Introducing the Main Characters 253
Server Administrator 254
Site Administrator 254
The Two Shall Work as One 255
IIS Manager Remote Access 255
Installing the IIS 7.0 Management Service 255
Enabling Remote Connections 256
Authentication Types 260
Authorization at Three Levels 263
Remote Installation and Usage 265
Extending IIS Manager 266
Delegation Settings 267
Delegation of Sections 267
Delegating the Small Details 285
Summary 289

97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xiv
www.it-ebooks.info
xv
Contents
Chapter 10: Configuring Other Services 291
FTP — Shipping Version 292
FTP Basics 292
Installing the FTP Service 295
Creating an FTP Site 295
Automating FTP Site Creation and Management 301
The FTP Command-Line Client 302
FTP 7 304
Installing FTP 7 304
Creating a New FTP 7 Site 305
Adding an FTP 7 Site to an Existing Web Site 306
Configuring FTP 7 Security 308
Configuring FTP 7 over SSL 311
Configuring FTP 7 User Isolation 312
Configuring FTP 7 Host Name Support 314
Administering FTP 7 with Configuration Files 315
FrontPage Server Extensions 320
Installing FPSE 321
Adding FPSE to a Web Site 322
Configuring FPSE 324
Securing an FPSE-Extended Web Site 326
Connecting Using a Client 328
Uninstalling FPSE 328
SMTP 329
How SMTP Works 330
Installing SMTP 330

Configuring the Default SMTP Server 331
SMTP Security and Authentication 335
Configuring Additional Domains 338
SMTP Folders 339
Testing and Troubleshooting SMTP 340
LogParser 343
Summary 347
Part III: Advanced Administration 349
Chapter 11: Core Server 351
Background 351
Core Server and Modules 353
HTTP Modules 354
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xv
www.it-ebooks.info
xvi
Contents
Server Workload Customization 360
Eliminating Overheads 361
A Basic Real-World Example 362
A More Complex Real-World Example 363
Customizing Individual Web Sites 364
Customization Using IIS Manager 368
ASP.NET and the IIS Pipeline 370
Configuring ASP.NET Execution Mode 370
Migrating Legacy ASP.NET Applications to IIS 7.0 373
Selecting the ASP.NET Version 374
Legacy ISAPI Support 374
Summary 375
Chapter 12: Core Server Extensibility 377
Extensibility Overview 377

IIS Module Concepts 378
Events 379
Notifications 381
Return Codes 382
Notification Priority 382
An Example Native Module 384
Native Module Design 385
Native Module Creation 385
Native Module Wrap-Up 395
Managed Code Modules 395
Managed Event Notifications 397
Further Reading 398
An Example Managed Module 398
Managed Module Design 398
Managed Module Creation 398
Managed Module Wrap-Up 403
Event Tracing from Modules 403
Adding Tracing Support to a Managed Code Module 404
Extending IIS Configuration 409
Adding Configuration Support to Custom Modules 409
Extending the IIS Administration Tool 414
Creating an IIS Administration Tool Extension 414
Summary 424
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xvi
www.it-ebooks.info
xvii
Contents
Chapter 13: Securing the Server 425
What Is Security? 425
Managing Risk 426

Security Components 427
Types of Attacks 427
Denial-of-Service Attacks 427
Privilege Escalation Attacks 428
Passive Attacks 429
Securing the Server 429
Securing the Environment 429
IPsec (IP Security) 430
Network Access Protection 431
Active Directory Federation Services 432
Securing IIS 7.0 434
IP and Domain Restrictions 434
Configuring MIME-Type Extensions 438
Configuring ISAPI Extensions and CGI Restrictions 440
Configuring Request Filtering 445
Application Layer Security 449
Configuring Logging 450
Summary 451
Chapter 14: Authentication and Authorization 453
Authentication in IIS 7.0 454
How IIS 7.0 Authenticates a Client 455
Configuring Anonymous Authentication 457
Configuring Basic Authentication 459
Configuring Digest Authentication 461
Configuring NTLM Authentication 465
Configuring Kerberos Authentication 472
Configuring UNC Authentication 477
Configuring Client Certificate Authentication 479
Configuring Forms-Based Authentication 481
Forms-Based Authentication 483

Configuring Delegation 484
Configuring Protocol Transition 489
Configuring Authorization 490
URL Authorization 492
Configuring Application Pool Sandboxing 494
Understanding IIS 7.0 User Accounts 495
Summary 497
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xvii
www.it-ebooks.info
xviii
Contents
Chapter 15: SSL and TLS 499
Securing a Web Site with TLS 500
The SSL/TLS Handshake 500
Generating a Certificate Request 503
Submitting the Certificate Request 508
Importing the Certificate into IIS 7.0 510
Configuring Web-Site Bindings 511
Generating a Certificate Using Domain Certificate Request 512
Generating a Self-Signed Certificate 513
Managing an SSL/TLS-Secured Web Site 514
Managing a PKI 517
Securing an SMTP Virtual Server with TLS 520
Securing an FTP Site with TLS 522
Summary 525
Chapter 16: Configuring and Load-Balancing Web Farms 527
IIS 7.0 and Web Farms 527
Shared Configuration 528
Content Configuration 543
Local Content 544

