Вы находитесь на странице: 1из 27

<IIS Questions>

What is IIS Web Gardens?


When two or more worker processes are configured as part of an application pool they form what is referred to as a Web
garden. A Web garden allows an application to achieve higher scalability.

In which process does IIS runs ?


IIS runs in 2 modes (application isolation modes): 1. Worker process isolation mode is a new feature of IIS6.0. 2. IIS5.0
isolation mode - for compatibility with apps depending on IIS5.0

How many users supported by IIS at a Time


By default IIS have 25 threads. So one server can be access by 25 people. If you have more than server then number of
people will be increased.

What is the Default location of IIS Logs? And how to change the folder path?
The default location for IIS is C:\windows\System32\Log files with W3SVC\exyymmdd.log format. For customized this path,
Go to website properties-> Enable logging->properties

What is bandwidth throttling? How to enable it?


The maximum number of kilobytes per second that you want each site contained in the directory to use.
This value must be at least 1024 Kbps. For enable or disabling, open IIS manager-> website properties->performance in that check or
uncheck Bandwidth throttling. By default value for this is 1024kbs.

How many web.config files are there in 1 project we can overwrite the web.config files?
Multiple

Different Monitoring tools in IIS

Performance Monitor Configure counters to watch resource usage over time. Use the usage information to gauge
the performance of IIS and determine areas that can be optimized.

Access logs Use information in the access logs to find problems with pages, applications, and IIS. Entries logged
with a status code beginning with a 4 or 5 indicate a potential problem.

Event logs Use information in the event logs to troubleshoot system-wide problems, including IIS and Indexing
Service problems.

Many other monitoring tools are available in the Microsoft Windows 2000 Resource Kit. The resource kit tools you'll want to use include

HTTP Monitoring Tool Monitors Hypertext Transfer Protocol (HTTP) activity on the server and records the tracking information to a
file or to the Windows Event logs. The information tracked can alert you to changes in HTTP activity. You can import the output file
generated by the tool directly into Microsoft SQL Server as well.
Playback is a tool suite that includes two components: PLAYBACK.EXE and RECORDER.DLL. RECORDER.DLL records
ongoing activity at a Web site so that it can be played back. PLAYBACK.EXE plays back the recorded activity on a Web site so that you
can simulate real-world traffic on development or testing servers.
Web Application Stress Tool Simulates Web activity so that you can evaluate server performance. Parameters you can set
include the number of users, the frequency of requests, and the type of request. The tool produces a detailed report that tells you the
number of requests, number of errors, elapsed time for processing requests, and more.
Web Capacity Analysis Tool (WCAT) Tests different server and network configurations using workload simulations and
content developed specifically for WCAT. When you change your hardware and software configuration and repeat the testing, you can
identify how the new configuration affects server response.
http://technet.microsoft.com/en-us/library/bb727100(TechNet.10).aspx

[Type here]

What is the default value for HTTP Keep alive? And where you find this option?
The default value for Enable HTTP keep alives value is 120. It is available in Website properties->connections tab.

How to take backup/restore metadata backup?


IIS configuration was stored in metadata format and it will store in %SystemRoot%\system32\inetsrv\MetaBack folder. If you
want to save your backup file to another location, you can copy the file from this default location to another location. For
backup/restoration, open IIS manager, right click on server and select backup/restore. For windows 2k server it will generate single file
where as for windows 2k3 pcs backup is in 2 files.

Debugging tools for IIS in windows server 2003


Ans: The IIS Diagnostics Toolkit puts the most useful and current tools that IIS administrators and developers desire. The toolkit
includes the following tools in one consolidated, easy to deploy download:
SSL Diagnostics 1.0: Diagnoses problems related to Secure Sockets Layer (SSL) issues such as missing certificate private keys,
incorrect IIS metabase bindings, or other common problems related to SSL failures.
Authentication and Access Control Diagnostics (AuthDiag) 1.0: Diagnose, check, and monitor permission or security problems
for Web and FTP requests.
Exchange Server SMTP Diagnostics 1.0: Gathers data for your SMTP server that helps diagnose problems with DNS or other
possible important SMTP failures.
Log Parser 2.2: Sifts through thousands of event viewers, IIS log files, Netmon capture, and various other log types.
WFetch 1.4: If you are concerned that the problem resides in your browser, then this is the tool for you. A graphical user-interface
allows you to make a request to local or remote websites and see the raw HTTP request and response to diagnose problems.
Trace Diagnostics: Service Pack 1 for Windows Server 2003 has very detailed diagnostics information built in. With Trace
Diagnostics, you can effectively use these diagnostics built-in by monitoring the requests to an IIS web server in real-time, or, follow a
request throughout the IIS processing pipeline to find failures.
Important: Trace Diagnostics includes IIS Request Monitor, Request Viewer, and IIS Trace which requires Windows Server 2003
Service Pack 1 or later (includes Windows Server 2003 R2.)
And very important tolls is

Debug Diagnostic Tool


The Debug Diagnostic Tool (DebugDiag) is designed to assist in troubleshooting issues such as hangs,
slow performance, memory leaks or fragmentation, and crashes in any Win32 user-mode process. The tool
includes additional debugging scripts focused on Internet Information Services (IIS) applications; web data
access components, COM+ and related Microsoft technologies.

Generating Memory Dump

Process Crashes
Process Hangs or Slow Performance
Memory or Handle Usage
Analyzing Memory Dumps
Crash/Hang Analyzers
Memory Pressure Analyzers

http://www.microsoft.com/downloads/details.aspx?FamilyID=28bd5941-c458-46f1-b24d-f60151d875a3&displaylang=en
UrlScan Security Tool-This tool helps prevent potentially harmful HTTP requests from reaching IIS Web servers.

IIS Lockdown Tool-This tool reduces the attack surface of earlier versions of Internet Information Services
(IIS) and includes URLScan to provide multiple layers of protection against attackers.
What is Virtual directory? How to create it? And what are the advantages this?
A virtual directory is a directory that is not contained in the home directory but appears to client browsers as though it were.
An IIS Virtual Directory is essentially an alias to the physical directory. The IIS Virtual Directory is a directory name, which may be
accessed from the Internet to access the physical directory on the server. For creating Virtual Directories open IIS, expand the Web
Sites or FTP Sites folder, right-click the site or folder within which you want to create the virtual directory, point to New, and then click
Virtual Directory. The Virtual Directory Creation Wizard appears.

[Type here]

There are several ways you can open the Internet Information Services tool.
Method 1: Open the 'Control Panel', select 'Administrative Tools' and then double click the shortcut 'Internet Information Services'
Method 2: Go to the "start" menu, select "Run" and then type "inetmgr". Press "OK" to open the IIS tool.
The IIS admin tool look like this:

In the above image, the name "MANJU" represents the computer name. Under the node "Web Sites", it displays all the web sites. When
you install IIS, it creates a default web site for you. Under the "Default Web Site" node, you can see all virtual directories listed.
Only on server operating systems like 'Windows 2000 Server' or 'Windows 2003 Server', you can create multiple Web Sites. In other
systems like Windows XP, Windows 2000 Professional etc, you can have only 1 web site (which is the 'Default Web Site' created by the
system). But you can have any number of web applications under this default web site. Each web application will need to be created as
a 'virtual directory' under any one of the 'web sites'. If you do not have a server operating system, you have to always create your web
applications under the 'Default Web Site'.

Each web application you create in your machine needs a virtual directory. In the above image, we have two web applications (named
'WebApplication1' and 'WebApplication2')
When you create a new ASP.NET project using Visual Studio .NET, it will automatically create a virtual directory for you.
For example, if you create a new ASP.NET project using Visual Studio .NET called "ShoppingCart", it will create a new virtual directory

[Type here]

with the name "ShoppingCart". After you create the ASP.NET project, you can see the virtual directory listed in the IIS.
You can right click on the virtual directory name in IIS and select 'Properties' to view various properties of the virtual directory. One
important property is "Local Path". The "Local Path" property represents the actual location of the web application.

By default, when you create a new ASP.NET project, visual studio creates the project under the folder "C:\Inetpub\WWWRoot". For
example, if you create a new ASP.NET project called "ShopCart", VS.NET creates a folder called "C:\Inetpub\WWWRoot\ShopCart" and
all files related to the proejct will be placed inside this folder. This folder will be set as a "Virtual Folder" so that you can access the web
site using the URL "http://localhost/ShopCart".
If you are working on several projects, you may want to organize your projects in some specific folder instead of
"C:\Inetpub\WWWRoot". What you need to do is, create a virtual folder manually before you create the project.
For example, if you need to create an ASP.NET applciation called "Shopcart" under the folder "C:\MyProjects", first create the folder
"C:\MyProjects\Shopcart". Now convert this folder as a virtual folder. Now you are ready to create the project using VS.NET. If the virtual
folder already exists, VS.NET will NOT create a new virtual folder under the WWWRoot folder. It will use the existing virtual folder.
Virtual directories provide several options:

Provide a simple URL to the end user

There is a level of security providing access to the physical directory

Store content in different locations

Easier to change location of and manage the served content

[Type here]

Different Versions of IIS


IIS 4.0

IIS 5.0

IIS 5.1

IIS 6.0

Platform

NT4

Windows 2000

Windows XP Professional

Windows Server 2003 family

Architecture

32-bit

32-bit

32-bit and 64-bit

32-bit and 64-bit


HTTP.sys kernel
When IIS is running in IIS 5.0 isolation
mode: Inetinfo.exe (in-proc processes) or

TCP/IP kernel

TCP/IP kernel

Application

TCP/IP kernel

DLLhost.exe (multiple DLL

DLLhost.exe (multiple DLL

process model

MTX.exe

hosts in medium or high

hosts in medium or high

application isolation)

application isolation)

DLLhost.exe (out-of-proc processes)


When IIS is running in worker process
isolation mode: W3Wp.exe (multiple
worker processes)
For more information on IIS isolation
modes, see "Configuring Isolation Modes"
in IIS Help, which is accessible from IIS
Manager.