Shared Network Content 545
Shared SAN Content 547
Content Replication 548
Distributed File System 549
Robocopy 551
Offline Folders 552
Additional Tools 554
Microsoft Web Deployment Tool 554
Complete Redundancy 555
Load Balancing 555
Network Load Balancer (NLB) 556
Round-Robin DNS Load Balancing 562
Third-Party Load Balancing 563
Other Considerations 564
Replication 564
.NET Configuration Files and machineKey 569
Session State 571
Security 575
Summary 577
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xviii
www.it-ebooks.info
xix
Contents
Chapter 17: Programmatic Configuration and Management 579
Direct Configuration 580
Configuration File Hierarchy 580
Order of Operation 582
Collection Items 583
Section Structure 586
location Tag 587

Inheritance 590
Locking 591
childConfig/sourceConfig 592
Configuration Path 592
Schema Extensibility 593
Programmatic Configuration 597
My First IIS 7.0 Programming Walkthrough 598
Microsoft.Web.Administration (MWA) 604
Microsoft.Web.Management (MWM) 611
ABO, ADSI, and Legacy API Support 612
IIS 7.0 WMI Provider 613
AHAdmin 619
Summary 621
Part IV: Managing and Operating IIS 7.0 623
Chapter 18: IIS and Operations Management 625
Management Approaches and Principles 625
ITIL Standards 626
MOF: Microsoft’s ITIL Superset 627
Applying MOF to IIS Operations Management 631
Operational Tasks 643
Backup and Restore Program 643
Summary 650
Chapter 19: Monitoring and Performance Tuning 653
Monitoring Web Sites 653
How to Monitor IIS 7.0 654
What to Monitor 669
Performance Tuning 677
Operating System Optimizations 677
IIS Service Optimizations 682
Web-Site Optimizations 688

Summary 696
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xix
www.it-ebooks.info
xx
Contents
Chapter 20: Diagnostics and Troubleshooting 697
Types of Issues 697
Specific Errors 698
Hang/Time-out Issues 698
Resource-Intensive and Slowness Issues 699
Runtime Status and Control API (RSCA) 700
Viewing Worker Processes 700
Viewing Page Requests 703
Viewing Application Domains 704
IIS 7.0 Error Pages 705
Customizing Custom Error Pages 706
Multiple Language Support 709
HTTP Status Codes 709
FTP Status Codes 709
Failed Request Tracing 710
Failed Request Tracing Rule Setup 711
Select Trace Providers 713
Reading the XML Trace Logs 714
Logging 715
ASP.NET Tracing 716
Enabling ASP.NET Tracing 716
The ASP.NET Trace Viewer 718
Troubleshooting Tips 721
Reproduce 721
Isolate 722

Fix 725
Test 725
Additional Built-in Tools 725
Task Manager 725
Event Viewer 726
Reliability and Performance Monitor 728
Logging NTFS Failures to Disk 736
Ping/Tracert/Pingpath 737
Telnet 739
Installable Tools 739
IIS 6.0 Resource Kit Tools 739
DelegConfig 745
Process Explorer 745
IIS Diagnostics Toolkit 747
ELMAH 748
Where to Go Next 749
Summary 749
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xx
www.it-ebooks.info
xxi
Contents
Appendix A: Module Reference 751
Utility Modules 751
Managed Engine: ASP.NET Integration 752
IIS 7.0 Native Modules 753
Managed Modules 761
Appendix B: IIS Status Codes 765
HTTP 765
1xx — Informational 765
2xx — Success 765

3xx — Redirection 766
4xx — Client Error 766
5xx — Server Error 767
FTP 768
1xx — Positive Preliminary Reply 768
2xx — Positive Completion Reply 768
3xx — Positive Intermediate Reply 769
4xx — Transient Negative Completion Reply 769
5xx — Permanent Negative Completion Reply 769
Appendix C: WCF Primer 771
Service-Oriented Applications 771
WCF and ASP.NET Web Services 772
WAS and WCF 773
Configuring a WCF Application 774
Appendix D: Resources 777
IIS Product Group Resources 777
IIS Public Newsgroups 777
Standards Documents 778
Blogs 778
Microsoft Documentation 779
Third-Party Products and Tools 779
Security Documentation 779
Index 781
97823ftoc.qxd:WroxPro 2/4/08 6:32 PM Page xxi
www.it-ebooks.info
97823flast.qxd:WroxPro 2/4/08 6:31 PM Page xxii
www.it-ebooks.info