Metabase
configuration

Security

Remote
administration
Cluster support

Binary

Binary

Windows

Windows authentication

authentication

SSL

SSL

Kerberos

HTMLA
In
Windows NT 4.0

HTMLA

IIS clustering
Personal Web Manager on

WWW services IIS on NT 4.0

Windows 9x
IIS on Windows 2000

Binary
Windows authentication
SSL
Kerberos
Security wizard
No HTMLA
Terminal Services

XML
Windows authentication
SSL
Kerberos
Security wizard
Passport support
Remote Administration Tool (HTML)
Web Server Appliance Kit (SAK).
Terminal Services

Windows support

Windows support

IIS optionally on

IIS on a member of the Windows

Windows XP Professional

Server 2003 family

What are the types of authentication available in IIS 6.0?


The authentication methods that are set by default are Anonymous access and Integrated Windows authentication:
Anonymous access: When anonymous access is turned on, no authenticated user credentials are required to access the site. This
option is best used when you want to grant public access to information that requires no security. When a user tries to connect to your
Web site, IIS assigns the connection to the IUSER_ComputerName account, where ComputerName is the name of the server on which
IIS is running. By default, the IUSER_ComputerName account is a member of the Guests group. This group has security restrictions,

[Type here]

imposed by NTFS file system permissions, that designate the level of access and the type of content that is available to public users.
To edit the Windows account used for anonymous access, click Browse in the Anonymous access box.
Important If you turn on anonymous access, IIS always tries to authenticate users by using anonymous authentication first, even if you
turn on additional authentication methods.
Integrated Windows authentication: Formerly named NTLM or Windows NT Challenge/Response authentication, this method sends
user authentication information over the network as a Kerberos ticket, and provides a high level of security. Windows Integrated
authentication uses Kerberos version 5 and NTLM authentication. To use this method, clients must use Microsoft Internet Explorer 2.0
or later. Additionally, Windows Integrated authentication is not supported over HTTP proxy connections. This option is best used for an
intranet, where both the user and Web server computers are in the same domain, and administrators can make sure that every user is
using Internet Explorer 2.0 or later.
Note If multiple authentication options are selected, IIS tries to negotiate the most secure method first, and then it works down the list
of available authentication protocols until both client and server support a mutual authentication protocol.
Digest authentication for Windows domain servers: Digest authentication requires a user ID and password, provides a medium
level of security, and may be used when you want to grant access to secure information from public networks. This method offers the

same functionality as basic authentication. However, this method transmits user credentials across the network as an MD5 hash, or
message digest, in which the original user name and password cannot be deciphered from the hash. To use this method, clients must
use Microsoft Internet Explorer 5.0 or later.
If you turn on digest authentication, type the realm name in the Realm box.
Basic authentication (password is sent in clear text): Basic authentication requires a user ID and password, and provides a low
level of security. User credentials are sent in clear text across the network. This format provides a low level of security because almost

all protocol analyzers can read the password. However, it is compatible with the widest number of Web clients. This option is best used
when you want to grant access to information with little or no need for privacy.
If you turn on basic authentication, type the domain name that you want to use in the Default domain box. You can also optionally
enter a value in the Realm box.
Microsoft .NET Passport authentication: .NET Passport authentication provides single sign-in security, which provides users with

access to diverse services on the Internet. When you select this option, requests to IIS must contain valid .NET Passport credentials on
either the query string or in the cookie. If IIS does not detect .NET Passport credentials, requests are redirected to the .NET Passport
logon page.

What is HTTP-Analyzer?
It allows you to capture HTTP/HTTPS traffic in real-time. It displays a wide range of information, including Header,
Content, Cookies, Query Strings, Post data, redirection URLs and more. It also provides cache information and session clearing, as well
as HTTP status code information and several filtering options. A useful developer tool for performance analysis, debugging and
diagnostics

What is TCP Dump?


Tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and
display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Tcpdump is
frequently used to debug applications that generate or receive network traffic. It can also be used for debugging the network setup itself,
by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.

How HTTP.sys driver functioning?


HTTP.sys functions like a forwarder, sending the Web requests it receives to the request queue for the user-mode
Process that runs the Web site or Web application. HTTP.sys also sends responses back to the client.

How HTTP.sys Handles Kernel-Mode Queuing


When IIS 6.0 runs in worker process isolation mode, HTTP.sys listens for requests and queues those requests in the
appropriate queue. Each request queue corresponds to one application pool. An application pool corresponds to one request queue
within HTTP.sys and one or more worker processes.

[Type here]

When IIS 6.0 runs in IIS 5.0 isolation mode, HTTP.sys runs like it runs in worker process isolation mode, except that it routes
requests to a single request queue.
If a defective application causes the user-mode worker process to terminate unexpectedly, HTTP.sys continues to accept and
queue requests, provided that the WWW service is still running, queues are still available, and space remains in the queues.

When the WWW service identifies an unhealthy worker process, it starts a new worker process if outstanding
requests are waiting to be serviced. Thus, although a temporary disruption occurs in user-mode request
processing, an end user does not experience the failure because TCP/IP connections are maintained, and
requests continue to be queued and processed.
How Application Pools Work (IIS 6.0)
When you run IIS 6.0 in worker process isolation mode, you can separate different Web applications and Web sites into groups
known as application pools. An application pool is a group of one or more URLs that are served by a worker process or set of
worker processes. Any Web directory or virtual directory can be assigned to an application pool.

Every application within an application pool shares the same worker process. Because each
worker process operates as a separate instance of the worker process executable, W3wp.exe,
the worker process that services one application pool is separated from the worker process that
services another. Each separate worker process provides a process boundary so that when an
application is assigned to one application pool, problems in other application pools do not
affect the application. This ensures that if a worker process fails, it does not affect the
applications running in other application pools.
Use multiple application pools when you want to help ensure that applications and Web sites are confidential and secure. For
example, an enterprise organization might place its human resources Web site and its finance Web site on the same server, but in
different application pools. Likewise, an ISP that hosts Web sites and applications for competing companies might run each companies
Web services on the same server, but in different application pools. Using different application pools to isolate applications helps
prevent one customer from accessing, changing, or using confidential information from another customers site.
In HTTP.sys, an application pool is represented by a request queue, from which the user-mode worker processes that service an
application pool collect the requests. Each pool can manage requests for one or more unique Web applications, which you assign to the
application pool based on their URLs. Application pools, then, are essentially worker process configurations that service groups of
namespaces.
Multiple application pools can operate at the same time. An application, as defined by its URL, can only be served by one
application pool at any time. While one application pool is servicing a request, you cannot route the request to another application pool.
However, you can assign applications to another application pool while the server is running.
Worker Processes (IIS 6.0)
A worker process is user-mode code whose role is to process requests, such as processing requests to return a static page,
invoking an ISAPI extension or filter, or running a Common Gateway Interface (CGI) handler. We can configure IIS to run multiple
worker processes that serve different application pools concurrently. This design separates applications by process boundaries and
Helps achieve maximum Web server reliability.
What are different errors in IIS like 500, 200, 404, 300, 400etc

Error or

Description

Status
Code
100 Series Informational - These status codes indicate a provisional response. The client should be prepared to receive one
or more 1xx responses before receiving a regular response.
100

Continue.

101

Switching protocols.

[Type here]

Description
200 Series Success - This class of status codes indicates that the server successfully accepted the client request.
200

Okay - The client request has succeeded This status code indicates that the Web server has successfully processed the
request

201

Created.

202

Accepted.

203

Non-authoritative information.

204

No content.

205

Reset content.

206

Partial content.

300 Series Redirection - The client browser must take more action to fulfill the request. For example, the browser may have to
request a different page on the server or repeat the request by using a proxy server.
302

Object moved.

304

Not modified. The client requests a document that is already in its cache and the document has not been modified since it
was cached. The client uses the cached copy of the document, instead of downloading it from the server

307

Temporary redirect.

400 Series Client Error - An error occurs, and the client appears to be at fault. For example, the client may request a page that
does not exist, or the client may not provide valid authentication information.
400

Bad request.

401

Access denied.

401.1

Logon failed. The logon attempt is unsuccessful, probably because of a user name or password that is not valid.

401.2

Logon failed due to server configuration.

401.3

Unauthorized due to ACL on resource. This indicates a problem with NTFS permissions. This error may occur even if the
permissions are correct for the file that you are trying to access. For example, you see this error if the IUSR account does
not have access to the C:\Winnt\System32\Inetsrv directory.

401.4

Authorization failed by filter.

401.5

Authorization failed by ISAPI/CGI application.

401.7

Access denied by URL authorization policy on the Web server. This error code is specific to IIS 6.0.

403

Forbidden.
Execute access forbidden. The following are two common causes of this error message:
You do not have enough Execute permissions. For example, you may receive this error message if you try to access an

403.1

ASP page in a directory where permissions are set to None, or you try to execute a CGI script in a directory with Scripts
Only permissions.
The script mapping for the file type that you are trying to execute is not set up to recognize the verb that you are using (for
example, GET or POST).

[Type here]

403.2

Read access forbidden. Verify that you have Read access to the directory. Also, if you are using a default document, verify
that the document exists.

403.3

Write access forbidden. Verify that you have Write access to the directory

403.4

SSL required. Use HTTPS instead of HTTP to access the page.

403.5

SSL 128 required.

403.6

IP address rejected.

403.7

Client certificate required. You do not have a valid client certificate installed

403.8

Site access denied.

403.9

Too many users. The number of users who are connected to the server exceeds the connection limit.

403.10

Invalid configuration.

403.11

Password change.

403.12

Mapper denied access. The page that you want to access requires a client certificate, but the user ID that is mapped to
your client certificate has been denied access to the file.

403.13

Client certificate revoked.

403.14

Directory listing denied.

403.15

Client Access Licenses exceeded.

403.16

Client certificate is untrusted or invalid.

403.17

Client certificate has expired or is not yet valid.

403.18

Cannot execute requested URL in the current application pool. This error code is specific to IIS 6.0.

403.19

Cannot execute CGIs for the client in this application pool. This error code is specific to IIS 6.0.

403.20

Passport logon failed. This error code is specific to IIS 6.0.

404

Not found. This error may occur if the file that you are trying to access has been moved or deleted.

404.0

File or directory not found.

404.1

Web site not accessible on the requested port.

404.2

Web service extension lockdown policy prevents this request.

404.3

MIME map policy prevents this request.

405

HTTP verb used to access this page is not allowed (method not allowed).

406

Client browser does not accept the MIME type of the requested page.

407

Proxy authentication required.

412

Precondition failed.

413

Request entity too large.

414

Request-URL too long.

415

Unsupported media type.

416

Requested range not satisfiable.

417

Execution failed.

[Type here]

423

Locked error.

500 Series Server Error - The server cannot complete the request because it encounters an error.
500

Internal server error. You see this error message for a wide variety of server-side errors.

500.12

Application is busy restarting on the Web server. Indicates that you tried to load an ASP page while IIS was in the process
of restarting the application. This message should disappear when you refresh the page. If you refresh the page and the
message appears again, it may be caused by antivirus software that is scanning your Global.asa file.

500.13

Web server is too busy.

500.15

Direct requests for Global.asa are not allowed.

500.16

UNC authorization credentials incorrect. This error code is specific to IIS 6.0.

500.18

URL authorization store cannot be opened. This error code is specific to IIS 6.0.

500.100

Internal ASP error. You receive this error message when you try to load an ASP page that has errors in the code.

501

Header values specify a configuration that is not implemented.

502

Bad Gateway. Web server received an invalid response while acting as a gateway or proxy. You receive this error
message when you try to run a CGI script that does not return a valid set of HTTP headers.

502.1

CGI application timeout.

502.2

Error in CGI application.

503

Service unavailable. This error code is specific to IIS 6.0.

504

Gateway timeout.

505

HTTP version not supported.

What .Net versions do you know?


. Net 1.1, 1.2 and 2

How to do IIS backup?


Back Up the IIS Configuration
To back up your IIS configuration, follow these steps:
1. In the IIS snap-in on the local computer, click the Computer icon under Internet Information Services.
2. Click Action and select Backup/Restore Configuration.
Click Create backup, choose a name for your backup file, and then click OK.NOTE: The default location of the backup is the
3.

%SystemRoot%\system32\inetsrv\MetaBack folder. If you want to save your backup file to another location, you can copy the file
from this default location to another location. Keep a copy in the default location to allow for an easy restoration. Note that by
default, C:\Winnt is the %SystemRoot% folder in Microsoft Windows 2000.
Click Close.NOTE: This backup method provides a way to restore only your IIS settings, not your content files. This backup

4. method does not work if you reinstall your operating system. Backup files cannot be used to restore an IIS configuration on other
computers that are running Windows 2000.

How to setup a website and how to setup multiple sites on same IP?
Setting Host Headers in IIS 6.0
Preface:

[Type here]

Many people would like to have several web sites hosted on their own computer, maybe they want something like hello.domain.com
and goodbye.domain.com both on the same computer. IIS can use host headers to see what the end user tried viewing, and it will
show the correct web page based on that.
Method:
Load IIS from the Administrative tools in the Control Panel by clicking Start -> Administrative Tools -> IIS Manager (or loading the
Control Panel, entering the Administrative Tools folder, and double clicking IIS Manager).

On the left side, expand your computer name, then click "Web Sites", right click in the right side, put your mouse over "New" and select
"Web Site..."

Click Next in the dialog, then put in a description of the new web site you are creating (can be anything)

[Type here]

Now here's the important part. Go to the last text box and put in what you want the new Host Header to be

Now put in the path to your new site and make sure you keep "Allow anonymous access" checked

For added security, if you don't plan on using ASP or anything similar, then uncheck "Run scripts". You can always enable it at another
time

[Type here]

Click Finish on the next dialog and you're done!


Questions:
Q: How do I add a host header for a site already made?
A: Go back to where we were before. Click on "Web Sites" and right click the website and select "Properties"

In that dialog click the advanced button

[Type here]

Now click Add

Put in the TCP port 80 (port 80 is the default website port, so people can type http://some.site instead of having to type
http://some.site:port) and your new header below it

[Type here]

Now click OK and OK and you're done!


Q: Do I need to set anything in DNS or my website's Name Servers if I have a top level domain?
A: The answer is yes, you need to add an (A) name, but since all programs are different, I will not display how.

What are the IIS supporting scripts?


Ans: Perl, CGI, XML, Python etc

What versions available in IIS with operating system?


Ans: For Windows 2000 IIS 5, For Windows XP- IIS 5.1, for Windows 2003 Servers IIS 6.o And for Windows Vista/2008 Servers IIS 7.0

Generating an IIS SSL Certificate Signing Request (CSR) using Microsoft IIS 5.x / 6.x
A CSR is a file containing your IIS SSL certificate application information, including your Public Key. Generate your CSR email
the copy to Arvind Maskara for the enrollment process:
Generate keys and Certificate Signing Request:
Select Administrative Tools
Start Internet Services Manager

Open the properties window for the website the CSR is for. You can do this by right clicking on the Default Website and selecting
Properties from the menu
Open Directory Security by right clicking on the Directory Security tab

[Type here]

Click Server Certificate. The following Wizard will appear:

Click Create a new certificate and click Next.

[Type here]

Select Prepare the request and click Next.

Provide a name for the certificate, this needs to be easily identifiable if you are working with multiple domains. This is for your records
only. If your server is 40 bit enabled, you will generate a 512 bit key. If your server is 128 bit you can generate up to 1024 bit keys. We
recommend you stay with the default of 1024 bit key if the option is available. Click Next

[Type here]

Enter Organisation and Organisation Unit, these are your company name and department respectively. Click Next.

The Common Name field should be the Fully Qualified Domain Name (FQDN) or the web address for which you plan to use your IIS
SSL Certificate, e.g. the area of your site you wish customers to connect to using SSL. For example, an SSL Certificate issued for
cscdev.com will not be valid for secure.cscdev.com. If the web address to be used for SSL is secure.cscdev.com, ensure that the
common name submitted in the CSR is secure.cscdev.com. Click Next.

[Type here]

Enter your country, state and city. Click Next.

Enter a filename and location to save your CSR. You will need this CSR to enroll for your IIS SSL Certificate. Click Next.

[Type here]

Check the details you have entered. If you have made a mistake click Back and amend the details. Be especially sure to check the
domain name the Certificate is to be "Issued To". Your IIS SSL Certificate will only work on this domain. Click Next when you are happy
the details are absolutely correct.
When you make your application, make sure you include the CSR in its entirety into the appropriate section of the enrollment form including
-----BEGIN CERTIFICATE REQUEST-----to-----END CERTIFICATE REQUEST----Click Next
Confirm your details in the enrollment form
Finish
To save your private key:
Go to: Certificates snap in in the MMC
Select Requests
Select All tasks
Select Export
We recommend that you make a note of your password and backup your key as only you know these, so if you loose them we can't
help! A floppy diskette or other removable media is recommended for your backup files.
Part 2
Installing your IIS SSL Certificate on Microsoft IIS 5.x / 6.x
1. Installing the Root & Intermediate Certificates:
You will have received 3 Certificates from CSC. Save these Certificates to the desktop of the webserver machine, then:
Click the Start Button then selct Run and type mmc
Click File and select Add/Remove Snap in
Select Add, select Certificates from the Add Standalone Snap-in box and click Add
Select Computer Account and click Finish
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install the EntrustSecureServerCA Certificate:

[Type here]

Right click the Trusted Root Certification Authorities, select All Tasks, select Import.

Click Next.

[Type here]

Locate the EntrustSecureServerCA Certificate and click Next.


When the wizard is completed, click Finish.
To install the TrustedSecureCA Certificate:

Right click the Intermediate Certification Authorities, select All Tasks, select Import.
Complete the import wizard again, but this time locating the TrustedSecureCA Certificate when prompted for the Certificate file.
Ensure that the EntrustSecureServerCA certificate appears under Trusted Root Certification Authorities
Ensure that the TrustedSecureCA appears under Intermediate Certification Authorities
Installing your IIS SSL Certificate:
Select Administrative Tools

[Type here]

Start Internet Services Manager

Open the properties window for the website. You can do this by right clicking on the Default Website and selecting Properties from the
menu.
Open Directory Security by right clicking on the Directory Security tab

Click Server Certificate. The following Wizard will appear:

[Type here]

Choose to Process the Pending Request and Install the Certificate. Click Next.
Enter the location of your IIS SSL certificate (you may also browse to locate your IIS SSL certificate), and then click Next.
Read the summary screen to be sure that you are processing the correct certificate, and then click Next.
You will see a confirmation screen. When you have read this information, click Next.
You now have an IIS SSL server certificate installed.
Important: You must now restart the computer to complete the install
You may want to test the Web site to ensure that everything is working correctly. Be sure to use when you test connectivity to the site.

How to configure website load balance


The simplest load-balancing method uses DNS round-robin. The concept is simple: Your DNS administrator fills the domain
tables with multiple address records (called A records) that have the same host name but point to one or more IP addresses that serve
the same Web content. As the DNS request is looking for your DNS server, the Web server responds to the client with the next address
from the list. The client uses that DNS address for as long as the Time to Live (TTL) value that you assign in that domain's zone file (i.e.,
a file that contains all the DNS records and configuration files for that DNS domain). You can optionally assign specific TTL values to
individual records as well.
Cost might make this approach attractive, but it has several drawbacks. One drawback is that DNS has no idea whether the
Web server is answering properly. DNS isn't sensitive to the state of your Web server and will continue to direct users to your server
even if it's down. The other problem is that this method works only for relatively static content. If you use dynamic content and code
where a session must be maintained when you open it, then round-robin isn't for you.
The second method is to use Network Load Balancing Service (NLBS), called Windows Load Balancing Service (WLBS) in Windows
NT 4.0. NLBS is a software-based load-balancing service that requires you to configure multiple IP addresses on each server. Although
the software has a single-card method, I strongly recommend that you use two NICs for simpler setup and management. This service
regularly checks each server in the cluster to ensure that it's up. If a server goes down, that server fails the check, and the rest of the
cluster will recover after dropping the failed server. One drawback of NLBS is cost: Each server must run either NT Server, Enterprise
Edition or Windows 2000 Advanced Server (AS). NLBS doesn't monitor specific services, such as IIS, WINS, or DNS services, so if a
service fails but continues to run, NLBS won't detect it. I've used this service reliably for about a year now and have had good luck (and
uptime) with it.
A third method is to use a hardware solution for load balancing. Cisco's Local Director is a perfect example of such a solution.
The Local Director lets you set up a virtual server that can bounce requests to one or more Web servers behind the Local Director.
Probes, which monitor the health of servers in the background, can sound the alarm for a failed server or IIS service and redirect
requests to the remaining Web servers. As you might suspect, this approach is costly, but it gives you the ability to redirect in case of
service failure.

[Type here]

What issue you really feels unforgettable in your previous experience?


Ans: To be filled with your own experience

How to register DLL


Go to the Run and type regsvr32 <path & filename of dll or ocx>

How to use traceroute and what is its purpose


The purpose of traceroute is to identify the problematic server that is causing the error, and that is why we send traceroute info only if
there is an error before reaching your servers. Traceroute is a very resource consuming operation and it will slow down your servers a
lot if we do it all the time.

Difference between Production, QA, Development and staging servers?


What are the default ports in HTTP, SMTP and FTP?
The defaults ports are:
HTTP-80, 8080
SMTP-25,
FTP-FTP Data-20 and FTP server- 21

IIS Isolation Levels?


Internet Information Server introduced the notion "Isolation Level", which is also present in IIS4 under a different name. IIS5 supports
three isolation levels that you can set from the Home Directory tab of the site's Properties dialog:
Low (IIS Process): ASP pages run in INetInfo.Exe, the main IIS process, therefore they are executed in-process. This is the fastest
setting, and is the default under IIS4. The problem is that if ASP crashes, IIS crashes as well and must be restarted (IIS5 has a reliable
restart feature that automatically restarts a server when a fatal error occurs).
Medium (Pooled): In this case ASP runs in a different process, which makes this setting more reliable: if ASP crashes IIS won't. All
the ASP applications at the Medium isolation level share the same process, so you can have a web site running with just two processes
(IIS and ASP process). IIS5 is the first Internet Information Server version that supports this setting, which is also the default setting
when you create an IIS5 application. Note that an ASP application that runs at this level is run under COM+, so it's hosted in
DLLHOST.EXE (and you can see this executable in the Task Manager).
High (Isolated): Each ASP application runs out-process in its own process space, therefore if an ASP application crashes, neither IIS
nor any other ASP application will be affected. The downside is that you consume more memory and resources if the server hosts many
ASP applications. Both IIS4 and IIS5 supports this setting: under IIS4 this process runs inside MTS.EXE, while under IIS5 it runs inside
DLLHOST.EXE.
When selecting an isolation level for your ASP application, keep in mind that out-process settings - that is, Medium and High - are less
efficient than in-process (Low). However, out-process communication has been vastly improved under IIS5, and in fact IIS5's Medium
isolation level often deliver better results than IIS4's Low isolation. In practice, you shouldn't set the Low isolation level for an IIS5
application unless you really need to serve hundreds pages per second.
Restarting IIS (IIS 6.0)
You might need to restart Internet Information Services (IIS) before certain configuration changes take effect or when
applications become unavailable. Restarting IIS is the same as first stopping IIS, and then starting it again, except it is accomplished
with a single command. There are two ways to restart IIS:
Using IIS Manager.
Using the IISReset command-line utility.
Both methods allow you to stop, start, and restart IIS Internet services. The Restart IIS command in IIS Manager and the
IISReset command-line utility do not restart the HTTP protocol stack (HTTP.sys) or Internet services outside of IIS. In previous versions
of IIS, restarting IIS using the IISReset command-line utility was a common practice for recovering from an unresponsive application.

[Type here]

Restarting or stopping IIS, or rebooting your Web server, is a severe action. When you restart the Internet service, all sessions
connected to your Web server (including Internet, FTP, SMTP, and NNTP) are dropped. Any data held in Web applications is lost. All
Internet sites are unavailable until Internet services are restarted. For this reason, you should avoid restarting, stopping, or rebooting
your server if at all possible. IIS 6.0 includes application pool recycling and several other features that provide alternatives to restarting
IIS. For a list of features designed to improve IIS reliability and remedy the need to restart IIS, see "Alternatives to Restarting IIS" in this
topic.
Note
Changes to the metabase can be lost when restarting IIS. To avoid losing metabase changes and to trigger history files that back up the
metabase, use the SaveData method. For more information about the SaveData method, see "SaveData" in the Platform SDK on
MSDN.
With IIS 6.0, the World Wide Web Publishing Service (WWW service) lives in the service host, Svchost.exe. The FTP, NNTP, and SMTP
services and the IIS metabase, known as the IIS Admin service, lives in Inetinfo.exe. If the IIS Admin service terminates abnormally, IIS
restarts automatically. This feature is known as Automatic Restart. Previously, in IIS 5.0, if the IIS Admin service terminated abnormally,
both the WWW service and IIS Admin service had to be restarted because they shared the same application space. In IIS 6.0, if the IIS
Admin service terminates abnormally, the WWW service does not go down because the IIS Admin service and the WWW service run in
separate process spaces. In this case, the WWW service acknowledges that the metabase has terminated abnormally and checks to
see if the IISReset command-line utility is configured on the IIS Admin service. If IISReset is configured on the IIS Admin service, IIS
waits for the IIS Admin service to start again and reconnects the WWW service.
All of the Internet services listed below, if installed, are affected when you restart IIS. Not all of the services listed below are installed by
default.

Service Description
IIS Admin service
This service manages all the services of IIS other than the WWW service (FTP, NMTP, and SMTP).

WWW service
This service provides Web connectivity between clients and Web sites.

HTTP SSL service


This service provides secure Web connectivity between clients and Web sites.

FTP service
This service provides FTP connectivity and administration through IIS Manager.

SMTP service
This service transports electronic mail across the network.

NNTP service
This service transports network news across the network.

Important

[Type here]

You must be a member of the Administrators group on the local computer to perform the following procedure or procedures. As
a security best practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas
command to run IIS Manager as an administrator. At a command prompt, type runas /User:Administrative_AccountName "mmc
%systemroot%\system32\inetsrv\iis.msc".

Procedures
To restart IIS using IIS Manager
1. In IIS Manager, right click the local computer, point to All Tasks, then click Restart IIS.
2. In the What do you want IIS to do list, click Restart Internet Services on computername.
3. IIS attempts to stop all services before restarting. IIS waits up to five minutes for all services to stop. If the services cannot be
stopped within five minutes, all IIS services are terminated, and IIS restarts. In addition, clicking End now forces all IIS services to stop
immediately, and IIS is restarted.
Important
You must be a member of the Administrators group on the local computer to run scripts and executables. As a security best
practice, log on to your computer by using an account that is not in the Administrators group, and then use the runas command to run
your script or executable as an administrator. At a command prompt, type runas /profile /User:MyComputer\Administrator cmd to open a
command window with administrator rights and then type cscript.exeScriptName (include the script's full path and any parameters).

To restart IIS using the IISReset command-line utility


1. From the Start menu, click Run.
2. In the Open box, type cmd, and click OK.
3. At the command prompt, type iisreset /noforce computername, and press ENTER.
4. IIS attempts to stop all services before restarting. The IISReset command-line utility waits up to one minute for all services to stop. If
the services cannot be stopped within one minute, all IIS services are terminated, and IIS restarts.

[Type here]